Before you get started with your AirWatch deployment, you will need to decide and select which suite you will implement. AirWatch currently has its management structure broken down into four different color suites: Green, Orange, Blue, and Yellow. Each of these suites offer different features depending on what your organization is looking to deploy with EMM.

The following is a breakdown of each Management Suite:

Depending on your mobile strategy and current initiatives, your organization is working on with mobility will depend on which suite to start with. Here is a quick summary of the possible usages of each management suite:

You might also have a need to implement multiple suites within your environment to save costs. For example, you might only want to deploy the Green suite for all your corporate-owned assets and the Blue suite for your BYOD deployment. By identifying the business needs and aligning with the mobile strategy, you will be able to select the Management suite that best meets your needs as an organization.

AirWatch currently has both on-premise and cloud offerings for your organization. Making the decision of hosting AirWatch in the cloud or on-premise will be purely determined by your organization's stance on cloud services. There is no difference between the services offered in the cloud or on-premise with AirWatch.

As we have all witnessed over the past few years, there has been a tremendous growth in cloud offerings. This isn't any different with AirWatch and as with many other organizations, AirWatch provides the option of using the cloud to host your EMM suite, also known as their Software as a Service (SaaS) offering.

There are a lot of questions regarding migration to cloud environments with security and data privacy and the concerns with the possibility of technical positions being eliminated. For the security concerns, hosting companies are providing the encryption and controls to meet organizations security requirements. For the most part, I'd imagine enterprise-grade cloud services are providing more than what you are able to provide on-premise, including the latest hardware and software with both physical and software security in place along with high availability and disaster recovery. With an AirWatch SaaS deployment, you are only storing the device information in the cloud environment and there is no corporate data being stored in the cloud, thus providing less risk with using that environment.

For the technical personnel concerns, there will be a change, but it doesn't necessarily mean positions being eliminated. Traditionally as technicians, we tend to spend most of our time dealing with installations, upgrades, patches, and failures of the services (both hardware and software). Because of this, our positions have become more of an operational role, taking the focus away from the service being provided and being able to improve on these services for the customers. Now that we are able to offload the heavy burden of our everyday jobs, we can focus more on the solutions/integrations with the product, allowing us the ability to provide a more service-oriented workforce and better user experience. Also, the mobile space is currently an extremely fast-growing area and won't slow down anytime soon. Because of this, eliminating as much management as possible by moving to a cloud environment will also allow us to focus on the end user service and experience, which is what really matters.

By moving to a cloud environment, we are seeing a shift in the structure of teams. Cloud, service, innovative, architecture are some of the names that are starting to appear in team names as we are seeing a shift in the way, as we have traditionally seen Information Technology (IT) move to more of an Information Service (IS) era.

The following is a breakdown of the hosting options provided by AirWatch:

Now that you have all the information on the Management suite and Hosting options, you can make a decision on what best fits your organization. The licensing cost is dependent on which suite you select and the hosting plan you move forward with. The Cloud offering is subscription based per device annually or subscription based per user (up to three devices) annually. The cost includes the standard hosting. The on-premise solution has an initial per device cost with a perpetual annual maintenance fee at a smaller cost of the initial fee.

AirWatch has significantly improved its support model over the recent years. The following table demonstrates the different support options available for your organization:

Deciding on your support option entirely depends on the extent of your EMM deployment. If you have a small organization with a minimal deployment in the cloud, you might only need Basic Support model. If you have a large enterprise with an on-premise deployment, you will most likely need to go for the Enterprise Support model to ensure that you are receiving the most responsive support with all the proactive features included.

As stated in the preceding table, myAirWatch is available to all customers with a lot of valuable resources. From this portal, you are able to manage support requests, access training, view product documentation, collaborate via forums, view analytics, search, FAQs, view announcements, download software, access best practices within EMM and more. This portal will help empower you as an administrator with instant access to a lot of valuable information. As a customer, you can access the myAirWatch portal at https://my.air-watch.com.

AirWatch also includes the option of purchasing their services to deploy your implementation. These services are standardized based on Management suite you select or can even be customized to meet your deployment and needs.

In 2013, AirWatch created AirWatch Academy. AirWatch Academy is a certification program that provides administrators an avenue to learn and become accredited as an expert in EMM with AirWatch.

AirWatch's Certification program consists of three different levels:

In addition to AirWatch Academy, AirWatch also has its Partner University program to allow AirWatch partners to be fully prepared when it comes to selling, deploying, managing, and supporting the product and solutions.

AirWatch provides opportunities to learn in the following formats:

In order to become accredited by AirWatch, you will be required to take an exam:

It is extremely important to invest and promote time and money with learning. Learning opportunities provide benefit to both the technician and the organization. Having technicians on staff who fully understand the product they are managing and show the incentive to learn will only help drive a successful deployment and service for the organization.

AirWatch supports a wide array of platforms within its EMM suite. Not only is the platform portfolio limited to phones and tablets, but manageability is also available for rugged devices (Android and Windows mobile), Mac OS, Windows PC, and Apple TV. Let's take a look at all the different supported platforms and the functionality available within each of them:

AirWatch has built its enrolment around three types of ownership: corporate dedicated, corporate shared, and employee owned. As you build your mobility initiatives, it's important to align your deployments with the different ownership types from AirWatch. These different types of ownership grant a different level of access to the device. The configurable options available for each of the device ownership are:

As stated here, these options are customizable for each of the device ownership types within the administrator console and will most likely be different for each of the ownerships:

Depending on which hosting option you selected, your setup can be as easy as simply logging in with a newly provided user account to the cloud or consist of a lengthy configuration and set up with the on-premise deployment. The following are the requirements needed to get your environment set up based on your choice of deployment:

On-premise deployment

The last option is the on-premise deployment, that is, giving the customer full control and flexibility over the deployment. This option will require a lot of planning and involvement from multiple teams in order to make it successful.

Since this book is focused more around learning AirWatch, I will not go into deep detail on all the different architecture and options with setting up AirWatch, as this information can easily present itself in its own book. Instead, I will give a high-level overview of the options and requirements to get AirWatch set up.

Before you get started with your on-premise deployment, you will need to fully review the architecture and pre-installation documents provided by AirWatch. You will need to size your environment correctly based on the number of devices you plan to enroll plus future growth.

For the setup and configuration, you will need to involve multiple technical teams with the deployment:

• The Application/Mobility team (Application owner of AirWatch)
• The Database team (SQL database installation and management)
• The Systems management team (provide servers and monitoring)
• The Storage team (provide all storage requirements)
• The Network team (provide Firewall changes, HLB, and other network changes)
• The Security team (validated configurations meet security needs)

Components

For your on-premise deployment, there are three required components:

• AirWatch Admin Console: This is the web console used by administrators to set up, configure, and manage devices
• Device services: This component allows AirWatch to communicate with the devices
• SQL database: All AirWatch information is contained within the SQL database

In addition to the required components, there are several optional components:

• AirWatch SEG: Allows greater integration, control, and security with enterprise e-mail systems. This will be covered in detail in Chapter 7, Mobile Email Management.
• AirWatch Cloud Messaging (AWCM): AWCM allows AirWatch to directly send commands to Android, Symbian, and Windows mobile devices and push products to PCs and Mac OS X. This allows the elimination of Google Cloud Messaging (GCM) for Android devices and reduces security concerns by eliminating communication over public networks.
• AirWatch Cloud Connector (ACC): ACC provides enterprise integrations with multiple different components within the network. This will be covered in more detail in Chapter 3, Enterprise Integration.
• AirWatch Mobile Access Gateway (MAG): MAG allows secure integration with enterprise applications and sites and content repositories. This will be covered in more detail in Chapter 3, Enterprise Integration; Chapter 8, Mobile Content Management; and Chapter 9, Mobile Application and Mobile Browser Management.
• AirWatch App Wrapping: This allows an organization to add additional security and data loss prevention by wrapping the applications before deployment. This will be covered in more detail in Chapter 9, Mobile Application and Mobile Browser Management.

Configurations

There are multiple configurations available with all the different components provided by AirWatch. In summary, the following configurations are provided as examples from AirWatch:

• Basic/Single Application Server Deployment
  • This is recommended for managing less than 1,000 devices
  • This includes all the components on a single server
  • This allows simplified installation, configuration, and integration
• Hybrid Server Deployment
  • This is recommended for managing between 1,000 and 5,000 devices but can be used for less if desired
  • This solution combines only the Admin console, AWCM and Device Services components onto one server
  • Dedicated server for SQL database
  • Dedicated server for SEG and other optional components

    Tip

    Plan to deploy the application server within a DMZ if possible for additional security.

• Multiple Server Deployment
  • This is recommended for managing more than 5,000 devices but can be used for less if desired
  • This solution allows the deployment of components on their own dedicated servers
  • Provides greater security by deploying specific components within the DMZ and others on internal network

Tip

Because of the complexity and requirements for this deployment, it is recommended to work with AirWatch on the architecture and configuration.

Requirements

The following tables will give you an idea of the hardware requirements needed for your on-premise deployment:

Application server

Max number of devices	100	500	1,000	2,500	5,000	10,000	25,000
Admin Console	1 standard app server for all roles Virtual Machine / 2 CPUs / 4 GB RAM					1 app server per 50 concurrent admins
Device Services						1 app server	2 app servers
Device Services with AWCM						1 app server	2 app servers

Database server

Max number of devices	100	500	1,000	2,500	5,000	10,000	25,000
CPU cores	1	1	2	2	2	4	8
RAM (GB)	4	4	4	8	8	16	32
DB size(GB)	10	20	25	50	100	175	250
Trans log size(GB) (Log backups every 15 minutes)	3	5	10	20	40	50	100
Temp DB (GB)	3	5	10	20	40	50	100
Avg IOPS (DB and temp DB)	30	30	30	75	150	300	750
Peak IOPS (DB and temp DB)	40	50	60	150	300	600	1500

Note

There are also minimum requirements and deployment architecture for 50,000 or more devices that can be provided by AirWatch.

Console and device services connectivity prerequisites

Before you can get started with the installation of the console and the device services connectivity server(s), you need to meet all the prerequisites. The following is a breakdown of what is needed before you can start the installation:

The hardware requirements are as follows:

• A VM or physical server

The general requirements are as follows:

• Remote access to Windows servers
• Notepad++ (recommended)
• Firefox or Chrome (recommended)
• Service accounts for authentication to enterprise systems
• Test devices (iOS, Android, Windows Phone 8)
• Corporate Apple ID—if your deployment includes iOS devices, you will need to generate Apple APNs certificate, which is available at https://appleid.apple.com
• Corporate Google ID—this is required to search Play Store and push applications to the devices

The software requirements are as follows:

• Externally and internally registered DNS (public IP addresses)
• SSL Certificate from trusted third party with Subject or Subject Alternative Name (SAN) of Domain Name System (DNS)
• Windows Server 2008 R2 or 2012 or 2012 R2
• Installation of IIS Role with the following services from Server Manager:
  • Common HTTP features: Static Content, Default Document, Directory Browsing, HTTP Errors, HTTP Redirection
  • Application development: ASP.NET, .NET Extensibility, ASP, ISAPI Extensions, ISAPI Filters, Server Side Includes (SSI)
  • Health and diagnostics: HTTP Logging, Logging Tools, Request Monitor, Tracing Security: Request Filtering, IP, and Domain Restrictions
  • Performance: Static content compression, dynamic content compression
  • Management tools: IIS Management Console, IIS 6 Metabase Compatibility

  Note

  Note that Ensure WebDAV is not installed.

• Installation of the following features from Server Manager:
  • .NET Framework 3.5.1 features: Entire module(.NET Framework 3.5.1, WCF activation)
  • Message queuing: Message Queuing server
  • Telnet client
• Installation of 64-bit Java Runtime Version 7 or higher
• IIS 443 binding with the same SSL certificate (device services only)
• Installation of .NET Framework 4.0
• Microsoft URL Rewrite Module 2.0

Note

Additional proxy software might be required for communication to Apple devices, App Store, and Google Play Store.

The database and reporting services requirements:

• SQL Server 2008 R2 or 2012 running in the 2008 compatibility mode
• Creation of AirWatch database
• SQL collation is SQL_Latin1_General_CP1_Cl_AS
• SQL account permissions:
  • db_owner on the AirWatch database
  • db_datareader, public, and SQLAgentUserRole on MSDB
• Ensure Full-Text Search is installed on SQL database
• Reporting services installed and configured in SQL Management Studio
• Reporting services configured with user, password, and database
• Validate SQL account permissions:
  • db_owner on the ReportServer<Instance> database
  • db_owner on the ReportServerTempDB<Instance> database
• Validate that the Web services URL is reachable
• Validate that the Report Manager URL is reachable
• Validate that the Web services URL is reachable from Console server

The network requirements are as follows:

There are multiple ports that need to be opened on your corporate firewall in order to allow AirWatch to work correctly. The following will need access to internal and/or external Internet resources:

• Admin console server
• Device services server
• SQL server reporting
• Devices (Internet/Wi-Fi)
• Apache Tomcat server

Note

You will need to work closely with your network team to ensure that all the ports on the firewall are opened correctly. There is over four pages of protocol/port configurations to multiple external URLs needed. The required protocol/port configurations can be found in AirWatch On-premise technical architecture guide.

It is highly recommended to implement redundancy with a load balancer. These configurations should be implemented: Round Robin, Session Persistence for Device Services, and Admin Console and redirect all HTTP requests to HTTPS.

The preinstallation check

After implementing all the requirements, you can use AirWatch's preinstallation tool to validate that your on-premise environment is ready to install AirWatch Application server. Once the tool is open, select Application Server and then follow the instructions to validate. You will be presented with the results and what needs to be resolved if there is anything.

Once you have everything set up correctly, you will be ready to install your environment. AirWatch will provide you with the necessary installation files and services to get your environment up and running on premise.

Deploying AirWatch On-premise will require a lot of preparation and planning, which will require a dedicated senior-level architect/engineer to fully understand the complexities and requirements needed to set up the environment. Unless your organization has a no-cloud policy, it is highly recommended to move forward with a SaaS deployment to allow your teams to focus more on the services being delivered and more importantly, a successful mobile strategy.

In this chapter, you learned about AirWatch and their product portfolio with mobility. The mobile industry has moved towards an EMM solution. Moving forward with one EMM will allow organizations to simplify their mobile strategy and create more efficient solutions for the end users.

We looked at the different management suite options provided by AirWatch; whether you would need all features or just some depends on the scope of your deployment and the needs of your initiatives. There are different options to host your AirWatch environment, of which SaaS is a popular option. We also looked at the support, learning, and deployment services available from AirWatch and the different options available with each of them.

We also looked at the supported devices within AirWatch along with the different ownership types that devices can be enrolled as (corporate dedicated, corporate shared, and employee owned). To finish the chapter, we reviewed the requirements for setting up the AirWatch environment depending on your deployment type. This leads us to the next chapter, which demonstrates how to access and manage the AirWatch environment once set up.