I have created a 3 blog post series on AirWatch 9 on premise installation. The purpose of the blog post is to provide you with some basic information that helps you installing an on-premise Deployment of the AirWatch solution. This document does not cover upgrading your AirWatch environment.
For instructions on how to do that, see the VMware AirWatch Installation and Upgrade guides, which are provided which is available on my AirWatch portal.
Every on-premises deployment of AirWatch is unique and poses distinct requirements. This document is not an attempt to address each of these deployment types or describe specific configurations for load balancers, monitoring software, and similar tools.
It is up to your organization to decide how best to implement certain features such as high availability or
Disaster recovery. AirWatch can provide guidance for your specific deployment. Contact AirWatch for more details.
Part 1 – Database Configuration
Part 2 – SSL Certificate Configuration for Device Services and console server
Part 3 – Application Server Configuration
Hope you liked the series, do share and let me know if there are any feedbacks.
AirWatch application server primarily consist of 2 servers “Device services server” and “Admin Console server”.
We can install both the roles on a single server or on dedicated servers (recommended for production environments). In my case I am installing both the roles on single server.
Install URL Rewrite Module 2.0
The URL Rewrite Module 2.0 cannot be installed until the IIS role is installed.
- Navigate to http://www.iis.net/downloads/microsoft/url-rewrite#additionalDownloads and download the
Appropriate version for your install.
- Run the installer and accept the defaults for installation.
Run the AirWatch installer on each application server. In my case I am using single server for AirWatch Device Services server and AirWatch Console server.
You can expand both the roles and select/deselect the roles you want to add .
Application server Installation is straight forward , just follow the installation wizard and you should be good to go .
Once you see the success messgae , open google chrome (don’t use IE) and enter the FQDN of your device services server .
You should see the AirWatch admin console login screen as shown above. For the first login, default username is “administrator” and password is “AirWatch” all in lower case. Once logged in you will be asked to change the password.
Now you are good to enroll your devices and perform Device, Application and Content management.
I hope this was helpful, do share if you liked it.
Generating CSR for SSL Certificate.
Before generating the CSR for SSL certificate, make sure to add the IIS role on device services and console server.
Select Server on the left and double click on “server certificate” under IIS
Click on “create certificate request” .
Under common name , use the exact domain name which you have bought form a public domain provider , this will be the public DNS name of your AirWatch Device services server.
Select bit length of 2048.
Now we have the CSR ready .
Processing Certificate Signing Request with Certificate Authority
I am using comodo SSL certificate for this installation. comodo SSL are trusted by both Apple and Android devices and certified by Airwatch as well .
The good part is you can register for a 90 days free trail license for testing before making a purchase.I have also bought public DNS for the AirWatch Device Services server from GoDaddy (awemm.redingtonvault.com). You need the domain before you can apply for the SSL certificate.
Here is have used the CSR I have generated in previous step.
Enter the domain you have bought here to complete the wizard, SSL certificate will be issued against this domain.
Once you complete the process, SSL certificate along with root and intermediate certificate will be emailed to you on successful domain validation.
Configuring SSL Certificate on Application server (Device Services Server):
First we will configure the root certificate:
Open the MMC console – File – Add/Remove sanp-in
Use computer account.
Click on certificate on left hand side and select add ..
Once this done, go to certificate – trusted root certificate – right click on trusted root certificate – select all task and import
Follow the wizard and import the root certificate .
Browse to the location of root certifcate , select and open
Similarly import the intermidiate certificate by right clicking on intermidiate certificate folder .follow the the above process , once the import is done close the MMC console.
Now we will install the SSL certificate for our domain.
Once certificate request is completed, you can see your SSL certificate is visible under server certificates as highlighted above.
Next step is to perform https binding for default website.
Under sites, select “Default website” – click on binding on right hand side.
Click add, change the type to https. Mentioned the FQDN of host and select your SSL certificate.
For testing, write the FQDN of your device services server with HTTPS and you should be able to see the green secure lock. Refer to the above screenshot.
In the Next part, I will cover the application server configuration.
The first component for Airwatch initial setup is to configure the SQL database. Below are the SQL Server Software Requirements:
- SQL Server 2008 R2, SQL Server 2012, or SQL Server 2014 (in 2012 compatibility mode) with Client Tools
(SQL Management Studio, Reporting Services, Integration Services, SQL Server Agent, latest service packs). Ensure the SQL Servers are 64-bit (OS and SQL Server). SQL Server 2008 R2 or higher is required for reports.
- Currently only Standard and Enterprise Editions are supported.
- .NET 4.5.2 through 4.6.2 is required to run the database installer.
- Ensure the SQL Server Agent Windows service is set to Automatic or Automatic (Delayed) as the Start type for the service. If set to Manual, it has to be manually started before database installation.
TCP/IP should be enabled
- Use TCP/IP to connect to the database and disable Named Pipes. In SQL Server Configuration Manager, navigate to SQL Server Network Configuration and select Protocols for MSSQLSERVER.
Once the prerequisites in place, we can start the database configuration.
Creating the Database
To create the database, you must perform the following steps with an administrator account that has the correct read/write permissions.
- On the SQL Server, open SQL Server Management Studio.
- Log in using your user name and password.
- Click Connect.
- Right-click Databases and select New Database.
- Enter AirWatch as the Database name
- Scroll to the right side of Database files, select the … next to Autogrowth for AirWatch, and change File Growth to
“In Megabytes” and the size to 128, then select OK.
Select Options, and select SQL_Latin1_General_CP1_C1_AS and select Close.Now we will Create AirWatch SQL Service Account and Assign DB Owner Roles
– Log in to the DB server containing the AirWatch database.
– Navigate to Security > Login, right-click, and select New Login.
. Select whether to use your Windows account or local SQL Server account for authentication. For SQL Server authentication, enter your user credentials.
. Select the AirWatch database as the Default database.
-Navigate to the Server Roles tab. Select server role as Public.
-Select User Mapping.
-Select the AirWatch Database. Then, select the db_owner role.
Select the msdb Database. Then, select the SQLAgentUserRole and db_datareader roles.
AirWatch Database Setup Utility
Once all prerequisites are met, such as creating the database and the AirWatch
SQL account and assigning DB owner roles used for installation, run the AirWatch database setup utility.
It’s really simple installation (no brainer) , simply run the executable and follow the installation wizard
You can see above, Airwatch Database utility will install any pending component upon execution.
Make sure to select correct database catalog and user have proper rights to make changes to the AirWatch database instance.
That’s all for database configuration for Airwatch . In Part 2 I will cover the SSL certificate and domain configuration for Device services server.
I came across a scenario which require the connectivity between traditional workloads with legacy VLANs to virtualized networks using VXLAN, and thought of writing a quick blog post on the subject.…