This section explains how to configure the operating environment of the Relay Server.

For each smart device (Android device or iOS device) or PC (Windows device) to be managed, configure the settings below.

• Android device:

  1. Use SDSVSetMS.EXE (change configuration of Relay Server command) to set the following:

     - Enable management of Android devices: Specify the -Android.enabled option.

     - Set the Management Server or Master Management Server: Specify the -h option.

  2. If the default port number (48080) must be changed, refer to "How to Modify the Port Number Being Used" in the Reference Manual and change the port number.

  3. To perform HTTPS communication with a smart device (agent) (Android), build a certificate environment for HTTPS communication.
     Refer to "2.9.3.2 Configuring HTTPS Communication" for details. The procedure is the same as that for managing iOS devices, so you do not need to configure the settings if you have done so on an iOS device.

  4. Use SDSVService.bat (start/stop service of Relay Server command) to start the Relay Server.

• iOS device:

  Point

  You can configure the settings in steps 1 to 4 below at one time.

  1. Enable management of iOS devices.
     Execute SDSVSetMS.EXE (change configuration of Relay Server command) with the -iOS.enabled option.

  2. Set the Management Server and Master Management Server.
     Execute SDSVSetMS.EXE with the -h option.
     This procedure is the same as that for managing Android devices, so you do not need to configure the settings if you have done so on an Android device.

  3. Set the server or reverse proxy that is to be connected to from the iOS device.
     Execute SDSVSetMS.EXE with the -iOS.connect.h, -iOS.connect.p, and -iOS.connect.profile.p options.

  4. Set the iOS management database.
     Execute SDSVSetMS.EXE with the -iOSmgr.h option.
     To manage iOS devices with Systemwalker Desktop Keeper only, specify the Management Server.
     To manage iOS devices even with Systemwalker Desktop Patrol, specify the Management Servers or Systemwalker Desktop Patrol CSs that are running the iOS management database.
     Do not change this setting after configuring it.

  5. If necessary, change the default port number (55432) to be used for communication with the iOS management database.
     Refer to "How to Modify the Port Number Being Used" in the Reference Manual for details.

  6. Build the certificate environment to perform HTTPS communication with a smart device (agent) (iOS).
     Refer to "2.9.3.2 Configuring HTTPS Communication" for details.
     The procedure is the same as that for managing Android devices, so you do not need to configure the settings if you have done so on an Android device.

  7. Install the MDM certificate prepared in "2.2 Advance Preparation".
     Execute swss_ImportAppleCert.bat (register Apple Inc. certificate command).

  8. Start the Relay Server.
     Execute SDSVService.bat (start/stop service of Relay Server command).

• Windows devices

  Point

  You can configure the settings in steps 1 to 3 below at one time.

  1. Execute SDSVSetMS.EXE (change configuration of Relay Server command) with the -Windows.enabled to enable management of Windows devices.

  2. Execute SDSVSetMS.EXE (change configuration of Relay Server command) with the -h option to specify the FQDN or IP address of the Management Server/Master Management Server.
     This procedure is the same as that for managing Android/iOS devices, so you do not need to configure the settings if you have done so on an Android/iOS device.

  3. If the default port number (48643, 48281,48443,48081) used when connecting from a Windows device must be changed, refer to "How to Modify the Port Number Being Used" in the Reference Manual for details.

  4. To perform HTTPS communication with a client (CT), build a certificate environment for HTTPS communication.
     Refer to "2.9.3.2 Configuring HTTPS Communication" for details.Execute SDSVService.bat (start/stop service of Relay Server command) to start the Relay Server.

Refer to "Command Reference" in the Reference Manual for details on each command.

This section describes how to configure HTTPS communication between the Relay Server and a smart device (agent)/client(CT). The configuration procedure depends on whether the server certificate used is prepared by the user or is the Systemwalker certificate.

Settings during installation of the certificate

Perform the procedure below to configure the settings:

If using a server certificate prepared by the user:

1. Use SDSVMakeCSR.exe with the -file option to generate the certificate issuance application.

2. Send the certificate issuance application that was generated in step 1 to the CA, to obtain the CA certificate (intermediate CA certificate) and server certificate issued by the CA.

3. Use SDSVService.bat to stop the Relay Server.

4. Use SDSVImportCert.exe with the -file option (-alias option) to register the CA certificate (intermediate CA certificate) obtained in step 2.

5. Use SDSVImportCert.exe with the -file option to register the server certificate obtained in step 2.

6. If using the Windows client (CT) to connect to the Relay Server, perform the procedure below.

   1. Use SDSVMakeCSR.exe with the -file option to generate the ccertificate issuance application. This step should be performed apart from step 1.

   2. Save the certificate issuance application that was generated in step a to the Management Server, and use DTKSVMakeCSR.exe with the -file2 and -certfile2 options on the Management Server to generate a server certificate based on the certificate issuance application file.

   3. Use SDSVImportCert.exe with the -file2 option to register the server certificate obtained in step b.

7. Use SDSVConfig.exe to enable the use of the server certificate prepared by the user.

8. Use SDSVService.bat to start the Relay Server.

   Note

   If step 5 is mistakenly performed before step 4, repeat the procedure from step 1.

If using the Systemwalker server certificate:

1. Use SDSVMakeCSR.exe, and specify the -file and -certfile options to generate a certificate issuance application and server certificate.

2. Use SDSVService.bat to stop the Relay Server.

3. Execute SDSVImportCert.exe with the -CACERT option specified.

4. Use SDSVImportCert.exe with the -file option to register the server certificate generated in step 1.

5. If using the Windows client (CT) to connect to the Relay Server, perform the procedure below.

   1. Use SDSVMakeCSR.exe with the -file option to generate the ccertificate issuance application. This step should be performed apart from step 1.

   2. Save the certificate issuance application that was generated in step a to the Management Server, and use DTKSVMakeCSR.exe with the -file2 and -certfile2 options on the Management Server to generate a server certificate based on the saved certificate issuance application file.

   3. Use SDSVImportCert.exe with the -file2 option to register the server certificate obtained in step b.

6. Use SDSVConfig.exe to enable the use of the server certificate that you registered in step 5.

7. Use SDSVService.bat to start the Relay Server.

   Note

   If step 4 is mistakenly performed before step 3, repeat the procedure from step 1.

Certificate renewal settings

Perform the procedures below to configure the settings:

If using a server certificate prepared by the user:

1. Use SDSVMakeCSR.exe to generate the certificate issuance application for the server certificate.

2. Send the certificate issuance application that was generated in step 1 to the CA, to obtain the server certificate issued by the CA.

3. Use SDSVService.bat to stop the Relay Server.

4. Use SDSVImportCert.exe with the -file option to register the server certificate obtained in step 2.

5. If using the Windows client (CT) to connect to the Relay Server, perform the procedure below.

   1. Use SDSVMakeCSR.exe with the -file option to generate the certificate issuance application. This step should be performed apart from step 1.

   2. Save the certificate issuance application that was generated in step a to the Management Server, and use DTKSVMakeCSR.exe with the -file2 and -certfile2 options on the Management Server to generate a server certificate based on the certificate issuance application file.

   3. Use SDSVImportCert.exe with the -file2 option to register the server certificate obtained in step b.

6. Use SDSVService.bat to start the Relay Server.

If using the Systemwalker server certificate:

1. Use SDSVMakeCSR.exe, and specify the -file and -certfile options to generate a certificate issuance application and server certificate.

2. Use SDSVService.bat to stop the Relay Server.

3. Use SDSVImportCert.exe with the -file option to register the server certificate generated in step 1.

4. If using the Windows client (CT) to connect to the Relay Server, perform the procedure below.

   1. Use SDSVMakeCSR.exe with the -file option to generate the certificate issuance application. This step should be performed apart from step 1.

   2. Save the certificate issuance application that was generated in step a to the Management Server, and use DTKSVMakeCSR.exe with the -file2 and -certfile2 options on the Management Server to generate a server certificate based on the saved certificate issuance application file.

   3. Use SDSVImportCert.exe with the -file2 option to register the server certificate obtained in step b.

5. Use SDSVService.bat to start the Relay Server.

Refer to "Command Reference" in the Reference Manual for details on each command.