SOTI Pulse Logo

MobiControl: Multiple deployment servers

BR
Ben Ragland
Zebra (OVS) - Manhattan Associates

Wondering if anyone has deployed multiple deployment servers here and what it takes from a server/resource perspective and how it impacts the Management Console experience.

This question is coming from a call I had with SOTI Support last week about CE5 devices that were not able to enroll into 14.1 because 14.1 installs with a SHA2 root cert and CE5 devices can only use SHA1. They also mentioned that If I did want to enroll CE5 (along with SHA2 compatible devices) then I'd have to set up a 2nd deployment server and install a SHA1 cert.

I'm going to be doing some digging on my own and may even reopen the previous case but would like to hear your thoughts. Also, @SOTI , if you have any release notes specifically for what version this root cert change was made, I'd like to see that. Though testing, my 13.3 env can enroll CE5 devices and does not have the "Force SHA1" option in the enrollment rule settings so I'm assuming it's using SHA1. If 13.4 uses SHA1 as well then I will just recommend this version until customers upgrade past CE5 devices.

Thanks,

Ben

certificate enrollment ce 141
7 years ago
Windows
ANSWERS
OR
Oscar Rambaldini
7 years ago
BR
Ben Ragland
7 years ago

Thanks for that! The upgrade guide had the specific information I was looking for.

Do you happen to know if it's possible to have multiple root certificates installed on a single MobiControl instance or if I would need a deployment server per root cert? (On cloud right now so I don't have access to the Admin Utility).

SS
Support Staff Account
7 years ago (edited 7 years ago)

@Oscar thank you for the assistance with this reply.

It is possible to have a second root certificate installed on a single MobiControl Server, therefore it isn't necessarily a requirement for a "deployment server per root certificate".

However that being the case, as SHA1 certificates are less secure "best practices" suggest that VIA your Account Manager you request a 2nd Deployment Server.  This way the SHA 1 certificates can be applied to facilitate connections specifically for your CE5 (Windows) Devices.  This way the Android devices will still use the more secure protocol in the original Deployment Server as they may revert back to using SHA1 certificates if only one Deployment server with a SHA1 and SHA2 certificate exists. 

Keep in mind, that as you are a Cloud Server customer you would need to request this with your Account Manager and then may have to put in a support ticket for us to make the necessary changes to the new DS and enable TLS 1.0 and 1.1 for you.

You can create a case VIA e-mail at Support@soti.net or by clicking Here.

Hope this helps!

Cheers,

BR
Ben Ragland
7 years ago

Thanks, I appreciate the concise response. Since I deal with on-prem and cloud deployments, could you outline the process for multiple on-prem deployment servers? (How would I go about installing an additional)

Thanks!

MD
Matt Dermody Diamond Contributor
7 years ago

@Support Staff,

Our SOTI Central accounts are listed as "Customers" since we use SOTI internally but we also regularly sell and implement it both on-premise and in the cloud.

SS
Support Staff Account
7 years ago (edited 7 years ago)

@Matt Dermody Please create an new post so that I can address this with the Central Forum Discussion Team separately to see if there is another account type that can be assigned to you to reflect your re seller status please. 

Thanks in advance.

Similar Discussions