There are a few network prerequisites that need to be verified/implemented before we can provide fully-automated maintenance and support. The following services and ports need access through any firewall(s) running on your network and devices.
APPLE PUSH NOTIFICATION SERVICE (APNS)
Communication with APNS is critical. This service runs over *.apple.com on ports 2195, 2196 and 5223 via the apsd service.
SPECIAL NOTE: No Apple IPs should be blocked. It's best to let your device access these ports on the entire 126.96.36.199/8 address block, which is assigned to Apple. Helpful links:
- If you aren‘t getting Apple push notifications
- Configuring Proxies and Firewalls for Apple MDM access
- About macOS, iOS, and iTunes server host connections and iTunes background processes
Our Amazon CloudFront instance at https://d3ee49752kqxh6.cloudfront.net/ (port 443) is where the Macs in our system will look for software updates if your Local Distribution Point is unavailable.
MAC OS X SERVER
A local Mac server is required to host a Local Distribution Point.
- OPTIONAL: Active Directory username and password (or have someone available to type this in) to bind the Mac Server to the domain (note, the account only needs adding privileges, not administrator or anything more).
- DNS Name of the new Mac Server.
- “A” record for the new Mac Server.
- PTR (reverse lookup) record for the new Mac server.
- Static/fixed IP Address of the new Mac server.
- Subnet Mask.
- DNS Servers.
- Search Domain(s).
- Trusted SSL certificate for the fully qualified domain name of the server (we can provide the CSR and/or a full certificate if we can verify an email sent to firstname.lastname@example.org - this can clearly be an alias). This must be signed by a trusted public CA.
APPLE REMOTE DESKTOP (ARD)
Apple Remote Desktop is the software we typically use to remotely control or observe a Mac once a VPN connection is established. (LogMeIn Central is used if VPN is unavailable):
- Only TCP port 5900 is required for ARD to work.
- Additional ports used by ARD, but not required (again, this is all performed once we have established VPN access):
- PORT 5988: TCP, WBEM HTTP
- PORT 3283: TCP/UDP, Net Assistant (Reporting feature)
- PORT 5432: TCP, ARD 2.0 Database