Report CopyRight/DMCA Form For : Service 2 Ens2 Email Notification Vmware
platform limitations Boxer can only run in the background for a limited time Email Notification Service ENS2 provides a solution to deliver notifications to user s device when Boxer is not running ENS2 supports notifications that includes the email subject and a badge icon iOS only to notify the
Email Notification Service 2 ENS2, You can find the most up to date technical documentation on the VMware website at. https docs vmware com, If you have comments about this documentation submit your feedback to. docfeedback vmware com,VMware Inc,3401 Hillview Ave. Palo Alto CA 94304,www vmware com, Copyright 2019 VMware Inc All rights reserved Copyright and trademark information. VMware Inc 2,1 Introduction 4,Architecture Overview 5. Requirements 6, 2 Enabling and Securing Communication Between the Exchange Server and the Email. Notification Server 10,Upload Root CA Certificate 10. 3 Email Notification Service for Cloud 11,ENS Endpoints and IP Whitelist 12. Verify VMware Boxer Settings 12,Air Watch Resource Library for architecture 13. 4 Email Notification Service ENS for On Premises 16. Configure CNS and Download Email Notification Service Configuration Files 16. Install Email Notification Service 2 17,Upgrade ENS2 24. Configure Workspace ONE Boxer for On Premises 24,5 ENS2 and SEG V2 Interaction 26. Configure ENS2 with SEG 28,Configure SEG for Authentication 28. 6 Enable Certificate Based Authentication for ENS 29. Configure ENS2 for Certificate Based Authentication 30. Configure Certificate Based Authentication on the Exchange Server 30. Using Office 365 with ENS2 and Certificate Based Authentication 31. 7 Frequently Asked Questions 32,VMware Inc 3,Introduction 1. Workspace ONE UEM powered by AirWatch Email Notification Service ENS adds Push Notification. support to Exchange, Workspace ONE Boxer provides notifications about your emails by running in the background Due to. platform limitations Boxer can only run in the background for a limited time Email Notification Service. ENS2 provides a solution to deliver notifications to user s device when Boxer is not running. ENS2 supports notifications that includes the email subject and a badge icon iOS only to notify the. number of unread emails in the Inbox on the server. ENS2 can be configured with the Secure Email Gateway SEG V2 to secure your organization s email. infrastructure For more information about SEG see the Workspace ONE UEM Secure Email Gateway. Guide SEG V2 guide, This documentation provides the information required to install and configure the ENS2 as a cloud hosted. or On Premises service,ENS2 with Boxer, ENS2 uses Exchange Web Services EWS subscriptions to notify changes in users mailboxes The. EWS subscriptions can go inactive due to different reasons and the systems involved should check to. make sure that the subscriptions are active, ENS2 uses a check in mechanism within Boxer and also proactively checks the EWS subscription status. to ensure the continuous delivery of notifications The check in mechanism used by ENS2 require. intervention from Boxer to renew the EWS subscriptions The functionality of ENS2 also depends on the. Apple Push Notification Service APNS to deliver silent notifications to the device ENS2 supports. Certificate Based Authentication CBA Basic Auth and OAuth on EWS. The dependency of ENS2 on EWS and APNs can cause the following scenarios. n No push notifications received when device notification is set to Do Not Disturb. n Inaccurate badge counts that is updated after receiving an email. n If Boxer is in a killed state the device is not registered again for notifications Due to this the user. will experience loss of ENS notifications But when the device is active and Boxer is activated it will. trigger the ENS subscription again and the user will start receiving notifications. Bringing the Boxer app to the foreground enables the ENS2 to renew EWS subscriptions and solve the. notification errors,This chapter includes the following topics. VMware Inc 4,Email Notification Service 2 ENS2,n Architecture Overview. n Requirements,Architecture Overview, This section provides information about the architecture design and functionality of ENS2. ENS2 Architecture using SNS or CNS,Architecture Flow Description. 1 Public Key Request The device requests a public key to encrypt the account credentials. 2 Subscribe The device sends an encrypted payload with credentials and all the necessary. information to subscribe and get email notifications. 3 Push Subscription ENS authenticates with EWS and subscribes for push notifications using a. webhook URL The webhook URL contains the encrypted credentials The credentials are now kept. encrypted on the Exchange server,4 New Email Notification. n Exchange sends notification about the mailbox changes to the provided webhook URL. n ENS extracts and decrypts the credentials and prepares call to fetch emails. 5 Email Fetch ENS performs a fetch for the email details subject and sender required for providing a. notification, 6 Push Notification Payload ENS pushes email details for delivery to all devices belonging to the user. through SNS ENS Cloud Deployments or CNS ENS On Premises Deployments. 7 SNS or CNS sends notifications to iOS or Android devices For iOS devices SNS or CNS uses Apple. Push Notification Service APNs and for android devices SNS or CNS uses Firebase Cloud. Messaging FCM,VMware Inc 5,Email Notification Service 2 ENS2. Requirements, This section explains the requirements for using the ENS2 with Workspace ONE UEM. Email Server Integration Supported Versions, n Email Client For Android support you must have ENS2 1 3 0 4 or later and Workspace ONE Boxer. 5 2 or later, n Email Server Exchange 2010 SP3 Exchange 2013 SP1 Exchange 2016 or Office 365. Workspace ONE UEM Requirements, n Cloud Deployment Workspace ONE UEM console 8 4 or later. n On Premises Deployment Workspace ONE UEM console 9 3 or later. Hardware Requirements On Premises Only,Table 1 1 Web Server. CPU Core RAM Hard Disk Storage Notes, 2 Intel processor 16 GB 8GB minimum 30 GB Per 100 000 users. Table 1 2 Database Server,CPU Core RAM Hard Disk Storage Notes. 2 Intel processor 16 GB minimum Approx 0 0477 MB per user to estimate the DB storage size Per 100 000 users. Software Requirements, From ENS2 v1 3 you must upgrade your CNS from CNS v1 0 to CNS v2 0 to support notifications. Requirement On Premises Notes, Windows Server 2008 R2 or Windows Server 2012 R2 or The servers should be externally accessible via https SSL Cert. Windows Server 2016 and with a Fully Qualified Domain Name FQDN. SQL Server 2012 2016 The db owner role and public role must be assigned to the. Database Server SQL server user that is used for running the application. Basic Authentication for the Exchange environment OAuth and Certificate Based Authentication CBA is supported. for Exchange Web Services,CNS Certificate,Secure Channel Certificate. IIS 7 or later Installed on Web Server,Requirement Cloud Notes. VMware Inc 6,Email Notification Service 2 ENS2,Requirement On Premises Notes. Basic Authentication for the Exchange environment OAuth and Certificate Based Authentication CBA is supported. for Exchange Web Services, Autodiscovery enabled in Exchange environment and Internet. facing EWS environment If autodiscovery is disabled you can. use the EWSUrl key value pair to configure ENS,Networking Requirements. Table 1 3 Network Ports,Source Destination Protocol Port. ENS Exchange EWS HTTPS 443,Exchange EWS ENS HTTPS 443. ENS AirWatch Cloud Notification Service CNS HTTPS 443. ENS SQL Server Instance SQL 1433,Internet Devices ENS HTTPS 443. Table 1 4 IIS Services,Component Name Required Services. Web Management Tools IIS 6 Management Compatibility. IIS Management Console,IIS Management Scripts and Tools. IIS Management Service,Table 1 5 World Wide Web Services. Component Name Required Services, Application Development Features NET Extensibility 3 5. NET Extensibility 4 6,Application Initialization,ASP NET 3 5. ASP NET 4 6,ISAPI Extensions,ISAPI Filters,Server Side Includes. WebSocket Protocol,Common HTTP Features Default Document. Directory Browsing,VMware Inc 7,Email Notification Service 2 ENS2. Component Name Required Services,HTTP Errors,Static Content. Health and Diagnostics HTTP Logging,Performance Features Static Content Compression. Security Request Filtering,SQL Server and High Availability Support. High availability configuration ENS2 supports SQL Server AlwaysOn high availability configuration. Follow Microsoft guidelines to set up SQL Server AlwaysOn If you are using AlwaysOn point to the. availability group when choosing the database server during ENS2 installation. TLS Support for ENS, ENS supports TLS version 1 0 to TLS version 1 3 ENS does not choose any protocol but allows the OS. to choose the strongest available TLS version and the cipher suites The following table lists the. recommended cipher suites,SSL TLS Elliptic Cryptographic. Cipher Protocol Curve Cryptographic Authenticated Hash. Cipher Suites Strength Version Variants Algorithm Encryption Algorithm. TLS ECDHE ECDSA WITH AES 128 GCM SHA256 ECDHE TLS 1 2 ECDH ECDSA AESGCM SHA256. ECDSA ephemeral 128, TLS ECDHE ECDSA WITH AES 256 GCM SHA384 ECDHE TLS 1 2 ECDH ECDSA AESGCM SHA256 and. ECDSA ephemeral 256 SHA384, TLS ECDHE ECDSA WITH AES 128 CBC SHA ECDHE TLS 1 2 ECDH ECDSA AES 128 SHA1. ECDSA ephemeral, TLS ECDHE ECDSA WITH AES 256 CBC SHA ECDHE TLS 1 2 ECDH ECDSA AES 256 SHA1. ECDSA ephemeral, TLS ECDHE ECDSA WITH AES 128 CBC SHA256 ECDHE TLS 1 2 ECDH ECDSA AES 128 SHA256. ECDSA ephemeral,VMware Inc 8,Email Notification Service 2 ENS2. SSL TLS Elliptic Cryptographic, Cipher Protocol Curve Cryptographic Authenticated Hash. Cipher Suites Strength Version Variants Algorithm Encryption Algorithm. TLS ECDHE ECDSA WITH AES 256 CBC SHA384 ECDHE TLS 1 2 ECDH ECDSA AES 256 SHA384. ECDSA ephemeral, TLS ECDHE RSA WITH AES 128 GCM SHA256 ECDHE TLS 1 2 ECDH RSA AESGCM SHA256. RSA ephemeral 128, TLS ECDHE RSA WITH AES 256 GCM SHA384 ECDHE TLS 1 2 ECDH RSA AESGCM SHA384. RSA ephemeral 256, TLS ECDHE RSA WITH AES 128 CBC SHA ECDHE TLS 1 2 ECDH RSA AES 128 SHA1. RSA ephemeral, TLS ECDHE RSA WITH AES 256 CBC SHA ECDHE TLS 1 2 ECDH RSA AES 256 SHA1. RSA ephemeral, TLS ECDHE RSA WITH AES 128 CBC SHA256 ECDHE TLS 1 2 ECDH RSA AES 128 SHA256. RSA ephemeral, TLS ECDHE RSA WITH AES 256 CBC SHA384 ECDHE TLS 1 2 ECDH RSA AES 256. RSA ephemeral,VMware Inc 9,Enabling and Securing,Communication Between the. Exchange Server and the Email,Notification Server 2. Enable and secure communication between the Exchange server and the ENS server. To ensure a successful communication between the Exchange and the ENS servers note the following. n Communication between ENS and Exchange servers should not have any SSL errors. n telnet and ping commands should work seamlessly between ENS and Exchange CAS Mailbox. n SSL certificates used for ENS and Exchange servers should not have any errors when they are run. through SLL checkers,This chapter includes the following topics. n Upload Root CA Certificate,Upload Root CA Certificate. Upload the root CA certificate to the Exchange server. 1 Download the SSL certificate from the ENS server Access the ENS Alive endpoint in a browser and. download the certificate from the address bar, You must only download the root certificate issued by a trusted authority and signed by an internal. CA For cloud deployment you can download the root certificate from https. ens getboxer com api ens alive https ens eu getboxer com api ens alive or https ens. apj getboxer com api ens alive based on your region issued by VMware for your account. For On Premise deployment download the root certificate and replace acme com with the resolved. name or IP address of your ENS server, 2 Import this certificate on the Exchange Server into the Trusted Root Certification Authorities. through MMC,VMware Inc 10,Email Notification Service for. Use Workspace ONE UEM console to configure Workspace ONE Boxer for your cloud deployment. Configure the Email Notification Service 2 ENS2 related settings for Workspace ONE Boxer on the. Workspace ONE UEM console,Prerequisites, n An API token and ENS2 server URL received from VMware is required to activate the ENS service. using the Workspace ONE UEM console, n Ensure the ENS server certificate is available on the user s Exchange server See Chapter 2 Enabling. and Securing Communication Between the Exchange Server and the Email Notification Server. 1 Select the required organization group, 2 Select APPS BOOKS and then select the Public tab. 3 Select VMware Boxer, 4 Select Edit on the upper right corner of the page and then select the Assignment tab. 5 On the Application Configuration Optional section add the required keys. Configuration Key Type Configuration Value Description. ENSLinkAddress String Supported format Provide the address for the. https ens getboxer com api ens ENS2 system for your users to. Replace ens getboxer com with the resolved name or IP. provided by VMware based on your region,Sample link address. n For AMER https ens getboxer com api ens,n For APAC https ens apj getboxer com api ens. n For EMEA https ens eu getboxer com api ens, ENSAPIToken String Sample API Token API Token provided. eXaml3 AP1 by VMware AirWatch to,activate the ENS service. VMware Inc 11,Email Notification Service 2 ENS2, Configuration Key Type Configuration Value Description. AccountNotifyPush Boolean False disable default Enables ENS for the account. True enable, EWSUrl String Supported Format Enables manual configuration. https external email server domain EWS Exchange asmx of Exchange Web Services. EWS endpoint when,Sample EWS URL,autodiscovery is disabled in. n https e mail com EWS Exchange asmx,your Exchange environment. n https seg dom com EWS Exchange asmx, 6 Select Save Publish and then select Publish on the next page. ENS Endpoints and IP Whitelist, The API endpoints supported by ENS2 are listed in this topic. When using cloud ENS servers you must ensure that the ENS is accessible from the Exchange or Office. 365 environment The inbound IP addresses must be whitelisted to allow the ENS traffic into Exchange or. Office 365 Based on the security policies applied to the outgoing traffic from Exchange it might be. necessary to whitelist the outbound IP addresses The IP address is selected based on the region the. ENS is hosted in The following table describes the Exchange server IP whitelisting requirements. Table 3 1 Exchange Server IP Whitelisting Requirements. ENS Outbound to Exchange Exchange Outbound to ENS,Location API Endpoint Inbound Inbound. North America https ens getboxer com api ens 52 204 159 41 35 170 156 92. 107 23 52 83 52 0 239 8,52 203 205 147, Asia Pacific https ens apj getboxer com api ens 52 69 186 14 54 248 56 175. 52 196 212 232 54 249 212 171,54 95 25 171, European Union https ens eu getboxer com api ens 3 120 17 75 18 195 84 245. EU 18 196 83 52 18 196 197 192,52 28 149 150, For information on architecture design and functionality of ENS2 see Architecture Overview. Note The outbound IP addresses must be whitelisted from Microsoft Exchange client access rules. including Office 365 and any other firewall This allows outbound communication from Exchange server. into ENS server You need not whitelist SEG IP addresses as all outbound connections from Exchange. server is going to ENS server and not to SEG EWS proxy. Verify VMware Boxer Settings, Use Workspace ONE Boxer to verify your email connnectvity. VMware Inc 12,Email Notification Service 2 ENS2, After you have added the ENS configuration keys to VMware Boxer in Workspace ONE UEM check the. Boxer settings on your device to confirm it has received these keys and that the ENS is activated. 1 Open Boxer tap the Settings icon and then select the appropriate email account. 2 In the email settings verify the Use Push Service is enabled. 3 In the email settings verify the Notifications display Push as the default selection. If the Use Push Service is enabled and Notifications display Push then the ENS is activated. Air Watch Resource Library for architecture, These are conref targets for architecture there is a section for each element type. ol Elements, 1 Navigate to the opt vmware tunnel tunnel installation directory. cd opt vmware tunnel tunnel installation,2 Execute Uninstall Tunnel. sudo Uninstall Tunnel, 3 Review installer logs at opt vmware tunnel tunnel installation Logs if necessary. p Elements, For configuring the ports listed below all the traffic is uni directional outbound from the source. component to the destination component, This port can be changed if needed based on your environment s restrictions. For SaaS customers who need to whitelist outbound communication refer to the following Knowledge. Base article that lists up to date IP ranges that Workspace ONE currently owns https. support workspaceone com articles 115001662168, Ensure the Directory Sync Service and the Scheduler Service are running on the same server since they. write to and read from the same queues, The Content Gateway together with VMware Workspace ONE Content lets your end users securely. access content from an internal repository This means that your users can remotely access their. documentation financial documents board books and more directly from content repositories or internal. file shares As files are added or updated within your existing content repository the changes will. VMware Inc 13,Email Notification Service 2 ENS2, immediately be reflected in VMware Workspace ONE Content and users will only be granted access to. their approved files and folders based on the existing access control lists defined in your internal. repository Using the Content Gateway with VMware Workspace ONE Content allows you to provide. unmatched levels of access to your corporate content without sacrificing security. Configuration Key Type Configuration Value Description. ENSLinkAddress String Supported format Provide the address for the. https ens getboxer com api ens ENS2 system for your users to. Replace ens getboxer com with the resolved name or IP. provided by VMware based on your region,Sample link address. n For AMER https ens getboxer com api ens,n For APAC https ens apj getboxer com api ens. n For EMEA https ens eu getboxer com api ens, ENSAPIToken String Sample API Token API Token provided. eXaml3 AP1 by VMware AirWatch to,activate the ENS service. AccountNotifyPush Boolean False disable default Enables ENS for the account. True enable, EWSUrl String Supported Format Enables manual configuration. https external email server domain EWS Exchange asmx of Exchange Web Services. EWS endpoint when,Sample EWS URL,autodiscovery is disabled in. n https e mail com EWS Exchange asmx,your Exchange environment. n https seg dom com EWS Exchange asmx, The Email Notification Service ENS adds Apple Push Notification support to Exchange On iOS this. means the VMware Boxer email app can get notifications utilizing either Apple s background app refresh. or Apple Push Notification Service APNs technologies Background app refresh is used by default. however iOS attempts to balance the needs of all apps and the system itself This means that each app. may provide notifications at irregular periods using this method To provide notifications quickly and. consistently Apple also provides APNs This allows a remote server to send notifications to the user for. that application however Exchange does not natively support this ENS adds APNs support to your. deployment to allow quick and consistent notifications about new items in your end users email inboxes. table Elements,Requirement Notes, SSH access to Linux Servers and an admin Root permissions or sudo access with the same privileges as root required Once. account with full write permissions installation completes you can put restrictions into place for these account types. yum Enabled Enable to allow the installer to request and install any missing prerequisites. CentOS 7 x UI less recommended,SUSE 12 x Basic infrastructure type recommended. VMware Inc 14,Email Notification Service 2 ENS2,StatusChecklist Requirement Notes. Windows Server 2008 R2 or,Windows Server 2012 or,Windows Server 2012 R2. Install PowerShell on the server PowerShell version 3 0 is required if you are deploying the PowerShell. MEM direct model for email To check your version open PowerShell and run. the command PSVersionTable, Install NET Framework 4 6 2 The VMware Enterprise Systems Connector auto update feature will not. function correctly until your VMware Enterprise Systems Connector server is. updated to NET Framework 4 6 2 The VMware Enterprise Systems. Connector auto update feature will not update the NET Framework. automatically Please install NET 4 6 2 manually on the VMware Enterprise. Systems Connector server before performing an upgrade. StatusChecklist Requirement Notes, Ensure that you have remote Workspace ONE UEM recommends setting up Remote Desktop Connection. access to the servers that Manager for multiple server management you can download the installer. Workspace ONE UEM is from https www microsoft com en us download details aspx id 44989. installed on Typically installations are performed remotely over a web meeting or screen. share that a Workspace ONE UEM consultant provides Some customers. also provide Workspace ONE UEM with VPN credentials to directly access. the environment as well, Installation of Notepad Workspace ONE UEM recommends setting up Notepad. Recommended, Services accounts for Validate AD connectivity method using LDP exe tool See http. authentication to backend www computerperformance co uk ScriptsGuy ldp zip. systems LDAP BES PowerShell etc,Hard Disk Storage,VMware Inc 15.