This hasn’t been asked in a while, and I really loved reading the last discussion so I’m hoping to kick it off again and see what has changed!
What I’d like to know is:
- What specific products do you wish you could host on your own infrastructure, but the product does not offer such a deployment method
- Do you or would you use the product without being able to self-host? I.E. In its current state
- Do you think your employer, if any, holds the same opinions?
Any MDM solution. All self-hosted options that were available (onemdm, flyve) are dead. I’m my own employer, so we definitely agree everything should be self-hosted :)
What does MDM stand for?
Any priority features of the MDM and how many devices managed total?
I own a small business, 20-30 devices only. But they’re a mix of all possible platforms (Windows, MacOS, Android, iOS). Would like to force disk encryption, strong password policy, automatically install/update/configure corporate VPN/mail/etc., prevent use of blacklisted programs, remote wipe of lost/stolen/otherwise compromised devices. I know it’s not feasible with any selfhosted solution, sadly.
Sadly, there will never be a truly self-hosted solution given how the devices in question rely on Google, Samsung, Microsoft or Apple servers to be active and available on initial enrollment. The control plane can be on-prem, but the actual enforcement is done through built-in management APIs that depend on external services.
That said, I created my own zero-cost MDM solution by leveraging Android Enterprise APIs along with Samsung Knox. There’s no pretty UI though - everything is done through API calls using Postman. Enrollment is achieved by scanning a QR code on the device’s first boot. I’m managing ~450 Samsung tablets and a dozen mobile phones using this approach.
hmm, for Apple a MDM Push certificate is the link between the two, for Google the managed play store, neither of these have a “requirement” for a SaaS solution.
both of these are just to connect the device to the MDM platform via a “managment profile” (waves hands), the settings and enforcement is all on the MDM platform.
A very long time ago (the days of the 3G) I had an internal web server that hosted iPhone configuration profiles, it was very (very) “basic”
Granted this is only for Apple (and with a last commit in 2022 might be dead) but is useful for showing what part connects where to do what.
What about Connectwise Automate (formerly Labtech)?
I agree. Literally, everything.
I’m looking into ManageEngine MDM Pro. It only runs on windows tho :-/
I use the self hosted ManageEngine MDM at work and really like it
That’s great. My only complaint is it only runs on windows, but oh well. I’m assuming you guys are using Windows server?