Production MDM server setup

Prerequisites

  • Ubuntu 22.04 LTS server (for testing, a virtual machine having 4 Gb RAM, 2xCPU, 20 Gb SSD is recommended) Hardware requirements for production
  • Public IP (IPv4) address
  • SSH access
  • Domain name bound to the public address (we used build.h-mdm.com)
  • Opened ports
  • Direct access to the Internet (at least during the installation)

The setup should be done as root.

At a glance

In this video, we set up a server from the very beginning (creating a VM).

1. Install required software

apt update
apt install -y aapt tomcat9 postgresql vim certbot unzip net-tools

Notice: The version of Tomcat 9 installed by apt in Ubuntu 20.04 (9.0.31) has a HTTPS-related bug, and Headwind MDM doesn’t work properly with HTTPS. Headwind MDM installer will automatically upgrade Tomcat to the minimal required version – do not skip this step.

2. Setup the database

su - postgres
psql
postgres=# CREATE USER hmdm WITH PASSWORD 'topsecret';
postgres=# CREATE DATABASE hmdm WITH OWNER=hmdm;
postgres=# \q
exit

Notice: you may wish to use your own password for better security. Remember it and use at step 4 when running a Headwind MDM installation script.

3. Download and unzip the binary installer

Notice: get the URL of the latest web installer version on the “Download” page.

wget https://h-mdm.com/files/hmdm-5.23-install-ubuntu.zip
unzip hmdm-5.23-install-ubuntu.zip
cd hmdm-install/

Alternative: build Headwind MDM

git clone https://github.com/h-mdm/hmdm-server.git
cd hmdm-server/
apt install -y maven
cp server/build.properties.example server/build.properties
mvn install

4. Install Headwind MDM

To start installation, run the console command:

./hmdm_install.sh

We recommend to confirm suggested answers to the installer questions (install required software, Tomcat upgrade, etc.).

Headwind MDM installation screen 1

Important: on Tomcat 9, you need to use a subdirectory of the “Tomcat sandbox” (/var/lib/tomcat9) for storing files, because Tomcat has no permission to write files outside the sandbox. Scripts and other files unrelated to Tomcat are placed to /opt/hmdm by default.

Headwind MDM installation screen 2

Headwind MDM installation screen 3

After this step, you can already check that Headwind MDM web panel can be opened by opening http://build.h-mdm.com:8080 in a web browser.

If you’re getting an error “Failed to deploy WAR file”, just restart the installer script.

Further, installer configures HTTPS via LetsEncrypt (a free HTTPS certificate engine), setups regular certificate renewal, and downloads required APK files. We recommend answering “YES” to all installer steps.

Headwind MDM installation screen 4

LetsEncrypt will ask you to enter your email. You can safely share your email because LetsEncrypt never sends any spam. After agreeing with terms and conditions (required), disable sending email to you by answering “NO”.

Headwind MDM installation screen 5

5. Validate the installation

Make sure the administrator panel is working. https://build.h-mdm.com should open the web panel.

The default login and password is admin:admin (you will be prompted to change the password – choose a strong one!)

If you got any issues while installing Headwind MDM, you need to look into Tomcat logs to diagnose the problem. Tomcat 9 writes its logs to the system log of Linux:

journalctl -u tomcat9.service

Make a backup of your XML configuration file!

There is a bug in Tomcat 9 which causes occasional removal of the XML configuration after updating the WAR file. To avoid the server fault after upgrading, we strongly recommend to make a backup.

cp /var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml /var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml~

6. Enroll devices

Open the Devices section and click the QR code icon.

If you see the QR code, Headwind MDM installation is completed, congratulations!

What’s next?

You may proceed with the device enrollment. To enroll the device, follow this instruction or watch the video manual.