Parallels Mac Management Update: SCCM Branch Version 1802 will Force PKI Compliance for Users

0
Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someonePrint this pagePin on PinterestShare on TumblrBuffer this pageShare on RedditShare on StumbleUpon

As you know, Microsoft SCCM is updated periodically with what Microsoft calls branch versions. Since the first branch version, 1511, Parallels® Mac Management for Microsoft® SCCM has not had any down time due to Microsoft’s changes.  Jason Sandys, a Microsoft MVP and friend of Parallels, recently tweeted about the latest branch version—1802—and some rather big changes.  

 

Branch version 1802 “require an HTTPS enabled MP” —which means PKI. While Parallels Mac Management doesn’t require PKI (or rather, didn’t), up to branch version 1710 it was optional. Many of our customers picked PMM for this reason—it didn’t force a PKI project just to manage Mac devices. Those days are over. Our current customers will need to add PKI/HTTPS and configure certificates for Parallels Mac Management if they elect to upgrade to branch version 1802. Here’s Microsoft’s “What’s New in Version 1802” information:

 

 docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1802

 

Improved support for CNG certificates

Configuration Manager (current branch) version 1710 supports Cryptography: Next Generation (CNG) certificates. Version 1710 limits support to client certificates in several scenarios.

Starting in this release (1802 – added by editor), use CNG certificates for the following HTTPS-enabled server roles:

  •  Management point
  •  Distribution point
  •  Software update point
  •  State migration point

 

What does this mean for Parallels?

  • Actually, not much. We work either side of PKI—with it or without it, up to branch version 1710. If you’re going to camp out on 1710 for a while, Parallels will be here for you pre-HTTPS/PKI.

 

What does this mean for Parallels Mac Management customers?

  •  Now that you have branch version 1802/HTTPS/PKI, you will need to re-run the Parallels Proxy Configuration Utility and import in two certificates that you will build—one for the server and another for the client—then complete the proxy setup. Now Parallels Mac Management is using your certs for PKI.

Here’s how PKI is integrated for managing Mac devices in Parallels Mac Management:

Parallels Mac Management v6.1 Administrator’s Guide

Integrating Parallels Mac Management with PKI …………………………………………………….27

PKI Integration Overview …………………………………………………………………………………… 27

What This Section Does Not Cover …………………………………………………………………….. 28

Creating Certificate Templates for Parallels Proxy and Mac Computers……………. 28

Creating a Security Group …………………………………………………………………………………. 30

Handling Expired Certificates……………………………………………………………………………… 30

If you run into issues or need assistance, pass along screenshots and a set of Problem Reports from the proxy server, then submit tickets via email support on Parallels.com under Support/Parallels Mac Management for Microsoft SCCM.

Danny Knox is a Senior Sales Engineer for Cross Platform Sales with Parallels Software.