A Caching Service-like Functionality for Apple Push Notification Service
| Originator: | broccardo | ||
| Number: | rdar://28608894 | Date Originated: | 04-Oct-2016 |
| Status: | Open | Resolved: | |
| Product: | Server.app | Product Version: | |
| Classification: | Feature Request | Reproducible: |
Summary: MDMs have become a large and integral part of deploying Macs at scale. When the ability of MDM servers and clients to properly communicate with the Apple Push Notification Service (APNS) is compromised — APNS is having availability issues or the clients are on a restricted VLAN that can not reach the world at large — the functionality of MDM and using it for deployment and management takes a negative impact. Ideally organizations could alleviate this shortcoming and augment APNS with a more robust infrastructure by having the ability to run a version of APNS locally on their own network. This local service (referred to here as Local Apple Push Notification Service [LAPNS]) would be an available service in Server.app and function administratively something like the Caching service. Clients do not need to be directed to use the Caching service, rather they inherently trust it if one is detected on their network. LAPNS could work much in the same way: when APNS can not be reached across the internet, clients would look to their local network for a LAPNS and take instructions from it. Ideally the LAPNS service would have some form of trust that was administratively set. Perhaps the APNS would be trusted via a copy of the Push Notification certificate or maybe by authenticating to an Apple.com service using the same credentials used to obtain the Push Notification certificate used on the MDM server. But once this trust was set, the LAPNS service would no longer need to communicate with APNS on a regular basis and could serve as a stand alone service if needed. In this way, administrators could trust that configuration being deployed from their MDMs should properly reach client machines on their own network because push notification service will have multiple channels of communication, rather than a single stream that is dependent on worldwide availability. Steps to Reproduce: Not Applicable Expected Results: When clients can not reach the APNS across the internet, they would have a local service that could provide needed push notification from their trusted MDM server.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!