In order to implement the SEG (V2 Platform) for your email architecture, you must first configure the SEG (V2 Platform) related settings on the AirWatch Console. Only after you configure the settings, you are provided with a link to download the SEG installer.

 

Procedure

  1. In the AirWatch Console, navigate to Email > Settings and select Configure. The Add Email Configuration wizard displays.
  2. In the Platform tab of the wizard:
    • Select Proxy as the Deployment Model.
    • Select V2 as the Gateway Platform.
    • Select the Email Type.
    • Select the Exchange Version and then select Next.
  3. Configure the basic settings in the Deployment tab of the wizard and then select Next.

    Setting Description
    Friendly Name

    Enter a friendly name for the SEG deployment.

    This name gets displayed on the MEM dashboard.

    External URL and Port

    Enter the external URL and the port number to which AirWatch sends policy updates in the form https://<external seg url>:<external port>

    Listener Port

    Enter the web listener port for SEG. By default, the port number is 443.

    The SSL certificate is bound to this port if SSL is enabled for SEG.

    Terminate SSL on SEG

    Select Enable if you want the SSL certificate to be served from the SEG instead of offloading on a web application firewall.

    Enabling SSL for SEG binds the SSL certificate to the listener port.

    Upload Locally

    Select to upload the SSL certificate locally during installation.

    SEG Server SSL Certificate

    Select Upload to add the certificate.

    The SSL certificate can be automatically installed instead of providing it locally. This is useful for larger SEG deployments.

    Email Server URL and Port

    Enter the Exchange server URL and the port number in the form https://<email server url>:<email server port>

    This is the Exchange URL to which SEG proxies email requests to Exchange.

    Ignore SSL Errors between SEG and email server Select Enable to ignore the Secure Socket Layer (SSL) certificate errors between the email server and SEG server.
    Ignore SSL Errors between SEG and AirWatch server

    Select Enable to ignore Secure Socket Layer (SSL) certificate errors between the AirWatch server and SEG server.

    Establish a strong SSL trust between AirWatch and SEG server using valid certificates.

    Allow email flow if no policies are present on SEG

    Select Enable to allow the email traffic if SEG is unable to load the device policies from the AirWatch API. By default, SEG blocks email requests if no policies are locally present.

    Enable Clustering

    Select Enable to enable clustering of SEG servers.

    When clustering is enabled, single policy updates are distributed to all the SEGs. These updates include enrollment, profile updates, and compliance changes processed by AirWatch. The SEG servers maintain these policies in a distributed cache that is shared by all SEGs in a cluster. Bulk policy updates are distributed to not just one SEG but to all the SEGs in the cluster. These SEGs communicate with each other through the SEG clustering port.

    SEG Cluster Hosts Add the IPs or hostnames of each server in the SEG cluster.
    SEG Cluster Distributed Cache Port Enter the port number for SEG to communicate to the distributed cache.
    SEG Clustering Port Enter the port number for SEG to communicate to the other SEGs in the cluster.
  4. On the Profile tab of the wizard, select Next. For SEG, there is no action required on the Profiles tab.
  5. On the MEM Config Summary tab of the wizard, review the basic configuration that you have just created for the SEG deployment and select Finish to save the settings.
  6. Select the link that appears under the SEG Proxy Settings to download the SEG installer.

The MEM Configuration screen shows options such as Edit, Advanced, and Test Connection. These options allow you to edit your configuration, configure advanced settings, and test the connectivity between SEG, Web, and the AirWatch API servers.

Configure Advanced Settings for V2 Platform

You can configure the additional settings that you require for your SEG (V2 Platform) such as diagnostics, enabling compliance sync, transactions, and sizing with the Advanced option.

The following table lists the advanced settings:

Setting Description
Use Recommended Settings By default, the Use Recommended Settings check box is enabled to capture all SEG traffic information from devices. Otherwise, specify what information and how frequently the SEG should log for devices.
Enable Real-time Compliance Sync Enable this option to let the AirWatch Console remotely provision compliance policies to the SEG proxy server.
Required transactions Enable or disable the required transactions such as Settings, Provisions and so on.
Optional transactions Enable or disable the optional transactions such as Get attachment, Search, Move Items and so on.
Diagnostic Set the number and frequency of transaction for a device.
Sizing

Set the frequency of SEG and API server interaction.

Use Delta Sync for policy updates as it minimizes the amount of data sent to SEG, thereby improving the performance. Delta sync is refreshed at a default time interval of ten minutes to ensure that SEG has an updated policy set. This interval is useful when multiple SEGs are in use, as it is a maximum of ten minutes where SEG is out of sync with the AirWatch Console.

S/MIME Options Enable this option to exempt the encryption of attachments and transformation of hyperlinks through SEG for emails signed with S/MIME certificates.
Block Attachments Block or allow the attachments when SEG fails to communicate with AirWatch or when the local policy set is empty.
Default Message for Blocked Attachments Configure the message that is displayed to end users when SEG blocks attachments.