In order to implement the SEG (V2 Platform) for your email architecture, first configure the SEG (V2 Platform) related settings on the UEM console. Only after you configure the settings, you are provided with a link to download the SEG installer.
- In the UEM console, navigate to Email > Settings and select Configure. The Add Email Configuration wizard displays.
- In the Platform tab of the wizard:
- Select Proxy as the Deployment Model.
- Select V2 as the Gateway Platform.
- Select the Email Type.
- Select the Exchange Version and then select Next.
Configure the basic settings in the Deployment tab of the wizard and then select Next.
Enter a friendly name for the SEG deployment.
This name gets displayed on the MEM dashboard.
|External URL and Port||
Enter the external URL and the port number to which Workspace ONE UEM sends policy updates in the form https://<external seg url>:<external port>
Enter the web listener port for SEG. By default, the port number is 443.
The SSL certificate is bound to this port if SSL is enabled for SEG.
|Terminate SSL on SEG||
Select Enable to bind the SSL certificate to the port.
Select to upload the SSL certificate locally during installation.
|SEG Server SSL Certificate||
Select Upload to add the certificate.
The SSL certificate can be automatically installed instead of providing it locally. This is useful for larger SEG deployments
|Email Server URL and Port||
Enter the Exchange server URL and the port number in the form https://<email server url>:<email server port>
This is the Exchange URL to which SEG proxies email requests to Exchange.
|Ignore SSL Errors between SEG and email server||Select Enable to ignore the Secure Socket Layer (SSL) certificate errors between the email server and SEG server.|
|Ignore SSL Errors between SEG and AirWatch server||
Select Enable to ignore Secure Socket Layer (SSL) certificate errors between the Workspace ONE UEM server and SEG server.
Establish a strong SSL trust between Workspace ONE UEM and SEG server using valid certificates.
|Allow email flow if no policies are present on SEG||
Select Enable to allow the email traffic if SEG is unable to load the device policies from the Workspace ONE UEM API. By default, SEG blocks email requests if no policies are locally present.
Select Enable to enable clustering of SEG servers.
When clustering is enabled, single policy updates are distributed to all the SEGs. These updates include enrollment, profile updates, and compliance changes processed by AirWatch. The SEG servers maintain these policies in a distributed cache that is shared by all SEGs in a cluster. Bulk policy updates are distributed to not just one SEG but to all the SEGs in the cluster. These SEGs communicate with each other through the SEG clustering port.
|SEG Cluster Hosts||Add the IPs or hostnames of each server in the SEG cluster.|
|SEG Cluster Distributed Cache Port||Enter the port number for SEG to communicate to the distributed cache.|
|SEG Clustering Port||Enter the port number for SEG to communicate to the other SEGs in the cluster.|
The MEM Configuration screen shows options such as Edit, Advanced, and Test Connection. These options allow you to edit your configuration, configure advanced settings, and test the connectivity between SEG, Web, and the Workspace ONE UEM API servers.
Configure Advanced Settings
You can configure the additional settings that you require for your SEG (V2 Platform) such as diagnostics, enabling compliance sync, transactions, and sizing with the Advanced option.
The following table lists the advanced settings:
|Use Recommended Settings||By default, the Use Recommended Settings check box is enabled to capture all SEG traffic information from devices. Otherwise, specify what information and how frequently the SEG should log for devices.|
|Enable Real-time Compliance Sync||Enable this option to let the UEM console remotely provision compliance policies to the SEG proxy server.|
|Required transactions||Enable or disable the required transactions such as Settings, Provisions and so on.|
|Optional transactions||Enable or disable the optional transactions such as Get attachment, Search, Move Items and so on.|
|Diagnostic||Set the number and frequency of transaction for a device.|
Set the frequency of SEG and API server interaction.
Use Delta Sync for policy updates as it minimizes the amount of data sent to SEG, thereby improving the performance. Delta sync is refreshed at a default time interval of ten minutes to ensure that SEG has an updated policy set. This interval is useful when multiple SEGs are in use, as it is a maximum of ten minutes where SEG is out of sync with the UEM console.
|Skip Attachment & Hyperlink transformations for S/MIME signed emails||
Enable to exempt the encryption of attachments and transformation of hyperlinks through SEG for emails that are signed with S/MIME certificates.
|Enable S/MIME repository lookup||
Enable to allow the automatic look up of the S/MIME certificate managed in a hosted LDAP directory.
You must configure the S/MIME lookup settings before you begin the SEG installation.
|LDAP URL||Enter your LDAP server URL.|
|Authentication Type||Select Anonymous or Basic authentication. In case of Basic authentication, enter the User Name and Password.|
Enter the name of the LDAP attribute corresponding to the S/MIME certificate on the email recipient object.
For example, userCertificate; binary
|Block Attachments||Block or allow the attachments when SEG fails to communicate with Workspace ONE UEM or when the local policy set is empty.|
|Default Message for Blocked Attachments||Configure the message that is displayed to end users when SEG blocks attachments.|