An MDM Server is a ZENworks Primary Server with an MDM role, that acts as a gateway server and is the sole access point for managing mobile devices. To ensure that the ZENworks Server and the enrolled mobile devices can communicate with each other at all times, an MDM role must be assigned to at least one Primary Server in the zone. Apart from allowing devices to contact ZENworks, MDM Servers allow ZENworks to establish outbound connections to perform activities such as contact the push notification server to send relevant notifications to devices and manage VPP subscriptions. If the outbound connection is initiated from ZENworks Control Center (ZCC) whose ZENworks Server does not have outbound access, then this server will route these requests through one of the MDM Servers.
NOTE:If there are multiple MDM Servers in the zone, all these would be used for outbound connections, but inbound connections will be limited to those servers to which devices have enrolled.
Typically, MDM Servers must reside in the DMZ thereby allowing mobile devices to make inbound connections even when they are outside the firewall. Like other external-facing servers, the ZENworks MDM Server faces the Internet from within the DMZ. This lets the enterprise firewall protect the MDM Server from external attacks.