Intro to APNs in macOS Server
Apple devices learn of updates. When you set up Profile Manager and use the Apple Push Notification service (APNs), it maintains a simple connection with the device.
To make a secure connection between macOS Server and the clients, you need a transport encryption certificate installed on the server and ready for use. Apple provides a transport encryption certificate when you provide an Apple ID and password in the push notification settings window.
APNs:
Provides notification for Profile Manager. macOS Server can’t host push notifications for third-party iOS apps.
Supports iOS 4.0 or later and OS X v10.7 or later.
Must be running on the same OS version as every service using it, even if the services aren’t running on the same server.
Requires you allow network traffic from the devices to Apple’s network (from a 17.x.x.x IP address) on port 5223, with a fallback option of port 443.
Only contacts devices with new data, and only as needed.
For information about other apps and services that support push notification, see Push Notification Server and supported apps and Ports used by Profile Manager in macOS Server.