You have the easy way and the hard way.
Easy way: OSX Lion Server ships with a "Profile Manager" section which offers the whole MDM process (with the SCEP stack). This service is made up of ruby scripts so you can peek to see how it's done.
Hard way: implement your Profile Manager (profile generation and management), implement your Push server, add the SCEP stack (and the LDAP or Active Directory if you need to) and pray for everything to works together.
I choose the easy way :)
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…