I want to setup all my devices as COPE. WSO2 EMM setup is complete and working fine. Only thing is left is to sign the system service application with the firmware key. I am using Google devices only (Android one, Motorola G2). From where I can find the key and password to sign the application.
Is there any other alternative way to get the application signed?
As per documentation, "Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor."
But I am not able to find the device firmware signing key.
Any guidance will be really helpful.
There are couple of COPE enrollment types WSO2 IoT server supports,
1. Device owner mode
2. Kioski mode
3. System application
The first 2 options can be used with any out of the box Android device. However system app is targetted towards original equipment manufacturers(OEM) who builds Android devices and maintain their own Android versions. This mean they maintain a version of Android OS image and does the installation to some customer device. If you are an OEM, you should have these keys with you. If you are not an OEM and still needs to use out of the box devices such as Motorola or Samsung to install system app, you need to form a partnerships with those vendors to get the sign the system service app. Unless you need to perform operations such as reboot or firmware upgrade. You do not need systrm service app. In that case i would recommend you to go for option 1 or 2. What are the features that you are looking at? Also it is best to seek wso2 professinal services if thats an option for you https://wso2.com/contact/
Related
For a cross platform app that's on Windows and macOS, should this use the same Google OAuth 2.0 client ID for both platforms, or separate IDs?
The Google docs state that each platform should have its own client ID, but there's no specific platform selection for Windows and macOS, just "Desktop" - while there are specific platforms for e.g. iOS and Android. This leads me to believe they consider all desktop platforms as one.
You can consider all desktop operating systems as one in this context as they offer the same capabilities w.r.t. how they can use a browser to complete an authorization flow. gcloud, for example, also uses the same client ID across all OS.
I want to install System Service application, But In WSO2 documentation, It has written that I need to sign the application via Device Firmware Signing key.
What is the meaning of this line [Device Firmware Signing key] and also how to get the System application signed by Device Vendor?
Can't Understand how to install this System Service Application.
Good day
Ime looking to bring the EMM onboard in our already successful WSO2 environment but just need some help.
1) The latest EMM (2.0.0) seem to not be able to restrict/enforce the applications a device is allowed to have installed. I want to have only white listed apps installed on a device. Is this possible?
2) If a policy disables functionality e.g. the camera, all the user has to do is click on the app, deregister from EMM and bypass the policy as needed. After the user is done he/she can just register again. This does introduce the risk of a user installing unwanted software on a COPE device thus compromising the device.
3) If you have a COPE device registered and the user uninstalls the EMM app, do you loose all the monitoring functionality and control?
Thanks in advance for you assistance. :-)
Please see the answers in line.
1) That whitelisting and blacklisting part is still in progress. With a future release you should be able to block the Google play app, Apple app store app etc. and enforce only the whitelisted apps to your devices.
2) Yes that is where the monitoring helps. It needs to track whether the user has removed the app or not. Anyway if you have policies created in advance and assigned it to roles with enforce selection even after they enroll again it should get pushed back to that device.
3) Yes it is. Specially in Andorid it rely on this agent app. Other platforms like iOS will have the OS based MDM capability where this will not have any effect. Anyway Android is also going towards the same profile concept in newer Android versions. Apparently we are going to support them in a future release. For the existing versions that is how Android has provided the APIs.
I found two products open sourced in Github called MDM and EMM of WSO2
I didn't get completely what is the difference btw both of them.
WSO2 EMM is a unique mobile solution that is open source, user-friendly and distributed under the Apache Software License v2.0. WSO2 EMM includes two key aspects: Mobile Device Management (MDM) and Mobile Application Management (MAM). EMM enables organizations to secure, manage and monitor Android and iOS powered devices (e.g., smart phones, ipod touch devices and tablet PCs), irrespective of the mobile operator, service provider, or the organization. In addition, EMM also enables organizations to manage mobile application (app) life cycles via the Publisher, distribute mobile apps to users registered with EMM via the Store, and manage mobile apps (i.e., install and uninstall in bulk, blacklist, and more) via the EMM Console. EMM, maintains a compliance monitoring process to detect devices that are non-compliant to the assigned policy. In addition, EMM supports SSO and multi-tenancy.
Documentation - https://docs.wso2.com/display/EMM110/WSO2+Enterprise+Mobility+Manager
Features - http://wso2.com/products/enterprise-mobility-manager/
Enterprise Mobility Management (EMM) is the term for the comprehensive security and enablement platforms that are evolving specifically for mobility. Mobile Device Management (MDM) is one of the facets within a complete EMM solution, providing a broader set of tools for IT. These include the ability to require a PIN lock, identify and exclude jailbroken or hacked devices, and the power to remotely lock the device in case of loss. While today’s EMM products feature more granular and less intrusive controls, MDM features remain an important foundational piece of mobile enablement.
WSO2 MDM is of products which was in the 1st release (1.0.0) of WSO2 Enterprise Mobility Manager suite. MDM was targeted for managing Enterprise mobile devices (iOS & Android). Its other component is MAM which is targeted for managing Enterprise mobile applications. You can find that component in github. However in the latest release of WSO2 Mobility suite, MDM & MAM components were merged into a single product called EMM. It contains the bug fixes & some improvements also.
I would like to deploy an Application using XenApp on a linux server. Is it possible to do this via virtual box on a remote linux machine?
So far I have installed virtual box on a centos based linux machine.
I installed a Windows 2008 R2 Server virtual machine.
I then tried to install XenApp on the windows 2008 server.
After updating the windows 2008 server with the latest stuff and adding .net 3.5 and sql server express I got XenApp installed.
I am stuck at the point of deploying the Single Sign-On service. It wants a "UNC path to the central store of the citricl signle sign on". Does anyone know how to set that up?
I don't have a domain controller, nor do I have active directory installed. Do I need those things? I was really hoping to avoid that.
What does XenApp require? I kind of figured it would be plug and play but it doesn't appear that way and the installation instructions are very vague about system requirements.
Thanks
Single Sign-On is not required for XenApp.
From the documentation
Citrix Single Sign-on (formerly Citrix Password Manager) provides password security and single sign-on access to Windows, Web, and terminal emulator applications running in the Citrix environment as well as applications running on the desktop. Users authenticate once and Single Sign-on does the rest, automatically logging on to password-protected information systems, enforcing password policies, monitoring all password-related events, and even automating user tasks, including password changes.
Basically: SSO needs a place to put the Central Password Store.
Just give it a path to a network share that all XenApp servers can access. If you're using a single machine; create a local network share and point to it using UNC
\\localhost\SSO_Store