In this walkthrough, we're going to show you how to demo NSX within the TestDrive demo environments.
Overview
- Enrolling Your Device to TestDrive
- Download the mPOS and VMware Tunnel applications
- Trigger a compliance violation by removing the passcode from the device
- Observe the user cannot access data within the mPOS app
- Add the passcode back to the device
- Observe the user can now see the data within mPOS since the device is now compliant
Before You Begin
In order to complete this demo please make sure you have the following:
- Ensure you have a valid account within the TestDrive demo environments. See instructions for signing up here if you do not yet have an account.
- Ensure you have turned on the Workspace ONE UEM (formerly VMware AirWatch) service for your TestDrive account.
Enrolling your Device to TestDrive
To get started, we need to enroll our iOS device to Workspace ONE UEM. First, navigate to the app store and download the AirWatch agent.
Once the agent is installed, launch the app.
We'll need to authenticate with our email address. Choose "Email Address".
Next, enter your TestDrive modified email.
If you're unsure what your TestDrive email address is, you can verify this in the TestDrive portal by following the steps below:
- Login to portal.vmtestdrive.com with your username and password
- Click on the dropdown next to Workspace ONE to view your credentials
- Here you will find your TestDrive email address
Next, select the demo from the drop-down. For this demo, select either Enterprise - Corporate Owned Demo or Enterprise - BYOD Demo.
Next, you'll need to enter your TestDrive username and password. The domain is not required, just the username as shown below.
Next, you'll walk through the enrollment screens to install the MDM Profile.
Once enrollment is complete you'll be directed back to the AirWatch agent with your device details.
Download the mPOS and VMware Tunnel Applications
Next, you'll notice apps installing on your device including Workspace ONE. Let the apps complete the installation. Next, you'll want to open Workspace ONE and SSO into the app.
You can confirm the SSO profile has been installed on your device by navigating to the settings on the device. Choose the General section and select the Device Management section.
Choose the name of the profile.
Click More Details
Here you will see the SSO payload under "Single Sign On Account". If you do not yet see this profile, you'll need to wait a few minutes for it to install. Once its installed you can SSO into the services.
If the mPOS app did not automatically install, follow the procedure below. Otherwise, you can skip ahead.
Return back to the apps and launch into Workspace ONE. In the Workspace ONE catalog, you'll see mPOS. Click to install mPOS.
For this demo we will need the VMware Tunnel app (pushes automatically) and mPOS app (on demand from the Workspace ONE catalog). Ensure both of these are installed on your device.
Trigger a compliance violation by removing the passcode from the device
For this demo, we'll be showing an internally developed app (mPOS) which will be able to be accessed when our device is compliant. We've tied compliance to the passcode on the device. If the device has a passcode configured it is compliant, if the device does not have a passcode it is noncompliant. When the passcode is removed from our device, the device will be marked as non-compliant and the mPOS will show access denied. We will then put a passcode back on the device and show we are now able to access the information within the mPOS app.
First, Navigate to the Workspace ONE UEM console and remove the compliance profile from the device. Open your browser and navigate to https://wsuem.vmtestdrive.com
Login with your TestDrive username and password. You can reset this password at any time at portal.vmtestdrive.com by selecting Login and Forgot Password if you are unsure of your password.
Once you're logged in, ensure you are using the World Wide Enterprises role by selecting your account in the top right.
Navigate to Device > List View and find your device in the list. Click on the name of your device in blue to open the device details page.
Next, we'll need to remove the passcode profile which is pushed from the console in order to remove the passcode from the device. Navigate to the Profiles page in the device details view.
Next, find the profile titled WWE - Passcode. Check the radio button in front of this profile.
Now, you'll see a Remove button at the top. Click Remove to remove the profile from your device.
Next, return to your device and select Settings > Touch ID & Passcode.
Turn the passcode off for your device.
Now return to the Workspace ONE UEM Console and perform a Query for your device.
Next, confirm on the Compliance page that your device is no longer compliant. You'll most likely get a push notification on your device.
Observe the user cannot access data within the mPOS app
Next, open the mPOS app and observe that no data is showing within the app.
Add the Passcode Back to the Device
Next, we will turn the passcode back on so the device becomes compliant again. Go to Settings > Touch ID & Passcode and turn back on your passcode.
Next, perform a Query for your device record in the console. You'll now see your device is compliant with the NSX policy again.
Observe the user can now see the data within mPOS since the device is now compliant
Next, return to the mPOS app on the device and click the refresh button in the top right. You may also need to restart your device. Now you'll observe the device has access to all the data within the app.
Walkthrough Summary
- Enrolling Your Device to TestDrive
- Download the mPOS and VMware Tunnel applications
- Trigger a compliance violation by removing the passcode from the device
- Observe the user cannot access data within the mPOS app
- Add the passcode back to the device
- Observe the user can now see the data within mPOS since the device is now compliant