This document will guide you through rugged Android device management in TestDrive.
This walkthrough outlines rugged talking points and actions to get a rugged device from out-of-box to an Android Work Managed Device as expeditiously as possible, illustrating the speed and ease of rugged enrollment.
Demonstrating a common rugged use case, the enrolled the device will be provisioned with a passcode, a few apps, and locked down with the Launcher. The Launcher provides access to a few apps, but restricts access to the rest of the device. The device can be remotely assisted via Workspace ONE Assist.
- TestDrive Account needed. Sign up here.
- Environment: https://testdrive.awmdm.com
- Device: A supported Android rugged device, such as a Zebra TC5x series.
- OS Level: Android 7.0 and up is recommended (5.0 minimum).
- Administrator role: Device Administrator at Retail Holding Company
- Reference the relative guides:
Workspace ONE UEM is also the industry leading rugged management platform, providing not only management of popular consumer devices, but also a robust and core feature set for managing rugged devices. Workspace ONE UEM's Staging & Provisioning is the feature set.
Staging & Provisioning is the home of product provisioning and is where you to set up components, such as profiles, applications, and files/actions, which manage rugged devices. The components are bundled together in products, which are pushed to devices. These products follow a set of rules, schedules, and dependencies as guidelines for ensuring your devices remain up to date with the content they need.
Product provisioning features several staging methods of enrollment. Depending on the device type, you can perform device staging that quickly enrolls a device and downloads the AirWatch Agent, Wi-Fi profile, and any other important content. The methods of staging a device vary by platform.
Product Provisioning Overview
- Single pane of glass - Rugged management is included inside Workspace ONE UEM. There's no separate console. Multi-tenancy and roles based access can be utilized to securely isolate rugged device management as rugged management situations may not align with the typical mobile device world.
- Rapid deployment/staging - rapidly deploy tens to tens of thousands of devices all around the world - get the device out of the box and in production with minimal administrative overhead.
- Provision - Automatically update devices with new software and settings - periodically checking in with the relay server to see if it has new products to grab.
- Control - Monitor as well as troubleshoot and resolve issues for devices out in the field
- Support - Sophisticated remote control enables remote assistance
- Asset Management - Discover and track all devices in your enterprise.
Briefly review product provisioning from the Staging & Provisioning menu and Product Dashboard. Explain that products are simply management packages which contain device settings and apps.
- On the staging menu, admins can view a complete list of various staging profiles or create new ones.
- Five staging methods are supported: QR code, sideload, Zebra StageNow, RD client barcode, and on-demand.
- Side-loading doesn't require a relay server, saving organizational and IT resources.
- Barcode staging uses local relay server (FTP server), for file distribution over the cost-effective local network, to get devices from box to production ASAP.
Two staging enrollment methods are setup for you to enroll in TestDrive, QR and barcode. Both are outlined below. The preferred, simplest method is for Android is QR code, and is, thus, the focus.
First, provide a general overview of the staging profiles set up in staging. Drill into one profile, for example, stage-Android, and briefly review its configuration which contains the user credentials and agent type.
QR Code Enrollment
QR code enrollment is the simplest method to get an out of box device enrolled and is recommended for your demo. It's a universally supported Android enrollment method on Android 7.0+ devices.
QR code enrollment begins on the very first screen of a factory reset device. Follow these steps:
- Factory reset device.
- Tap the initial Android screen seven (7) times to initiate QR code enrollment.
- Connect to your local Wi-Fi.
- Allow the QR code app to update.
- Scan QR code.
The below QR code will enroll an Android device into the Warehouse > Retail Rugged Demo OG as user ruggeduser.
Enrollment Configuration Wizard
The Enrollment Configuration Wizard (Devices > Lifecycle > Staging > Configure Enrollment) is a staging wizard which guides the new rugged admin through the entire staging setup, taking the guesswork out of what's required to set up staging, freeing up time to get more devices into production.
In addition to dramatically simplifying the staging setup process, Configure Enrollment is also used to create QR codes, which is how the above QR code was created.
Creating a QR code is a simple process. By Selecting "Android" and following the wizard, you can quickly have a downloadable QR code.
Modern Zebra devices can also utilize Zebra's ServiceNow to enroll, an innovative Zebra service.
Both StageNow, and the older RD Client barcode scan, are supported enrollment methods in TestDrive.
Android 7.0 and up devices should have StageNow available in the firmware and the app looks like this:
- USB tethered devices can be rapidly deployed—in bulk—via sideload staging.
- Credentials and agent are pushed to the device for subsequent automatic enrollment. No user input. Devices are managed and ready to deploy.
Sideload staging is intended for very large deployments where bulk staging is a requirement. A Windows PC is required for this method.
Tether the device to your PC.
Manually setup the local Wi-Fi on your device.
Select the pre-configured stage-Android profile > More Actions > Sideload.
Generate the sideload staging package. Package will download. Extract the zip on your Windows desktop.
Follow instructions inside the download, running "stage.bat" command from your Windows desktop with your rugged Android device connected by USB. While the device undergoes auto-enrollment, go back to the console to discuss product components.
- The main profiles view contains a dashboard view device profiles to be used in product provisioning.
- Create and edit both staging and production profiles.
- Familiar workflow found in smartphone profile configuration.
- The AirWatch Launcher secures and locks down the rugged device.
- The Launcher has three configuration modes.
- Single app (kiosk)
- Multi-app (grid)(shown)
- Template mode - Fully customized, HTML5 WYSIWYG Launcher configuration
The production launcher profile is Warehouse - Launcher. It's copied as X Warehouse - Launcher for viewing and discussion aid. Donot make changes/Do not save it. Others depend on the "X" profiles to see configured functionality.
- Product provisioning allows you to upload applications to the console for distribution as part of a product.
Internal Applications silently push to the following devices: Zebra (MX), Concierge, Zebra (MX), Unitech, Getac, Honeywell, and Intemec.
Only Product Provisioning allows you to upload two versions of the same application as separate application items.
The AirWatch Android SDK can be used with your internal apps to provide extra layers of security.
Use the Add Application button to show the simple app upload process.
Apps are not assigned here, or in any component. Assignment happens with the product.
- A file/action is the combination of the files you want on a device and the actions you want performed on the device with the file.
- From the manage your repository of managed files, scripts, Windows Mobile CABs, OS updates….
- The file/action needs a manifest action to provide the product either installation or uninstallation instructions.
Use the viewable X Android Rugged - App Settings profile to show how a folder and file are placed on the device's file system. Be certain to not save the profile.
- Conditions enable you to set products to download and install on your device only when preset conditions are met. When enabled, conditions must be met on the device before performing a deployment action
- Affect profile, file, action, or app installation behavior, e.g., do not install an OS update unless the battery is greater than 50%
- Conditions are powerful and granular, especially when combined in multiples.
Use the pre-configured conditions prefixed with "X" to aid your discussion.
When configuring a condition, the available options are platform specific.
- The Product List is a view of the "products" or packages that ares set up containing the prior-configured components. Products manage all of the profiles, apps, files/actions, and applied conditions for the deployment.
- Automation is a core aspect of VMware AirWatch. IT policies are mirrored in the product, where a products' manifest, schedule, and conditions create a hands-free device management environment. With Workspace ONE UEM, IT resources don't spend their valuable time micro managing individual devices.
- Product assignment supports both organizational groups and smart groups. While organization groups are typically defined by geographical location, business unit, and department, smart groups provide admins the flexibility to deploy products by device platform, model, operating system, device tag, or user group.
Products are deployed via manifest actions and use device conditions for their deployment.
The Product List View is the rugged admin's dashboard into all product installation statuses.
Use any of the viewable "X" products, i.e., X Warehouse - Launcher, to discuss and illustrate the setup of each component within the product. Review manifest actions, conditions, as well as deployment options.
Deployment options are key. They set the timeframe a product is in effect as well as wether the product is deployed either automatically deployed or electively (on demand).
- Device provisions fully locked down as set by the admin in the launcher profile.
- Users only have access to what admins have allowed in the launcher profile, both apps and device settings.
- Administrative access is granted after the passcode (set in the launcher profile) is entered. Device can be remotely administered via ARM with no user intervention required.
- Template mode is the 100% customizable, WYSIWYG device layout configuration. Text boxes, images, apps, and branding are configured in the launcher template profile via admin's HTML 5 UI.
On the device mirror your demonstration with the aforementioned points made when discussing the admin setup of the X Warehouse - Launcher Android profile.
The begin admin access, exiting the Launcher, takes a few steps:
1. Swipe down on the screen and tap the dropdown arrow.
2. Tap "admin" and enter the passcode. Passcode = 1111
||Launcher admin access view
3. After entering the admin passcode, go back into the dropdown and tap exit.
The Launcher will then exit and you will have full device access. Explore the device as an admin, verifying apps and settings.
Supporting Rugged Devices
- Observe how easy it is to for admins to find a device and drill into its device record to see a comprehensive set of device details.
- Numerous device data samples are transmitted and captured in the console for reporting and troubleshooting.
- Lock device, send messages, clear passcode, find device, and view product status per device.
- VMware AirWatch has a friendly and familiar UI and UX for all device types, streamlining cross-training and reducing costs for consumer device admins to rugged admins and vice versa.
In the console, navigate the the device list view. Toggle your role to illustrate how admin roles and multi-tenancy can separate rugged from consumer devices.
Go back to Warehouse and drill into your device. Review each tab an briefly speak to the data captured on each.
Click the far right tab in the console to access the view of a device's products. Here's were you can view the list of products assigned and their status for a device.
Another key admin view for devices is the troubleshooting tab. Here admins can quickly troubleshoot device command status and device events.
Workspace ONE Assist
- Best of breed remote management for rugged.
- Full HTML 5 remote control solution. No Java.
- Latency-free responses over 3G for rural deployments.
- File manager for browsing, removing, and adding files.
- Remote admin can run a local command line
Please refer to docs.vmware.com forWorkspace ONE Assist product information.
Workspace ONE Assist is supported throughout testdrive.awmdm.com. For OEM devices that require Assist service apps, the Assist service app is set up via Product Provisioning as a manual deployment in the rugged demo OG. Push the proper one to your device before attempting Assist.
If you aren't able to live demo Assist, please use this rugged demo video showing enrollment, provisioning, launcher, and about two minutes of real time Assist (3:35m runtime).
Select your device from device list view and drill into device details.
Select Remote Assist...then chose the Assist function Share Screen.
The Assist session will initiate. Accept Terms on the device.
In the Assist console, obtain the Assist PIN code and enter it on the device.
To remote control the device screen, go to Remote Interaction > Remote Control.
As a privacy measure, the device user must accept remote control.
After accepting remote control on the device, the admin will have full device control.
On the right-hand side, review Device Summary. Hover over the device summary pane on the right and then scroll up and down to show available quick reference information.
At the bottom of device summary, review More Details.
More Details is where a wealth of information plus granular control functions are located. It's not just informational. Device information, application list, and display capture session logs are major menus within.
Application List View:
Close More Details and review Annotating, the powerful visual support and training tool.
Review Manage Files function via the the top tab bar.
Rename, add/delete files and folders, and search.