Android - Rugged Management

This document will guide you through rugged Android device management in TestDrive. 

This walkthrough outlines rugged talking points and actions to get a rugged device from out-of-box to an Android Work Managed Device as expeditiously as possible, illustrating the speed and ease of rugged enrollment. 

Demonstrating a typical rugged use case, the rugged Android device will be provisioned with passcode, apps, and locked down with the Launcher app, restricting the user's access to a few apps.  Additionally, from the admin perspective, support and Advanced Remote Management are covered.

Walkthrough Summary

Prep

Introduction

Workspace ONE UEM is also the industry leading rugged management platform, providing not only management of popular consumer devices, but also a robust and core feature set for managing rugged devices.  Workspace ONE UEM's Staging & Provisioning is the feature set.

Staging & Provisioning is the home of product provisioning and is where you to set up components, such as profiles, applications, and files/actions, which manage rugged devices.  The components are bundled together in products, which are pushed to devices.  These products follow a set of rules, schedules, and dependencies as guidelines for ensuring your devices remain up to date with the content they need.  

Product provisioning features several staging methods of enrollment. Depending on the device type, you can perform device staging that quickly enrolls a device and downloads the AirWatch Agent, Wi-Fi profile, and any other important content. The methods of staging a device vary by platform.

Product Provisioning Overview

Talking Points

  • Single pane of glass - Rugged management is included inside Workspace ONE UEM.  There's no separate console.  Multi-tenancy and roles based access can be utilized to securely isolate rugged device management as rugged management situations may not align with the typical mobile device world.
  • Rapid deployment/staging - rapidly deploy tens to tens of thousands of devices all around the world - get the device out of the box and in production with minimal administrative overhead.   
  • Provision - Automatically update devices with new software and settings - periodically checking in with the relay server to see if it has new products to grab.
  • Control - Monitor as well as troubleshoot and resolve issues for devices out in the field
  • Support - Sophisticated remote control enables remote assistance
  • Asset Management - Discover and track all devices in your enterprise.

Briefly review product provisioning from the Staging & Provisioning menu and Product Dashboard. Explain that products are simply management packages which contain device settings and apps.

Device Staging

Talking Points

  • On the staging menu, admins can view a complete list of various staging profiles or create new ones.
  • Five staging methods are supported: QR code, sideload, Zebra StageNow, RD client barcode, and on-demand.  
  • Side-loading doesn't require a relay server, saving organizational and IT resources.  
  • Barcode staging uses local relay server (FTP server), for file distribution over the cost-effective local network, to get devices from box to production ASAP. 

Two staging enrollment methods are setup for you to enroll in TestDrive, QR and barcode. Both are outlined below.

First, provide a general overview of the staging profiles set up in staging.  Drill into one profile, for example, stage-Android, and briefly review its configuration which contains the user credentials and agent type.

Screen_Shot_2018-09-10_at_12.48.16_PM.png

Configuration Wizard (optional)

If needed in your discussion, review the Configure Enrollment staging wizard which guides the new rugged admin through the entire staging setup.  The wizard is not used in this demo because staging is already configured.

confgenroll.png

QR Code Enrollment

QR code enrollment is the simplest method to get an out of box device enrolled and is recommended for your demo.  It's a universally supported Android enrollment method, however Android 7.0+ is required. 

QR code enrollment beings on the very first screen of a factory reset device.

  1. Factory reset device.
  2. Tap the initial Android screen seven (7) times to initiate QR code enrollment.
  3. Enter Wi-Fi.
  4. Scan QR code after scan app is enabled. 

The below QR code will enroll a rugged Android device into the Warehouse > Retail Rugged Demo OG. 

QR Code Creation

A web-based QR code generator can be used to build a QR code for rugged enrollment.  Simply use the below, substituting <bracketed> items for your values, and paste into in the generator:

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":
"com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":
"6kyqxDOjgS30jvQuzh4uvHPk-0bmAD-1QU7vtW7i_o8=\n",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":
"https://awagent.com/mobileenrollment/airwatchagent.apk",
"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"serverurl": "<AirWatch Server URL>",
"gid": "<Group ID>",
"un": "<Username>",
"pw": "<Password>"
} 

 

ServiceNow Enrollment

Modern Zebra devices use Zebra's ServiceNow to enroll, a proprietary Zebra service. 

stagenow.png

Both StageNow, and the older RD Client barcode scan, are supported enrollment methods in TestDrive.

Android 7.0 and up devices should have StageNow available in the firmware and the app looks like this:

Screen_Shot_2018-09-10_at_3.35.33_PM.png

Sideload Staging

Talking Points

  • USB tethered devices can be rapidly deployed—in bulk—via sideload staging. 
  • Credentials and agent are pushed to the device for subsequent automatic enrollment.  No user input.  Devices are managed and ready to deploy.

Sideload staging is intended for very large deployments where bulk staging is a requirement.  A Windows PC is required for this method.

Tether the device to your PC.

Manually setup the local Wi-Fi on your device.  

Select the pre-configured stage-Android profile > More Actions > Sideload.  

sideload.png

Generate the sideload staging package.  Package will download.  Extract the zip on your Windows desktop.

Follow instructions inside the download, running "stage.bat" command from your Windows desktop with your rugged Android device connected by USB.  While the device undergoes auto-enrollment, go back to the console to discuss product components.

Components

Profiles

Talking Points

  • The main profiles view contains a dashboard view device profiles to be used in product provisioning.
  • Create and edit both staging and production profiles.
  • Familiar workflow found in smartphone profile configuration.

Screen_Shot_2018-09-10_at_2.08.41_PM.png

Launcher Profile

Talking Points

  • The AirWatch Launcher secures and locks down the rugged device.
  • The Launcher has three configuration modes.
    • Single app (kiosk)
    • Multi-app (grid)(shown)
    • Template mode - Fully customized, HTML5 WYSIWYG Launcher configuration

The production launcher profile is Warehouse - Launcher.  It's copied as X Warehouse - Launcher for viewing and discussion aid.  Do not make changes/Do not save it.  Others depend on the "X" profiles to see configured functionality.

Screen_Shot_2018-09-10_at_2.05.04_PM.png

Applications

Talking Points

  • Product provisioning allows you to upload applications to the console for distribution as part of a product. 
    Internal Applications silently push to the following devices: Zebra (MX), Concierge, Zebra (MX), Unitech, Getac, Honeywell, and Intemec. 
  • Only Product Provisioning allows you to upload two versions of the same application as separate application items.   
  • The AirWatch Android SDK can be used with your internal apps to provide extra layers of security.   

Use the Add Application button to show the simple app upload process.  

Apps are not assigned here, or in any component.  Assignment happens with the product.

Files/Actions

Talking Points

  • A file/action is the combination of the files you want on a device and the actions you want performed on the device with the file.
  • From the manage your repository of managed files, scripts, Windows Mobile CABs, OS updates….
  • The file/action needs a manifest action to provide the product either installation or uninstallation instructions. 

Use the viewable X Android Rugged - App Settings profile to show how a folder and file are placed on the device's file system.  Be certain to not save the profile.

Screen_Shot_2018-09-10_at_2.09.59_PM.png

Conditions

Talking Points

  • Conditions enable you to set products to download and install on your device only when preset conditions are met. When enabled, conditions must be met on the device before performing a deployment action
  • Affect profile, file, action, or app installation behavior, e.g., do not install an OS update unless the battery is greater than 50%
  • Conditions are powerful and granular, especially when combined in multiples. 

Use the pre-configured conditions prefixed with "X" to aid your discussion.   

When configuring a condition, the available options are platform specific.  

Screen_Shot_2018-09-10_at_2.24.42_PM.png

Products List

Talking Points

  • The Product List is a view of the "products" or packages that ares set up containing the prior-configured components.  Products manage all of the profiles, apps, files/actions, and applied conditions for the deployment.   
  • Automation is a core aspect of VMware AirWatch.  IT policies are mirrored in the product, where a products' manifest, schedule, and conditions create a hands-free device management environment.  With Workspace ONE UEM, IT resources don't spend their valuable time micro managing individual devices.   
  • Product assignment supports both organizational groups and smart groups.  While organization groups are typically defined by geographical location, business unit, and department, smart groups provide admins the flexibility to deploy products by device platform, model, operating system, device tag, or user group. 
  • Products are deployed via manifest actions and use device conditions for their deployment.
  • The Product List View is the rugged admin's dashboard into all product installation statuses.  

Use any of the viewable "X" products, i.e., X Warehouse - Launcher, to discuss and illustrate the setup of each component within the product.   Review manifest actions, conditions, as well as deployment options.  

Deployment options are key.  They set the timeframe a product is in effect as well as wether the product is deployed either automatically deployed or electively (on demand).   

Screen_Shot_2018-09-10_at_2.40.48_PM.png

Managed Device

Talking Points

  • Device provisions fully locked down as set by the admin in the launcher profile.
  • Users only have access to what admins have allowed in the launcher profile, both apps and device settings.   
  • Administrative access is granted after the passcode (set in the launcher profile) is entered.  Device can be remotely administered via RM 4.0 with no user intervention required. 
  • Template mode is the 100% customizable, WYSIWYG device layout configuration. Text boxes, images, apps, and branding are configured in the launcher template profile via admin's HTML 5 UI.

On the device mirror your demonstration with the aforementioned points made when discussing the admin setup of the X Warehouse - Launcher Android profile.

The begin admin access, exit the launcher by swiping down on the screen and tapping menu drop down.  Tap "admin" and enter the passcode.  Passcode = 1111

Launcher template mode view
Screen_Shot_2018-09-10_at_1.50.24_PM.png
  Launcher admin access view
Screen_Shot_2018-09-10_at_1.51.58_PM.png

 

Exit the Launcher.  Finger swipe down in the Launcher screen to exit from the drop-down admin menu. Passcode: 1111

Explore the device as an admin, verifying apps and settings. 

 

Supporting Rugged Devices

Talking Points

  • Observe how easy it is to for admins to find a device and drill into its device record to see a comprehensive set of device details.
  • Numerous device data samples are transmitted and captured in the console for reporting and troubleshooting.
  • Lock device, send messages, clear passcode, find device, and view product status per device.
  • VMware AirWatch has a friendly and familiar UI and UX for all device types, streamlining cross-training and reducing costs for consumer device admins to rugged admins and vice versa. 

In the console, navigate the the device list view. Toggle your role to illustrate how admin roles and multi-tenancy can separate rugged from consumer devices.  

Go back to Warehouse and drill into your device.  Review each tab an briefly speak to the data captured on each. 

Click the far right tab in the console to access the view of a device's products. Here's were you can view the list of products assigned and their status for a device.

device-products.png

Another key admin view for devices is the troubleshooting tab. Here admins can quickly troubleshoot device command status and device events.

Screen_Shot_2018-09-10_at_2.47.08_PM.png

Advanced Remote Management

Talking Points

  • Best of breed remote management for rugged. 
  • Full HTML 5 remote control solution.  No Java.
  • Latency-free responses over 3G for rural deployments.
  • File manager for browsing, removing, and adding files.

Please refer to docs.vmware.com for more Advanced Remote Management (ARM) information. 

ARM is supported in TestDrive's VMware tenant.  If you aren't able to live demo ARM, please use this rugged demo video showing enrollment, provisioning, launcher, and about two minutes of real time ARM (video run-time: 3:35).

Select your device from device list view and drill into device details.  Choose  "Remote Management" from the "More Actions" menu.

After the session successfully establishes, click the "Launch Session" button.

Your session will look like the below. 

 

Review device summary.  Hover over the device summary pane on the right and then scroll up and down to show available quick reference information. 

At the bottom of device summary, review " more details."  The "more details" section is where a wealth of information and granular control functions are located. It is not just informational.  Granular device information, device app list, device process management, and session logs are major menus within.

Close "more details," and review annotating, the powerful visual support and training tool.

Review manage files.  Click the "folder" icon on the top bar.  Rename, add/delete files and folders, and search. 

 

For Additional Support


Review Our Knowledge Base

Submit a Ticket

Have more questions? Submit a request

Please sign in to leave a comment.