Adding dev@. Given below will be the flow that we will implement for Android for work. As I have studied, all the AFW is based on profile concept. Android M have introduced some powerful APIs to give a better meaning to this. Refer the thread "[EMM] Android M EMM features + Android for work" thread that I have initiated.
As a pre-requisite, Android for work profile should be included in Policy section in EMM console. IMO, it must be pushed with the policy. Therefore, android policy should include a section for android for work where admin can set restrictions/ app restrictions/ certificates / and other work profile related configs and save it under the policy. Given below is the flow that we suggest for the AFW implementation, 1. User enrolls his device to EMM 2. Default policy will be pushed to the device with the work profile 3. Android Agent will initiate a work profile on the device (In devices > Lollipop this will be enabled in the same app drawer, but Kitkat and JB devices will have to have Android for work app installed.) 4. Android Agent will then manage the device on the commands of EMM Admin as usual. (We will introduce Android M APIs to the DM console + the policy manager) For devices < Lollipop, we should decide when to install AFW app. One option is to push customers to have google for enterprise account if they have a large Android user base. This will enable us to do a silent push of AFW app to any of their devices. Once they have Google enterprise IDs setup, we must enable a configuration entry for them to set it up. When pushing the tenant configurations to the device, we can also send the enterprise ID as well in a highly secured manner. Then the device can use that to communicate with google rest APIs to do such tasks. WDYT? Thanks On Mon, Aug 17, 2015 at 9:32 AM, Prabath Abeysekera <[email protected]> wrote: > Guys, > > These are some serious technical stuff that we're discussing about in > private. Please move this into an appropriate list. > > Cheers, > Prabth > > On Sun, Aug 16, 2015 at 10:15 PM, Kasun Dananjaya Delgolla < > [email protected]> wrote: > >> Hi Milan, >> >> Sure. The thing I wanted to point out was the app installs. In a document >> released by google, they say we can have our own app store hosted by us or >> else we can have google play enterprise store. That's the only place I have >> seen that. We should dig deeper to their rest apis on app stuff. Testing >> the profile concept and other device policies are totally fine. I will lay >> a proper plan while you do this. So that we can merge the things and target >> for the solution. >> >> Thanks >> On Aug 16, 2015 8:38 PM, "Milan Perera" <[email protected]> wrote: >> >>> Hi Kasun, >>> >>> Yes, that's true. The reason that I put this effort because anyway we >>> have to do this initial setup. So I have studied few ways to adapt this >>> 'work' thing and came up with the current integration method (I used trial >>> and error method to integrate this :) ). >>> >>> Let's talk about this in details on Tuesday. >>> >>> Regards, >>> >>> On Sun, Aug 16, 2015 at 6:53 PM, Kasun Dananjaya Delgolla < >>> [email protected]> wrote: >>> >>>> Hi Milan, >>>> >>>> We cannot do app installs that way. We have to use Play APIs which I >>>> shared in a mail thread recently. We can invoke that from the agent. I'm in >>>> the process of creating an integration plan + coming up with a meaningful >>>> way to do it. True that there is a bunch of features, but we need to >>>> analyse them one by one and try to come up with a set of meaningful use >>>> cases. We will have a discussion on this Tuesday. I'm reading all their >>>> shared links on Android for work and trying to come up with a plan. Once we >>>> have that in place, it will be an easy job to do all these integration work >>>> because anyways we will have to use the same device policy manager and >>>> admin APIs which are already integrated with the agent. >>>> >>>> The challenging task would be to play with KitKat + JB devices. We need >>>> to push Android for work APK to those devices if we need to take their >>>> control. We need to think about a way to implement that properly as well. >>>> We can have an in detail discussion on this. For now, my suggestion is that >>>> we should go in depth of the new APIs and try to make some meaningful >>>> combinations for us to implement. >>>> >>>> Thanks >>>> >>>> On Sun, Aug 16, 2015 at 6:40 PM, Milan Perera <[email protected]> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I was able to do the $subject and created a managed profile through >>>>> EMM agent. Now the agent is running inside the secured container. >>>>> >>>>> Then I have tried installing an apk from Google play store (from our >>>>> API's to install public apps). But in order to do that device should have >>>>> a >>>>> work account (Google play for work) since it asked to sign in from that >>>>> account. >>>>> >>>>> Secondly I have tried to push an apk (which is not signed by Google) >>>>> since the EMM agent is running inside the container. But again it failed >>>>> at >>>>> the stage of installing saying that it is from unknown source. >>>>> >>>>> Finally, I have downloaded a signed app from another store and tried >>>>> to install. And that attempt also failed saying the same error. >>>>> >>>>> Regards, >>>>> >>>>> -- >>>>> Milan Harindu Perera >>>>> Software Engineer >>>>> *WSO2, Inc* >>>>> (+94) 77 309 7088 >>>>> lean . enterprise . middleware >>>>> <http://lk.linkedin.com/in/milanharinduperera> >>>>> >>>> >>>> >>>> >>>> -- >>>> Kasun Dananjaya Delgolla >>>> >>>> Software Engineer >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> Tel: +94 11 214 5345 >>>> Fax: +94 11 2145300 >>>> Mob: + 94 771 771 015 >>>> Blog: http://kddcodingparadise.blogspot.com >>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>> >>> >>> >>> >>> -- >>> Milan Harindu Perera >>> Software Engineer >>> *WSO2, Inc* >>> (+94) 77 309 7088 >>> lean . enterprise . middleware >>> <http://lk.linkedin.com/in/milanharinduperera> >>> >> > > > -- > Prabath Abeysekara > Technical Lead > WSO2 Inc. > Email: [email protected] > Mobile: +94774171471 > -- Kasun Dananjaya Delgolla Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware Tel: +94 11 214 5345 Fax: +94 11 2145300 Mob: + 94 771 771 015 Blog: http://kddcodingparadise.blogspot.com Linkedin: *http://lk.linkedin.com/in/kasundananjaya <http://lk.linkedin.com/in/kasundananjaya>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
