Hi Milan, What I mentioned was having the Agent inside the admin profile and invoke work profile creation from the Agent. Then preferences problem will not occur. Anyway we will try this as well as all possible methods and finalize the best approach by the end of this week.
What's critical for us is only the profile creation and how do we introduce this to the console. So we will cone up with a plan by the end of the week and start implementation. Thanks On Aug 17, 2015 9:22 PM, "Milan Perera" <[email protected]> wrote: > Hi Kasun, > > I have tried this flow for AFW and we cannot actually follow that flow. > The reason because when we enroll an user to EMM, we store some private > data in the device's shared preference. In AFW scenario, it creates a new > instance of the agent in a secured container and we cannot access that > shared preferences which we have already stored at the time of enrollment. > > Therefore I suggest the following flow for the agent. > > 1. Agent checks whether the AFW is supported. > - If yes, manage profile will be provisioned and app will be > available inside the secured container. > - else if, try to install AFW apk and provisions the managed > profile. > - else, we have to do the ordinary enrollment. > 2. Then user can be enrolled to EMM and default policy will be pushed. > 3. Finally, the agent will manage the device on the commands of EMM > Admin as usual. > > Note: I have tried out this and it works fine for now. In this method, app > will store all the data inside the secured container and when we do > enterprise wipe, we will be able to remove the container as well as the > managed profile. > > WDYT? > > Regards, > > > On Mon, Aug 17, 2015 at 4:10 PM, Kasun Dananjaya Delgolla <[email protected] > > wrote: > >> Adding dev@. >> >> Given below will be the flow that we will implement for Android for work. >> As I have studied, all the AFW is based on profile concept. Android M have >> introduced some powerful APIs to give a better meaning to this. Refer the >> thread "[EMM] Android M EMM features + Android for work" thread that I have >> initiated. >> >> As a pre-requisite, Android for work profile should be included in Policy >> section in EMM console. IMO, it must be pushed with the policy. Therefore, >> android policy should include a section for android for work where admin >> can set restrictions/ app restrictions/ certificates / and other work >> profile related configs and save it under the policy. Given below is the >> flow that we suggest for the AFW implementation, >> >> 1. User enrolls his device to EMM >> 2. Default policy will be pushed to the device with the work profile >> 3. Android Agent will initiate a work profile on the device (In devices > >> Lollipop this will be enabled in the same app drawer, but Kitkat and JB >> devices will have to have Android for work app installed.) >> 4. Android Agent will then manage the device on the commands of EMM Admin >> as usual. (We will introduce Android M APIs to the DM console + the policy >> manager) >> >> For devices < Lollipop, we should decide when to install AFW app. One >> option is to push customers to have google for enterprise account if they >> have a large Android user base. This will enable us to do a silent push of >> AFW app to any of their devices. Once they have Google enterprise IDs >> setup, we must enable a configuration entry for them to set it up. When >> pushing the tenant configurations to the device, we can also send the >> enterprise ID as well in a highly secured manner. Then the device can use >> that to communicate with google rest APIs to do such tasks. >> >> WDYT? >> >> Thanks >> >> On Mon, Aug 17, 2015 at 9:32 AM, Prabath Abeysekera <[email protected]> >> wrote: >> >>> Guys, >>> >>> These are some serious technical stuff that we're discussing about in >>> private. Please move this into an appropriate list. >>> >>> Cheers, >>> Prabth >>> >>> On Sun, Aug 16, 2015 at 10:15 PM, Kasun Dananjaya Delgolla < >>> [email protected]> wrote: >>> >>>> Hi Milan, >>>> >>>> Sure. The thing I wanted to point out was the app installs. In a >>>> document released by google, they say we can have our own app store hosted >>>> by us or else we can have google play enterprise store. That's the only >>>> place I have seen that. We should dig deeper to their rest apis on app >>>> stuff. Testing the profile concept and other device policies are totally >>>> fine. I will lay a proper plan while you do this. So that we can merge the >>>> things and target for the solution. >>>> >>>> Thanks >>>> On Aug 16, 2015 8:38 PM, "Milan Perera" <[email protected]> wrote: >>>> >>>>> Hi Kasun, >>>>> >>>>> Yes, that's true. The reason that I put this effort because anyway we >>>>> have to do this initial setup. So I have studied few ways to adapt this >>>>> 'work' thing and came up with the current integration method (I used trial >>>>> and error method to integrate this :) ). >>>>> >>>>> Let's talk about this in details on Tuesday. >>>>> >>>>> Regards, >>>>> >>>>> On Sun, Aug 16, 2015 at 6:53 PM, Kasun Dananjaya Delgolla < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Milan, >>>>>> >>>>>> We cannot do app installs that way. We have to use Play APIs which I >>>>>> shared in a mail thread recently. We can invoke that from the agent. I'm >>>>>> in >>>>>> the process of creating an integration plan + coming up with a meaningful >>>>>> way to do it. True that there is a bunch of features, but we need to >>>>>> analyse them one by one and try to come up with a set of meaningful use >>>>>> cases. We will have a discussion on this Tuesday. I'm reading all their >>>>>> shared links on Android for work and trying to come up with a plan. Once >>>>>> we >>>>>> have that in place, it will be an easy job to do all these integration >>>>>> work >>>>>> because anyways we will have to use the same device policy manager and >>>>>> admin APIs which are already integrated with the agent. >>>>>> >>>>>> The challenging task would be to play with KitKat + JB devices. We >>>>>> need to push Android for work APK to those devices if we need to take >>>>>> their >>>>>> control. We need to think about a way to implement that properly as well. >>>>>> We can have an in detail discussion on this. For now, my suggestion is >>>>>> that >>>>>> we should go in depth of the new APIs and try to make some meaningful >>>>>> combinations for us to implement. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On Sun, Aug 16, 2015 at 6:40 PM, Milan Perera <[email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I was able to do the $subject and created a managed profile through >>>>>>> EMM agent. Now the agent is running inside the secured container. >>>>>>> >>>>>>> Then I have tried installing an apk from Google play store (from our >>>>>>> API's to install public apps). But in order to do that device should >>>>>>> have a >>>>>>> work account (Google play for work) since it asked to sign in from that >>>>>>> account. >>>>>>> >>>>>>> Secondly I have tried to push an apk (which is not signed by Google) >>>>>>> since the EMM agent is running inside the container. But again it >>>>>>> failed at >>>>>>> the stage of installing saying that it is from unknown source. >>>>>>> >>>>>>> Finally, I have downloaded a signed app from another store and >>>>>>> tried to install. And that attempt also failed saying the same error. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> -- >>>>>>> Milan Harindu Perera >>>>>>> Software Engineer >>>>>>> *WSO2, Inc* >>>>>>> (+94) 77 309 7088 >>>>>>> lean . enterprise . middleware >>>>>>> <http://lk.linkedin.com/in/milanharinduperera> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Kasun Dananjaya Delgolla >>>>>> >>>>>> Software Engineer >>>>>> WSO2 Inc.; http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> Tel: +94 11 214 5345 >>>>>> Fax: +94 11 2145300 >>>>>> Mob: + 94 771 771 015 >>>>>> Blog: http://kddcodingparadise.blogspot.com >>>>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Milan Harindu Perera >>>>> Software Engineer >>>>> *WSO2, Inc* >>>>> (+94) 77 309 7088 >>>>> lean . enterprise . middleware >>>>> <http://lk.linkedin.com/in/milanharinduperera> >>>>> >>>> >>> >>> >>> -- >>> Prabath Abeysekara >>> Technical Lead >>> WSO2 Inc. >>> Email: [email protected] >>> Mobile: +94774171471 >>> >> >> >> >> -- >> Kasun Dananjaya Delgolla >> >> Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> Tel: +94 11 214 5345 >> Fax: +94 11 2145300 >> Mob: + 94 771 771 015 >> Blog: http://kddcodingparadise.blogspot.com >> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >> <http://lk.linkedin.com/in/kasundananjaya>* >> > > > > -- > Milan Harindu Perera > Software Engineer > *WSO2, Inc* > (+94) 77 309 7088 > lean . enterprise . middleware > <http://lk.linkedin.com/in/milanharinduperera> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
