Symantec™ Mobility: Suite 5.0 Getting Started Guide

Symantec™ Mobility: Suite 5.0 Getting Started Guide
Symantec™ Mobility: Suite
5.0 Getting Started Guide
Documentation version: 5.0
Legal Notice
Copyright © 2014 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base.
The Technical Support group works collaboratively with the other functional areas
within Symantec to answer your questions in a timely fashion. For example, the
Technical Support group works with Product Engineering and Symantec Security
Response to provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
■
A range of support options that give you the flexibility to select the right amount
of service for any size organization
■
Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■
Upgrade assurance that delivers software upgrades
■
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■
Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our website at
the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at
the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■
Product release level
■
Hardware information
■
Available memory, disk space, and NIC information
■
Operating system
■
Version and patch level
■
Network topology
■
Router, gateway, and IP address information
■
Problem description:
■
Error messages and log files
■
Troubleshooting that was performed before contacting Symantec
■
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■
Questions regarding product licensing or serialization
■
Product registration updates, such as address or name changes
■
General product information (features, language availability, local dealers)
■
Latest information about product updates and upgrades
■
Information about upgrade assurance and support contracts
■
Information about the Symantec Buying Programs
■
Advice about Symantec's technical support options
■
Nontechnical presales questions
■
Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan
[email protected]
Europe, Middle-East, and Africa
[email protected]
North America and Latin America
[email protected]
Contents
Technical Support ............................................................................................... 4
Chapter 1
Getting Started ...................................................................... 8
Getting started with Symantec Mobility: Suite ....................................... 8
Adding apps to Symantec Mobility: Suite ............................................. 9
Symantec Mobility: Suite app types ............................................ 10
Wrapping an app to add security ..................................................... 12
App policy configuration options ................................................ 13
Testing the Work Hub .................................................................... 21
About Symantec Mobility: Suite functionality ...................................... 22
Appendix A
Additional information ....................................................... 25
About the iOS Work Hub versions .................................................... 25
Differences between the native iOS and Android Work Hubs ................. 26
Chapter
1
Getting Started
This chapter includes the following topics:
■
Getting started with Symantec Mobility: Suite
■
Adding apps to Symantec Mobility: Suite
■
Wrapping an app to add security
■
Testing the Work Hub
■
About Symantec Mobility: Suite functionality
Getting started with Symantec Mobility: Suite
This getting started guide is designed to help you quickly experience the simplicity
of Symantec Mobility: Suite's application wrapping technology.
Mobility Suite doesn't require changes to source code, build process, or development
tools. Mobility Suite takes the application apart, injects wrap code, repacks, and
re-signs the app, all of which is completed in the Mobility Manager without developer
intervention.
How to get started
1.
Add an app to Mobility Suite.
See “Adding apps to Symantec Mobility: Suite” on page 9.
2.
Wrap the app in an app policy.
See “Wrapping an app to add security” on page 12.
3.
Test your app.
You'll test your app by sending an email invite to yourself to download and
enroll your Work Hub (the mobile app), then download the wrapped app to
your device.
Getting Started
Adding apps to Symantec Mobility: Suite
See “Testing the Work Hub” on page 21.
4.
Later, when you have more time, you can explore other Mobility Suite
functionality.
See “About Symantec Mobility: Suite functionality” on page 22.
What you'll need
■
An iOS (.IPA) or Android (.APK) app file to upload to Mobility Suite
■
For iOS, an Apple Enterprise Distribution certificate, an Apple Mobile Provisioning
Profile for In-House apps, and, if you want to set up a native iOS App Store, a
Mac computer (for running X-Code, which is required to sign the iOS app for
distribution)
■
For iOS app wrapping (native app and secure web app), you must have an
Apple iOS App Code Signing certificate (a.k.a., "code signing identity") created
for you
You then upload the code signing certificate into Mobility Suite. See the Apple
Developer document, Obtaining a Signing Identity for instructions to obtain the
certificate. You upload the code signing certificate on the Settings > Certificates
> Apple/iOS Certificates page under Code-Signing Certificates. See the
current Symantec Mobility: Suite Administrator Guide for comprehensive
instructions about all of the certificates required by Apple.
■
Have Administrator privileges in Mobility Suite
■
A mobile device with Internet and email access that can run the uploaded app
and Work Hub
More information
For more detailed information about how to configure and use Mobility Suite, see
the Mobility Suite documentation Support site:
http://www.symantec.com/business/support/index?page=content&key=61596&channel
=DOCUMENTATION
See “Differences between the native iOS and Android Work Hubs” on page 26.
Adding apps to Symantec Mobility: Suite
Symantec Mobility: Suite lets you add different types of apps to your app library
and then publish (or distribute) them to your Mobility Suite. Apps can also be
automatically added to your Mobility Suite if you enroll in the Apple Volume Purchase
Program - Managed Distribution (VPP) and enable the option to Automatically
add licensed VPP Apps. Or if you participate in the Symantec Sealed Program
and configure your WorkSpace Settings to Automatically include Symantec
9
Getting Started
Adding apps to Symantec Mobility: Suite
Sealed apps in Workspace as they're made available in public app stores.
Mobility Suite sends an email notification to the administrator when a VPP or Sealed
app is automatically added. But you'll still need to assign the app to a user group,
assign an app policy, and publish the app to make it available.
See “Symantec Mobility: Suite app types” on page 10.
After you publish your apps, your end users can download them to their devices.
Administrators can also mark apps as "required" for download for specified users
and groups. The process of adding an app is different based on (1) the type of app,
and (2) the role of the user who adds the app. Native, web, and secure web apps
can be published to the Development, Beta, and Production phases of the app life
cycle when the app is added. However, store pointer apps can only be published
to the Production phase.
Developers can only add apps to the Development phase of the app life cycle.
Publishers and Administrators can add apps to the Development, Beta, and
Production phases. Developers, Publishers, and Administrators can assign an app
policy to the app when they add the app. However, app policies can only be assigned
to native and secure web apps. Additionally, app policies are not enforced on the
apps that are added to the Development phase. Developers, Publishers, and
Administrators can specify the groups and/or users who can install the app. However,
only Administrators and Publishers can specify the groups and/or users who must
install the app.
No explicit maximum size limits for apps apply. However, when creating your apps,
keep in mind that if an app is too large, it may timeout due to the web server's
configuration. For more information about app size considerations, refer to the
following knowledge base article:
http://www.symantec.com/docs/HOWTO82309
Next
If you're setting up Secure App Proxy:
See “Wrapping an app to add security” on page 12.
More information
See “Getting started with Symantec Mobility: Suite” on page 8.
Symantec Mobility: Suite app types
Table 1-1 lists the types of apps you can add to your Mobility Suite.
10
Getting Started
Adding apps to Symantec Mobility: Suite
Table 1-1
App types
App type
Description
Native app
An app that is downloaded on the end user's device and designed to run
specifically on the device's operating system. Typically, your organization
creates and secures this app for your organization's own use.
Web app
An app that links to a website based on a specified URL. A shortcut is
created for this app on the end user's device, which launches the app in
the device's default browser (e.g., Safari, Chrome).
Secure web
app
A web app that is launched in a Symantec Mobility: Suite browser (or
"sandbox") on the end user's device (not the device's default browser).
Store pointer
by URL app
An app that links to an app at an external app store (e.g., Apple App Store
or Android Google Play). This type of app lets end users download the app
directly from the external app store onto their device.
Note: Mobility Suite supports using iOS B2B Apple Volume Purchase
Program - Managed Distribution (VPP) apps either as Symantec Sealed
apps or B2B store pointer apps.
Symantec
Sealed app
An app that incorporates Symantec Sealed technology.
Symantec Sealed apps are provisioned on the same app venues as other
apps. Symantec maintains and promotes a catalog of Symantec Sealed
apps. Symantec stringently tests Sealed apps to ensure that the security
controls provided by the Sealed technology work as intended with the app
and within the Mobility Suite environment.
The benefits of using Symantec Sealed apps are:
■
Isolated and protected operation in a secure Mobility Suite WorkSpace
■
Developer-recommended app policy settings
■
Stringent testing by Symantec to verify the Symantec Sealed functionality
and security features
Click here for more information about Symantec Sealed technology and
its benefits.
You can configure Mobility Suite to automatically add Sealed apps as they
become available in the app stores or you can manually add them.
Note: Mobility Suite supports using iOS B2B Apple Volume Purchase
Program - Managed Distribution (VPP) apps either as Symantec Sealed
apps or B2B store pointer apps.
11
Getting Started
Wrapping an app to add security
Table 1-1
App types (continued)
App type
Description
VPP apps
An iOS store pointer app that requires an Apple Volume Purchase Program
- Managed Distribution (VPP) license.
To use VPP apps, you must first configure VPP in Mobility Suite. Then you
can automatically have VPP apps added when they become available. Or
you can add them the same way you do a store pointer by URL app
Note: Mobility Suite supports using iOS B2B Apple Volume Purchase
Program - Managed Distribution (VPP) apps either as Symantec Sealed
apps or B2B store pointer apps.
More information
See “Adding apps to Symantec Mobility: Suite” on page 9.
For more information about how to add the various apps, see the current Symantec
Mobility: Suite Administration Guide:
http://www.symantec.com/business/support/index?page=content&key=61596&channel
=DOCUMENTATION
Wrapping an app to add security
One of the key features of Symantec Mobility: Suite is the ability to wrap an app in
a layer of security. You wrap an app by associating an app policy with the app. The
app policy controls who can use the app and how the app interacts with the device.
For instance, you can prevent the app from storing data on the device or require
that the user reauthenticate periodically to keep using the app.
Note: Your end users must install enterprise-wrapped apps from the Work Hub.
Otherwise, the app is wiped.
Wrap an app
1
Click App Policy > New App Policy.
Troubleshooting: When you create a new policy, this warning appears: The
following options will be deselected and disabled 'Open with WorkSpace
browser only'.
12
Getting Started
Wrapping an app to add security
2
Specify a name and description for your app policy.
The Name field is mandatory. The app policy name appears in the Policy
drop-down list when you add or edit an app.
Tip: Create a description that distinguishes this policy from other app policies
and denotes the key objective of the policy.
3
Configure the General Settings and Network Access Control settings.
See “App policy configuration options” on page 13.
4
Click Save.
Next
See “Testing the Work Hub” on page 21.
App policy configuration options
Configure app policies in Symantec Mobility: Suite to control how apps or app data
are used. Below are descriptions of the app policy general setting options.
13
Getting Started
Wrapping an app to add security
Table 1-2
General Settings
Label
Option
Description
Authentication
User authentication required Requires the user to enter a user name and password to launch
the app.
Tip: The following
Authentication options are Tip: Encryption of on-device storage works whether or not
not available when this
authentication is enabled. However, if authentication is not
option is disabled.
enabled, encrypted storage is only available during the period
that the app is running.
Re-authentication required
after [n] minutes of idle
Forces the user to re-authenticate if the app has been idle or
running in the background for the number of minutes that you
specify.
Offline authentication
permitted
Allows the user to authenticate access to apps using your Offline
PIN Policy.
Destroy data and disable
Revokes the app if the user has violated your Password Lockout
app upon password lockout policy.
Enable InterApp SSO
Allows for single sign-on (SSO) so that your end users can
authenticate to an app once. SSO lets the user seamlessly
authenticate to other wrapped apps or the Work Hub after initial
authentication to the Work Hub or a wrapped app
Encrypt initial application
bundle
Encrypts the app's bundle information.
The app bundle is a type of directory containing resources,
graphics, and other collateral required by the app. Encrypting
this information increases security by preventing exposure of
the directory contents.
Tip: This settings change takes effect only on app reinstall.
14
Getting Started
Wrapping an app to add security
Table 1-2
General Settings (continued)
Label
Option
Description
On-Device Storage
Allowed
Allows the app to write and store app-related files and data to
the device. The app reads the file and tries to store the annotated
file locally.
Android secure web apps don't support file downloads.
Tip: Most apps need to write to the device to work properly.
Encryption required
Encrypts the app-related files and data that are written and stored
to the device (e.g., files used for printing and uploading).
Tip: This option is not
available when the Allowed If you want to require encryption but not require user
option is disabled.
authentication, you must enable the Clear data on app close
option.
Clear data on app close
Clears app-related data when the app is closed. If the app is not
properly closed (e.g., the device is shut down while the app is
running), the data is cleared the next time the app starts.
Tip: This option is not
available when the Allowed
option is disabled.
Tip: This option is useful, for example, for an unauthenticated
secure web app that caches files.
Permit SD card storage
(for Android only)
Allows the app to store files to any SD card on Android devices.
15
Getting Started
Wrapping an app to add security
Table 1-2
General Settings (continued)
Label
Option
Description
Usage Restrictions
Inter-app document sharing Prevents apps from previewing, opening, copying, or printing
files from other apps. Inter-app document sharing can also be
restricted to apps running in the WorkSpace.
■
Allow app to share data only with other apps in their
WorkSpace.
Allow app to share data with all other apps on the device.
■
Prevent app from sharing data with any other app.
■
Clipboard/Pasteboard
sharing
Prevents users from pasting text that they copy from an app or
app-related file.
Clipboard/Pasteboard sharing can also be restricted to apps
running in the WorkSpace.
■
■
■
Browser choice for links in
WorkSpace apps
Allow app to share the clipboard/pasteboard only with other
apps in their WorkSpace.
Allow app to share the clipboard/pasteboard with all other
apps on the device.
Prevent app from sharing the clipboard/pasteboard with any
other app.
Restricts the opening of links from apps running in the
WorkSpace to require a secure browser that is also running in
the WorkSpace. If there is no secure browser in the WorkSpace,
the user sees an error message to that effect.
Only Symantec Sealed browser apps can apply this restriction.
■
■
Destroy data and disable
app on jailbroken (iOS) or
rooted (Android) devices
Open with WorkSpace browser only.
An error message appears if there are no browsers are in
WorkSpace.
Open with WorkSpace or system default browser.
Important: This option is less secure.
Destroys app-related data and disables the Work Hub if the user
attempts to install it on jailbroken iOS devices and rooted Android
devices.
The following usage restrictions apply only to iOS
Block AirDrop and
multi-peer file sharing
Prevents users from using AirDrop or from using multi-peer file
sharing apps to share documents.
Block AirPrint File printing
Prevents users from printing files using AirPrint.
16
Getting Started
Wrapping an app to add security
Table 1-2
Label
General Settings (continued)
Option
Description
Block Social Media file
sharing
Prevents users from posting a file to a social media site, such
as Twitter or Facebook.
Block adding files to Safari
reading list
Prevents users from adding files to their Safari browser reading
list.
Block iTunes file sharing
Prevents an app from sharing any files with iTunes.
Tip: Without this option, application files in
<Application_Home>Documents directory may be backed up
and shared to iTunes.
Block iCloud file sharing
In iOS 5 and later, an application can tag files for cloud storage
that are synced to the user's iCloud account. This option prevents
document syncing, uploading, and downloading with iCloud.
The following usage restrictions are effective for Android only
If the client is removed or
MDM is disabled
Poll Server
If a user removes the Work Hub from an Android device or if
(MDM) is disabled, executes one of the following:
■
Allow data and app access
■
Block app from running
■
Destroy data and disable app
Automatically connect to the Polls the Mobility Suite server based on the specified number of
server to check for updates hours to check for a new version of the app.
Tip: Apps typically only communicate with the server when users
launch them or put them in the background or foreground. By
enabling this feature, the app communicates with the server
whether the user is using the app or not.
Check for updates every [n] Checks the server for updates at the interval that you specify.
hours
Fail-Safe Revocation Timer Revokes the app if it has not communicated with the Mobility
Suite server within the specified number of hours.
Automatically destroy data Destroys data and disables the app if the device is unable to
and disable app if no server connect with the Mobility Suite server within the number of hours
contact within [n] hours
that you specify.
17
Getting Started
Wrapping an app to add security
Table 1-2
Label
General Settings (continued)
Option
Description
Force upgrade on new Allow a grace period of [n]
versions
hours
Forces the user to upgrade and re-login if the amount of time
you specify passes after a new version of the app is released.
The grace period starts from the time the app is published.
When a new version of an app is published, users with a previous
version of the app are notified that a new version is available.
When forced upgrade is enabled, they are given the grace period
window to perform the upgrade. During the grace period they
may continue to use the previous version of the app. After the
grace period expires, they are no longer able to use the app.
Instead, when they open the app they are directed to the Work
Hub to perform the upgrade. After the app is updated on the
device, they may continue to use it.
Forced upgrade only applies to production versions of apps.
Beta versions of apps cannot force upgrades.
Table 1-3
Label
Option
Network Access Control
Description
Notification Messages Show notification messages Sends a notification message to end users when apps are
blocked.
Tip: A notification message may not appear in every instance an
app is block. If multiple instances of blocked apps occur, the
notification messages maybe bundled together. However, each
blocked event appears in the device's log.
Secure App Proxy
Redirect all traffic to
Directs app traffic through the app proxy that you specify.
18
Getting Started
Wrapping an app to add security
Table 1-3
Label
Option
White-listed Locations Protocols
Location
Network Access Control (continued)
Description
Specifies the protocol.
Specifies the host name or address.
Supports IPv4 addresses or host names. You can use single
wildcard prefixes.
Examples of supported host names and addresses are as follows:
■
■
■
■
■
www.example.com
Connections to www.example.com
*.example.com
Connections to the hosts in the example.com domain
*
Connections to all hosts
*.yahoo.com
Requests to the hosts that start with yahoo.com
192.168.0.0/17
All IPv4 addresses in range from 192.168.0.0 to
192.168.127.255
Warning: If you create a white-list, to prevent app download
failure, you must add the URL, *.s3.amazon.com to the
white-list.
Port
Specifies the port.
An empty value or an asterisk (*) wildcard means all ports are
accepted. This field accepts multiple ports separated by commas
or in a range.
For example: 80, 1000-1999, 443
Security
19
Getting Started
Wrapping an app to add security
Table 1-3
Label
Option
Network Access Control (continued)
Description
■
Require SSL
When you select this option, only traffic that is sent over a
secured connection is permitted.
The supported versions are as follows:
■ SSL 3.0
■
■
Credential Injection
■
TLS 1.0
■
TLS 1.1
■
TLS 1.2
Accept untrusted certificates
Not supported for iOS secure web apps
By default, this option is not enabled and the certificate check
is enforced. Traffic is only permitted if the server that the
application is connecting to has a trusted certificate according
to the device's trusted root store.
When you enable this option, the remote server certificate is
accepted even if it cannot be validated using device's trusted
root store.
SSL Cipher Restriction
Specify the SSL cipher strength required for the connection
to be permitted. Tip: Require SSL must be enabled for this
option to appear.
If you select Any Encryption, then a connection is permitted
based on any level of cipher encryption. However, locations
that use cipher suites without encryption are blocked.
If you select Strong, then only connections that meet the
OWAPS TLS criteria are permitted.
Important: When you set the cipher strength to Strong, if
the URL points to a web server that accepts both weak and
strong ciphers, the server will likely negotiate for a weaker
cipher in which case Mobility Suite will block the connection.
However, if the web server only accepts strong ciphers,
Mobility Suite will allow the connection.
More information
20
Getting Started
Testing the Work Hub
Table 1-3
Label
Network Access Control (continued)
Option
Description
Allows credentials that are used for wrapped app login to be
passed to the network connection to enable SSO functionality.
Tip: You must have first enabled the User authentication
required option in General Settings to enable this option.
If you use SAML as the IDP, the session cookie is injected. If you
use any other IDP, the user name and password credentials are
injected. User name and password are only injected for sites
protected by HTTP Basic or HTTP Digest authorization.
More information
See “Getting started with Symantec Mobility: Suite” on page 8.
Testing the Work Hub
To test the Work Hub, your mobile device must have email and Internet access.
Set up the Work Hub for iOS and Android
1
Click Settings > Device Clients > iOS Client.
2
In the right pane, select Use web clip, and then click Save.
3
On the left pane, click Settings > Device Clients > Android Client.
4
In the right pane, click Rebuild Android App Center Agent.
Send yourself an email invitation
1
On the left pane, click Users.
2
On the right pane, click Send App Center Invite.
3
Type your email address and message, and click Send Invite.
Important: This must be an email address that you can access from your
mobile device and is not already assigned to another Mobility Suite user.
21
Getting Started
About Symantec Mobility: Suite functionality
Verify the invitation was sent
You only need to perform this procedure if you need to verify that the email invitation
was sent.
◆
On the left pane, click Users and then in the center pane, under Browse by
Group, select invited.
Email addresses remain in this group until the users install the app and enroll.
Once enrolled, the addresses appear in the all users group.
Install the Work Hub
1
On your mobile device in your email program, locate an email with the subject
line: App Center Invitation.
2
Tap the link and follow the on-screen instructions to set up a user name and
password, and enroll with the Mobility Suite.
When installation is complete, the Work Hub icon appears on your mobile
device.
Test the Work Hub
1
On your device, launch the Work Hub, and login with your credentials.
If you previously uploaded apps to your Mobility Suite, their icons appear in
the Apps section of the Work Hub.
2
To verify download functionality, click on one of the available apps.
Tip: Remember that store-pointer apps take you to the venue hosting the app
and the download proceeds from there.
This completes the getting started process. Play around with the app you uploaded
to Mobility Suite and then downloaded to your device. Check that the policy features
you chose for the app work as expected.
Next
See “About Symantec Mobility: Suite functionality” on page 22.
More information
See “Getting started with Symantec Mobility: Suite” on page 8.
About Symantec Mobility: Suite functionality
The following are some features of Symantec Mobility: Suite that you may want to
configure and use:
22
Getting Started
About Symantec Mobility: Suite functionality
Mobile device
management
Mobility Suite's mobile device management (MDM) features provide detailed
information about the devices that are enrolled with your Mobility Suite.
The MDM features also allow you to send commands to secure and locate
devices. For example, you can lock the device, reset the password, or
revoke all of the apps. And when you use Mobility Suite's MDM functionality,
you can create policies for those devices.
For iOS device management, you must generate and upload an MDM
Certificate with the correct AppID. MDM certificates are created at the Apple
iOS Provisioning Portal and then uploaded to Mobility Suite.
See the knowledge base article, Working with device policies at
http://www.symantec.com/docs/HOWTO83804
App policies
An app policy is a set of rules that are applied to a running application or
secure Web app. Some of the policy conditions that you can specify include
user authentication and re-authentication, on-device storage, and conditions
if MDM is removed or disabled.
You can upload keystore certificates to Mobility Suite that are used to sign
and resign apps. Once you have uploaded the keystore, keys become
options for you to select in a drop-down list when you select a policy to
apply to an app. For wrapping (app and secure Web app) to be possible,
an Apple iOS App Codesigning certificate must be created and uploaded
into Mobility Suite.
See the knowledge base article, Creating app policies at
http://www.symantec.com/docs/HOWTO83826
Symantec
Secure Email
Symantec Secure Email is an Exchange ActiveSync client for Android and
iOS devices. Secure Email integrates seamlessly with Symantec’s enterprise
mobile management solutions. Secure Email supports administrator-created
management and security policies that let you tailor mobile Exchange
access to your specific needs.
See the knowledge base article, Setting up Symantec Secure Email in
Symantec Mobility: Suite at http://www.symantec.com/docs/HOWTO83809
23
Getting Started
About Symantec Mobility: Suite functionality
Content Center The Content Center is only supported for iOS devices, and the device must
have a native Work Hub.
Currently the Content Center accepts any type of file from the administrator
and pushes the file down to the Work Hub. For encrypted previews, the
following file types are supported:
.doc, .docx, .xls, .xlsx, .ppt, .pptx, and .pdf.
You can apply policies to the content that you make available through your
Mobility Suite. Some of the policy conditions that you can specify include
encryption, offline access, preventing content sharing with other iOS apps,
automatic push downloads of newer versions of the content, etc.
See the knowledge base article, Creating and assigning content policies
at http://www.symantec.com/docs/HOWTO83827
Reports
You can monitor your Mobility Suite activity by running reports. For example,
reports can tell you which operating system has the most downloaded apps,
how many downloads occur each week, any app feedback, MDM
compliance status, etc.
See the knowledge base article, Running reports in Symantec Mobility:
Suite at http://www.symantec.com/docs/HOWTO83835
More information
For more information about these and other Mobility Suite features, see the
Symantec Mobility: Suite Administration Guide.
www.symantec.com/business/support/index?page=content&key=61596&channel
=DOCUMENTATION
24
Appendix
A
Additional information
This appendix includes the following topics:
■
About the iOS Work Hub versions
■
Differences between the native iOS and Android Work Hubs
About the iOS Work Hub versions
Two versions of the iOS Work Hub are available: a native version and a web clip
version. The native version requires more setup than the web clip version. You can
use with the web clip version to make initial tests with an iOS device.
Native app
A native app leverages the full complement of features that are
available in the operating system. The iOS native app supports
notifications and branding. There is up-front administrative work to
create the native app, which requires that you create an in-house
distribution certificate with your Apple Enterprise Developer account.
You create and update the native app with the Symantec branding
tool.
Additional information
Differences between the native iOS and Android Work Hubs
Web clip app
A web clip is a link to a web page, which appears as an icon on the
mobile device. Tapping the icon launches a browser to access the
web-clip URL.
The iOS web clip app is easy to start with because it requires no setup
and it is always up to date.
However, the iOS web clip version lacks these important features:
■
App policy support
■
Push notifications (APNS)
■
Content store
■
Revocation of installed apps
■
International languages
■
Custom branding
More information
See “Getting started with Symantec Mobility: Suite” on page 8.
Differences between the native iOS and Android Work
Hubs
There are differences within the interface of the native iOS and Android Work Hubs.
Several functional variances are associated with these interface differences.
Table A-1
iOS and Android Work Hub differences
Functionality
iOS native Work Hub
Android native Work Hub
Apps Screen
Yes
Yes
Content Screen
Yes
No
Offline pin
Yes
Yes
Change password
Yes
Yes
Device Policy Values
No
Yes
Refresh screen by Swipe
No
Yes
Send Logs
Yes
Yes
Configure Email
Yes
No
Splash Screen on launch
No
Yes
26
Additional information
Differences between the native iOS and Android Work Hubs
More information
See “Getting started with Symantec Mobility: Suite” on page 8.
27
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement