Skip to main content

 

Druva Documentation

About AirWatch by VMWare

Overview

Android (5.0 and later) has allowed MDM (Mobile Device Management) solutions to pass dictionaries directly in the applications, that can be downloaded through MDM. This functionality is supported by AirWatch. The dictionary reference contains settings that can be defined via MDM. The MDM enrollment setup skips all the prompts and user intervention for installation and activation of the inSync mobile app. This ensures that each user undergoes the same set of steps when enrolling their Android devices. For example, the dictionary contains configuration information about the server address, email address of the user, mass deployment token that is required for authenticating the user, and security information like allow or restrict copy, allow or restrict opening the files in different apps.

Airwatch uses Android for work. Android for work enables IT to create a work profile that contains apps that users use only for business cases and it helps to keep personal and business data private.

Many applications require users to enter URL, port, email address, and various configurations as part of a one time setup of an application. These manual configurations can impact the adoption and success of an organization’s mobile app initiatives, increase the burden on a help desk fielding calls from users, and adds the burden of maintaining documentation that needs to be updated frequently as new updates to the application are made available.

By leveraging native APIs, these configurations can be set remotely by the Enterprise Media Manager (EMM) Server to simplify the setup process for end users, and alleviate the help desk and documentation burden caused by manual setup. An app developer can define a set of configuration keys it accepts from an EMM Server, and an organization administrator sets the keys and values in the EMM provider’s management console that will be pushed into the app.
Apps commonly implement the following types of configurations:

  • Backend service configuration: URL, port, use SSL, group/tenant code
  • User configuration: username, email, domain

As an inSync user, all you have to do is enroll the Android device, and install the inSync mobile app from AirWatch. In quick and easy steps, you can install and monitor the inSync mobile app on all Android user devices in your organization. This allows you to have complete visibility of all Android devices in your organization on which the inSync mobile app is installed.

Workflow when the inSync mobile app is launched for the first time

Step no. What happens
1.

inSync administrator generates the mass deployment token from the inSync Master Management Console.

The mass deployment token allows you to distribute and silently activate the inSync mobile app on multiple Android devices.

For generating the mass deployment token, see the following topics:

2.

inSync administrator executes the following tasks, and provides the information to AirWatch Server:

  1. Links the inSync mobile app for Android devices to the AirWatch Server.

    For more information, see Link the inSync mobile app to AirWatch Server.

  2. Creates AirWatch user and adds the Android device for the user. Once the user is created, the user receives the AirWatch user activation email, which contains information for enrolling the Android device.

    For more information, see Create AirWatch user and add Android device.

  3. Enrolls the Android device to communicate with the AirWatch Server. 

    For more information, see Enroll device for the user.

  4. Creates AirWatch configuration and security policies for the inSync mobile app. The AirWatch configuration and security policies allow you to distribute policies and silently activate the inSync mobile app on the Android device.

    For more information, see Create AirWatch configuration and security policies.

  5. Install the inSync mobile app and the configuration policies on the Android device.

    For more information, see Install inSync mobile app on Android device.

3.

AirWatch Server syncs the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.

4.

inSync user launches the inSync mobile app on the Android device.

5. inSync mobile app uses mass deployment token, Server IP, and user's email ID provided by AirWatch Server to authenticate with inSync Server.
6.

inSync Server sends device token to inSync mobile app.

7. The device token is saved securely in the Android device and is used for subsequent authentication.

Workflow when the inSync mobile app is already authenticated

Step no. What happens
1.  AirWatch Server syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.
2.  inSync user launches the inSync mobile app on the mobile device. The inSync mobile app functions per the configuration and security policies that are configured at the AirWatch Server.

Workflow when the inSync mobile app is unauthorized

Step no. What happens
1.

From the AirWatch console, the AirWatch administrator will disable or delete the user at the AirWatch Server. 

2.

When the user is deleted from AirWatch, then the inSync mobile app that is on the user's device will be unauthorized. Additionally, the AirWatch Server will automatically delete the inSync mobile app from the user's Android device. 

Backup and restore workflow for inSync mobile app

This topic provides the complete backup and restore workflow. 

Task no. Task
1.

inSync mobile app sends the device token, user's email ID, and device ID to the inSync Server for authentication.

2.  Upon successful authentication, a token is sent by inSync Server to the inSync mobile app.
3. inSync mobile app sends this token to the inSync storage node for authorization.
4. Upon successful authorization, the storage node acknowledges the request.
5.  Backup and restore tasks can be carried out.

Ports used by inSync mobile app

To ensure even greater security and firewall management, inSync now directs all communication traffic through a single port (SSL/443) for Backup, Restore, Sync, and Share. This reduces the number of required firewall ports for deployment.
You can also continue to use port 80, if you prefer to use your earlier port configuration. If you are using port 6061 to send requests to inSync Server, then inSync mobile app communicates with inSync storage node via port 6071.