Skip to main content

 

Druva Documentation

About AirWatch by VMWare

Overview

From iOS 7 onwards, Apple has allowed MDM (Mobile Device Management) solutions to pass dictionaries directly in the applications, that can be downloaded through MDM. This functionality is supported by AirWatch. The dictionary reference contains settings that can be defined via MDM. The MDM enrollment setup skips all the prompts and user intervention for installation and activation of the inSync mobile app. This ensures that each user undergoes the same set of steps when enrolling their iOS devices. For example, the dictionary contains configuration information about the server address, email address of the user, mass deployment token that is required for authenticating the user, and security information like allow or restrict copy, print of files and allow or restrict opening the files in different apps.

inSync users App Configuration for Enterprise to support the inSync mobile app for iOS devices with AirWatch. Many applications require users to enter URL, port, email address, and various configurations as part of a one time setup of an application. These manual configurations can impact the adoption and success of an organization’s mobile app initiatives, increase the burden on a help desk fielding calls from users, and adds the burden of maintaining documentation that needs to be updated frequently as new updates to the application are made available.

By leveraging native APIs, these configurations can be set remotely by the Enterprise Media Manager (EMM) Server to simplify the setup process for end users, and alleviate the help desk and documentation burden caused by manual setup. An app developer can define a set of configuration keys it accepts from an EMM Server, and an organization administrator sets the keys and values in the EMM provider’s management console that will be pushed into the app.
Apps commonly implement the following types of configurations:
  • Backend service configuration: URL, port, use SSL, group/tenant code
  • User configuration: username, email, domain

As an inSync user, all you have to do is enroll the iOS device, and install the inSync mobile app from AirWatch. In quick and easy steps, you can install and monitor the inSync mobile app on all iOS user devices in your organization. This allows you to have complete visibility of all iOS devices in your organization on which the inSync mobile app is installed.

Workflow when the inSync mobile app is launched for the first time

Task no. Task
1.

inSync administrator generates the mass deployment token from the inSync Master Management Console.

The mass deployment token allows you to distribute and silently activate the inSync mobile app on multiple iOS devices.

For generating the mass deployment token, see the following topics:

2.

inSync administrator executes the following tasks, and provides the information to AirWatch Server:

  1. Uploads the inSync mobile app for iOS devices to the AirWatch Server, by using the .ipa file.

    For more information, see Upload IPA file to AirWatch Server.

  2. Creates AirWatch user and add iOS device for the user. Once the user is created, the user receives the AirWatch user activation email, which contains information for enrolling the iOS device.

    For more information, see Create AirWatch user and add iOS device.

  3. Enrolls the iOS device to communicate with the AirWatch Server. Once enrolled, the AirWatch MDM certificate is automatically installed on the iOS device.

    For more information, see Enroll device for the user.

  4. Creates AirWatch configuration and security policies for the inSync mobile app's inSync mobile app's .ipa file that is uploaded at AirWatch Server. The AirWatch configuration and security policies allow you to distribute policies and silently activate the inSync mobile app on iOS device.

    For more information, see Create AirWatch configuration and security policies.

  5. Downloads and install the inSync mobile app's .ipa file and the configuration policies to the iOS device.

    For more information, see Install inSync mobile app on iOS deviceinSync mobile app on iOS device.

3.

AirWatch Server syncs the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.

4.

inSync user launches the inSync mobile app on the iOS device.

5. inSync mobile app uses mass deployment token, Server IP, and user's email ID provided by AirWatch Server to authenticate with inSync Server.
6.

inSync Server sends device token to inSync mobile app.

7. The device token is saved securely in the iOS's keychain and is used for subsequent authentication.

Workflow when the inSync mobile app is already authenticated

Task no. Task
1.  AirWatch Server syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.
2.  inSync user launches the inSync mobile app on the mobile device. The inSync mobile app functions per the configuration and security policies that are configured at the AirWatch Server.

Workflow when the inSync mobile app is unauthorized

Task no. Task
1.

From the AirWatch console, the AirWatch administrator will disable or delete the user at the AirWatch Server. 

2.

When the user is deleted from AirWatch, then the inSync mobile app that is on the user's device will be unauthorized. Additionally, the AirWatch Server will automatically delete the inSync mobile app from the user's iOS device. 

Workflow when the inSync mobile app is launched for the first time in inSync On-premise with Edge Server

Task no. Task
1.

inSync administrator generates the mass deployment token from the inSync Master Management Console.

The mass deployment token allows you to distribute and silently activate the inSync mobile app on multiple iOS devices.

For generating the mass deployment token, see the following topics:

2.

inSync administrator executes the following tasks, and provides the information to AirWatch Server:

  1. Uploads the inSync mobile app for iOS devices to the AirWatch Server, by using the AirWatch Server, by using the .ipaipa file.

    For more information, see Upload IPA file to AirWatch Server

  2. Creates AirWatch user and add AirWatch user and add iOS device for the user. Once the user is created, the user receives the AirWatch user activation email, which contains information for enrolling the iOS device.

    For more information, see Create AirWatch user and add iOS device.

  3. Enrolls the iOS device to communicate with the AirWatch Server. Once enrolled, the AirWatch MDM certificate is automatically installed at the iOS device.

    For more information, see Enroll device for the user.

  4. Creates AirWatch configuration and security policies for the inSync mobile app's inSync mobile app's .ipaipa file that is uploaded at AirWatch Server. The AirWatch configuration and security policies allow you to distribute policies and silently activate the inSync mobile app on iOS device.inSync mobile app on iOS device.

    For more information, see Create AirWatch configuration and security policies.

  5. Downloads and install the inSync mobile app's.ipa file and the configuration policies to the iOS device.

    For more information, see Install inSync mobile app on iOS device.

3.

AirWatch Server syncs the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.

4.

inSync user launches the inSync mobile app on the iOS device.

5.

inSync mobile app uses device token, Server IP, and user's email ID provided by AirWatch Server to authenticate with inSync Edge Server.

6.

On successful authentication and validation, the request is passed to inSync Server.

7.

inSync Server sends the authentication and device token to inSync mobile app.

8. inSync mobile app will use the device token for subsequent authentication.

Backup and restore workflow for inSync mobile app

This topic provides the complete backup and restore workflow. 

Task no. Task
1.

inSync mobile app sends the device token, user's email ID, and device ID to the inSync Server for authentication.

2.  Upon successful authentication, a token is sent by inSync Server to the inSync mobile app.
3. inSync mobile app sends this token to the inSync storage node for authorization.
4. Upon successful authorization, the storage node acknowledges the request.
5.  Backup and restore tasks can be carried out.

Ports used by inSync mobile app

To ensure even greater security and firewall management, inSync now directs all communication traffic through a single port (SSL/443) for Backup, Restore, Sync, and Share. This reduces the number of required firewall ports for deployment.
You can also continue to use port 80, if you prefer to use your earlier port configuration. If you are using port 6061 to send requests to inSync Server, then inSync mobile app communicates with inSync storage node via port 6071.