Skip to main content

 

Druva Documentation

About inSync for MobileIron

Overview

The inSync mobile app allows you access to your backup and share data from your mobile device anytime, anywhere. The inSync mobile app also gives you complete security, control, and visibility of your data. For more information, see Use the inSync mobile app on your iOS device.

As an administrator, you can quickly perform various configurations to install and monitor the inSync for MobileIron app on all iOS user devices. This allows you to have complete visibility of all iOS devices in your organization on which the inSync for MobileIron app is installed.

For information on the MobileIron ADMIN PORTAL, also called MobileIron Virtual Smartphone platform (VSP), see the MobileIron documentation.

Note: The MobileIron AppConnect app or MobileIron VSP server will never communicate with the inSync Server or any of its components, such as Edge Server or Storage Node directly. As shown in the figures below, the inSync MobileIron app and MobileIron AppConnect app on the mobile device will interact during the authentication and authorization workflow. 

Workflow when the inSync mobile app is launched for the first time

First Time Launch.png

Task no. Task
1.

inSync administrator generates the mass deployment token from the inSync Master Management Console. 

The mass deployment token allows you to distribute and silently activate the inSync for MobileIron app on multiple iOS devices.

For generating the mass deployment token, see the following topics:

2.

inSync administrator executes the following tasks, and provides the information to MobileIron VSP :

  • Add users and devices. Administrator will also import the inSync for MobileIron app from the App Store. Related link: Import inSync for MobileIron app from the App Store.
  • Create configuration and container policies. In the configuration policy, administrator specifies the key-value pair required by the inSync for MobileIron to authenticate inSync users. In the container policy, administrator allows or restricts inSync users from sending print requests from their iOS devices, from performing a copy-and-paste operation from files within the inSync for MobileIron app to any other application, and from opening files by using other applications. 

    For more information, see Create and manage AppConnect configuration policies and Create and manage AppConnect container policies.

  • ​Create a label and assign your policies to that label and then apply this label to a device.

    This step is required to silently activate the inSync for MobileIron app on user devices and to push policy updates on the inSync for MobileIron app without user intervention.

    For more information, see Create and manage labels.

3.

MobileIron VSP syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the MobileIron app.

4.

inSync user launches the inSync mobile app on the mobile device.

5. inSync mobile app launches the MobileIron app. inSync user enters the MobileIron credentials on MobileIron app, with a PIN.
6.

MobileIron app authorizes and then launches the inSync for MobileIron app.

7.

MobileIron uses mass deployment token, Server IP, and user's email ID provided by inSync for MobileIron app to authenticate with inSync Server.

8. The inSync Server will send the device token to the inSync client.
9. The device token is saved securely in the iOS's keychain and is used for subsequent authentication.

Workflow when the inSync mobile app is already authenticated

Task no. Task
1.  MobileIron VSP syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the MobileIron app.
2.  inSync user launches the inSync mobile app on the mobile device.
3.  inSync mobile app launches the MobileIron app. inSync user enters the MobileIron credentials on MobileIron app, with a PIN.
4.  MobileIron app authorizes and sends the configuration policies to inSync app.
5.  inSync app uses the configuration policies that are provided by the MobileIron app, and behaves accordingly.

Workflow when the inSync mobile app is unauthorized

Task no. Task
1.

On the MobileIron Server the administrator will retire or unauthorize the inSync mobile app for a particular device. 

2.

MobileIron VSP syncs the configuration policies with MobileIron app.

3.  inSync user launches the inSync for MobileIron app.
4.  inSync mobile app launches the MobileIron app. inSync user enters the MobileIroncredentials on MobileIron app, with a PIN.
5.  MobileIron app unauthorizes the inSync app.
6. 

inSync app logs out and clears the user's cache data.

Workflow when the inSync mobile app is launched for the first time in inSync On-premise with Edge Server

 

Task no.

Task
1.

inSync administrator generates the mass deployment token from the inSync Master Management Console. 

The mass deployment token allows you to distribute and silently activate the inSync for MobileIron app on multiple iOS devices.

For generating the mass deployment token, see the following topics:

2.

inSync administrator executes the following tasks, and provides the information to MobileIron VSP :

  • Add users and devices. Administrator will also import the inSync for MobileIron app from the App Store. Related link: Import inSync for MobileIron app from the App Store.
  • Create configuration and container policies. In the configuration policy, administrator specifies the key-value pair required by the inSync for MobileIron to authenticate inSync users. In the container policy, administrator allows or restricts inSync users from sending print requests from their iOS devices, from performing a copy-and-paste operation from files within the inSync for MobileIron app to any other application, and from opening files by using other applications. 

    For more information, see Create and manage AppConnect configuration policies and Create and manage AppConnect container policies.

  • ​Create a label and assign your policies to that label and then apply this label to a device.

    This step is required to silently activate the inSync for MobileIron app on user devices and to push policy updates on the inSync for MobileIron app without user intervention.

    For more information, see Create and manage labels.

3.

MobileIron VSP syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the MobileIron app.

4.

inSync user launches the inSync mobile app on the mobile device.

5. inSync mobile app launches the MobileIron app. inSync user enters the MobileIron credentials on MobileIron app, with a PIN.
6.

MobileIron app authorizes and then launches the inSync for MobileIron app.

7.

MobileIron uses mass deployment token, Server IP, and user's email ID provided by inSync for MobileIron app to authenticate with inSync Server via the Edge Server.

8.

On successful authentication and validation, the request is forwarded to the inSync Server.

inSync Client initiates a connection to the edge server and is authenticated with the inSync Server.

9.

inSync Server sends device token to inSync for MobileIron app via the Edge Server.

10. The device token is saved securely in the iOS's keychain and is used for subsequent authentication.

Backup and restore workflow for inSync mobile app

This topic provides the complete backup and restore workflow. 

Task no. Task
1.

inSync mobile app sends the device token, user's email ID, and device ID to the inSync Server for authentication.

2.  Upon successful authentication, a token is sent by inSync Server to the inSync mobile app.
3. inSync mobile app sends this token to the inSync storage node for authorization.
4. Upon successful authorization, the storage node acknowledges the request.
5.  Backup and restore tasks can be carried out.

Ports used by inSync mobile app

To ensure even greater security and firewall management, inSync now directs all communication traffic through a single port (SSL/443) for Backup, Restore, Sync, and Share. This reduces the number of required firewall ports for deployment.
You can also continue to use port 80, if you prefer to use your earlier port configuration. If you are using port 6061 to send requests to inSync Server, then inSync mobile app communicates with inSync storage node via port 6071.

  • Was this article helpful?