Archive for July, 2013

Manage Divide containers with IBM Endpoint Manager

Divide is a container solution for Apple iOS and Android devices. Divide is an app that acts as a workspace, or container, that mimics device capabilities while isolated from the rest of the device. This container solution allows information within Divide to be secured and managed separately from the rest of the device.

divide workspace

The latest release of IBM Endpoint Manager for Mobile Devices can also manage endpoints with Divide containers.  So you can have the best of both worlds, managing mobile devices with their native management features or users with corporate services within a container.

You will want to have installed the Divide client on your mobile devices and you can request a trial of their enterprise console here.

I’ve documented the steps to integrate IEM with Divide below:

  1. Select the Setup and Configuration Wizard and open Setup Enterproid Divide Management Extender.  Note that you’ll need to obtain an access token by clicking on the link provided.  Enterproid sent me an access token for our companies domain name.divide 1
  2. Select Deploy Management Extender for Enterproid Divide and then select Take Actiondivide 2
  3. Select the server where this will be installed.  I chose the same server as my MDM Management Extender.  Ensure this server has TCP port 443 access to api.divide.comdivide 3
  4. It takes a number of minutes for the appropriate software to be downloaded automatically from IBM’s cloud service and installed.  If you specifically define which computers are members of the MDM site, ensure the Divide plugin is included too (see device type plugin explained here)You’re then ready to select Configure Extendersdivide 4
  5. Select the Divide Container as shown.  Then enter your Divide domain name and access token.  I copied the access token into Notepad just to ensure there wasn’t any incorrect spaces or extra characters.divide 5divide 6
  6. Finally select Configure Enterproid Divide Management Extender,  then the applicable container device and click OK. It will take a few minutes for the configuration to complete.divide 7

Once the configuration was complete all containers from the Divide cloud were displayed in the IEM console as shown (along side other Android and iOS devices which are managed too)

iem divide console 1

If I selected my iPad with the Divide container installed, I was able to perform a number of container controls:

iem divide console 2

What was nice, is that I can also define Divide polices from with the IEM console too:

iem divide console 3

I really like the user interface of the Divide client, which is the most critical factor with any container solution.  Some container solutions have the reputation for not being that user friendly, so users end up trying to work their way around how they access their corporate email and applications.  Which of course defeats the purpose of providing a container in the first place!

This new capability allows clients to both manage devices via traditional MDM (iOS, Android, Windows, Blackberry) and now a powerful container capability.  This is on top of managing Windows, Mac, Linux and Unix from the one console.

If you have any queries, feel free to contact me or post a question to our developerWorks forum.

Darryl

P.S.  Article renamed to reflect Enterproid name change to ‘Divide’ (Oct 2013)

Advertisements

1 Comment

Using Trusted Certificates with IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices requires a certificate to manage iOS devices – through Apple’s Push Notification Service (APNS).  This APNS certificate allows the Management Extender to establish a secure, trusted channel of communication with the iOS devices.  This setup is straightforward and is detailed here.  Our MDM evaluators guide provides step by step instructions with screen captures.  Contact me if you don’t have a copy.

If you’ve installed IEM to manage some devices, you’ll note that for iOS devices you have to install a self signed certificate first.  You can remove the requirement for this by installing a well known or trusted certificate from Verisign, Godaddy, Gotrust etc.

The steps to install IEM with a trusted certificate below.  I want to acknowledge the great article by Orb Data which provided me some great info, and explained certificates in PEM format.

  1. Complete Step 1: Deploy the Management Extender Fixlet  and  Step 2: Obtain certificate to manage Apple iOS devices  to install the Management Extender.   Save the final APNS certificate as push.cer and place it  in a directory on your IEM server,  say D:\ManagementExtender\APNS\push.cer.  Now this has the certificate covered for IEM communicating with Apple’s APNS service.
  2. Now for the certificate for device to IEM server communication, we need to create a certificate request that a certificate authority can process.  I was using Godaddy to define a certificate for the domain name  mdm.darrylmiles.me.  On a Mac I used OpenSSL I would run this command:openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

    For my domain name, I entered:   openssl req -new -newkey rsa:2048 -nodes -keyout darrylmiles.me.key -out darrylmiles.me.csr

    I was able to the use the command illustrated on Godaddy’s web site here.

    The result of this command is two files:

    two files

  3. Now on your certificate authority web site, take the text from within your CSR file (in my case darrylmiles.me.csr) and copy this into appropriate request page:cert 1
  4. Once the certificate request was accepted,  I downloaded it as shown:cert 5
  5. The ZIP file contained two files gd_bundle.crt  and  mdm.darrylmiles.me.crt.   Both files contained the certificate information in PEM format,  ie.—–BEGIN CERTIFICATE—–
    Lots of letters/numbers here…
    —–END CERTIFICATE—–I renamed the files as follows:
    gd_bundle.crt to gd_bundle.crt
    mdm.darrylmiles.me.crt  to  mdm.darrylmiles.me.cer
  6. I copied the darrylmiles.me.key,  mdm.darrylmiles.me.crt  and  mdm.darrylmiles.me.cer to the IEM server to a directory called D:\ManagementExtender\Cert\
  7. I then configured the management extender using these settings:cert 6
  8. That’s it.  Once the management extender is configured it’s now ready to accept device enrolments.  Here are some screen captures of an iOS device being enrolled:photo 1photo 2

That’s it.  IEM is now setup with a trusted certificate.  If you have any queries, feel free to contact me or post a question to our developerWorks forum.

Darryl

Leave a comment