MDM Apple

Basic queries about MDM

GC's picture
Your rating: None (1 vote)

Hi,
I'm a newbie to MDM and am still trying to figure out how all the pieces fit together. Have a query I hope the Gurus can help answer.

Is the following correct? From the moment it registers itself with Apple, each device maintains a persistent connection with the APNS service via the "apsd" deamon. This connection serves as the underlying "pipe" that helps the apsd deamon, on its part, offer the publish-subscribe service that helps client apps (aka the subscribes) receive "messages" from the publisher (aka APNS in this case). If this is true then

My query concerns how a device gets its unique token from APNS. Per my understanding, an application needs to register itself with APNS for it to be able to receive notifications...and as a part of this registration process, the APNS service returns a unique App Specific "token" to the app...how does this pan out in the MDM context...what's this app? Who decides the topic to use? The reason for me to ask this is because the MDM Check-In protocol requires the device to send the "Topic" and "Token" during the final TokenUpdate step. Without an app, where does the "Topic" and "Token" come from?

Any responses would be greatly appreciated.

Thanks and Regds

Does Profile Manager allow users to self-install an Enterprise app?

lizl99's picture
Your rating: None (2 votes)

Background.

For the past three years the iOS Enterprise app our company wrote has been made available over the air to our client's BYOD iPad roving-salesmen users (only about 40) using the itms download from a website. This was easy (the company set up a password protected page on their website and let those users know the password), and it allowed the user plenty of control - if a new version of the app was made available via the website, the company simply emailed all the users to let them know, and the users decided when to download it. This was especially important since the app is large, and needs to be downloaded when the user is somewhere with a good wifi connection.

Although the itms method still (just about) works for iOS8 devices, it's clear that Apple might drop support at any time, and recommend apps should be distributed via MDM. Therefore I have started looking at Apple Profile Manager on Mac OS X Yosemite Server to see whether we might recommend this to the client. I'm a developer not a sysadmin by trade, and have had no exposure to MDM before,

What I need to be able to do

The only use of MDM will be to allow all users to install our app over the air on any new iOS devices they own, and to install an updated version whenever we release one. The company is not interested in tracking or controlling any other aspect of the devices. So all that I want to do is have the user be able to enrol devices and self-install the app from our MDM server over the air whenever they want.

Profile Manager so far

I am at the stage of just having a look at how Profile Manager works, on a 'test' OSX Server system running locally in our office. I have set up a test user, assigned them to a group, allocated our app to the group, and enrolled an Ipad for the user. So far so good!

But whenever I enrol an iPad or upload an updated version of the app to Profile Manager, the app is pushed automatically to the iPads (with the user presented with a 'Cancel/Install/Update' alert as appropriate. I don't want this to happen; I just want the app available to users - somehow - so they can self-install when they want.

Can I achieve this or a similar effect with Profile Manager? If so, how? If not, what other MDM solution would you recommend?

Thanks for any advice.

Liz

The most restrictive MDM available

bradj2014's picture
Your rating: None (1 vote)

Hi,

I'm using Apple's Profile Manager at the moment, but having issues with the users just manually changing the configurations around where the time to resolve the issue is growing increasingly.

What I'm looking for is a MDM that can:

1. Prevent the user from deleting apps that are deployed
2. Prevent the user from changing the Name of the device
3. Prevent the user from resetting the iPad.
4. Prevent the user from disabling Find my iPad

Any suggestions?

Recent Activity