Hi All, Have a few concerns about the Workspace solution which Shan proposed. Actually as Sanjiva specified, it can't be call a Container since it's just another app. But since we are using SSO inside the "Workspace", even though a person tries to make the hidden app icons visible and try to play around with it, he just can't do that because each an every app is secured with a Login. So this Workspace is just an isolation of the enterprise apps (No public apps can be put in there).
About S@msung K N O X, it does not use virtualization [1] and for more info [2]. It simply uses system level permission by installing K N O X as a system app into the device. Once an app is a system app on Android,, it can do a lot more things than others. System app is something which can act as a root user. So it can even install/uninstall apps silently and write data to protected storage etc etc. To make an app a system app, that app should be signed with the firmware signing key or the device should be a rooted device. K N O X is almost similar to Shan's Workspace concept and it will also show all apps inside container when you go to System->Manage apps. But they are just hidden from the launcher. How other MDM vendors are doing this? Almost all the other vendors have agreements with almost all the best device vendors such as Samsung, H T C, L G, D e l l etc. And if you search for @irwatch, you will see a set of service apps which says "@irwatch S@msung Service[3]", "@irwatch H T C service" etc. So what they are doing with those service apps? Each of those service apps are either signed with each of the vendor OS cert or those apps should be marked as System apps in respective vendor firmwares. Therefore @irwatch also provides almost similar capability to K N O X in their Container app. This actually enable them to do most of the stuff that we are still not able to do. I think we also need to have a deep conversation about this and follow a similar approach to solve our unresolved issues. Thanks [1]- http://www.brianmadden.com/blogs/jackmadden/archive/2013/03/19/7-things-you-need-to-know-about-samsung-knox-dual-persona-phone.aspx [2]-https://www.samsungknox.com/en/solutions/knox/technical [3]-https://play.google.com/store/apps/details?id=com.airwatch.admin.samsung [4]-https://play.google.com/store/apps/details?id=com.airwatch.admin.htc On Fri, Mar 14, 2014 at 7:23 AM, Kasun Dananjaya Delgolla <[email protected]>wrote: > Hi All, > > Have a few concerns about the Workspace solution which Shan proposed. > Actually as Sanjiva specified, it can't be call a Container since it's just > another app. But since we are using SSO inside the "Workspace", even though > a person tries to make the hidden app icons visible and try to play around > with it, he just can't do that because each an every app is secured with a > Login. So this Workspace is just an isolation of the enterprise apps (No > public apps can be put in there). > > About Samsung KNOX, it does not use virtualization [1] and for more info > [2]. It simply uses system level permission by installing KNOX as a system > app into the device. Once an app is a system app on Android,, it can do a > lot more things than others. System app is something which can act as a > root user. So it can even install/uninstall apps silently and write data to > protected storage etc etc. To make an app a system app, that app should be > signed with the firmware signing key or the device should be a rooted > device. KNOX is almost similar to Shan's Workspace concept and it will also > show all apps inside container when you go to System->Manage apps. But they > are just hidden from the launcher. > > How other MDM vendors are doing this? > > Almost all the other vendors have agreements with almost all the best > device vendors such as Samsung, HTC, LG, Dell etc. And if you search for > Airwatch, you will see a set of service apps which says "Airwatch Samsung > Service[3]", "Airwatch HTC service" etc. So what they are doing with those > service apps? Each of those service apps are either signed with each of the > vendor OS cert or those apps should be marked as System apps in respective > vendor firmwares. Therefore Airwatch also provides almost similar > capability to KNOX in their Container app. This actually enable them to do > most of the stuff that we are still not able to do. I think we also need to > have a deep conversation about this and follow a similar approach to solve > our unresolved issues. > > Thanks > > [1]- > http://www.brianmadden.com/blogs/jackmadden/archive/2013/03/19/7-things-you-need-to-know-about-samsung-knox-dual-persona-phone.aspx > [2]-https://www.samsungknox.com/en/solutions/knox/technical > [3]- > https://play.google.com/store/apps/details?id=com.airwatch.admin.samsung > [4]-https://play.google.com/store/apps/details?id=com.airwatch.admin.htc > > > On Thu, Mar 13, 2014 at 9:13 PM, Chan <[email protected]> wrote: > >> Hi folks, >> We had a brainstorming session on the EMM product and we came across few >> interesting points. >> >> - EAS provides some MDM features [1]. We should look into it more and >> understand how it will help us for our BB strategy >> - Dual persona is one of the important aspects in Enterprise >> Mobility. Various competitors have various techniques:- MAM approach, >> Hypervisor approach >> - Shan proposed a solution for a workspace - a folder that has all >> the enterprise applications and it will be locked with a passcode and SSO >> will be integrated for it. >> - Points regarding mBaaS - we finally concluded that mBaaS is just >> APIs >> >> *mBaas final note* >> The main reason why providers brought up the mBaaS was to provide a easy >> for developers to use APIs. Most important of these services are push >> notifications, social network integration, remote storage and location >> services. This will be written as a Stratos Service. >> >> Cheers~ >> (Add anything I might have missed) >> >> [1] - >> http://searchconsumerization.techtarget.com/tip/Using-Microsoft-Exchange-ActiveSync-for-MDM-What-you-can-and-cant-do >> >> -- >> Chan (Dulitha Wijewantha) >> Software Engineer - Mobile Development >> WSO2Mobile >> Lean.Enterprise.Mobileware >> * ~Email [email protected] <[email protected]>* >> * ~Mobile +94712112165 <%2B94712112165>* >> * ~Website dulitha.me <http://dulitha.me>* >> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >> > > > > -- > Kasun Dananjaya Delgolla > > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > Tel: +94 11 214 5345 > Fax: +94 11 2145300 > Mob: + 94 777 997 850 > Blog: http://kddcodingparadise.blogspot.com > Linkedin: *http://lk.linkedin.com/in/kasundananjaya > <http://lk.linkedin.com/in/kasundananjaya>* > -- Kasun Dananjaya Delgolla Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware Tel: +94 11 214 5345 Fax: +94 11 2145300 Mob: + 94 777 997 850 Blog: http://kddcodingparadise.blogspot.com Linkedin: *http://lk.linkedin.com/in/kasundananjaya <http://lk.linkedin.com/in/kasundananjaya>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
