Let's take a look at the tasks that Chris (the IoT team administrator) and Alex (the device owner) have to do, from downloading WSO2 IoT Server to registering the Android device.
...
Tip | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...
Tip | ||
---|---|---|
| ||
Have you run the sample script previously when trying out the iOS quick start guide? If yesso, delete the two users alex and chris, the role iotMobileUser, and the sample policies that were created for Android, iOS and Windows. |
- Download the WSO2 IoT Server sample pack.
Create a directory named
samples
in the<IoT_HOME>/core/repository
directory and copy the downloaded file to it.Navigate to the samples directory and run the command given below to copy the required content to the quick start guide setup.
Code Block cd <IoT_HOME>/core/repository/samples/mobile-qsg sh copy-files.sh
Start WSO2 IoT Server.
If you started WSO2 IoT Server previously, stop the broker, core and analytics profiles usingCRTL+C
, and restart all three profiles in the given order.
Restart the servers using the following command:Code Block ./wso2server.sh
Run the
mobile-qsg.sh
script.Code Block sh mobile-qsg.sh
Note If you haven't configured WSO2 IoTS for iOS, the iOS sample policy will not be created. Therefore, you will get the message given below. This will not restrict you from trying out the Android quick start guide.
Info |
---|
Check out the WSO2 IoT Server dashboard by signing in to the WSO2 IoT Server console using chris as the username and chrisadmin as the password: |
Updating the passcode policy
...
Access the WSO2 IoT Server console by navigating to
https://<IoT_HOST>:9443/devicemgt
.Tip title Tip by Chris - By default,
<IoT_PORT>
has been set to 9443 for HTTPS and 9763 for HTTP. Since we access the EMM IoT console over HTTPS, use 9443 in the URL. When the pages appear, the web browser will typically display an "insecure connection" message, which requires your confirmation before you can continue.
Expand title Click here for more information. The EMM WSO2 IoTs consoles are based on the HTTPS protocol, which is a combination of HTTP and SSL protocols. This protocol is generally used to encrypt the traffic from the client to server for security reasons. The certificate it works with is used for encryption only and does not prove the server identity, so when you try to access these consoles, a warning of untrusted connection is usually displayed. To continue working with this certificate, you must "accept" the certificate before access to the site is permitted. If you are using the Mozilla Firefox browser, this usually occurs only on the first access to the server, after which the certificate is stored in the browser database and marked as trusted. However, with other browsers, the insecure connection warning might be displayed every time you access the server.
This scenario is suitable for testing purposes, or for running the program on the company's internal networks. If you want to make the consoles available to external users, your organization should obtain a certificate signed by a well-known certificate authority, which verifies that the server actually has the name it is accessed by and that this server belongs to the given organization.
Enter chris as the username and chrisadmin as the password.
- Click LOG IN.
The device management dashboard appears, giving you easy access to the devices, users, and policies in your organization.
- By default,
- Click View under POLICIES.
- Click the edit logo that is on the passcode policy for Android devices.
Update the passcode profile that is already in place by defining the maximum fail attempts as 4, and click CONTINUE.
Info - A profile in the context of EMM refers to a collection of policies.
- If you want to know more about each policy setting, hover your mouse pointer over the help tip.
Example:
- The passcode policy that was created for this scenario has the following groups assigned. You can optionally update the groups.
Chris had selected the default ownership type ANY for the set device ownership type.
Device
ownership
typeDescription BYOD Bring Your Own Device COPE Corporate-Owned, Personally Enabled Any The configured profile of policies will be assigned to both the BYOD and COPE device ownership types - Chris has selected the set user role/s option and then selected the iot-user role from the item list.
Chris has selected Enforce as the action that needs to be carried out when a device has not complied with a policy.
Info The following actions are referred to as non-compliance rules and determine how policies are monitored.
Non-compliance
rulesDescription Enforce Forcefully enforce the policies on the assigned groups Warning If the assigned groups do not adhere to the given policies, a warning message will be sent
Monitor If the assigned groups do not adhere to the given policies, the server is notified of the violation without notifying the user, and the administrator can take the necessary actions
- Click CONTINUE.
Optionally, you can update the name and the description of the policy.
Click SAVE to save the configured profile or click SAVE & PUBLISH to save and publish the configured profile as an active policy to the database. It is mandatory that the policy is assigned to Alex's mobile device, so Chris clicks SAVE & PUBLISH to make the policy active immediately when the device enrolls with WSO2 IoTS.
Info - If you SAVE the configured profile, it will be in the inactive state and will not be applied to any devices.
- If you SAVE & PUBLISH the configured profile of policies, it will be in the active state. The active policies will be enforced on new devices that enroll with EMM based on the policy enforcement criteria.
- If you want to push this policy to the existing devices and want this policy to be applied to the devices, click APPLY CHANGES TO DEVICES.
...
Chris needs to publish the App Catalog application that was created when running the iotmobile-qsg
script.
Navigate to the App Publisher using the following URL:
https://<IoT_HOST>:9443/publisher
Click Submit for Review for the Catalog application.
- Click Approve > Publish.
...
Info |
---|
|
...
Registering the Android device
Info |
---|
EMM WSO2 IoT Server supports devices on Android version 4.2.x to 7.0 (Android Jelly Beans to Nougat). |
...
Sign in to the WSO2 IoT Server device management console using alex as the username and alexuser as the password.
- Click Enroll New Device.
- Click Android to enroll your device with WSO2 IoTS.
- Enroll the device.
- Click Enroll Device.
Scan the QR code to download the Android agent onto your Android device.
Info You need to make Make sure that your Android device and the IoT Server are on the same network, else you will not be able to download the Android agent.
After scanning the QR code you will be directed to a web page. When this page appears, the web browser will typically display an "insecure connection" message, which requires your confirmation before you can continue.
Info Expand title Click here for more information. The WSO2 IoTS consoles are based on the HTTPS protocol, which is a combination of HTTP and SSL protocols. This protocol is generally used to encrypt the traffic from the client to server for security reasons. The certificate it works with is used for encryption only, and does not prove the server identity, so when you try to access these consoles, a warning of untrusted connection is usually displayed. To continue working with this certificate, some steps should be taken to "accept" the certificate before access to the site is permitted. If you are using the Mozilla Firefox browser, this usually occurs only on the first access to the server, after which the certificate is stored in the browser database and marked as trusted. However, with other browsers, the insecure connection warning might be displayed every time you access the server.
This scenario is suitable for testing purposes, or for running the program on the company's internal networks. If you want to make these consoles available to external users, your organization should obtain a certificate signed by a well-known certificate authority, which verifies that the server actually has the name it is accessed by and that this server belongs to the given organization.
Alex taps Download IoT Server Agent on this screen.
- Open the downloaded file, and tap INSTALL.
- Tap OPEN, once the WSO2 Agent is successfully installed.
Tap Skip and go to Enrollment, which will direct you to install the device with WSO2 IoT Server in the default manner.
Tip title Tip by Chris In WSO2 IoT Server, data containerization is implemented using the Managed Profile feature. For more information on how to set up the Work-Profile, see Setting Up the Work Profile.
Enter the server IP and the port as your server address in the text box provided.
Example: Register the device via HTTP: 10.10.10.253:8280
- Tap Yes to continue.
- Enter your details and tap Register. A confirmation message will appear..
- Username - Enter alex as the username.
- Password - Enter alexuser as the password.
- Domain - In this example Alex leaves the Domain empty, as it is only required if the server is hosted with multi-tenant support.
- Ownership type - Selects the BYOD ownership option.
- Tap Yes to continue.
- Read the policy agreement, and tap Agree to accept the agreement.
Tap ALLOW to allow the WSO2 Android agent to make and manage phone calls and to access photos, media, files, and the device location.
Note You will get this message only if your device is on Android OS Marshmallow (6.0) or above.
Example:
Alex sets a PIN code with a minimum of four digits and clicks Set PIN Code. The PIN code is used to secure your personal data. Therefore, the IoT server will not be able to carry out critical operations on your personal data without using this PIN.
Example: If Chris needs to enterprise-wipe Alex's device or remove data from the device, Chris cannot directly wipe it without the PIN code.Info You will be prompted to provide a PIN code only if your device is a BYOD device.
- Confirm the PIN and click OK to continue.
Tap ACTIVATE to enable the EMM device administrator on your device. A confirmation message will appear after enabling the device admin.Anchor Step8 Step8
Alex's device is now successfully registered with WSO2 IoT Server. Alex can click Unregister to unregister this device.
...
Alex can now navigate to the Device management page, view information specific to the device, and carry out operations on the device as explained below:
- Access the EMM IoTs console using alex as the username and alexuser as the password that was sent via email.
- Click View under DEVICES.
Click on the registered device.
Alex tries out the various device operations via the WSO2 IoT Server console.
Alex misplaces the mobile device, so Alex clicks Ring to ring the device and find out if the device is lying around the workspace.
Alex then remembers that the phone was unlocked, so Alex uses the Device Lock operation to lock the device so that the content in the device will be safe.
Using the Location operations Alex finds out that device is in Chris's office. Alex calls Chris and asks Chris to call back from the device.
To make sure Chris can call using the device, Alex unlocks the device using the Device Unlock operation.
Info For more information on the available features, try out the Android operations.
...
Navigate to the App Store using the following URL:
https://<IoT_HOST>:9443/store
Sign in using alex and alexuser as the username and password.
Click the Catalog mobile application, and click Install.
- Select Instant install, and click Yes.
- Click on your device in the pop-up menu to install and subscribe to the application.
A success message will be shown when you have successfully subscribed to the application. - Tap install Install on your device to finish installing the application.
Now you can use start using the application. For For more information, see Downloading Applications via the App Catalog Application.