Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Let's take a look at the tasks that Chris (the IoT team administrator) and Alex (the device owner) have to do, from downloading WSO2 IoT Server to registering the Android device.

Before you begin

  1. WSO2 IoT Server supports devices on Android version 4.2.x to 7.0 (Android Jelly Beans to Nougat).
  2. Install Oracle Java SE Development Kit (JDK) version 1.7.* or 1.8.* and set the JAVA_HOME environment variable. For more information on setting up JAVA_HOME on your OS, see Installing the Product.
  3. Download WSO2 IoTS.

  4. Start WSO2 IoT Server by starting the three profiles in the following order:

    1. Start the broker profile, which corresponds to the WSO2 Message Broker profile.

      cd <IoTS_HOME>/broker/bin
      ./wso2server.sh
    2. Start the core profile, which corresponds to the WSO2 Connected Device Management Framework (WSO2 CDMF) profile.

      cd <IoTS_HOME>/core/bin
      ./wso2server.sh

      The default port assigned for the core is 9443.

    3. Start the analytics profile, which corresponds to the WSO2 Data Analytics Server profile.

      cd <IoTS_HOME>/analytics/bin
      ./wso2server.sh

      The default port assigned for analytics is 9445.

  5. Access the WSO2 device management console by navigating to https://<IoT_HOST>:9443/devicemgt.

Let's get started!

Creating users and a sample policy

Follow the steps given below to create the two users Alex and Chris, and a configured passcode policy. This is done so that it will be easy for you to try out the quick start guide.

Tip by Milan

Have you run the sample script previously when trying out the iOS quick start guide? If so, delete the two users alex and chris, the role iotMobileUser, and the sample policies that were created for Android, iOS and Windows.

  1. Download the WSO2 IoT Server sample pack.
  2. Create a directory named samples in the <IoT_HOME>/core/repository directory and copy the downloaded file to it.

  3.  Navigate to the samples directory and run the command given below to copy the required content to the quick start guide setup.

    cd <IoT_HOME>/core/repository/samples/mobile-qsg
    sh copy-files.sh
  4. Start WSO2 IoT Server.
    If you started WSO2 IoT Server previously, stop the broker, core and analytics profiles using CRTL+C, and restart all three profiles in the given order.
    Restart the servers using the following command:

    ./wso2server.sh
  5. Run the mobile-qsg.sh script.

    sh mobile-qsg.sh

    If you haven't configured WSO2 IoTS for iOS, the iOS sample policy will not be created. Therefore, you will get the message given below. This will not restrict you from trying out the Android quick start guide.

Check out the WSO2 IoT Server dashboard by signing in to the WSO2 IoT Server console using chris as the username and chrisadmin as the password: https://<IoT_HOST>:9443/devicemgt.  
You will then see the new iotMobileUser role, 3 new policies, and 2 new users that were added using these scripts.

Updating the passcode policy

As a security measure, the MobX management has requested Chris to update the passcode policy for all Android devices so that a device user can only enter the wrong password four times. If a user fails to enter the correct password in the fourth attempt, the device will not be accessible for 15 minutes. This can be regulated in WSO2 IoT Server by updating the passcode policy that was already in place. Chris follows the steps given below to update the policy:

  1. Access the WSO2 IoT Server console by navigating to https://<IoT_HOST>:9443/devicemgt.

    Tip by Chris

    1. By default, <IoT_PORT> has been set to 9443 for HTTPS and 9763 for HTTP. Since we access the IoT console over HTTPS, use 9443 in the URL.
    2. When the pages appear, the web browser will typically display an "insecure connection" message, which requires your confirmation before you can continue.

       Click here for more information.

      The WSO2 IoTs consoles are based on the HTTPS protocol, which is a combination of HTTP and SSL protocols. This protocol is generally used to encrypt the traffic from the client to server for security reasons. The certificate it works with is used for encryption only and does not prove the server identity, so when you try to access these consoles, a warning of untrusted connection is usually displayed. To continue working with this certificate, you must "accept" the certificate before access to the site is permitted. If you are using the Mozilla Firefox browser, this usually occurs only on the first access to the server, after which the certificate is stored in the browser database and marked as trusted. However, with other browsers, the insecure connection warning might be displayed every time you access the server.

      This scenario is suitable for testing purposes, or for running the program on the company's internal networks. If you want to make the consoles available to external users, your organization should obtain a certificate signed by a well-known certificate authority, which verifies that the server actually has the name it is accessed by and that this server belongs to the given organization.

    1. Enter chris as the username and chrisadmin as the password.

    2. Click LOG IN

    The device management dashboard appears, giving you easy access to the devices, users, and policies in your organization. 

  2. Click View under POLICIES.
  3. Click the edit logo that is on the passcode policy for Android devices.
  4. Update the passcode profile that is already in place by defining the maximum fail attempts as 4, and click CONTINUE.

    1. A profile in the context of EMM refers to a collection of policies.
    2. If you want to know more about each policy setting, hover your mouse pointer over the help tip.
      Example:

  5. The passcode policy that was created for this scenario has the following groups assigned. You can optionally update the groups.
    1. Chris had selected the default ownership type ANY for the set device ownership type.

      Device
      ownership
      type 
      Description
      BYODBring Your Own Device
      COPECorporate-Owned, Personally Enabled
      AnyThe configured profile of policies will be assigned to both the BYOD and COPE device ownership types
    2. Chris has selected the set user role/s option and then selected the iot-user role from the item list.
    3. Chris has selected Enforce as the action that needs to be carried out when a device has not complied with a policy.  

      The following actions are referred to as non-compliance rules and determine how policies are monitored.

      Non-compliance
      rules 
      Description
      EnforceForcefully enforce the policies on the assigned groups
      Warning

      If the assigned groups do not adhere to the given policies, a warning message will be sent

      Monitor

      If the assigned groups do not adhere to the given policies, the server is notified of the violation without notifying the user, and the administrator can take the necessary actions

    4. Click CONTINUE.
  6. Optionally, you can update the name and the description of the policy.

  7. Click SAVE to save the configured profile or click SAVE & PUBLISH to save and publish the configured profile as an active policy to the database. It is mandatory that the policy is assigned to Alex's mobile device, so Chris clicks SAVE & PUBLISH to make the policy active immediately when the device enrolls with WSO2 IoTS.

    • If you SAVE the configured profile, it will be in the inactive state and will not be applied to any devices.
    • If you SAVE & PUBLISH the configured profile of policies, it will be in the active state. The active policies will be enforced on new devices that enroll with EMM based on the policy enforcement criteria.
    • If you want to push this policy to the existing devices and want this policy to be applied to the devices, click APPLY CHANGES TO DEVICES.

Publishing Applications

Chris needs to publish the App Catalog application that was created when running the mobile-qsg script.

  1. Navigate to the App Publisher using the following URL: https://<IoT_HOST>:9443/publisher

  2. Click Submit for Review for the Catalog application.

  3. Click Approve > Publish.

The App Catalog application is now available in the app store for device owners like Alex to install on their device.

Monitoring devices

Chris can monitor the devices registered with WSO2 IoT Server via the device monitoring console. Follow the steps given below to sign in to the device monitoring console:

  1. Click the menu icon and then click DEVICE STATISTICS to access the device statistics dashboard.

  2. The device statistics dashboard is facilitated via the WSO2 Dashboard Server. Therefore, since you have not enabled SSO in this guide for WSO2 IoT Server, you will need to log into the dashboard using chris as the username and chrisadmin as the password.
    Currently, you will not see any data populated in the dashboard as there are no enrolled devices and no non-compliant or unmonitored devices in the system.  

Registering the Android device

WSO2 IoT Server supports devices on Android version 4.2.x to 7.0 (Android Jelly Beans to Nougat).

The role that Chris added Alex to has permission to enroll a device. Therefore, Alex follows the steps given below to enroll the Android device:

  1. Sign in to the WSO2 IoT Server device management console using alex as the username and alexuser as the password.

  2. Click Enroll New Device.
  3. Click Android to enroll your device with WSO2 IoTS.
  4. Enroll the device.
    1. Click Enroll Device.
    2. Scan the QR code to download the Android agent onto your Android device.

      Make sure that your Android device and the IoT Server are on the same network, else you will not be able to download the Android agent.

      After scanning the QR code you will be directed to a web page. When this page appears, the web browser will typically display an "insecure connection" message, which requires your confirmation before you can continue.

       Click here for more information.

      The WSO2 IoTS consoles are based on the HTTPS protocol, which is a combination of HTTP and SSL protocols. This protocol is generally used to encrypt the traffic from the client to server for security reasons. The certificate it works with is used for encryption only, and does not prove the server identity, so when you try to access these consoles, a warning of untrusted connection is usually displayed. To continue working with this certificate, some steps should be taken to "accept" the certificate before access to the site is permitted. If you are using the Mozilla Firefox browser, this usually occurs only on the first access to the server, after which the certificate is stored in the browser database and marked as trusted. However, with other browsers, the insecure connection warning might be displayed every time you access the server.

      This scenario is suitable for testing purposes, or for running the program on the company's internal networks. If you want to make these consoles available to external users, your organization should obtain a certificate signed by a well-known certificate authority, which verifies that the server actually has the name it is accessed by and that this server belongs to the given organization.

  5. Alex taps Download IoT Server Agent on this screen.

  6. Open the downloaded file, and tap INSTALL.
  7. Tap OPEN, once the WSO2 Agent is successfully installed.
  8. Tap Skip and go to Enrollment, which will direct you to install the device with WSO2 IoT Server in the default manner.

    Tip by Chris

    In WSO2 IoT Server, data containerization is implemented using the Managed Profile feature. For more information on how to set up the Work-Profile, see Setting Up the Work Profile.

  9. Enter the server IP and the port as your server address in the text box provided.

    Example: Register the device via HTTP: 10.10.10.253:8280

  10. Tap Yes to continue.
  11. Enter your details and tap Register. A confirmation message will appear..
    • Username - Enter alex as the username.
    • Password - Enter alexuser as the password.
    • Domain - In this example Alex leaves the Domain empty, as it is only required if the server is hosted with multi-tenant support. 
    • Ownership type - Selects the BYOD ownership option. 
  12. Tap Yes to continue.
  13. Read the policy agreement, and tap Agree to accept the agreement. 
  14. Tap ALLOW to allow the WSO2 Android agent to make and manage phone calls and to access photos, media, files, and the device location.

    You will get this message only if your device is on Android OS Marshmallow (6.0) or above.

    Example:

  15. Alex sets a PIN code with a minimum of four digits and clicks Set PIN Code. The PIN code is used to secure your personal data. Therefore, the IoT server will not be able to carry out critical operations on your personal data without using this PIN. 
    Example: If Chris needs to enterprise-wipe Alex's device or remove data from the device, Chris cannot directly wipe it without the PIN code. 

    You will be prompted to provide a PIN code only if your device is a BYOD device.

  16. Confirm the PIN and click OK to continue.
  17. Tap ACTIVATE to enable the EMM device administrator on your device. A confirmation message will appear after enabling the device admin.

    Alex's device is now successfully registered with WSO2 IoT Server. Alex can click Unregister to unregister this device.

Trying out Android device operations

Alex can now navigate to the Device management page, view information specific to the device, and carry out operations on the device as explained below:

  1. Access the IoTs console using alex as the username and alexuser as the password that was sent via email.
  2. Click View under DEVICES.
  3. Click on the registered device.

    Alex tries out the various device operations via the WSO2 IoT Server console.

    1. Alex misplaces the mobile device, so Alex clicks Ring to ring the device and find out if the device is lying around the workspace.

    2. Alex then remembers that the phone was unlocked, so Alex uses the Device Lock operation to lock the device so that the content in the device will be safe.

    3. Using the Location operations Alex finds out that device is in Chris's office. Alex calls Chris and asks Chris to call back from the device.

    4. To make sure Chris can call using the device, Alex unlocks the device using the Device Unlock operation.

    For more information on the available features, try out the Android operations.

Installing an application on the Android device

MobX wants Chris to ensure that the employees can only download mobile applications made available via the MobX app store. For this, Chris creates and publishes the app catalog application to the MobX app store.

Let's take a look at how Alex installs this application on the device.

  1. Navigate to the App Store using the following URL: https://<IoT_HOST>:9443/store

  2. Sign in using alex and alexuser as the username and password.

  3. Click the Catalog mobile application, and click Install.

  4. Select Instant install, and click Yes.
  5. Click on your device in the pop-up menu to install and subscribe to the application.
    A success message will be shown when you have successfully subscribed to the application.
  6. Tap Install on your device to finish installing the application.
    Now you can use start using the application. For more information, see Downloading Applications via the App Catalog Application.
  • No labels