Adding a System Update Policy for COSU Devices

A COSU device is also known as a single purpose device. You are only able to work with an assigned application or applications on this device and all other device functions will be locked. As you are unable to manually manage the system updates on these devices let's take a look at how you can set a policy to manage the system updates on a COSU device.

Follow the steps given below:

1. Navigate to the device management console: https://<IoT_HOST>:9443/devicemgt
2. Click Add under Policies.
   
3. Click on the Android mobile platform.
   
4. Select the System Update Policy (COSU) and enable it.
   The selected policy is disabled by default, therefore, click on the on-off switch to enable it.

5. Define how you want to update the system when system updates are sent to the device, and click CONTINUE.
   Select one of the following options. 

   Automatic	Install the system update automatically as soon as one is available.
   Postpone	Incoming system updates (except for security updates) will be blocked for 30 days, after which the policy will no longer be effective and the system will revert back to its normal behavior as if no policy were set.
   Window	Install the system update automatically within a daily maintenance window. You need to set the time period at which a system update will happen. Example: The system updates can take place from 12 AM to 9 PM only.

6. Assign the configured profile of policies to the preferred groups.
   

   1. Select the device ownership type by clicking on the preferred option from the set device ownership type drop-down list:

      Device ownership type	Description
      BYOD	Bring Your Own Device.
      COPE	Corporate-Owned, Personally Enabled.
      Any	The configured profile of policies will be assigned to both the BYOD and COPE device ownership types.

   2. Assign the policy to user roles or users:

   • Assigning user role/s.

     1. Select the set user role/s option.

     2. Select the preferred role from the item list.

        The items that are listed here, are the roles that were added when managing roles through the Device Management console.

        For more information, see managing roles.

   • Assigning user/s.
     1. Select the set user/s option.
     2. Enter the characters of the username/s you wish to add, and the system will prompt the users having the names with the characters you entered. You can select the users from the item list.
   3. Click SAVE.
   Example:
   

7. Define a name for the configured profile of policies and a description.

   Set a Name to your Policy is a mandatory field.

   

8. Click SAVE to save the configured profile or click SAVE & PUBLISH to save and publish the configured profile as an active policy to the database.

   If you SAVE the configured profile it will be in the inactive state. Therefore, the policy will not be taken into account when the IoT Server filters policies, to enforce a suitable policy on a device that registers with WSO2 IoTS.

   If you SAVE & PUBLISH the configured profile of policies it will be in the active state. The active policies will be enforced on new devices that enroll with WSO2 IoTS based on the Policy enforcement criteria. If you want to push this policy to the existing devices and want this policy to be applied to the devices, click Apply changes. Then the newly added policy will be a candidate in the policy selection pool based on the policy Enforcement criteria.