Mobile Device Containerisation, IEM and Enterproid Divide [ Part 2 of 2 ]

This is Part 2 of the blog on Mobile Device Containerisation, IBM Endpoint Manager and Enterproid Divide. Actually to be correct this should just be Divide as since Part 1 of this blog  was published, Enterproid Divide has been rebranded simply as Divide on the back of fresh funding led by Google Ventures.

Divide as previously discussed, is a container solution for Apple iOS and Android devices. Divide is an app that acts as a secure workspace containing device capabilities like email, calendar, browser and corporate apps while remaining isolated from the rest of the device. This container solution allows information from within Divide to be secured and managed separately.

The latest release of IBM Endpoint Manager for Mobile Devices allows for management of endpoints with Divide containers. This allows you to manage either the physical mobile device, the container or both.

Here we discuss the integration of Divide and IBM Endpoint Manager for Mobile Devices.

Architecture Overview – IBM Endpoint Manager + Divide

The high level architecture of the IBM Endpoint Manager and Divide integration is described in the following diagram. We then go on to discuss installation, deployment and configuration of the solution.

High Level Architecture

Divide Installation and Configuration on Device

The first part of installation is to download and install the Divide app from Apple’s app store, Google Play or Divide. The installation of the app is discussed in Part 1 of this blog, as is the ability to manage your container from My Divide.

Once the app is downloaded to your device There are now a couple of things that require deployment and configuration from the IBM Endpoint Manager end.

IBM Endpoint Manager Deployment and Configuration

Deploying the Divide Management Extender

To deploy a Divide Management Extender, perform the following steps:

  • Select the Mobile Device Management Site and navigate to Setup and Configuration > Setup and Configuration Wizard. The dashboard displays on the right.

  • From the Install MDM Management Extenders field, expand the node Setup Enterproid Divide Management Extender. Select option 1, Deploy Management Extender for Enterproid Divide.

  • With the Fixlet Task displayed, select Take Action. Select the first option, Click here to deploy…. Select the computer you want to deploy the extender to and press OK.

After a Divide Management Extender has been deployed, it is listed as an individual computer with the name Divide Container <##> (<Relay_Name>) where <##> is the numerical number of the extender and <Relay Name> is the hostname of the relay that the extender is installed on.  This behavior is different from other management extenders, and allows Divide Management Extenders to be multitenant-capable without further configuration.

Configuring the Divide Management Extender

After a Divide Management Extender has been deployed, it must be configured.  Configuration requires the domain you registered with Divide as well as the associated access token; these are provided by your Divide administrator.

To configure a Divide Management Extender, perform the following tasks:

  • Navigate to Mobile Device Management > Setup and Configuration > Setup and Configuration Wizard.
  • Expand the Setup Enterproid Divide Management Extender node.  Note that this area displays how many of these specific Management Extenders have been deployed and how many have been configured.

  • Click Configure Extenders.  In the displayed window, select the row that represents the extender that you want to configure and click Next.

Note: If you click the underlined computer name link, the console displays the properties of that computer.  Click Back to return to the Configure Extenders window.

  • In the Configure Extender window, enter the following information:
    • Domain Name: Enter the domain registered with your Divide Enterprise account.
    • Access Token: Enter the access token provided by Divide.
    • Use Divide Reseller Name (Advanced): Divide accounts can be sold by a third party.  Check this box and enter a reseller’s name only if this situation applies to your deployment.
    • Enrollment Tag for Multitenant Environment (Optional): If you are installing multiple Divide Management Extenders, check this box and provide an Enrollment Tag to distinguish the management extenders from each other.  For more information, see below.

  • Click Configure Enterproid Divide Management Extender.
  • Select the appropriate Enterproid Divide Management Extender in the Computer Name field and click OK.

p2-7

At this stage you should now have at least one device (perhaps many) with the Divide app installed and an IBM Endpoint Manager Divide Extender deployed and configured.

Divide Tasks from IBM Endpoint Manager

Apple iOS and Android devices that have been enrolled in a Divide deployment and are managed by a Divide Management Extender can have tasks performed on them through IBM Endpoint Manager for Mobile Devices. These tasks are initiated on the IBM Endpoint Manager, but are facilitated through Divide.

The following tasks can be performed only on Android devices running Divide.

  • Open URL in Container – Divide (Android): Send a URL to the target device.  The URL will be opened in the Divide browser.
  • Enable Audible Beacon – Divide (Android): Turn on an alert tone that will play until it is stopped by another task.
  • Stop Audible Beacon – Divide (Android): Turn off the alert tone.
  • Force Container Password Change – Divide (Android): Prompt the device user to enter a new password for the Divide container.  The new password must comply with the existing password policy.
  • Sync Mail Now – Divide (Android): Initiate sync between the Divide container and the email server.
  • Lock Screen – Divide (Android): Lock the screen of the target device.  The user must enter their device password to access the device.
  • Wipe Device – Divide (Android): Delete all data on the target device.  Data within the Divide container as well as all data outside the Divide container will be deleted!

NOTE: Use caution when initiating this task.  This task completely deletes all information on the target device.  The device will no longer be enrolled in any deployments including Divide or IBM Endpoint Manager.  Selectively wiping Divide data only can be performed using Fixlet 617: Wipe Enterproid Divide Container Data – Divide.

The following tasks can be performed on both Apple iOS and Android devices:

  • Lock Divide Container – Divide: Lock the Divide container.  Users must reenter the current password.  This task is available on iOS and Android devices.
  • Set / Change Container Password – Divide: Create or change the password for the Divide container.  You are prompted in the IBM Endpoint Manager Console to enter the password.  The device user must be notified of the password change.

NOTE: The password created using this task is not secure and will be visible in the console’s action history. In addition, Android device users may not be notified that the password has change.

  • Wipe Enterproid Divide Container Data – Divide: Delete all data in the Divide container. The device will no longer be enrolled in a Divide deployment.  Device information outside of the Divide container will remain safe.

NOTE: This task will delete the enrollment credentials of the Divide container.  This means the device cannot be managed by Divide unless a user enrolls the device again.  In addition, this task my never complete, because the target device will be unable to communicate to the Divide deployment to report its status.

Divide Manager

Finally the Divide containers under management through IBM Endpoint Manager are also available within Divide Manager. This allows you to manage your Android / iOS devices outside of IBM Endpoint Manager.

If you are interested in Divide for your business please contact us at sales@orb-data.com for more information.

Disclaimer: All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. The opinions found on this site are completely those of the author. These terms and conditions of use are subject to change at anytime and without notice.