How to use the Apple iOS Device
Management
Apple iOS Devices are managed via MSP through the DM Web Server. Each Apple iOS Device will be treated by MSP as a managed device with a Device Class of “iPhone”, “iPod”, or “iPad”, depending on the type of Apple iOS Device it is detected as being. The following MSP support will be provided for managed Apple iOS Devices:
Using External Sources with Apple iOS
External Sources provide the ability to dynamically obtain and assign attribute values by making calls to an External Web Service. External Source Templates must be created in the MSP
Administration Program before External Sources associated with the Templates can be created in the MSP Console UI. MSP contains two built-in External Sources Templates that can be used to create External Sources which can be especially useful for Apple iOS Management. The following sections describe the use of External Sources as it pertains to the management of Apple iOS Devices specifically. For more details about External Sources in general, please see the Using MSP and Understanding MSP Guides.
Important:
The External Sources can only be used if the dynamic deployment feature is enabled in MSP. For details on enabling this feature in the MSP Administration Program, refer to the Administering MSP Guide.
External Source Templates
External Source Templates are the generic definitions for communicating with web services which will be used to dynamically retrieve information for use in MSP. The templates define the basic web service connection details and available methods. These generic templates are the basis for creating the External Sources described below. External Source Templates are defined in the
MSP Administration Program in the External Source Templates section under the Utilities menu item.
There are two default External Source Templates created in MSP automatically at time of install; they are the MSP.SCEP and the MSP.LDAP templates. These templates need not be modified by the user. However, the user is able to create his or her own custom External Source templates for web services they would like to use.
External Sources
External Sources are the definitions which reference the External Source Templates described above. The External Source objects are listed in MSP under the External Sources sub-tab of the Admin section in the MSP Console UI. While the External Source Templates are pre-defined out of the box, there will be no default External Sources objects pre-defined in MSP. The External Source definitions must be created in the MSP Console UI before they can be used. The following section describes the setup required to create External Sources from the two built-in External Source Templates.
Creating a SCEP External Source
1. In the MSP Console UI, navigate to the External Sources page under the Admin tab and click Create to setup the new External Source object. You must give the External Source object a name and then select the “MSP.SCEP” template from the drop-down. You must then provide the correct URL for the built-in ES Template. The URL should have the following format:
http(s)://<name_of_machine>/msp.web/WS/sceprequest.asmx
2. For External Sources created from the built-in External Source Templates you should leave the Auth User Name and Auth Password fields blank. The Time-Out field should be set to „0‟. Click Next to Proceed.
3. You will then be presented with a page for defining the Method Parameter mappings. For each of the parameters, you have the option to assign the default values for the parameter input values if you wish. The default mappings are optional but will make the use of the method parameter inputs in settings easier to use. You have four options for which to assign the default parameter inputs:
None – assign no default input parameter, this means it must be assigned when the External Source is used later in any MSP settings
No user input value required at this time
Value – assign to the input parameter a specific value Enter the string value
Secure – assign to the input parameter a specific secure value which will be encrypted Enter the unencrypted string value
Attribute – assign to the input parameter a the value of some given device attribute, this means that when the External Source parameter is used in a setting and that setting is later deployed to a device, the device attribute value will be used as the input parameter dynamically
Enter the device attribute name whose value should be used
4. When you have finalized your default parameter mappings, click Finish to complete the creation of the External Source object.
1. In the MSP Console UI, navigate to the External Sources page under the Admin tab and click Create to setup the new External Source object. You must give the External Source object a name and description and then select the “MSP.Ldap” template from the drop-down. You must then provide the correct URL for the built-in ES Template. The URL should have the following format:
http(s)://<name_of_machine>/msp.web/WS/LDAPService.asmx
2. For External Sources created from the built-in External Source Templates you should leave the Auth User Name and Auth Password fields blank. The Time-Out field should be set to „0‟. Click Next to Proceed.
3. You will then be presented with a page for defining the Method Parameter mappings. For each of the parameters, you have the option to assign the default values for the parameter input values if you wish. The default mappings are optional but will make the use of the method parameter inputs in settings easier to use. You have four options for which to assign the default parameter inputs:
None – assign no default input parameter, this means it must be assigned when the External Source is used later in any MSP settings
No user input value required at this time
Value – assign to the input parameter a specific value Enter the string value
Secure – assign to the input parameter a specific secure value which will be encrypted Enter the unencrypted string value
Attribute – assign to the input parameter a the value of some given device attribute, this means that when the External Source parameter is used in a setting and that setting is later deployed to a device, the device attribute value will be used as the input parameter dynamically
Enter the device attribute name whose value should be used
4. When you have finalized your default parameter mappings, click Finish to complete the creation of the External Source object.
External Source Tagging
External Source Tagging can be used to test the functionality and correct output from an External Source call. It can also be used to tag new or existing device attributes with the output value from an External Source call.
Creating an External Source Tagging object
1. In the MSP Console UI, navigate to the External Source Tagging page under the Admin tab and click Create. You must provide a name and description for the Tagging object. You should select the External Source Name you would like to use from the drop-down Then select the Method Name you want to call from that External Source. Finally, provide a button label for this Tagging object. This will be used to identify the button for this within the Related Tasks area of a Device Detail page.
2. Click Next to be presented with the parameter mapping for the selected External Source method call. This allows you to provide the default method input values for this method call. The four options are:
None – assign no default input parameter, this means it must be assigned when the External Source is used later in any MSP settings
No user input value required at this time
Value – assign to the input parameter a specific value Enter the string value
Secure – assign to the input parameter a specific secure value which will be encrypted Enter the unencrypted string value
Attribute – assign to the input parameter a the value of some given device attribute, this means that when the External Source parameter is used in a setting and that setting is later deployed to a device, the device attribute value will be used as the input parameter dynamically
Enter the device attribute name whose value should be used
3. You will also see the section for Return Value Mappings. This allows you to choose what to do with the returned output value(s) of the method. The four options for using the output are:
Ignore Output – do nothing with the output
This may be selected if the method returns multiple return values and one or more of the values are not needed.
New Attribute – assign the output value to a new attribute (not defined in MSP) Enter the string name for the new attribute
Existing Attribute – assign the output value to an existing attribute (already defined in MSP)
Select the attribute name that the output should be assigned to
Display Only – used primarily for testing the output, the value returned will simply be displayed to the user
No input required
4. Once you have made the appropriate modifications, click Finish to complete the creation of the Tagging object.
Using an External Source Tagging Object
To use the External Source Tagging, you must navigate to the device detail page of one of the devices currently listed in MSP. In the Related Tasks box on the right-hand side, Click on the button with the name of the Tagging object you want to use. A new window will appear with the Tagging retrieve parameters.
The parameter values should display the default values as defined in the creation of the Tagging object. The user may use the default or may modify any of the values at this time. Once the
value(s).
Staging Support
MSP Staging for Apple iOS Devices is limited to the initial configuration and deployment of such devices required to bring them under management by MSP. As such, Apple iOS Devices are not supported by MSP Stage Edition.
Provisioning and Action Support
When used with MSP Provision Edition or MSP Control Edition, MSP Provisioning Policies and MSP Control Actions can be used to send Jobs to Apple iOS Devices.
Processing Deployment Steps
Packages in MSP can be built to contain Apple applications using the Apple Application Template in the MSP Package Builder. Refer to the MSP Package Builder documentation for more details. Deployment Steps in Bundles referenced by Policies or Actions applied to Apple iOS Devices are processed as shown below:
Install Package
On an Apple iOS4 device, MSP executes an Install Package Deployment Step by adding an Install Task to the Task List for the device. The Install Task is then processed as described below in the subsection Task Items on Page 44.
On an Apple iOS 5 device, MSP executes an Install Package Deployment Step by sending it directly to the internal Apple DM client for processing.
If an MSP Package deploys an Apple iOS application to an Apple iOS Device, the MSP determines the name of the application that will be installed by that MSP Package and stores it in a mapping table in the MSP Database. This will be used to determine the list of MSP Packages to be reported as present on a device and to facilitate uninstall of Apple iOS applications when MSP Packages are uninstalled.
Uninstall Package
MSP executes an Uninstall Package Deployment Step by first determining the type of MSP Package that is being uninstalled. Based on the result of that check, the Uninstall Package Deployment Step is processed in one of the following ways:
The MSP Package name is compared against a fixed set of Apple Settings Class names. If a match is found, then the MSP Package is determined to be a Virtual Settings Package that was installed using an Install Settings Deployment Step. The MSP therefore directs the Apple DM Client to remove the Apple DM Configuration Profile from the device that corresponds to that Settings Class.
The MSP Package name is compared to the list of MSP Package names that have been used to deploy Apple iOS applications to the device. If a match is found, then the MSP Package is determined to be a an Application Package that was installed using an Install Package Deployment Step.
On an Apple iOS4 device, MSP adds an Uninstall Task for the to the Task List for the device. The Install Task is then processed as described below in the subsection Task Items on Page 44. On an Apple iOS 5 device, MSP sends the uninstall command to the internal Apple DM client for processing.
If neither of the tests is successful, then the MSP Package is assumed to not be present in the device and hence the Uninstall Package Deployment Step is considered successful. Install Settings
When a Settings Object is deployed to an Apple iOS Device using an Install Settings Deployment Step, the Settings Object is embedded in the Bundle, as part of the Install Settings Deployment Step. The MSP extracts the Settings Object from the Bundle and converts it to a matching Apple DM Configuration Profile based on the Settings Class of the Settings Object.
Important:
Since all Settings Objects are implemented by Apple DM Configuration Profiles, the only Settings Classes that can be supported on Apple iOS Devices are those that are pre- defined and known to MSP. MSP does not support the ability to define new Settings Classes and import them into MSP for use on Apple iOS Devices.
Once an appropriate Apple DM Configuration Profile has been created to implement the result called for by the Settings Object, MSP applies that Configuration Profile to the device via the Apple DM Client.
Reboot
The MSP always executes a Reboot Deployment Step by adding a Reboot Task to the Task List for the device. The Reboot Task is then processed as described below in the subsection MSP Task List application.
MSP Task List application (Only for iOS 4)
Overview
Important:
This section ONLY applies to deployment on iOS 4 devices.
As mentioned earlier, the Apple DM Model does not enable a Device Management System, such as MSP, to automatically and silently install applications onto an Apple iOS4 Device. To
compensate for this limitation, Device Management Systems, including MSP, are required to provide a separate application, which must be manually launched by the Device User. This separate application facilitates the installation and uninstalling of applications under the control of the Device User.
In MSP, this separate application is called the MSP Task List application. This application is called the MSP Task List application instead of the “MSP iOS Installer Application” because it handles a variety of tasks. Tasks in the Task List must be performed by the Device User, via the MSP Task List application, in the order they were added by MSP.
Important:
The Apple iOS Application Model prevents a non-Apple application from performing general activities in the background. When the MSP Task List application is not the foreground (running) application, it cannot contact MSP to determine if the Task List has changed. The MSP Task List application can only contact MSP when the Device User explicitly launches it, thus making it the foreground (running) application.
As previously described, the MSP Task List application is installed as part of the Staging Process. The first time the MSP Task List application is launched, the Device User must configure it to define the information it will need to contact the MSP DM Web Server from which it will acquire Task Items.
The Device User must click the Settings button to invoke the Settings screen for the MSP Task List application. From the Settings screen, the Device User should click the https button to select the use of the HTTPS protocol and then enter the Server name into the Server: field. The Server name is the host name part of the URL used to access MSP DM Web Server when initiating the Staging Process. For example, if the MSP DM Web Server URL used to initiate Staging was “https://myenterprise.mydmserver/dm.web/”, then the Server name would likely be entered as “myenterprise.mydmserver”. The Port: field should generally be left as the default of “443” unless the MSP DM Web Server is required to be accessed on a non-standard HTTPS port. Once the above information has been entered, the Device User may choose to click the Test button to verify that the MSP Task List application can successfully contact the MSP DM Web Server using the supplied information. If the MSP Task List application can successfully contact the MSP DM Web Server, then the popup message “Validation Success – Success” is displayed. If the MSP Task List application can successfully contact the MSP DM Web Server, then the popup message “Validation Failure – Service timed out” will likely be displayed. When the Device User is satisfied that the MSP Task List application can successfully contact the MSP DM Web Server, the Done button should be clicked to leave the Settings screen.
Notification
To facilitate Task List updates and to promote Device User interaction with the Task List, MSP sends an APN (Apple Push Notification) message to the MSP Task List application whenever a change to the Task List has occurred.
When the MSP Task List application receives an APN message indicating that a change to the Task List has occurred, the popup message “MSPTaskList – You have new MSP Talk List tasks to perform” will be displayed to the Device User. If the Device User clicks the View button, the MSP Task List application will be launched, causing it to acquire and display the latest Task List. If the Device User clicks the Close button, the MSP Task List application will not be launched.
Important:
The Apple iOS Application Model does not allow an application to automatically bring itself to the foreground in response to such an APN message, except as a result of Device User response to a popup message. But at any time, the Device User can manually launch the MSP Task List application, via its icon on the home page, to view and interact with the Task List.