Mobile Device Management support in WSO2 IoT Server
WSO2 IoT Server (IoTS) provides the essential capabilities required to implement a scalable server side IoT Platform. These capabilities involve device management, API/App management for devices, analytics, customizable web portals, transport extensions for MQTT, XMPP and many more. WSO2 IoTS contains sample device agent implementations for well known development boards, such as Arduino UNO, Raspberry Pi, Android, and Virtual agents that demonstrate various capabilities.
Architecture
In the modern world, individuals connect their phones to smart wearables, households and other smart devices. WSO2 IoT Server is a completely modular, open-source enterprise platform that provides all the capabilities needed for the server-side of an IoT architecture connecting these devices. WSO2 IoT Server is built on top of WSO2 Connected Device Management Framework (CDMF), which in turn is built on the WSO2 Carbon platform.
The IoT Server architecture can be broken down into two main sections:
Device Management (DM) platform
The Device Management platform manages the mobile devices.
IoT Device Management
- IoT Server mainly focuses on managing the IoT devices, which run on top WSO2 CDMF. The Plugin Layer of the platform supports device types such as Android Sense, Raspberry Pi, Arduino and many more.
- The devices interact with the UI layer to execute operations and the end-user UIs communicates with the API layer to execute these operations for the specified device type.
Mobile Device Management
Mobile device management is handled via WSO2 Mobile Device Manager (MDM), which enables organizations to secure, manage, and monitor Android, iOS, and Windows devices (e.g., smartphones, iPod touch devices and tablet PCs), irrespective of the mobile operator, service provider, or the organization.
Let’s take a real world use case where a school environment uses mobile devices as an educational equipment.
Hundreds of schools across New Zealand now have Bring Your Own Device (BYOD) policies in place
Now students can use their own devices or corporate devices which they have been given at the school to help with their learning.It allows them to do research, complete their homework and collaborate on projects with their classmates or teachers.
Students and teachers both use several apps and device features to improve the quality of learning sessions and to enable real-time interaction and collaborative support.
The administrators could be able to monitor the devices to getting its real advantage.
With unmitigated access to the internet on school, students can cheat on exams, cell phone cameras can pose extreme threats to personal privacy. Students sent or received text messages on their cell phones in class room.
students are going to be on social media and distracted from learning, not learning anything
Continuously monitoring is prominent in here
At this point , Mobile device management is coming to the picture
Mobile device management capabilities in Wso2 IoT server expand access of knowledge and great solution for the problems.
Device Grouping capability enables creating user groups based on grades, authority levels, and any kind of criteria. It allows administrators to monitor and view device data of many devices in one go. Admin can view any abnormal behavior of the devices at a glance and take necessary actions to prevent it.
Administrator can define a user group(Grade 10). Then he defines set of policies that are needed to be established on grade 10 students’ devices.
Grade 10 students enroll/register their own device against IoT server which is installed on their school premises and once they are enrolled to it, they entitled to the policies that school administrators defined accordingly. Because the student(user) is already in the Grade 10 user group.
Let’s see what happens in Policies
Administrator can define policies which include a set of configurations. Predefined policies are created for the user groups.These policies are enforced to the device when it is registered to the IoT server.
How It works
The school (Ragitto) uses Wso2 IoT server and administrators allow students to bring their own devices to the school. The device needs to be registered in the server and school has a set of policies that will be applied on the registered device to keep align with the school rules and requirements. For an example, student A joins Ragitto as a grade 10 student and he uses an android device.
When his device is registered to the IoT server, most appropriate policy will be enforced on his device as following.
1. Filtering all the policies which are common to the Android platform.
2. As the next step , filter out the policies that are configured for BYOD devices (Bring Your Own Device) or Cooperate own devices (COPE) .
3. Eventually policy task filters out the policies based on his user group.
Now student A is entitled to following four policies.
Camera restriction — priority 1
Passcode policy — priority 2
App BlackList policy — priority 3
Wifi policy — priority 4
Policy task checks for the most prioritized one (here camera restriction). Eventually the policy which has the highest priority out of the filtered pool will be enforced on the device.
Policy monitoring
Administrators are capable of monitoring the applied policies based on the compliance (successfully applied or not) status.There should be two statuses as compliance(successfully applied) and non compliance(broken the policy). Policies are normally kept in compliance status by monitoring them.
Let’s see how it works.
The camera is disabled through the camera restriction policy. There are three types of compliance actions namely, enforce, acknowledge and warning.When admin is creating a policy. the relevant action is selected as the compliance type. If the user enables the camera through some mechanism, the camera restriction policy will be re-enforced on the device again so that the camera will be disabled again.
Application management
School administrators want to push some applications based on the specific student or specific role, may be a student or a teacher.
Wso2 IoT server application management facilitates the enterprise subscription through the enterprise app store.
The school will have applications that are needed to be installed on the students mobile devices. For an example admin needs to be install Human 3.0 application on devices of science students. In such a situation admin creates required Human 3.0 application through the app manager interface and select appropriate role or user to be needs to push the app.
IoT facilitates public apps and enterprise apps.
Enterprise — This refers to all the apps that have been created by the organization.
Public — This refers to publicly available apps.Free apps available online.
According to aforementioned example, admin pushes the apps to a specific group, role or specific user and they will be installed on appropriate devices forcefully.
Social applications are restricted on student’s devices
There are two types of app restriction policies in policy management service, namely, app whitelisting and app blacklisting.
In whitelisting administrators define the applications that users are allowed to use on devices.
In blacklisting , administrators define the applications that users are not allowed to use on devices.
The school administrators want to prevent some unethical apps. Then those apps can be blacklisted so that they are not allowed to run on the device. Or other wise school administrators can forcibly push some education related applications to the users by the whitelisting.
I have taken aforementioned school learning equipment scenario to elaborate that how much mobile device management features are relevant with real world business use cases. But this is really useful when devices are provisioned in the field by employees.
References
