Loading...
 

Stage 5 - App Deployment

Version 17.4

On this page:

[Show/Hide]

1 iOS Client

1. 1 Standard (‘Vanilla’)

To deploy the Standard version of the MindLink Mobile App to your end user device is simple – the user logs into the App Store, searches for MindLink and hits the “Get” button.

Image

Figure 1 – MindLink in the App Store

1.1. .1 Mobile Autodiscovery


When Mobile Autodiscovery is setup the user can expect to utilise a domain email to initialise to the server hosting the MindLink Mobile application. This saves the user time and spares them from having to ask administrators for a server address.

Please note: This will not work in the event your MDM platform is set to automatically provision the MindLink Mobile server address.

2. 2 BlackBerry Secure Workspace

2.1. 1 Deployment through BlackBerry Enterprise Service 10

1. Using your browser navigate to your BlackBerry Enterprise Service – Please note: When using BES10 please navigate to BES10 – Universal Device Service .

Image

Figure 2 – BlackBerry Enterprise Server 10 (BES10) Universal Device Service

2. Add the ‘App store’ app to BES10

a. Navigate to ‘Library’ on the top navigation bar

b. Click the ‘+’ icon on ‘Application Definitions’

c. Below on the right of ‘Application sources’ click the ‘+’ icon again.

d. Select ‘App store app’

Image

Figure 3 – Uploading an App Store app to BES10

e. You will now be prompted to fill in the following fields as depicted in the image below.

Image

Figure 4 – Creating a new application source, BES10

f. For ‘Application name’ fill in a useful name like: MindLink for SECTOR

g. For ‘Application version’, make sure it corresponds with the version available on the App Store. Please Note: Do not use full stops, rather, if the version number is for example, 3.3.0.5 enter: 3030005 instead (replacing each full stop with a 0). MindLink will provide you with the current version number.

h. For ‘Application Identifier’ enter the following: com.mindlinksoft.mindlinkmobile.sector

i. For ‘Secure Application’, tick the box.

j. For ‘Application source’ please select ‘Application web address’ from the drop down menu.

k. For ‘Application web address’, fill in the entire App Store URL:

https://itunes.apple.com/us/app/mindlink-for-sector/id763628791

3. Create a new software configuration for the iOS version of the MindLink Mobile client for SECTOR. Assign the application to the software configuration.

Image Image

Figure 5 – Creating a new software configuration, BES10

4. Apply the software configuration from Step 3 to the user by clicking the ‘+’ icon and selecting the profile from the drop-down menu.

Image

Figure 6 – Adding a software configuration to a user, BES10

5. Send an activation email to the user. The user will receive the activation email including the activation password and further instructions.

6. Download & install the BES12 Client (mobile) on the iOS device from the ‘App Store’ or instruct the user to do so (as well as follow the instructions from the activation email).

7. Open the BES12 Client (mobile) and enter the activation details received in the activation email.

8. After activation is complete the user will be requested to enter a Secure Work Space password. Additionally the user will be prompted to download any applications that have been specified for the user/group. This includes MindLink Mobile for SECTOR. (Please Note: After each application is downloaded the user may need to press the back button to initiate the next download).

 

2.2. 2 Installing Certificates through BES10

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 7 – Management Console; Certificates snap-in

2. Using your web browser navigate to the BlackBerry Enterprise Service 10 Universal Device Service and logon.

Image

Figure 8 – BlackBerry Enterprise Service 10 (BES10), Universal Device Service (UDS)

3. Using the navigation menu above select; Library

Image

Figure 9 - BES10 UDS Menu

4. On the left hand side of your browser you will see various options, choose: CA certificate by clicking the “ + ” icon

Image

Figure 10 – CA Certificate profiles

5. Enter a name and, optionally, a description for the certificate profile then browse to the location of the exported CA certificate and choose: Open

Image

Figure 11 - Creating a new CA Certificate Profile

6. After creating the new CA Certificate Profile it must be applied to the relevant users/groups for the BES10 to push the profile onto any applicable devices. This is done by navigating to Users & Devices using the menu bar.

7. Depending on whether you want to apply the CA Certificate Profile to a user or to an entire group; click ‘All Users’ or ‘Groups’

Image

Figure 12 Applying a CA Certificate Profile to individual users or groups

8. Select the user or group you would like to apply the CA Certificate Profile by clicking on it

9. The browser will transition to a group/user configuration screen where you can add IT policies and profile to a group/user.

10. To apply a policy or profile, click the “ + ” icon.

Image

Figure 13 – Applying IT policies and profiles to groups/users

11. From the drop-down menu, select: CA Certificate

Image

Figure 14 – Drop-down menu, adding IT policies and profiles

12. You can now choose which CA Certificate profile you would like to apply

Image

Figure 15 – Choose a CA Certificate profile to apply

 

2.3. 3 Deployment through BlackBerry Enterprise Service 12

1. Using your web browser, navigate to your BES12

Image

Figure 16 – Logging on BlackBerry Enterprise Service 12 Administration Portal (BES12)

2. Using the navigation bar click ‘Apps’

Image

Figure 17 – Navigation bar, BES12

3. Click the ‘Add an app’ icon

Image

Figure 18 – Adding an app, BES12

4. You will now see a selection of locations to add an app from, please select App Store (for iOS).

Image

Figure 19 – Select App Store, BES12

5. A window titled ‘Add iOS apps’ will now appear as shown below.

Image

Figure 20 – Search for App Store apps, BES12

6. Type in the name of the app; MindLink for SECTOR.

7. Press ‘Search’.

8. The MindLink for SECTOR iOS client should now appear below.

9. To finalize, press ‘Add’

10. The app should now appear in the ‘App Management’ screen in BES12

11. In order to deploy MindLink for Workspace to your mobile device you must assign the application to individual users or user groups.

12. To assign an app to individual users, proceed to the ‘Users and Devices’ tab.

13. To assign an app to groups, proceed to the ‘Groups’ tab.

14. For each user or group you wish to assign the application to find and click the ‘+’ icon in the corresponding ‘App’ table to assign an app.

Image

Figure 21 – Assigning apps, BES12

Clicking ‘Next’ will bring up the following options illustrated in the image below:

Image

Figure 22 – Select app disposition, BES12

Users can now download the MindLink for SECTOR app from the App Store.

2.4. 4 Installing Certificates through BES12

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 23 – Management Console; Certificates snap-in

2. Once the certificate has been exported it must be uploaded to the BlackBerry Enterprise Server (BES12). Navigate to the Administration Portal of the relevant BES.

Image

Figure 24 – Navigation bar, BES12

Once logged on the BlackBerry Enterprise Server (BES12), navigate to the ‘Policies and Profiles’ tab. After navigating to ‘Policies and Profiles’ there is a menu bar visible on the left of the page. In the list of menu items click ‘+’ next to ‘CA certificate’.

Image

Figure 25 – Adding a CA certificate profile, BES12

Ensure the certificate has the file suffix: .der if not, simply rename the file extension to e.g. FileName.der

Also ensure that the relevant device operating system and certificate store have been selected before clicking the ‘Add’ button.

The CA certificate profile should now be visible on the BES12 and you can now assign the profile to various user groups or specific users. To do so navigate to either the ‘Users and Devices’ tab or ‘Groups’ tab.

3. For specific users;

a. For specific users simply click on the user you wish to assign the CA certificate profile to and then click the ‘+’ icon next to ‘IT policy and profiles’.

b. Select ‘CA certificate’ and locate the appropriate ‘CA certificate profile’ from the drop-down menu (Please note: If the CA certificate has already been applied to a user, this certificate will no longer appear in the drop-down menu).

c. The selected CA certificate profile should now be visible in the overview of IT policies and profiles applied to the specified user.

4. For groups;

a. Click the group for which you wish to apply the CA certificate profile.

b. Click the ‘Settings’ tab for that group.

c. Click the ‘+’ icon next to ‘IT policy and profiles’ and select ‘CA certificate profile’.

d. Select the appropriate CA certificate profile and press ‘Assign’.

Please note, as with the deployment of the MindLink Mobile client, it may take some time before the BES12 pushes the CA certificate profile on to the device(s).

3. 3 BlackBerry Technology MDM

3.1. 1 Configuring the BlackBerry Dynamics Server (Formerly GOOD Dynamics)

1. Launch your web browser.

2. Go to https://community.good.com/marketplace.jspa and filter by Categories > Collaboration.

3. Click "Start a Trial" – you must ensure that this is requested from the BlackBerry Control(Formerly Good Control Console) console’s Administrative user email address. After your trial license is converted to a full license; MindLink will publish the application to your BlackBerry Control console.

4. MindLink for BlackBerry can be found under APPS > Manage Apps in your BlackBerry Control console.

Image

Figure 26 – Applications in BlackBerry Control

If your domain is trusted in Settings Clusters GC Clusters  , proceed to step 9

5. Click on MindLink for BlackBerry – This will transition to the configuration options.

6. Click the BlackBerry Dynamics tab.

7. We now need to whitelist the MindLink Servers/Ports. In Host Name type the FQDN of your MindLink Mobile Server and in the Port enter the port of the relevant MindLink Services (Web Services Port and Secure Socket Port – defaults are 7074 and 7072 respectively).

Image

Figure 27 – Enter server details, BlackBerry Control

8. Alternatively you may decide to whitelist the server for multiple apps. This is done through the Policies menu by clicking Connectivity Profiles, moving to the APP Servers tab and adding the server domain as an allowed domain

9. Go to App Groups and click the “ + ” symbol.

Image

Figure 28 – Adding a new group, BlackBerry Control

10. Specify a Group Name and click Create Group.

11. Click the “+” button.

12. In the dialogue box that pops out tick the tick box for the relevant users and click OK.

Image

Figure 29 – Selecting users, BlackBerry Control

13. Click Add More (under Allowed Applications).

14. Select MindLink for BlackBerry (under Partner) and click OK.

Image

Figure 30 – Add an allowed application, BlackBerry Control

3.2. 2 Provisioning

Provision the MindLink App can be done using one of two methods; either the administrator provisions users individually or users can use BlackBerry Control’s Self Service.

3.2.1. 1 Administrator provisions users

1. Ensure you are logged onto BlackBerry Control as an administrator

2. Go to User tab > Users and Groups

Image

Figure 31 - Manage Users, BlackBerry Control

3. Find and click the user you wish to provision an access key for

Image

Figure 32 – Select a user to provision, BlackBerry Control

4. Now click; Edit

Image

Figure 33 – Edit User, BlackBerry Control

5. Click the Access Keys tab

Image

Figure 34 - Access Key provisioning, BlackBerry Control

6. Click: New Access Key

Image

Figure 35 – Provisioned Access Key, BlackBerry Control

7. The access key has now been provisioned, you may opt to email it to the user by clicking the envelope icon.

3.2.2. 2 Self Service provisioning

As an alternative to the administrator provisioning individual users; administrators can encourage users to use Self Service provisioning in the BlackBerry Control Console.

1. Users should log onto BlackBerry Control using their BlackBerry Control credentials

2. Click the Access Keys tab

Image

Figure 36 – Self Service Access Key provisioning, BlackBerry Control

3. Click Provision

4. The Access Key will appear under the header Provisioned Access Keys

Image

Figure 37 – Provisioned Access Key, BlackBerry Control

5. Users may use the Access Key directly from the BlackBerry Control Console or they may choose to email it to themselves by clicking the envelope icon.

3.3. 3 Installing Certificates through BlackBerry Control

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device. This is done using the BlackBerry MDM platform which, once configured, will push the required certificate(s) to any applicable devices.

3.4. 4 Deploying the App to End-Users

The BlackBerry Dynamics version of the App is available from the App Store by searching “MindLink” (or “MindLink for BlackBerry”) and tapping “Get” next to the entry for MindLink for BlackBerry. Alternatively, the BlackBerry Dynamics version of the app is also available through the Google Play Store.

Image Image


Figure 38 – MindLink for BlackBerry in the App Store & Play Store

 

3.5. 5 Authentication Delegation

BlackBerry Control allows you to configure authentication delegation. To start configuring, launch your web browser and navigate to BlackBerry Control.

1. From the Navigation menu on the left select: POLICY SETS

Image

Figure 39 – Policy Sets, BlackBerry Control

2. Here you can select the BlackBerry Default Policy or any other applicable policies.

Image

Figure 40 – BlackBerry Default Policy, BlackBerry Control

3. Click the SECURITY POLICIES tab.

Image

Figure 41 – Security Policies

4. Scroll down to Authentication Delegation

Image

Figure 42 – Authentication Delegation, BlackBerry Control

5. Using the arrows you may select a primary and secondary authentication delegate.

6. Optionally you can allow self-authentication by checking the relevant tick box.

7. There are some additional options available such as the option to Prevent Data Leakage (disables copy/pasting from into and out of the BlackBerry container), and the option to enable Federal Information Processing Standards (FIPS).

3.6. 6 Pre-configuring the username and server details - iOS and Android

 

Image
Figure 43 – BlackBerry console

Start by navigating to the BlackBerry console, here is where you will be able to make the changes required to directly affect the MindLink Mobile for BlackBerry app.

Image
Figure 44 – Policy Sets

To begin making changes you will want to navigate towards the 'Policies' section specifically under 'Policy Sets'. Once here you will be presented with the policy sets that exist within your infrastructure. For the purpose of this guide we will use the 'BlackBerry Default Policy'

Image
Figure 45 – Manage Policy Set

Once you have clicked on the Policy Set you will be brought to the management section of the set. Here you will want to navigate to the 'Apps' section as shown above. From here you will be able to pre-configure MindLink Mobile for BlackBerry with server and log on credentials.

Image Image
Figure 46 and 47 – Pre-Configurable options

The above screenshots are where you can pre-configure the MindLink Mobile for BlackBerry app. Within the 'Server URL' option you can enter the FQDN of the server running the MindLink Mobile service and as a result BlackBerry will register this and these details will be automatically registered when using the app. Conversely you can also enable 'Logon name' which will automatically log users on. When an AD enabled user registers with BlackBerry during enrollment this option enables those details to be pushed onto the MindLink Mobile for BlackBerry app. For example, if 'iphonetest1@DevResource.local' enrolls with BlackBerry, assuming those UPN credentials exist on AD, they will be pushed to the MindLink app. Thus you will see the username 'iphonetest1@DevResource.local' automatically filled out.

Image
Figure 48 - Pre-configured log on - Android

As can be seen from the above screenshot the pre-configured log on name has been applied, this will occur if the option discussed previously has been enabled.

Image
Figure 49 - Pre-configured log on - iOS

And the same applies for the iOS flavour of the MindLink for Mobile BlackBerry app.

3.7. 7 Data Loss Prevention

Image

As part of your deployment it is possible to configure certain DLP policies that will subsequently be enforced on the MindLook for BlackBerry app on iOS and Android respectively. The following will run through how this is done.

Image
To begin navigate to your BlackBerry policies and in particular the one that applies to your fleet of devices. Once this has been done you will be presented with a screen similar to the one above. The next step is to click on 'Security Policies'.

Image
Once on the 'Security Policies' tab you will want to scroll down to 'Data Leakage Prevention' as shown in the screen above. Here is where you can configure the various DLP policies that will apply to your fleet of devices. Note: some of these policies are exclusive to Android and/or iOS. If you've made any changes make sure to click 'Update' to push this configuration down to the devices.

For example, if you enable 'Prevent copy from GD apps into non-GD apps', MindLink for BlackBerry will register this and as a result, if a user attemps to copy content from MindLink for BlackBerry to another non-GD app, they will be unable to do so. As a result, all possible avenues for data leakage are prevented and adhered to by the MindLink for BlackBerry app.

 

4. 4 MobileIron MDM

The MindLink Mobile iOS client is available for the MobileIron AppConnect container and leverages MobileIron Tunnel per-app VPN for connectivity.

4.1. 1 Enable AppConnect

Before enabling AppConnect on your admin portal, confirm that your organization has purchased the required AppConnect licenses. Contact your MobileIron representative if you require additional details on AppConnect license purchases.

1. To enable AppConnect and MobileIron Tunnel functionality on the admin portal, navigate to the Settings page

Image

Figure 50 – Navigation menu bar, MobileIron Admin Portal

Check the boxes as shown below.

Image

Figure 51 – Settings for additional products, MobileIron Admin Portal

2. Select the option for “Enable AppConnect for third-party and in-house apps”

4.2. 2 Configure an AppConnect global policy

To modify an existing AppConnect global policy:

1. On the MobileIron Admin Portal, go to Policies & Configs > Policies

2. Select an AppConnect global policy

3. Click Edit

4. Edit the AppConnect global policy based on your requirements. Please refer to the AppConnect chapter of the VSP Administration Guide for details about each field.

An AppConnect global policy configures the security settings for all AppConnect apps, including: Whether AppConnect is enabled for the devices that the policy is applied to and AppConnect passcode requirements.

Image

Figure 52 – Modify AppConnect Global Policy, MobileIron Admin Portal

Note: The AppConnect passcode is not the same as the device passcode.

Image

Figure 53 - AppConnect Passcode settings, MobileIron Admin Portal

5. You may opt to modify AppConnect security controls such as out-of-contact timeouts

Image

Figure 54 - AppConnect Security, MobileIron Admin Portal

6. Specify the app check-in interval and the default end-user message for when an app is not authorized by default

Note: The app check-in interval is independent of the MDM check-in timer and controls, and apps cannot be forced to check-in before the interval expires. The recommended configuration for the app check-in interval is 60 minutes.

Image

Figure 55 – App Authorization, MobileIron Admin Portal

7. You can configure whether AppConnect apps with no AppConnect container policy are authorized by default in addition to other data loss prevention settings.

Image

Figure 56 – Data Loss Prevention policies, MobileIron Admin Portal

4.3. 3 Configure a new AppConnect container policy

An AppConnect container policy specifies data loss protection policies for the app. The AppConnect container policy is required for an application to be authorized unless the AppConnect global policy allows apps without a container policy to be authorized. Such apps get their data loss protection policies from the AppConnect global policy.

Details about each field are in the AppConnect chapter of the MobileIron Core Administration Guide.

To configure an AppConnect container policy:

1. On the MobileIron Admin Portal, go to Policies & Configs > Configurations > Add New > AppConnect > Container Policy.

Image

Figure 57 – Creating a new configuration, MobileIron Admin Portal

2. Enter the Name, Description, and Application.

Note: For the Application field, choose an application from the app distribution library, or for iOS apps, specify the iOS bundle ID ( com.mindlinksoft.mindlinkmobile.mobileiron ). You can find the bundle ID by going to Apps > App Distribution Library, and clicking to edit the app. The field Inventory Apps displays the bundle ID in parenthesis.

Image

Figure 58 – Creating a new AppConnect Container Policy, MobileIron Admin Portal

3. Configure the data loss protection policies according to your requirements.

Image

Figure 59 – Data Loss Prevention policies, MobileIron Admin Portal

4.4. 4 Configuring MobileIron Tunnel

To ensure the MindLink Mobile for MobileIron app can function within your AppConnect enterprise workspace you must create a MobileIron Tunnel configuration.

4.4.1. 1 Prerequisites

In order to create a MobileIron Tunnel configuration the following prerequisites must be met.

· MobileIron Sentry (license required) must be deployed within the relevant environment and configured using the MobileIron Administration Portal.

· Configuration can be done by navigating to: Settings > Sentry (Configuration depends on the deployment environment and any potential associated restrictions)

· Please consult the MobileIron Administration guide/manual for deployment and configuration instructions for MobileIron Sentry.

4.4.2. 2 Configuration

To start configuring MobileIron Tunnel log into the MobileIron Administration Portal.

1. Using the menu bar, navigate to: ‘Policies & Configs’

Image

Figure 60 – Policies & Configs, MobileIron Admin Portal

2. Create a VPN setting by selecting: Add New > VPN

Image

Figure 61 - Add New VPN Configuration, MobileIron Admin Portal

3. For the fields displayed below to appear you must first select MobileIron Tunnel as your connection type.

Image

Figure 62 - Configure VPN, MobileIron Admin Portal

4. Next select the Sentry to be used in this VPN configuration from the drop down menu. Please Note: A license is required to do this.

5. Select the Sentry Service (options will be displayed once a Sentry has been selected).

6. Select an Identity Certificate (choice of certificate type is dependent on the deployment environment and any potential restrictions). You may have to create a new Identity Certificate configuration specific to VPN, this process is described in the following section.

7. Additional (optional) configuration options include: Custom Data and iOS7 only configuration option to specify Safari domains.

8. The MobileIron Tunnel configuration must now be applied to the application; navigate to: Apps using the navigation bar.

9. Find the App you wish to apply the configuration to and click the edit icon.

10. Scroll down to find the option: ‘Per App VPN’

Image

Figure 63 – Apply VPN configuration to App, MobileIron Admin Portal

11. Ensure that your configuration is in the ‘Selected’ column and click ‘Save’

12. Ensure that you apply your newly created VPN configuration it to all relevant labels.

13. On the device, the next time the user checks in:

· The user will receive the latest MDM profile with the updated per App VPN settings

· The next time the app attempts to make a TCP connection or a HTTP request the VPN is triggered, users will be able to see this in the status bar of their device.

 

4.5. 5 Configuring MobileIron AppTunnel

In order to configure the AppTunnel for iOS, you need to complete the following tasks:

  1. Enable the AppTunnel on Core through the MobileIron Admin Portal
  2. Enable the AppTunnel on the Standalone Sentry
  3. Configure device and server authentication on the Standalone Sentry
  4. Configure the Sentry with an AppTunnel service
  5. Upload the app to MobileIron Core
  6. Configure the AppTunnel service in the AppConnect app configuration

For detailed instructions on steps 1-5, refer to the ‘AppConnect and AppTunnel Guide’ on MobileIron’s Support Community website.

For step 6, follow the instructions below:

1. Using the menu bar, navigate to Policies & Configs > Configurations

Image

Figure 1.4.5a - Policies & Configs, MobileIron Admin Portal

2. Select Add New > AppConnect > App Configuration

Image

Figure 1.4.5b - Add new App Configuration

3. Enter a name for the AppConnect app configuration, for example MLM AppConnect .

4.  In the  Application  field, fill in the bundle ID for the MindLink public app:  com.mindlinksoft.mindlinkmobile.mobileiron .

5.  In the  AppTunnel Rules  section, click  Add+  to add a new AppTunnel rule.

Image

Figure 1.4.5c - Configure the AppTunnel rule

  1. SENTRY: Select the Sentry number from the drop-down list.
  2. SERVICE: Select the service that you configured in the AppTunnel Configuration section of the specified Sentry.
  3. URL WILDCARD: Enter a URL wildcard that matches the host name of the MindLink server, or the load balancer and each MindLink server if deployed as a pool.
  4. PORT: Enter the port number that the app requests to access. This should be the same as the configured port for the session service on the MindLink Management Tool.
  5. IDENTITY CERTIFICATE: Select the Certificate or the Certificate Enrollment setting that you created for app tunneling.

6.  Click Save.

7. Select the new AppConnect app configuration from the list.

8.  Select More Actions > Apply To Label > iOS > Apply

Try the free CSS tidy which lets you beautify stylesheets for your websites.

 

4.6. 6 Installing certificates through MobileIron Administration Portal

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

Installing certificates on devices that use the MobileIron version of MindLink Mobile must be done through the MobileIron Administration Portal.

1. Logon to your MobileIron Administration Portal

Image

Figure 64 – MobileIron Admin Portal; Policies & Configs

2. Using the top navigation bar, click ‘Policies & Configs’

Image

Figure 65 – Add certificate profile, MobileIron Admin Portal

3. Click ‘Add New’ and select ‘Certificates’

Image

Figure 66 – Creating a new certificate setting, MobileIron Admin Portal

4. Fill in the fields of the New Certificate Setting and browse to the file location of the CA certificate.

5. Save the New Certificate Setting.

Image

Figure 67 – Apply CA Certificate profile to label

6. Apply the newly created Certificate Setting to the desired label(s).

4.7. 7 Pre-configuring the username and server details

 

Image
Figure 68– MobileIron Console

Start by navigating to the MobileIron console, here is where you will be able to make the changes required to directly affect the MindLink Mobile for MobileIron app.

Image
Figure 69– Policies and Configs

Once you have clicked on 'Policies and Configs' you will be brought to a sumarry page of all the configurations currently setup on your conosle. For the purpose of this guide you will want to select the configuration that you would've already created beforehand. Note that this is the configuration that will be pushed to the device and thus you will want to make sure that this configuration is applied to the correct label applicable to your fleet of devices.

Image
Figure 70– Configuration details

Once you've selected the appropriate configuration you will be presented with a summary of the details surrounding said configuration. In this case the details relate to the app tunnel configuration.
When you are ready to make changes click on 'Edit'

Image
Figure 71– Editing configuration details

When you have clicked 'Edit' you will be brought to the above screen. Here you will notice the section 'App-Specific Configurations' this relates directly to the MindLink Mobile for MobileIron app. Here you can match specific key-value pairs (specific to your infrastructure) to the MindLink Mobile app. In the example above the key 'mlmServerUrl' is pointed towards a server running the MindLink Mobile service. You are also able to pre-configure the MLM log on name which can be seen in the screenshot below.

Image
Figure 72– Device pre-configured username

As can be seen above the following key (set on the console) has been pushed to the device, resulting the pre-configured log on name. Note: the value can be any number of variables that MobileIron core is capable of understanding (please refer to the AppConnect documentation). These variables are defined in the LDAP configuration for the Core server. This can be found under 'Services > LDAP'. For example, you could use the 'user ID' variable and have the samaccountnamefield attached to it, so for example, test1 is being pulled from the samaccountnamefield and is matched via the $USERID$ variable as can be seen in Figure 71.


 

5. 7 Airwatch Deployment

 

Image
Figure 73 – Where to begin deployment

The above screenshot indicates where to begin deployment of MLM for AirWatch, start by heading over to the AirWatch console. You will want to start by clicking 'Add'

Image
Figure 74 – Adding the application

Once you have clicked 'Add' you will be presented by the window as shown in the screenshot above, here you will want to choose the platform of deployment. In this case you will want to choose Apple iOS

Image
Figure 75 – Sourcing the MindLink for AirWatch app

To continue the deployment of the MindLink for Airwatch app you will want to select 'Search App Store'. From here you will want to enter 'MindLink for AirWatch'. Upon successfully doing this, you will be brought to the screenshot presented in Figure 140

Image
Figure 76 – Pointing towards the application

The above is the screen you will be greeted with once you have pointed towards the application pathway by name. From here you will be able to configure information about the app, assignment groups and specifics regarding deployment.

Image
Figure 77 – Assigning the app

To assign the app to the devices you will want to navigate towards the 'Apps and Books' section of the AW console

Image
Figure 78 – Deploying the app

Here is where you will want to choose the assignment groups that will have the app 'pushed' down to the associated devices in the assignment groups. You will then get a preview of all the devices that will be affected by the assignment. This is a chance for you to review the deployment of MindLink for AirWatch.

To successfully administer the MindLink for AirWatch application you will need to create a MindLink related SDK.
The following will walk you through the steps required to do this

Image
Figure 79 – Airwatch Console Header

You will want to start by navigating to the console header

Image
Figure 80 – Adding a new profile

Following figure 80 you will want to click 'Add' this will present the drop down as presented in the screenshot above. From here choose the 'Profile' option.

Image
Figure 81 – Choosing platform

Once you have chosen to create a profile you will have a selection of platforms to choose from - for this guide we will be using Apple iOS

Image
Figure 82 – Configuring SDK Profile

As shown above from here you will be able to configure how the MindLink for AirWatch app is controlled. For example, you will be able to specify whether or not you want to enforce Data Loss Prevention policies which will then be reflected on the MindLink for AirWatch app. This should be created to reflect your company's administrative infrastructure.

5.2. 2 Enabling the App Tunnel at the SDK profile level

 

Image
Figure 83 – Configuring the integrated tunnel

During creation of the Mindlink for AirWatch SDK there is an option to configure an integrated tunnel provided by AirWatch. Assuming this is applicable to your organisation, the following will run through how this can be leveraged by the MindLink for AirWatch app.

Image
Figure 84 – Enabling the AW integrated tunnel

In order to enable the AW integrated tunnel and thus have it applied to MLM for AW, you will want to navigate to the MindLink SDK that was created. From here, you will want to navigate down to the 'Proxy' tab. Simply tick 'Enable App Tunnel'. Once this has been done (by clicking 'Save'), the MindLink for AirWatch app will be leveraging the AirWatch integrated tunnel.

5.3. 3 Creating the per-app VPN profile

 

Image
Figure 85 – Setting up the app specific VPN profile

To set up an app specific VPN you will want to click on the 'Devices' tab, once this has been opened you will want to view the 'Profiles' section. As shown in the screenshot above you will want to click 'Add' in order to setup the VPN

Image
Figure 86 – VPN configuration

Once you have successfully started the process to setup the profile you will be greeted with the screen as shown in the above screenshot. From here you will want to configure the VPN specific settings as per your administrative infrastructure.

Image
Figure 87 – Turning the per-app VPN on or off

Once you have created the VPN profile in order to turn it on or off (depending on your administrative preferences) you will want to go to the profile and then to the 'VPN' section whereby you will want to tick the Per-App VPN rules so that by default MLM for AW will use the Per-App VPN as its means of connection

5.4. 4 Applying the per-app VPN profile

 

Image
Figure 88 – Where to apply the per-app VPN

To apply the per-app VPN to the app you will want to navigate to the apps and books section of the AirWatch console. From here you will want to select the MindLink app that you added earlier (section 5.5.)
To do this use the radio button to select the MindLink for AirWatch app that you would have selected during the deployment stage.

Image
Figure 89 – Where to apply the per-app VPN -2

To assign the application you will want to navigate to the top of the apps & books section whereby you will find the 'Assign' button, this is what you will want to press in order to begin the application of the per-app VPN

Image
Figure 90 – Choosing an assignment group

From here you will want to select the assignment groups that you wish the VPN to be applied to - this will of course depend on the administrative infrastructure present amongst your organisation. From here you will want to click 'Add Assignment'

Image
Figure 91 – Adding an assignment

Once you have clicked on 'Add Assignment' you will be brought to the screen above. From here you will notice the 'Advanced' tab - this is where you will need to apply the app specific VPN profile that you created.

Image
Figure 92 – Choosing the drop down

The following is done by selecting from a drop down. Assuming that you have configured your app specific VPN correctly this will 'Push' the assignment down to the groups that were selected beforehand

Image
Figure 93 – Devices affected by assignment

Once you have selected the per-app VPN you will be brought to a screen similar to the one above whereupon you will be greeted with the list of devices affected by the assignment. This will be dependent on the assignment group you selected during the beginning of this process. However, this is a chance for you to review the potential changes that will be made.

5.5. 5 Managing Data Loss Prevention Policies

 

Image
Figure 94 – Devices affected by assignment

To manage data loss prevention policies on the MindLink for AirWatch app you will want to start by enabling the ability to do so on the AirWatch console

This can be seen in the above screenshot whereby under 'Restrictions' you need to tick 'Enable Data Loss Prevention'

Image
Figure 95 – Devices affected by assignment

Once you have enabled data loss prevention, a number of options will be available to you. For example, enabling copy and paste on the AirWatch console will enable users to copy and paste on the MindLink for AirWatch app. And thus conversely the expected behaviour if this is disabled, is that the user will not be able to copy and paste i.e. from outside of the MindLink for Airwatch app to within the MindLink for Airwatch app

Ensure that any changes to be made are reflective of your company's administrative infrastructure

5.6. 6 Pre-configuring the username and server details

 

Image
Figure 96 – Beginning the assignment

To start you will want to begin by selecting the MindLink for AirWatch app under 'apps & books', you will want to select the app version that you added earlier. To do this you will want to select the app via radio button

Image
Figure 97 – Beginning the assignment

To assign the application you will want to navigate to the top of the apps & books section whereby you will find the 'Assign' button, this is what you will want to press in order to begin the application of the per-app VPN.

Image
Figure 98 – Beginning the assignment -2

To assign the application you will want to navigate to the top of the apps & books section whereby you will find the 'Assign' button, this is what you will want to press in order to begin the application of the per-app VPN.

Image
Figure 99 – Choosing the assignment group

To setup the pre-configured URL and log on name, you will want to correctly choose the assignment group you wish this policy to be 'pushed' to.
Any users in this assignment group from here onwards will have a preconfigured server URL to point towards and if chosen, a pre configured username on the MindLink for AirWatch app

Image
Figure 100 – Pre configuring the server and log on values

Here you are able to pre-configure the server details for the Mindlink for AirWatch app - the values for this will depend on setup but here for example it is 'mlmServerUrl' and 'mlmLogOnName'

Image
Figure 101 – Device side

The above indicates the successful 'push' of the pre-configured values to the MindLink for AirWatch app

6. 8 Citrix

Citrix requirements can be provided by your Account manager

 

2 Android Client

1. 1 Standard (‘Vanilla’)

1.1. 1 Downloading the app

Users must download the application from the Google Play store. Search for “MindLink” and install the app.

1.2. 2 Providing server address

When the MindLink Mobile app is launched for the first time, users will be prompted to enter the server details into the device. These details include the server address which points to the Web Service Port specified on MindLink Management Centre, under the MindLink Mobile tab.

Image

Figure 102 – Request URL screen, MindLink Mobile

1.3. 3 Deploying internal certificates

If a certificate is issued by an internal certificate authority, then the authority’s root certificate should be deployed to each device. The certificate itself can be delivered to devices by email or by hosting it for download via the web.

2. 2 BlackBerry Secure Workspace

2.1. 1 Deployment through BlackBerry Enterprise Service 10

1. Using your browser navigate to your BlackBerry Enterprise Service – Please note: When using BES10 please navigate to

BES10 – Universal Device Service .

Image

Figure 103 – BlackBerry Enterprise Service 10 (BES10) Universal Device Service

2. Add the Play store app to BES10

3. Navigate to ‘Library’ on the top navigation bar

4. Click the ‘+’ icon on ‘Application Definitions’

5. Below on the right of ‘Application sources’ click the ‘+’ icon again.

6. Select ‘App store app’

Image

Figure 104 – Upload an App store app, BES10

7. You will now be prompted to fill in the following fields as depicted in the image below.

Image

Figure 105 – Creating a new application source, BES10

8. For ‘Application name’ fill in a useful name like: MindLink for SECTOR

9. For ‘Application version’, make sure it corresponds with the version available on Google Play store. Please Note: Do not use full stops, rather if the version number is for example, 3.3.0.5 enter: 3030005 instead (replace each full stop with a 0).

10. For ‘Application Identifier’ enter:

com.mindlinksoft.mindlinkmobile.SEC_APP

11. For ‘Secure Application’, tick the box.

12. For ‘Application web address’, fill in the entire Play store URL.

13. Create a new software configuration for the Android version of the MindLink Mobile client for SECTOR. Assign the application to the software configuration.

Image Image Image

Figure 106 – Creating a new software configuration, BES10

14. Apply the software configuration from Step 3 to the user by clicking the ‘+’ icon and selecting the profile from the drop-down menu.

Image

Figure 107 – Adding a software configuration to a user, BES10

15. Send an activation email to the user. The user will receive the activation email including the activation password and further instructions.

16. Download & install the BES12 Client (mobile) on the Android device from the Google Play store or instruct the user to do so (as well as follow the instructions from the activation email).

17. Open the BES12 Client (mobile) and enter the activation details received in the activation email.

18. After activation is complete the user will be requested to enter a Secure Work Space password. Additionally the user will be prompted to download any applications that have been specified for the user/group. This includes MindLink Mobile for SECTOR. (Please Note: After each application is downloaded the user may need to press the back button to initiate the next download).

2.2. 2 Installing Certificates through BES10

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 108 – Management Console; Certificates snap-in

2. Using your web browser navigate to the BlackBerry Enterprise Service 10 Universal Device Service and logon.

Image

Figure 109 – BlackBerry Enterprise Service 10 (BES10), Universal Device Service (UDS)

3. Using the navigation menu above select; Library

Image

Figure 110 - BES10 UDS Menu

4. On the left hand side of your browser you will see various options, choose: CA certificate by clicking the “ + ” icon

Image

Figure 111 – CA Certificate profiles

5. Enter a name and, optionally, a description for the certificate profile then browse to the location of the exported CA certificate and choose: Open

Image

Figure 112 - Creating a new CA Certificate Profile

6. After creating the new CA Certificate Profile it must be applied to the relevant users/groups for the BES10 to push the profile onto any applicable devices. This is done by navigating to Users & Devices using the menu bar.

7. Depending on whether you want to apply the CA Certificate Profile to a user or to an entire group; click ‘All Users’ or ‘Groups’

Image

Figure 113 Applying a CA Certificate Profile to individual users or groups

8. Select the user or group you would like to apply the CA Certificate Profile by clicking on it

9. The browser will transition to a group/user configuration screen where you can add IT policies and profile to a group/user.

10. To apply a policy or profile, click the “ + ” icon.

Image

Figure 114 – Applying IT policies and profiles to groups/users

11. From the drop-down menu, select: CA Certificate

Image

Figure 115 – Drop-down menu, adding IT policies and profiles

12. You can now choose which CA Certificate profile you would like to apply

Image

Figure 116 – Choose a CA Certificate profile to apply

 

2.3. 3 Deployment through BlackBerry Enterprise Service 12

1. Using your web browser, navigate to your BES12

Image

Figure 117 – Logging on BlackBerry Enterprise Service 12 Administration Portal (BES12)

2. Using the navigation bar click ‘Apps’

Image

Figure 118 – Navigation bar, BES12

3. Click the ‘Add an app’ icon

Image

Figure 119 – Adding an app, BES12

4. You will now see a selection of locations to add an app from, please select Google Play (for Android).

Image

Figure 120 – Select Google Play store, BES12

5. A window titled ‘Add Android apps’ will now appear as shown below.

Image

Figure 121 – Adding Android apps, BES12

6. Fill in all required fields:

a. App name; give the app a relevant/useful name like MindLink Mobile SECTOR for Android

b. App icon; choose an icon for the app.

c. Add the Google Play store URL of the app

7. To finalize, press ‘Add’

8. The app should now appear in the ‘App Management’ screen in BES12

9. In order to deploy MindLink for Workspace to your mobile device you must assign the application to individual users or user groups.

a. To assign an app to individual users, proceed to the ‘Users and Devices’ tab.

b. To assign an app to groups, proceed to the ‘Groups’ tab.

10. For each user or group you wish to assign the application to find and click the ‘+’ icon in the corresponding ‘App’ table to assign an app.

Image

Figure 122 – Assigning apps, BES12

Clicking ‘Next’ will bring up the following options illustrated in the image below:

Image

Figure 123 – Select app disposition, BES12

Users can now download the App from Google Play Store.

2.4. 4 Installing Certificates through BES12

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 124 – Management Console; Certificates snap-in

2. Once the certificate has been exported it must be uploaded to the BlackBerry Enterprise Server (BES12). Navigate to the Administration Portal of the relevant BES.

Image

Figure 125 – Navigation bar, BES12

3. Once logged on the BlackBerry Enterprise Server (BES12), navigate to the ‘Policies and Profiles’ tab. After navigating to ‘Policies and Profiles’ there is a menu bar visible on the left of the page. In the list of menu items click ‘+’ next to ‘CA certificate’.

Image

Figure 126 – Adding a CA certificate profile, BES12

Ensure the certificate has the file suffix: .der if not, simply rename the file extension to e.g. FileName.der

Also ensure that the relevant device operating system and certificate store have been selected before clicking the ‘Add’ button.

The CA certificate profile should now be visible on the BES12 and you can now assign the profile to various user groups or specific users. To do so navigate to either the ‘Users and Devices’ tab or ‘Groups’ tab.

4. For specific users;

a. For specific users simply click on the user you wish to assign the CA certificate profile to and then click the ‘+’ icon next to ‘IT policy and profiles’.

b. Select ‘CA certificate’ and locate the appropriate ‘CA certificate profile’ from the drop-down menu (Please note: If the CA certificate has already been applied to a user, this certificate will no longer appear in the drop-down menu).

c. The selected CA certificate profile should now be visible in the overview of IT policies and profiles applied to the specified user.

5. For groups;

a. Click the group for which you wish to apply the CA certificate profile.

b. Click the ‘Settings’ tab for that group.

c. Click the ‘+’ icon next to ‘IT policy and profiles’ and select ‘CA certificate profile’.

d. Select the appropriate CA certificate profile and press ‘Assign’.

Please note, as with the deployment of the MindLink Mobile client, it may take some time before the BES12 pushes the CA certificate profile on to the device(s).

3. 3 Android for Work

Mindlink Mobile supports Android for Work deployments.

3.1. 1 Android for Work - Deployment


As of 16.8 MindLink supports the deployment of our mobile app through Android for Work. Before beginning the deployment process ensure that Android for Work is enabled.

To enable Android for Work, AirWatch administrators can leverage token-based setup by visiting the Google portal, verifying their domain and obtaining an EMM token for Android for Work. Administrators will then upload and verify the token in AirWatch.

Image
Figure 127 – Apps & Books

Assuming the above has been done, to begin deployment through Android for Work you will want to head to the 'Apps & Books' section of the AirWatch console.

Image
Figure 128 – List View

Once you have opened the 'Apps & Books' tab you will want to open the 'List View. From here you will want to navigate to the 'Public' tab.

Image
Figure 129 – Adding the application -1

Once you are ready to add the application, you will want to press the 'Add application' button as shown above.

Image
Figure 130 – Adding the application -2

Once you have pressed the 'Add Application' button you will be presented with the above screen. Here you will want to select the 'Search App Store' option, this will search the Google Play Store for the MindLink Mobile app. Ensure that the chosen platform is Android.

Image
Figure 131 – Adding the application -3

When the search term 'MindLink' has presented itself you will want to click the 'Select' button. This will allow you to configure the various options based around the applications, such as deployment.

 

Image
Figure 132 – Adding the application -4

Once you are happy with the configuration of the application deployment, you will want to ensure that the option 'Device must be MDM managed to install this App' is ticked. When this is selected, enrollment using Agent leverages the Android for Work functionality thus allowing you to manage the app through the AirWatch console.

3.2. 2 Creating the per-app VPN

 

Image
Figure 133 – Creating the per app VPN -1

In order to begin leveraging an app specific VPN to Android for Work enabled MindLink, you will need to create a profile specific to your Android for Work deployment. This guide will walk you through the VPN section so as to enable MindLink to utilize an app specific VPN.

Image
Figure 134 - Creating the per app VPN -2

Once you have clicked 'Add' you will want to choose the platform which in this case is 'Android'.

Image
Figure 135 - Creating the per app VPN -3

When you have chosen your platform, you will want to select 'Android for Work' as shown above

Image
Figure 136 - Creating the per app VPN -4

Once you have reached this stage you can begin configuring the app-specific VPN. Note: that the settings here will depend on your existing IT infrastructure and is as such custom to your organisation.

3.3. 3 Applying the per-app VPN

 

Image
Figure 137 – Applying the per-app VPN - 1
By utilizing the AirWatch console you are able to enable an app-specific VPN configuration which will be applied to your Android for Work enabled MindLink Mobile app. To begin this process head to the 'Apps & Books' section of the AirWatch console.

Image
Figure 138 – Applying the per-app VPN - 2

Once you have completed the above step you will want to navigate to the 'Public' tab from here you will want to look for the 'MindLink' app under 'app source' you will want to look for Android for Work.

Image
Figure 139 – Applying the per-app VPN - 3

Once you located the application you will want to click on the 'Edit' button, from here you will be able to enable the app-specific VPN which will be leveraged by the MindLink Android for Work enabled app.

Image
Figure 140 – Applying the per-app VPN - 4

Once you have clicked 'Edit' you will be brought to the screen above, if you navigate to the 'Deployment' tab you will want to enable the 'Use VPN' option and will then want to select your VPN specific profile that you created earlier. Note: that the profile used will be entirely dependent on your setup and organisational standards. Once this is done assuming everything is setup correctly Android for Work enabled MindLink will be leveraging the VPN profile you have created.

3.4. 4 Pre-configured server URL and log on name

Image
Figure 141 – Pre-Configuring the server name and server details - 1

To pre-configure the MLM server URL and log on name start by navigating to the 'Public' section of the 'Apps & books' feature, from here select the Android for Work enabled MindLink app. Once you have done this navigate to the 'Deployment' tab, the above is what you will see once this is complete.

Image
Figure 142 – Pre-Configuring the server name and server details - 2

Here you will notice the 'Send Application Configuration check box. This is where you will be required to add your key-value pairs in order to allow MindLink to utilise a pre-configured server URL and/or a pre-configured log on name. To begin the process, tick this box.

Image
Figure 143 – Pre-Configuring the server name and server details - 3

Once you have ticked 'Send Application Configuration' you will be presented with the above image. Depending on your administrative settings, you can assign key-value pairs to allow the MindLink app to utilize a pre-configured URL and/or a pre-configured log on name. Note: these pairs are custom to your deployment.

Image
Figure 144 – Pre-Configuring the server name and server details - 4

As can be seen from above the pre-configured value that was applied has been successfully picked up by the device and has been displayed as such.

 

4. 2 BES12 Deployment

Coming Soon.

5. 3 Configuration

This section provides detailed explanations for various configuration options.

Once the MindLink Mobile Client has been deployed on the device. Several settings can be configured during the initial launching of the MindLink Mobile Client whilst other configuration options are available through the MindLink Mobile Management Tool. The MindLink Mobile Management Tool can be found on your Lync/MindLink Mobile server. The configuration options of the Management Tool are discussed in further detail in our Administration guide.

When launching the application for the first time you will be prompted with a prompt to grant certain permissions to the app, followed by a Welcome screen where you can enter your server URL and configure additional settings.

After the BlackBerry Administration/Enterprise Service has successfully deployed the MindLink Mobile client to the device(s) the application logo will appear as shown below.

Image

Figure 145 – MindLink application on the home screen

Clicking and accessing the application for the first time will prompt the user to grant the application certain permissions which are required to use the MindLink Mobile client.

After allowing the application the requested permissions the application will transition to the initialisation screen, and after successful initialisation, the login screen appears where the user may configure additional options such automatic login, remember password and disable IM mode.

Image

Figure 146 – Login screen, MindLink Mobile

If initialisation is not successful the user will receive an error. For more information about various errors, please consult the troubleshooting guide.

4 BlackBerry 10 Client

1. 1 BES10 Deployment

To upload MindLink Mobile to your BlackBerry Enterprise Server 10 please use the following steps:

1. Using your internet browser, navigate to the BES10 Administration Portal and use your Administrator credentials to log in.

Image

Figure 147 – BlackBerry Enterprise Service 10 (BES10) Login Screen

2. Using the navigation on the left side of the webpage, go to Software > Applications > Add or update applications.

Image

Figure 148 – Adding/Updating an application, BES10

3. Browse to the file location, select the MindLinkWorkspace.bar file and click ‘Next’

Image

Figure 149 – Locating and selecting client file, BES10

4. To finalize; click > Publish application

Image

Figure 150 – Publishing the application, BES10

5. Once the file has been successfully uploaded you can add/update the application to an existing software configuration, or create a new software configuration for the application.

a. To create a new software configuration, click on Software > Create a software configuration.

i. After clicking ‘Create a new software configuration’ you can give your new software configuration a name and enter a brief description.

ii. Press ‘Save’ to continue.

b. After creating a new software configuration or to update an existing software configuration click on Software > Manage a software configuration and select your software configuration.

i. Select the software configuration you wish to add the application to and then click ‘Edit software configuration’.

ii. Click the ‘Applications’ tab next to the ‘Configuration Information’ tab, followed by clicking ‘Add applications to software configuration’.

6. Locate the application you wish to add to the software configuration and mark the checkbox. Additionally you may select whether the application is either ‘Required’ or ‘Optional’. After selecting the desired settings; click ‘Add to software configuration’.

Image
 

Image

Figure 151 – Add application to software configuration, BES10

7. If the application has been updated in an existing software configuration, the configuration may already be applied to existing users and groups. If this is the case the MindLink Mobile client will be deployed once the configuration has been updated. Depending on your settings for deployment jobs it may take some time for deployment to occur.

8. Depending on which ‘Disposition’ you have selected for your users/user groups will affect the way the MindLink Mobile Client is deployed on each of the users’ devices.

a. Choosing ‘Optional’ will result in each user having to individually download the app onto their device using BlackBerry App World (for Work). Additionally, by choosing for ‘Optional’ the user may also remove the application at their own discretion.

b. Choosing ‘Required’ will push/force the application onto the device directly. Please allow some time for this to occur. Users cannot uninstall the application, this is done remotely on the BES12.

9. If the application has been added to a new software configuration; the software configuration must be applied to a user or groups for the MindLink Mobile Client to deploy on the devices.

1.1. 1 Installing certificates through BES10

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 152 – Management Console; Certificates snap-in

2. Log onto the server hosting the BlackBerry Enterprise Service 10 (BES10)

3. Navigate to the C:\Program Files (x86)\Common Files\Research in Motion\ApplicationStore\Shared\Certificates\ENTERPRISE folder.

4. Place the certificate in the exported certificate in this folder.

5. The BlackBerry Enterprise Service will monitor this folder and push the certificate out to the relevant devices.

2. 2 BES12 Deployment

To upload MindLink Mobile to your BlackBerry Enterprise Server 12 please use the following steps:

1. Using your internet browser, navigate to the BES12 Administration Portal and use your Administrator credentials to log in.

Image

Figure 153 – Logging on BlackBerry Enterprise Service 12 Administration Portal (BES12)

2. Using the navigation bar, click on the ‘Apps’ tab.

Image

Figure 154 – Navigation bar, BES12

3. Find and click the ‘+’ icon to add an application.

Image

Figure 156 – Adding an app, BES12

4. Browse and locate the ‘MindLink for Workspace.bar’ file to upload it to BES12.

Image

Figure 157 – Adding an internal app, BES12

5. Once the upload has completed it will appear as a listed app in the ‘App Management’ page.

Image

Figure 158 – Application management, BES12

6. In order to deploy MindLink for Workspace to your mobile device you must assign the application to individual users or user groups.

a. To assign an app to individual users, proceed to the ‘Users and Devices’ tab.

b. To assign an app to groups, proceed to the ‘Groups’ tab.

7. For each user or group you wish to assign the application to find and click the ‘+’ icon in the corresponding ‘App’ table to assign an app.

Image

Figure 159 – Assigning an application, BES12

Clicking ‘Next’ will bring up the following options illustrated in the image below:

Image

Figure 160 – Specify application disposition, BES12

8. Depending on which ‘Disposition’ you have selected for your users/user groups will affect the way the MindLink Mobile Client is deployed on each of the users’ devices.

a. Choosing ‘Optional’ will result in each user having to individually download the app onto their device using BlackBerry App World (for Work). Additionally, by choosing for ‘Optional’ the user may also remove the application at their own discretion.

b. Choosing ‘Required’ will push/force the application onto the device directly. Please allow some time for this to occur. Users cannot uninstall the application, this is done remotely on the BES12.

9. Once the application has been deployed, depending on whether you have selected either ‘Optional’ or ‘Required’ you may be prompted to restart the device, if so please restart the device before attempting to log on to the MindLink Mobile client.

2.1. 1 Installing certificates through BES12

If the MindLink Mobile server is secured with a certificate issued by an internal CA authority, the CA’s root certificate must be installed as a trusted root certificate on the device.

1. Export the required certificates from your certificate store using the Management Console (MMC) and store the file in a known, accessible location.

Image

Figure 161 – Management Console; Certificates snap-in

2. Once the certificate has been exported it must be uploaded to the BlackBerry Enterprise Server (BES12). Navigate to the Administration Portal of the relevant BES.

Image

Figure 162 – Navigation bar, BES12

Once logged on the BlackBerry Enterprise Server (BES12), navigate to the ‘Policies and Profiles’ tab. After navigating to ‘Policies and Profiles’ there is a menu bar visible on the left of the page. In the list of menu items click ‘+’ next to ‘CA certificate’.

Image

Figure 163 – Adding a CA certificate profile, BES12

Ensure the certificate has the file suffix: .der if not, simply rename the file extension to e.g. FileName.der

Also ensure that the relevant device operating system and certificate store have been selected before clicking the ‘Add’ button.

The CA certificate profile should now be visible on the BES12 and you can now assign the profile to various user groups or specific users. To do so navigate to either the ‘Users and Devices’ tab or ‘Groups’ tab.

3. For specific users;

a. For specific users simply click on the user you wish to assign the CA certificate profile to and then click the ‘+’ icon next to ‘IT policy and profiles’.

b. Select ‘CA certificate’ and locate the appropriate ‘CA certificate profile’ from the drop-down menu (Please note: If the CA certificate has already been applied to a user, this certificate will no longer appear in the drop-down menu).

c. The selected CA certificate profile should now be visible in the overview of IT policies and profiles applied to the specified user.

4. For groups;

a. Click the group for which you wish to apply the CA certificate profile.

b. Click the ‘Settings’ tab for that group.

c. Click the ‘+’ icon next to ‘IT policy and profiles’ and select ‘CA certificate profile’.

d. Select the appropriate CA certificate profile and press ‘Assign’.

Please note, as with the deployment of the MindLink Mobile client, it may take some time before the BES12 pushes the CA certificate profile on to the device(s).

3. 3 Configuration

This section provides detailed explanations for various configuration options.

Once the MindLink Mobile Client has been deployed on the device. Several settings can be configured during the initial launching of the MindLink Mobile Client whilst other configuration options are available through the MindLink Mobile Management Tool. The MindLink Mobile Management Tool can be found on your Lync/MindLink Mobile server. The configuration options of the Management Tool are discussed in further detail in our Administration guide.

When launching the application for the first time you will be prompted with a prompt to grant certain permissions to the app, followed by a Welcome screen where you can enter your server URL and configure additional settings.

After BES10/BES12 has successfully deployed the MindLink Mobile client to the device(s) the application logo will appear as shown below.

Image

Figure 164 – MindLink application on the home screen

Clicking and accessing the application for the first time will prompt the user to grant the application certain permissions which are required to make optimal use of the MindLink Mobile client.

Image

Figure 165 – MindLink application permissions

After allowing the application the requested permissions the application will transition to the Welcome screen where the user may enter the server URL and configure additional options such as Enabling Logging, Push notifications and timestamps.

Image

Figure 166 – Request URL screen, MindLink Mobile

Once the server URL has been entered the user can press ‘Save and continue to login screen’. Upon doing so the MindLink Mobile client will initialise with the server, this will take a few moments. When initialisation with the server has completed successfully the login screen will be visible and users can start using the application. If initialisation is not successful the user will receive an error. For more information about various errors, please consult the troubleshooting guide.

5 Logging

As of 17.7 it is possible to enable/disable logging and have this leveraged through your MDM console of choice. The following will walk you through this.

5.1 Manual enabling/disabling logging

Settings should be immediately applied when enabling/disabling logging from the server settings view in the MindLink app. MindLink Mobile will need to be relaunched for these settings to be applied.

Image
Image

Figure 167 – Enable logging for iOS and Android

5.2 Controlling logging using managed configuration

5.2.1 Vanilla

Administrators can use any MDM console to apply the settings. While the app will not be managed by that MDM, administrators can still leverage a managed configuration within the MDM console. For example, in the AirWatch console this can be done through: Apps & Books > MindLink > Assign > All devices > Edit. Scroll down to 'Application Configuration' and enable the configuration as shown below.

Image

Figure 168 – Logging keys
Administrators will be provided with an additional option to configure MindLink Mobile using key value pairs. The applicable key value pairs for logging settings are: 'mlmDisableLogging' and 'mlmDisableVerboseLogging'. The corresponding values for the key value pair should be set to Boolean. To disable logging or verbose logging, both values must be set to 'True'

5.2.2 Blackberry (Good Console)

The administrator can 'Enable Logging' within the Blackberry Console (formerly known as Good Console) which will allow for the configuration of logging settings. This can be done through: Policies > Policies Sets > 'Policy name here' > Apps > App specific policies > MindLink Mobile > Configure Logging.

Image

Figure 169 – Logging keys in the Good console

5.2.3 MobileIron Console

The administrator can 'enable logging' within MobileIron (MI) which will allow them to configure the logging settings. However, logging will always be enabled to some level within MobileIron. This can be done through: Policies & Configs > 'MindLink application policy name goes here' > Edit > App Specific Configuration, from this view the administrator can enable or disable logging.

Image

Figure 170 – Logging keys in the MobileIron console

5.2.4 AirWatch Console

The administrator can 'enable logging' through the following steps: Groups & Settings > All Settings > Apps > Settings and Policies > Settings.

Image

Figure 171 – Enabling Logging in the AirWatch console

5.3 Exporting log files

When logging to mobile devices we log to sandbox files that are created on the device, as well as to the device console. Files are created up to the size of 1MB and then a new log file is created. Whenever file logging is enabled the device will create files on the device which the logs are written to. Exporting log files means sending these files from the device's storage to a recipient. Usually this will be done by exporting the log file through the native email application or through whichever mail application is compatible with the used MDM.

5.3.1 Vanilla

When logging is enabled the logs button will be visible on the server settings page and on the server connection failure page. Clicking the export logs button will open up a menu, which users can select from a list of apps.

5.3.2 Blackberry

Exporting in BlackBerry should only be possible through the Good Work application. Trying to export using this app should open up the email interface and create a template with the logs files. If the Good Work application is not installed on the device, exporting logs will fail.

5.3.3 MobileIron

Trying to export the log files using an app not managed by MI will not be allowed. While logging is enabled the log button will be shown, if the logging is disabled then the button it will be disabled. It will return an error stating there is no file. If logging is not enabled, log files will not be generated.

5.3.4 AirWatch

This can be found on the server details page or the about screen for the Android devices. When successful, users will be presented with a list of eligible apps from which the logs can be exported. Users are only able to select AirWatch-managed applications.