Scribd
Upload
187 views16 pages

Quick Start Guide: Heck Y PPS

Uploaded by

Shahram Samet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
187 views16 pages

Quick Start Guide: Heck Y PPS

Uploaded by

Shahram Samet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Quick Start Guide

CHECKMYAPPS™
Quick Start Guide for CheckMyApps

Summary
1 CheckMyApps solution’s architecture ............................................................................................................. 3

1.1 Requirements.......................................................................................................................................... 3

1.1.1 Administration server (valid only for ON-PREMISE server) ............................................................ 3

1.1.2 System requirements for server (valid only for ON-PREMISE server) ............................................ 3

1.1.3 CheckMyApps for Android .............................................................................................................. 3

1.1.4 CheckMyApps for iOS...................................................................................................................... 4

1.1.4 CheckMyApps Windows 8/8.1 ........................................................................................................ 4

1.2 Solutions’ architecture............................................................................................................................ 4

1.2.1 Global architecture scheme ............................................................................................................ 4

1.2.2 List of ports to be opened .............................................................................................................. 5

2 CheckMyApps solution’s deployment ................................................................................................ 6

2.1 Server installation ................................................................................................................................... 6

2.1.1 VMware ESXi ................................................................................................................................... 6

2.1.2 First Time Start ................................................................................................................................ 6

2.1.3 Android & iOS certificates ............................................................................................................... 7

2.1.4 Enrollment password ...................................................................................................................... 7

2.1.5 Apple push certificate ..................................................................................................................... 7

2.2 Software installation ............................................................................................................................... 8

2.2.1 For Android devices ......................................................................................................................... 8

2.2.2 For iOS devices ............................................................................................................................... 10

2.2.3 For Windows 8/8.1 devices............................................................................................................ 13

2.2.4 Approval of Android, iOS & Windows 8/8.1 devices ..................................................................... 15

 CONFIDENTIAL  AUGUST 2015 2


Quick Start Guide for CheckMyApps

1 CheckMyApps solution’s architecture


1.1 Requirements

1.1.1 Administration server (valid only for ON-PREMISE server)

The administration server is available in two formats: a virtual disk VMDK for a VMware Server and an
archive in OVA format for VMware ESXi. The default configuration for the virtual machine is as follows:

- OS: Linux Debian 5 (64 bits)

- Processors: 1

- Memory: 2 GB

- Hard disk: 100 GB – CheckMyApps_Server.vmdk o n t h e SCSI 0 adapter

- Network adapter: only one adapter required, in bridge mode

- Other peripherals: none needed.


It is possible to expand the number of processors and the allocated memory according to this rule: 1GB +
1GB per core.

The virtual disk has a maximum size of 100GB. To extend the virtual disks capacity it is possible to
connect another virtual disk on SCSI 1 which will automatically be recognized when restarting the
virtual machine.

Note: i n o r d e r t o a l l o w y o u r d e v i c e s t o c o n n e c t t h e s e r v e r n o m a t t e r t h e i r l o c a t i o n ,
please do assign a public IP address to your server or put in place the correct redirections towards the
server (the list of all opened ports needed is provided in section
1.2.2 List of ports to be opened).

1.1.2 System requirements for server (valid only for ON-PREMISE server)
It is possible to expand the number of processors and the allocated memory according to the following rule:
2GB per core.
1 000 devices 10 000 devices 100 000 devices
vCPU (Num) 1 2 4
RAM (MB) 2048 4096 8192
LAN (Mbps) 1000 1000 1000

1.1.3 CheckMyApps for Android

The solution is compatible with devices running an Android OS starting with version 2.2. The agent
requires have access to Wifi or 3G networks at least.

 CONFIDENTIAL  AUGUST 2015 3


Quick Start Guide for CheckMyApps

1.1.4 CheckMyApps for iOS

The solution is compatible with devices running iOS OS starting with version 5. The agent requires have
access to Wifi or 3G networks at least.

1.1.4 CheckMyApps Windows Desktop 8/10


The solution is compatible with devices running Windows 8 and 8.1 operating system. The agent requires
Wifi or 3G networks access at least.

1.2 Solutions’ architecture

1.2.1 Global architecture scheme

 CONFIDENTIAL  AUGUST 2015 4


Quick Start Guide for CheckMyApps

1.2.2 List of ports to be opened

Port Protocol Direction Usage

25 TCP Mail server e-mail sending

53 TCP/UDP DNS server DNS requests

80 TCP CheckMyApps Server Mobile device URL filtering,

in-House deployment

80 TCP updates.pradeo.net Updates download

123 UDP Time server Server’s time update

443 TCP CheckMyApps Server Smartphones / Tablets


connection

443 TCP pradeo.net Server’s public IP retrieval

2195 TCP gateway.push.apple.com Connection to Apple’s


communication gateway for
iOS devices

8034 TCP CheckMyApps Server Web administration platform

 CONFIDENTIAL  AUGUST 2015 5


Quick Start Guide for CheckMyApps

2 CheckMyApps solution’s deployment


2.1 Server installation

2.1.1 VMware ESXi

In the vSphere administration console, chose « Deployment model OVF » in the File menu
and select the file CheckMyApps_Server.ova, then load . You will then have de
possibility to add proces sors , memory or an additi onal hard disk.

2.1.2 First Time Start

When starting for the first time, use the server’s console to configure its proper network
addressability in the following screen:

You will then be able to connect to the administration interface by using your browser in https on the 8034
port.

 CONFIDENTIAL  AUGUST 2015 6


Quick Start Guide for CheckMyApps

You will have to input the activation key and also to choose the PRDO file for the server (the file’s name is
« [your company’s name]-server.prdo ») w h i c h h a v e b e e n c o m m u n i c a t e d t o y o u by Pradeo or
a Pradeo partner. You will also have to define a login and a password that you would like to use for
connecting to the administration platform. We advise to use a secured password: at least 8 characters
using capital and lower case letters, numbers and special characters. The name of your company
will also be required: it will be used only for displaying purposes on your own server.

2.1.3 Certificates for server-agent communications

It is vital to configure the name of the server and to generate the certificates for the SSL connections before
enrolling devices to the server. In order to do these go to the menu « Administration » -> « Network
Configuration » and « Smartphones/Tablets ».
Server’s name or IP address

It is necessary to mention in the respective field the IP or the name of the server which will be used by the
devices to connect to it (the address you will input at the devices enrollment process).
This operation will generate an SSL certificate corresponding to this name. This address will also be used for
downloading mobile applications that you will deploy from your CheckMyApps server.

Note: Changing the value of this field will determine the generation of a new certificate: All devices already
registered on the server will have to be enrolled once again!

As long as this address has not been defined, you will not be able to access all the CheckMyApps menu.

2.1.4 Enrollment password


The enrollment password is mandatory. It allows the association of the device to the right client. To define it,
go to Users administration then Mobile device registration and click on ”Generate”.

2.1.5 Apple push certificate

This phase is optional if you do not have iOS devices.It allows your server to connect to the Apple push
gateway and by doing so to be able to communicate with your iOS devices. It is unique for each server: in «
partner » configuration, it is possible to generate only your certificate which will be used by all your
customers. To load the certificate, follow these simple steps:

- Connect to https://identity.apple.com/pushcert/ and follow the instructions

- Retrieve the Certificate Request Signing (CSR) signed by Pradeo by clicking on the
download button

- Use this certificate on the page for generating Apple certificates, then download the
certificate provided by Apple
- Load this certificate on your CheckMyApps server

Note: Regeneration of the certificate implies reenrolling all your iOS devices to your server.

 CONFIDENTIAL  AUGUST 2015 7


Quick Start Guide for CheckMyApps

2.2 Software installation

2.2.1 Android

CheckMyApps for Android consists of three (3) applications.

Pradeo Agent (mandatory): application that manages the global functionalities of the solution on the Android
OS and more importantly the connection to the CheckMyApps administration server from which it
downloads the latest security policy.

Pradeo Browser (mandatory): secured web-browser for Android. It replaces the default browser and blocks
the access to websites that are blocked or black-listed by the administrator for the specific group to which
the device is assigned to.

Pradeo Mail (optional): The Mail app of Pradeo which allows to deploy mail accounts automatically and
transparently.

The two first applications are required for an optimal use of CheckMyApps. Once you have downloaded and
installed the first one (the order has no importance) by launching it, you will be automatically prompted to
download the second one too.

Once this step is completed launch the « Pradeo Agent ». The following screen will be displayed:

 CONFIDENTIAL  AUGUST 2015 8


Quick Start Guide for CheckMyApps

The following informations are requested to user :

 Server’s address: (mandatory) - IP or domain name on which the CheckMyApps server can
be reached. (IP address preconfigured if Pradeo Cloud is selected)

 Client Password: (mandatory) – allows linking a device with a client.

 Authentication method:

LDAP Authentication:

o Login (mandatory): your LDAP login

o Password (mandatory): your LDAP password

Simple Authentication:

o Last Name: (mandatory) – your last name or the name of the device

o First name: optional

o Function: optional

o E-mail: optional

o Telephone number: optional.

If you would link this device with an LDAP user (the LDAP server must be configured on the interface), select
the LDAP authentication method and enter your LDAP credentials.

Once you typed all mandatory informations, click on « Validate ». The device will try to enroll on server. Once
the enrollment request is sent, the message « Data successfully saved, waiting for administrator approval »
will show the process is on the way, waiting for the administrator’s approval.

In case the device has been pre-approved by the administrator, the enrollment does not require any action
from the administrator in order to finalize the process.

When the enrollment process is finalized, the message « Service configured » will be displayed in the
notifications bar. Then the agent will download and apply the security policy for its group and sent to the
server the list of all applications installed on the device.

Note: In order to use the MDM functionalities on the device, it is necessary to activate the option « Device
Administrator ». If this option is not activated on the device, the user will be invited to check this option in
order to have the best level of protection.

 CONFIDENTIAL  AUGUST 2015 9


Quick Start Guide for CheckMyApps

2.2.2 iOS

To install the application, download it from AppStore (Pradeo Mobile Security). When starting it for the first
time you will be invited to register your device to your CheckMyApps server. This registration process is
called enrollment. A red indicator will show you that the device has not yet been registered to the
server.

The following information will be requested from the user:

 Server address: IP or domain name or attach the CheckMyApps server ( mandatory).


 E n r o l l m e n t p assword: password defined on the interface (mandatory).
 Authentication method: Simple or LDAP credentials.
 L a s t n a m e : displayed name of device ( mandatory).
 First name (optional).
 Occupation (optional).
 E-mail address (optional).
 Phone number (optional).

Click on « Enroll device» once you have provided all the required information. Safari will then be
opened with the page where you will have to go through 3 steps in order to complete the installation
and configuration.

 CONFIDENTIAL  AUGUST 2015 10


Quick Start Guide for CheckMyApps

Install Certificate Authority

This stage allows you to accept the Pradeo certification authority on the device. The system will demand
your confirmation for the certificate’s installation.

Once this phase is done, you can proceed to the MDM certificate installation.

Enroll

This phase allows the installation of the MDM certificate which will enable the device to communicate with
the server. Click on « Install » twice to validate the choice.

 CONFIDENTIAL  AUGUST 2015 11


Quick Start Guide for CheckMyApps

Finish

This last phase will prompt the following message if the previous 2 steps have been done in the correct order:

The device will become visible and manageable from the server once it has been approved by the
administrator

 CONFIDENTIAL  AUGUST 2015 12


Quick Start Guide for CheckMyApps

2.2.3 Windows Desktop 8/10

The following information are requested to user :

Server informations:

 Serveur location : Cloud Server or Customized Server (mandatory)

 Serveur address : IP or domain name to which join the CheckMyApps server. (IP address
preconfigured if Cloud Server si selected) (mandatory)

 Enrollment password : allows the device to connect on server. (mandatory)

 CONFIDENTIAL  AUGUST 2015 13


Quick Start Guide for CheckMyApps

User informations:

 Last name : Your name or that of the device. (mandatory)

 Fist name (optional).

 Mail (optional).

 Phone : (optional).

 Occupation (optional).

In case of using the CheckMyApps Cloud solution, you will can directly select the Cloud serveur address.

Once informations are filled, click on « Validate » button. The device will attempt to record to the server. Once
the enrollment request is sent, the message « Data successfully saved, waiting for administrator approval »
indicates the device must be approved by administrator.

Once the recording is over, the message « Service configured » will display in notification bar. Then the
agent will download and apply its group policy and send applications list installed on system.

 CONFIDENTIAL  AUGUST 2015 14


Quick Start Guide for CheckMyApps

2.2.4 Approval of Android, iOS & Windows Desktop 8/10 devices

In the menu USERS select Users administration and then select the tab « Mobile device registration ».

Devices waiting for approval

This list presents the IMEI numbers or IDs for all the devices waiting to be approved by the administrator. You
are presented with the following options for the selected devices:

- Approve selected device(s): accept the registration of the selected device(s)

- Approve all devices: approve all devices on the list

- Blacklist selected device(s): refuse the registration of the selected device(s) and blacklist
them.

- Blacklist all devices: refuse the registration of all devices on the list and blacklist them.

In the « partner » configuration, you can chose from a dropdown list the client for whom you want to execute
the respective action.

Once your choice has been done validate it by clicking on « Apply ».

When you approve a device, you can also define it as personal: this option simply allows to identify
devices which doesn't belong to the company; it’s possible to do not force the use of Pradeo Browser on
these devices.

 CONFIDENTIAL  AUGUST 2015 15


Cap Omega
Rond Point Benjamin Franklin
34960 MONTPELLIER

SAS au capital de 49 950 €, R.C.S. Montpellier

www.pradeo.net

You might also like