1 / 33

Enterprise Development

Enterprise Development. Cliff Strom and Shawn Henry Program Managers Windows Phone 2-014. Agenda. Goals and overview Account creation and cert acq App enrollment and deployment App launch and phone home. Goals and overview. Enterprise applications.

ashtyn
Télécharger la présentation

Enterprise Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Development Cliff Strom and Shawn Henry Program Managers Windows Phone 2-014

  2. Agenda • Goals and overview • Account creation and cert acq • App enrollment and deployment • App launch and phone home

  3. Goals and overview • Enterprise applications

  4. Companies control which phones may run their apps Enterprise apps may install and run only on phones that are enrolled with the associated enterprise Companies control the lifecycle of their apps No ongoing interaction from Microsoft Companies control the deployment and distribution It’s highly recommended to authenticate users prior to app enrollment and app deployment Enable companies to deploy business applications to their employees privately and securely.

  5. App enrollments and installs require user confirmation Updates of existing apps can be done silently Consumer and enterprise data are kept separate Companies can inventory their own apps, but not marketplace apps Enable end users to feel in control while preserving a company’s right to protect their data.

  6. Overview 3 5 2 1 Company Symantec Microsoft 6 4 8 7

  7. Account creation and cert acquisition • Enterprise applications

  8. Account creation and cert acquisition • Must be a Company account • Publisher name displayed on phone • Company approval required • Private key, CSR, cert are local to PC

  9. Enterprise certificate Publisher ID Publisher name Issuer Validity period Enterprise apps EKU

  10. App enrollment and deployment • Enterprise applications

  11. App enrollment and deployment • Managed vs. unmanaged enrollment

  12. Managed enrollment

  13. App enrollment AET 1 2 3 • App enrollment token (AET) is generated once per year • Delivered to the phone over an authenticated channel via email, browser, or MDM • Validated for signature and expiration Publisher ID 2 Windows Phone 8 Enterprise Service Email/Browser/MDM

  14. App ingestion and certification • App ingestion is owned exclusively by the enterprise • Apps are not submitted to Windows Phone Store • The company is responsible for the quality of their apps and the impact to the user • The Windows Phone Marketplace Test Kit is useful to evaluate apps • Images, capabilities, error handling, memory usage, API checks, startup perf, etc. • Capabilities are limited to the same as standard marketplace apps • Enforced on the phone at app install time • Apps must specially handle ID_CAP_LOCATION usage • Prompt for user approval and give the user an option to disable

  15. App deployment XAP 1 2 3 • App is NGEN’ed, signed, and published to the company’s store • Delivered to the phone over an authenticated channel via email, browser, MDM, or company hub • Validated for signature, an associated AET, and allowed capabilities 2 Windows Phone 8 Enterprise Service Email/Browser/MDM/ Company Hub

  16. App launch and phone home • Enterprise applications

  17. App launch 2 3 • User launches an enterprise app via the shell or an API • Publisher ID is extracted and used to find the associated AET • AET must be present and valid (not expired, revoked or disabled) 1 Windows Phone 8 Enterprise Service Execution Manager

  18. Phone home Windows Phone Services 1 2 • Phone sends device ID, publisher IDs, and enterprise app IDs • Phone receives status for each enterprise • Apps of invalid enterprises are blocked from being installed or launched • Scheduled daily, plus each enrollment and app install • After 7 consecutive failed attempts, install of enterprise apps is blocked, but launch of installed apps still works

  19. Phone home – sample protocol • Request • Response

  20. Enterprise Development Cliff Strom and Shawn Henry Program Managers Windows Phone

  21. Building a Company Hub • Signing apps • Generating tokens • Installing and querying apps • Launching apps

  22. Generating tokens

  23. Generating tokens • Start with the .pfx file • Use AETGenerator • %programfiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\AETGenerator\Aetgenerator.exe • <<cert file name>> <<password>> • Generate an .aetx file • An AET needs to be generated once per year, when a new cert is acquired from Symantec

  24. Signing apps

  25. Signing apps • Everything with a PE header must be signed • As well as the .xap itself • XapSignTool • Located in the Windows Phone SDK directory %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool • Wraps signtool.exe - so it must also be in the path, too %ProgramFiles(x86)%\Windows Kits\8.0\bin\x86 • Protip: • use BuildMDILXap.ps1 in a post-build step

  26. Installing and querying apps

  27. Installing apps • Installed apps can be enumerated with InstallationManager.AddPackageAsync() • Returns an IAsyncOperationWithProgress • Attach to the Completed and Progress handlers • Six progress notifications • 0 Started • 5 Confirmation dialog is displayed • 10 User accepts install confirmation, download begins • 50 App is finished downloading • 55 App has begun installation • 100 App installation complete

  28. Querying apps • Installed apps can be enumerated with InstallationManager.FindPackagersForCurrentPublisher() • Retrieves all apps from the same publisher or signed with the same certificate • Including the app making the query • Installing apps can be enumerated with InstallationManager.GetPendingPackageInstalls() • Protip: • In the app manifest set your PublisherID to the certificates UID, e.g. {EE6B2808-0000-0000-0000-000000000000}

  29. Launching apps

  30. Launching apps • Apps can be launched with • Package.Launch() • Find the package you want with FindPackagersForCurrentPublisher() • Only apps from the same publisher, or signed with the same certificate can be launched

  31. Wrap up • Enterprise applications

  32. Wrap up • Companies with a Dev Center Company account may acquire enterprise certs from Symantec • Companies choose which phones are allowed to receive its apps via distribution of its AET • Companies own the quality and lifecycle of their apps • Apps can be distributed via email/browser/company hub/MDM • MDM servers can push both policy and applications

More Related