Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Super Contributor
swotam
Posts: 323
Registered: ‎05-10-2011
My Device: Z10

Two Issues Preventing Fusion Deployment

Hi folks,

 

We've been testing UDS for a while, and have run into a couple of things that management consider show-stopper issues. While I doubt much can be done about these, I thought I'd ask in any case.

 

  1. Issue #1: There is no way to prevent users from removing the Mobile Fusion client from their iOS or Android device. If users do this, the connection between the device and the UDS server is severed, and the ability to manage the device is broken. Any profiles pushed to the device will remain there indefinitely and admins have no ability to do anything to the device other than to wipe it via APNS. I'm not aware of any way to prevent users from removing the client. Am I missing something here?
  2. Issue #2: There is no way to prevent users from cirvumventing the use of the Mobile Fusion client and manually configuring things like ActiveSync, WiFi, etc. I know that disabling ActiveSync on user accounts can lock them out, but for users who are supposed to be accessing, there's really no way to force them to use Mobile Fusion to provision their device. Am I missing anything here?

Due to these issues, management has put a halt to further testing of Fusion and are looking at alternate solutions. I don't know if anyone else has solved these problems, but to me these seem like pretty big holes in the solution.

----------
BESX 5.0.4, SQL 2008, Exchange 2010 SP2 RU4a
Please use plain text.
New Developer
geh_dirt
Posts: 31
Registered: ‎12-14-2009
My Device: Bold (9650), Playbook, Z10
My Carrier: Sprint and AT&T

Re: Two Issues Preventing Fusion Deployment

I am waiting for BES 10, before I implement the UDS.  I am hoping that they will provide something similar to the BES, that will control the email.

 

In addition to your complaints...

 

Android support is minimal, but it's hard to blame RIM for that, since the Android OS has so few standard security features to control.  RIM needs to build it's own email client (like IBM did, with it's own Lotus Notes Traveler), to control anything on those devices.

 

BDS and UDS email is all routed, without any filtering capability.

 

Application deployment is not dependable.

 

Since the devices have to connect to the Active Sync server separately, Administration of the devices now has to be done within two different applications.

 

 

BUT... I am very hopefull that BES 10 will solve some of these issues, because I don't want to look like an **bleep** for waiting... instead of jumping ship like everyone else...:Sweatdrop:

 

 

 

****
I love it when things don't work the way they are supposed to, because then I get to fix them.
****
Please use plain text.
BlackBerry Technical Advisor
-BD-
Posts: 483
Registered: ‎05-15-2008
My Device: Z10
My Carrier: Rogers

Re: Two Issues Preventing Fusion Deployment

For issue #1.  I just tested on an IPhone with UDS 6.1.2 and if you delete the Mobile Fusion Client from the device within 15 minutes all profiles pushed out through UDS were deleted.

Please use plain text.
New Contributor
rleist
Posts: 5
Registered: ‎09-20-2011
My Device: Torch 9850
My Carrier: Verizon

Re: Two Issues Preventing Fusion Deployment

Issue #1 is a problem no matter what MDM solution you use with iOS. I haven't seen one yet that will remove MDM profiles when the app is removed. But you can still push wipe commands to the device and we have a policy set if the app doesn't check in for a certain number of days to send a wipe command. We don't do this with UDS but another vendor's product.

 

Issue #2 can be solved be requiring some sort of authentication that is provided by the MDM solution, such as a user certificate. Our Wi-Fi and Activesync authentication requires a user cert that deployed by the MDM solution with SCEP.

 

One advantage that Blackberry has promised for BES 10 with iOS is to be able to do ActiveSync over the BES network with some sort of proxy service on the BES 10 server (i.e. MDS). They can do this today with Playbooks and BDS.

 

Please use plain text.
Super Contributor
swotam
Posts: 323
Registered: ‎05-10-2011
My Device: Z10

Re: Two Issues Preventing Fusion Deployment

[ Edited ]

@-BD- I haven't see this behavior in my testing but will try it again and see what happens.

----------
BESX 5.0.4, SQL 2008, Exchange 2010 SP2 RU4a
Please use plain text.
Super Contributor
swotam
Posts: 323
Registered: ‎05-10-2011
My Device: Z10

Re: Two Issues Preventing Fusion Deployment

@rleist: Can you share how you setup the policy to wipe the device if the app doesn't check in? This might be a useful option.
----------
BESX 5.0.4, SQL 2008, Exchange 2010 SP2 RU4a
Please use plain text.
BlackBerry Technical Advisor
-BD-
Posts: 483
Registered: ‎05-15-2008
My Device: Z10
My Carrier: Rogers

Re: Two Issues Preventing Fusion Deployment

[ Edited ]

@-BD- I haven't see this behavior in my testing but will try it again and see what happens.

 

This was a recent change.  I don't remember off the top of my head which release changed it but in the original UDS release profiles remained on the device if you deleted the client unless a admin manually sent out a command to wipe work data.

Please use plain text.
Contributor
ts03145692
Posts: 10
Registered: ‎10-03-2012
My Device: No BB
My Carrier: AT&T

Re: Two Issues Preventing Fusion Deployment

Am I understanding this correctly, the profiles can be removed after the Mobile Fusion Client has been uninstalled?  Or, are they removed during the uninstallation of the Client?

 

Another hypothetical related to Issue #1.  On an Android device, an app's data cache can be cleared - effectively performing a "factory reset" of the app.  I assume this action severs all communication between the device and UDS (yes/no?).  I have noticed that some of the changes pushed out to a phone are not removed, presumably because the Mobile Fusion Client made those changes within Android and they are not stored in the app per se.  For example, after clearing the Mobile Fusion app's cache I noticed the phone retained the Wi-Fi profile pushed to it. 

 

As an administrator, is there a mechanism in Mobile Fusion to remove these left-overs after a user clears the app's cache?

Please use plain text.
Super Contributor
swotam
Posts: 323
Registered: ‎05-10-2011
My Device: Z10

Re: Two Issues Preventing Fusion Deployment

[ Edited ]

@-BD- Yup, tested it on a couple of iOS devices, and after removing the Mobile Fusion client the various profiles were automatically removed within a few minutes. Glad to see this has been resolved.

----------
BESX 5.0.4, SQL 2008, Exchange 2010 SP2 RU4a
Please use plain text.
Contributor
latino99
Posts: 42
Registered: ‎06-27-2011
My Device: 9000
My Carrier: Trigcom

Re: Two Issues Preventing Fusion Deployment

did you set any special policy setting for this ?

Please use plain text.