How to Configure iOS LANDESK Workspaces for LDMS and LDMO Integration

Introduction

LANDESK’s Workspaces application for iOS has the capability to integrate with LANDESK Management Suite; enabling users to see software catalog objects and Launchpad links published from Avalanche on Demand.  In addition, based on a user’s role, he/she can see other devices and users information, such as the asset information related to a device, remote control options, tasks applied to a device and even install software to a managed node, all from within the Workspaces app for iOS.

Overview

While the Workspaces app for iOS is powerful, it requires a few unique configuration steps in order to properly take advantage of all of the features. This white paper will discuss the steps required to obtain full integration with LANDESK Management Suite and LANDESK Mobility Manager.

Pre-Requisites

  • A fully functioning Avalanche On Demand (AOD) instance.  If you need to obtain one, you can click on https://billing.aod.wavelink.com/Account/Login.aspx and hit the register button.
  • iOS Devices enrolled into AOD
  • A Cloud Service Appliance
  • LANDESK Management Suite 9.6 or later or LANDESK Service Desk 7.8 or later installed with the BridgeIT services configured

Backend Configuration Overview

LANDESK Workspaces is driven by an HTML 5 backend service that is hosted on LANDESK Service Desk or LANDESK Management Suite.  You need to ensure you have the proper settings applied within the Configuration Center for the respective platform you’re using to host the Web Services.  If you own both LANDESK Management Suite and LANDESK Service Desk, you should host the service on LANDESK Management Suite so that it can properly integrate with the user/device based search.  For more details on the different types of configurations, seehttps://community.landesk.com/support/docs/DOC-34966

To properly apply the appropriate settings for LDMO integration, launch Configuration Center by going to  http://servername/ConfigurationCenter.  The default username is ‘sa’ and the default password is ‘administrator.’  Now you are also going to need to know your customer ID, generate a workspace public key then apply it and sync managed devices from AOD.  To do this, you’re also going to need to launch http://aod.wavelink.com or your own hosted instance and follow these steps:

  1. Login to Avalanche and click the ‘My Account’ link in the upper right corner.
  2. Select the ‘Company ID’ and copy it.
  3. On the server that you will run BridgeIT from, launch the configuration center and log in.
  4. Click the instance you are using.  For LDMS customers, the default instance will be named ‘My’configcenter - instance names.png
  5. Click the ‘Edit’ link on the BridgeIT application to access the configuration options, again for LDMS customers the default name will be ‘My.BridgeIT’configcenter - edit instance.png
  6. Fill in the dialogue with the below properties:
Configuration Parameter Value
Name Whatever this is already set to (My.BridgeIT)
Application Pool Whatever this is already set to (My AppPool1)
Logon Policy Token Only
LDSD Web API URL http://servicedeskservername/tokenonlyinstancename
LDMS Web API URL https://ldmsservername/ldapi/api
STS Issue Token URL https://ldmsservername/STS/issueToken (This may be set to the SD token server LDMS is not in the environment.  If LDMS is present, use it)
Avalanche Enterprise Server URL https://aod.wavelink.com (This server will be different if you’re hosting AOD in your own environment.  Refer to your ‘My Account’ page in AOD).
Avalanche Smart Device Server URL https://sds.aod.wavelink.com (This server will be different if you’re hosting AOD in your own environment.  Refer to your ‘My Account’ page in AOD).
Avalanche Company ID Paste your value from step 2 (aa1a1111a-aaa1-1111-11aa-1a1111a1111a)
Enable LDMS Agent Integration True (If using LDMS)

configcenter - all settings.png

  1. Click the ‘Generate’ link.
  2. Click the ‘Download Public Key’ link.
  3. Click ‘OK’.
  4. Go back to Avalanche, in the ‘Tools’ panel, click ‘System Settings’.
  5. In the ‘Public Key (BridgeIT Server)’ section, click ‘Add’ or ‘Replace’ and select the key you downloaded from Configuration Center.aod config - publickey.png
  6. Select the key generated from Configuration Center and click ‘Open’.
  7. Ensure the ‘LDMS Core Server’ section contains the right settings.
Core Fully-qualified server name
  1. Coreservername.domain.extension
LDMS Service account Domain\username
LDMS Password serviceaccountpassword
  1. Ensure your ‘LDAP Account’ section contains the right settings.
LDAP Server Address
  1. xxx.xxx.xxx.xxx
LDAP Username Domain\username
LDAP Password serviceaccountpassword
  1. Check the box for ‘Use Cloud Services Appliance’ and provide the proper public FQDN for your CSA.
Cloud Services Appliance Public Address https://cloudserviceappliancename.domain.extension

aod config - all settings.png

  1. Check the box for ‘Enable User Targeting (Requires LDAP Integration Services Configuration)’ under the User Targeting Mode heading
  2. Click ‘Test Connectivity’ on both the ‘LDMS Core Server’ and ‘LDAP Account Settings’ and validate the tests pass.
  3. At the top of the page, click ‘Save’.
  4. To sync the server certificates, open the ‘Inventory’ panel and click the ‘Needs Deployment’ link.
  5. In the ‘Server Deployment’ dialog, click ‘Finish’.

iOS Device Configuration for Workspaces

For proper integration with LDMO and LDMS, LANDESK Workspaces must be deployed from AOD itself.  Therefore, before any additional steps can be taken, you need to make sure your iOS devices are under management.  For more information on how to enroll an iOS device into AOD, see:

Create the Workspaces Software Payload

A payload is essentially a package with instructions for the mobile device.  Payloads can consist of specific settings such as restriction settings, app package information, certificates or links to files or services.  We are going to create a software payload that distributes LANDESK Workspaces to all managed nodes.

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Click on the plus(+) button within the ‘Available Payloads’ section                                                                       payload - new payload button.png
  4. Ensure the radio button is set to iOS under the platform heading and then click on the ‘Software’ link for the payload type
  5. Give the payload a descriptive name, such as LANDESK Workspaces – iOS
  6. Leave the radio button set to ‘Automatically push to device’
  7. Leave the radio button set to ‘AppStore’ for the software hosting
  8. Click on the magnifying glass within the App input box
  9. In the Search box, enter LANDESK Workspaces and click the magnifying glass                                                  payload - application search.png
  10. From the Search Results, select LANDESK Workspaces app and then click the ‘Add Selected App’ button
  11. The App box should now be populated with an App ID number, something similar to 888025691 and you should see the LANDESK Workspaces icon and text in the Preview Box.  Leave all other settings as is and click Save.

payload - landesk workspaces.png

Create Optional Software, Links and Documents for the iOS Device

One of the primary purposes for the Workspaces application is to allow end-users the flexibility to install optional software titles, view documents published and to access links to external services.  Use this step to configure some optional objects so that when the user accesses Workspaces, content will be available to them.

Create an Optional Software Payload

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Click on the plus(+) button within the ‘Available Payloads’ section
  4. Ensure the radio button is set to iOS under the platform heading and then click on the ‘Software’ link for the payload type
  5. Give the payload a descriptive name for the application to be published
  6. Set the radio button set to ‘Display this option in the corporate portal’
  7. Leave the radio button set to ‘AppStore’ for the software hosting
  8. Click on the magnifying glass within the App input box
  9. In the Search box, enter the name of your app and click the magnifying glass
  10. From the Search Results, select your desired app and then click the ‘Add Selected App’ button after the preview has properly updated in the preview panel.
  11. The App box should now be populated with an App ID number and you should see the app icon and text in the Preview Box.
  12. Leave the Destination folder as is
  13. If you would like an installed application to show up in Launchpad within Workspaces, you need to supply the deep link url in the format of the linkname://.  Discovering the deep link name can be a challenge.  For additional information on deep links, see my blog post here.
  14. Click Save

Create a Link Payload

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Click on the plus(+) button within the ‘Available Payloads’ section
  4. Set the radio button is set to iOS and Android under the platform heading and then click on the ‘Link’ object for the payload type
  5. Give the payload a descriptive name for the link to be published
  6. Give the payload the desired label you want the users to see
  7. Enter the appropriate URL or deep link
  8. Provide an icon if desired (this will not display at this time, but worth setting for the future)
  9. Check the additional options as desired
  10. Select the ‘Display this option in corporate portal’
  11. Leave the destination folder as is
  12. Select the ‘Default browser’ option for the desired application to launch the link
  13. Click Save

Create a Document/Media Payload

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Click on the plus(+) button within the ‘Available Payloads’ section
  4. Set the radio button is set to iOS and Android under the platform heading and then click on the ‘Document/Media’ object for the payload type
  5. Give the payload a descriptive name for the link to be published
  6. Leave the destination folder as is
  7. Set any appropriate storage options
  8. Click Save

Create the Profile to Deploy the Workspaces Payload

A profile consists of one or more payloads that can be assigned to the mobile devices via group based targeting.  We now need to create a Profile that contains, at the minimum, the LANDESK Workspaces payload.  However, if you desire, you may also include other payload types, such as a passcode settings payload, wifi settings, certificates, links, documents as well as other optional or required applications.

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Click on the plus(+) button within the ‘Available Profiles’ section
  4. Select the link for ‘Device settings and contents’                                                        deploy - new profile.png
  5. Give the profile a distinctive name
  6. From the available payloads section, scroll down to the ‘Software (iOS) section and select the LANDESK Workspaces payload or whatever you named your profile in step 5 of the previous section.  Include any additional payloads if desired and then click the Save button.

deploy - profile selection assignment.png

Assign the Profile to a Group or a User for Deployment

Profiles are targeted to a user, Active Directory group or mobile device group.  Mobile device groups allow you to group devices together based on selection criteria you configure. You can create dynamic or static groups. In both group types, new devices can be added to the group based on changes to the selection criteria.  For additional information on creating mobile device groups, click here.

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the profiles tab from the left-hand pane
  3. Highlight the user, Active Directory group or mobile device group to be used for device targeting
  4. Check the box left of the name for the profile created previously in the Available Profiles section
  5. While ensuring the proper user, Active Directory group or mobile device group is highlighted and the appropriate profile has been checked, click the checkbox (√) button in the Available Profiles sectiondeploy - profile assignment to group.png
  6. Apply any selection criteria if desired or simply click on the Schedule Deployment button to target the users or all devices assigned to the group
  7. From the Schedule Deployment window, select the Deploy Now option and hit Apply

Finalize the iOS Workspaces Configuration

On the iOS device, the end user should be prompted to install the ‘LANDESK’ app.  Proceed with the install on a device by device basis.  If this is the first time a device is receiving an application, additional prompts for VPP or other configuration settings may also prompt. Once the application is installed, we also need to force the devices to check in and sync their information two separate times in order to finalize the Workspaces app enrollment.

app install - landesk.PNG

  1. Login to the Avalanche console (aod.wavelink.com)
  2. Select the inventory tab from the left-hand pane
  3. Search for your desired device or highlight the device group that contains your desired devices
  4. Check the box for one or more of the devices in the list
  5. Click on the second icon, Update, from the menu bar, it has a down arrow surrounded by two circular arrowsupdate - icon press.png
  6. When prompted, click the Update Device(s) button                                                                                                          update - confirmation.png
  7. Wait for a short period of time and refresh the console to validate the device updated its Last Contact date
  8. Repeat the update process a second time

Login to the iOS Workspaces Configuration

You should be all set at this point and capable to login to Workspaces for iOS on your device.

  1. Launch Workspaces on the iOS device
  2. Enter your email or domain ID
  3. Supply your password
  4. Check the box to ‘Sign in Automatically’ if desired
  5. Provide the Workspaces server URL.  This should be something like https://coreservername/my.bridgeit or https://servicedeskservername/instancecreatedapp - login.PNG
  6. Click the ‘Sign In’ button                                                                                       workspace - launchpad