NDMS User Guide May2019 - Mimio

4m ago
12 Views
0 Downloads
6.12 MB
46 Pages
Last View : 7d ago
Last Download : n/a
Upload by : Adele Mcdaniel
Transcription

NDMS User GuidePage 1

System ArchitectureOverviewBoxlight’s Networked Device Management System (NDMS) is a cloud-based system.Every device that is to be managed by the NDMS must be able to connect to at leastthe NDMS server.In an application where it is desired that the device to be managed should not haveinternet access, the device still needs to be able to connect to the Boxlight NDMSserver. The recommended approach is to allow access but configure the firewall towhitelist (meaning allow access to) only the Boxlight NDMS server.Create and Register a New AccountOverviewCreating and registering a new account and beginning to connect devices is a login.html?registerBefore we start, it is important to understand the terminology used by Boxlight’sNetwork Device Management System, hereafter referred to as NDMS, and explain thedifferent fields, roles, and concepts.Domain: Also known as the Account. This is your actual account name and will followyou everywhere when you log in, create users, connect devices, and such. A domaincan be any text that the server will respond to as legal or available during registration.Server: The address of the server is composed of the main domain and the subdomain:https://Boxlight.glbth.com/glbth/v1/ where Boxlight can appear under different names.When signing in to the console, the address should also contain /glbth/v1/. Whenconnecting a device, make sure you leave the server address as the default, which ishttps://Boxlight.glbth.com.NDMS User GuidePage 2

User: The user is the entity that manages devices. The format of a user will always [email protected], with xxxx being the user and your-domain as the account nameyou enrolled. The default user name will be [email protected] and cannot be changed. Each user can be assignedfrom the admin account.Register a new accountNavigate to the registration page athttps://boxlight.glbth.com/v1/login.html and fill in the detailsas explained above.Once done, you should receive an email containing anaccount activation link. Make sure you click the link toactivate the account.Sign in to your accountNavigate to the NDMS console page here and enter alldetails as registered. Remember, the username format [email protected] (no extra suffixes, such as .com).DashboardOverviewThe dashboard is the first screen you see when logging in to your account.Each tile represents a block of information.NDMS User GuidePage 3

TileDescriptionTotal devicesTotal number of registered devicesActive devicesTotal number of devices checked in the last 24 hoursTotal usersTotal number of users registered with the domainActive usersNumber of users logged on (except yourself)Connected devicesNumber of devices according to their last check inLast seen locationLocation of the last device’s reported connectionApps statsThe most frequently used appsLast commandsList of the last commands committedOS distributionChart showing the device operating systemsNDMS User GuidePage 4

Manage Groups and FiltersOverviewGrouping and filtering devices is a very useful method of managing many devices withdifferent locations and purposes. A group contains devices that are dynamically filteredby specific criteria.The “All” group is a master group containing all the devices enrolled to the domain thatare authorized to be viewed by the current user. There is no limit to the number ofgroups you can create in an account, and a device may be a member of more than onegroup. If a device falls under a filter criterion, it will immediately appear in a group andbe applied with all rules and tasks relevant to that group.In this case, the filter group called “Teachers” filters all devices containing a tag called“teachers” and set with a standout color and icon that represents the group. The use ofa specific icon and color makes it easy to visually pick out group members.NDMS User GuidePage 5

The following listing shows all devices tagged with “teachers” in the “Teachers” group.Filter conditionsThere are currently 12 conditions that you can use to filter devices:1. Tag: Text tags that can be applied to a device (either agent or server side) andcan describe the device2. Installed apps: According to an installed app (app label or app package name)3. Wi-Fi name: Wi-Fi SSID that the device is currently connected to4. Email: Main device account5. Model: Model name of device6. Permissions: What OS permission is available: Root System Limited privilege7. Last seen: The last time a device was seen connected and online8. Is locked: According to the anti-theft lock status of the device9. Policy: Policy that is applied on the device10. Available internal storage: The amount of available space (MB) on theembedded Android system11. OS version: Operating system version (number)12. Hardware ID: The internal hardware ID, typically represented by the MACaddressNDMS User GuidePage 6

Filter criteriaA group can be filtered by meeting the above conditions and also by different filteringcriteria: Is Starts with Ends with ContainsA group can also be filtered by combining several groups of criteria separated by “And”or “Or” operators.For exampleSome devices contain the tag “Class A” and some devices contain the tag “Class B,”while others may contain both of the tags.Option A: Can create a group to filter all devices that have Class A.Option B: Can create a group to filter all devices that have Class B.Option C: Can create a group to filter all devices that have Class B or Class A.Option D: Can create a group to filter all devices that have Class B and Class A.One can assign some conditions with “And” or “Or” operators.Also, one can create a group of conditions and put it in an “Or” or “And” condition toanother group.In that case, the group named “Group 1” will contain all devices that:1. Have tag “Class A” and Chrome software is installed.OR2. Have tag “Class B” and Gmail software is installed.NDMS User GuidePage 7

Apply Commands and Operations to DevicesOverviewOne of the main purposes of a device management system is to command and operatethe devices. Applying commands to devices can be done on a single device, a group ofdevices, one or more selected devices that are not in a group, or all available devices atonce.Applying commands to a single deviceApplying commands to a single device is done on the device control panel. Open thedevice to which you would like to apply the task and navigate the right “command”column to apply the desired task. When working on a single device, all commands areimmediate and cannot be scheduled. There are some tasks that are unique to a 1-to-1operation, such as “Remote control” commands that can only be started from thedevice control panel.Group-level commandsMost of the commands that can applied on a single device can also be applied to agroup. Here is a list of group-level commands you can apply on more than one device.FunctionInstall PackageSend FilesRemote ExecWorkflowRestartWake on LANTagsRepository Ad-HocComments NDMS User GuidePage 8

FunctionPoliciesShut DownSend MessageSound SirenChange the Agent PasswordUninstall PackageApp Usage ReportNew Command (Set Trigger)Repository Ad-HocComments Applying commands to a groupLocate the group you would like to apply the task to and click the “Actions” menurepresented by the downward pointing arrow. Select the relevant task from the menuand apply it to the group.Applying commands to selected devicesManually selecting devices from the list will activate the “Actions” menu similar to the“Group Actions” menu.NDMS User GuidePage 9

NDMS User GuidePage 10

Remote Screen View and ControlOverviewRemote control is a very powerful function that makes remote assistance easy andeffective.Navigate to the device you want to remote control and click the remote button on theright side action buttons. A popup window will appear with a blue background until theremote session starts.Note: If you have a popup blocker installed, it may block the remote control popupscreen.When the remote session starts, the device desktop will appear, allowing you toremotely view and control the device. Controlling or viewing a device is according to thesupported device requirement list found below.NDMS User GuidePage 11

Requesting user confirmationIn order to request user confirmation for remote control session: Navigate to the domain settings menu option Set: Require users permission for remote control Yes/NoNow any time you start a remote control session, users will be prompted to confirm aremote session.Supported environments and conditionsAndroid User permissions: Remote view onlySystem permissions: Remote view and controlRoot permissions: Remote view and controlNDMS User GuidePage 12

Android Device Settings RepositoryOverviewThe “settings” repository is a toolbox of many device-level settings that can be set onAndroid devices. The settings are not forced, which means that if you set a backgroundto a device or set a new Wi-Fi SSID, the local user has the rights to change thesesettings unless combined with settings that will prevent the user from doing such. It isrecommended to consider combining “Settings” and “Policy” together to create a lockeddown environment.To apply the setting bundles, see Apply commands and operations on devices below.Every single settings item can be set separately by turning “on” or “off” the sliderbuttons.There are two types of slider buttons: a two-way button and a three-way button.Three-way slider buttonThe “neutral” mode means that this settings item is ignored in this bundleThe “on” mode means that this settings option will be turned on in this bundleThe “off” mode means that this settings option will be turned off in this bundleTwo-way slider buttonThe “off” mode means that this settings item is ignored in this bundleThe “on” mode means that this settings option will be turned on in this bundleand you can set values to itCreating a new settings bundleOpen the repositories and click the “Settings” section. A list of existing settings bundleswill be displayed.NDMS User GuidePage 13

Click the “ ” button to add a new settings bundle. Add a name and description.The “Settings” tabsName and descriptionSet Wi-Fi SSIDsSet security settingsSet different “general” settingsAPN settingsSet device desktop wallpaperAdd CA certificatesNDMS User GuidePage 14

The “Set device Wi-Fi” tabTurn on the slider button to set the Wi-Fi settings and enter the Wi-Fi SSID details. Youcan manually enter the fields or use the import functions to load a Wi-Fi profile (forWindows only).The “Security” tabTurn on the slider button to set the different settings and set values.The “General” tabTurn on/off settings you want to enable or disable. Notice the wording on each function,for example: “Disallow adjust volume.” When set to on, the volume button will bedisabled. When turned off, the volume button will be enabled.NDMS User GuidePage 15

The “APN” tabTurn on the slider button to set the APN settingsThe “Wallpaper” tabTurn on the slider button to set the wallpaper. Upload a picture (PNG or JPG) andchoose whether the picture will be stretched or centered.NDMS User GuidePage 16

The “Certificate” tabTurn on the slider button to set the CA certificate. Paste the certificate content in the textfield below.NDMS User GuidePage 17

Remote Software InstallationOverviewInstalling applications remotely to one or many devices is done by first creating arepository “installation package.”Open the repositories and click the “Packages” section. A list of existing packages willbe displayed.Click the “ ” button to add a new package.NDMS User GuidePage 18

Select the package source1. The first option is a URL reachable from the web (HTTP or direct FTP link). Thisallows storing the installation file anywhere on the web for quick download.Note: A link cannot be an address of the application on Google Play orany other installation marketplace, it must be a link to a file.2. Upload an installation package to the server on your account.Note: this option will deduct the size of the installation package from yourtotal account server storage space.Supported installation package formatsWindows install packages supported: MSI Windows installer and EXE setup filesAndroid installation packages are APK filesSet the installation arguments/parametersThe installation arguments are different from one setup package to another—these areusually advertised by the app manufacturer. The common ones are “/s” and “/silent”along with many more.Note: Android installers do not require arguments.Name and descriptionGive a name that best describes the installation package. This can be any name youdesire, it does not have to be the name of the file. A description will make it easier forother users to understand what this installation package does.Set as privateIn a multitenancy environment where there are several users on your domain, you maywant to set the package you create as “private” so it will only be visible to your account.If not selected, all domain users will have access to the installation package.Package exampleThe following is an example of a Windows installation package for “7zip” with anunattended silent installation parameter “/S”.NDMS User GuidePage 19

NDMS User GuidePage 20

Install Package Directly From Google PlayInstalling applications directly from Google Play to one or many devices is done by firstcreating a repository “installation package.” Direct installation is possible only for freeapps. There is no need to have Google Play services or even to have a Google accounton the devices to which you wish to install the apps.Note: When installing from Google Play, you should be aware that the updates will notoccur automatically. Whenever there is an update, you will need to repeat the processand create a new package as you are not actually installing directly from Google Play,but rather from the NDMS server.Open the repositories and click the “Packages” section. A list of existing packages willbe displayed.Click “Add New” to add a new package.Select “Package from Play store” and click to open the Google Play website. Note: Ifyou know the exact name of the APK bundle, there is no need to open Google Play.NDMS User GuidePage 21

Select the relevant “Master Device.” Use the default ARM or x86 device if theapplication you are installing is platform version and dependencies agnostic. Read moreon how and why set a master device.Search Google Play for the desired app and make sure it is free. Copy the URL of theapp.NDMS User GuidePage 22

Paste the URL in the Google Play package name field. Note: The system willautomatically trim the link and use only the relevant package name of the APK.Select the “master device” that resembles the target devices (ARM devices, x86devices, or a custom device you can add on the “domain settings”). The reason is thatsome apps install different APK for different platforms.Click the “upload” button and the NDMS will retrieve the package from Google Play andstore it on the NDMS server.NDMS User GuidePage 23

If the upload fails, try to repeat the process once or twice. If it still fails, try to change themaster device. If the upload still fails, this package may not be suitable for direct install.When the progress bar finishes, the package is ready with a default name as retrievedfrom Google Play. You may change the displayed name and description.Click “confirm” and the package will be ready for installation.In order to install the package, see the “Apply commands and operations on devices”guide.NDMS User GuidePage 24

Setting up a Master DeviceInstalling applications directly from Google Play to one or many devices is done by firstcreating a repository “installation package.” Direct installation is possible only for freeapps. There is no need to have Google Play services or even to have a Google accounton the devices you wish to install the apps to.In order to be able to retrieve the right installation package from Google Play, the devicethat retrieves the APK must have as close (and in some cases identical) to the platformpreconditions as the rest of the target devices. For example, it you have 200 SamsungGalaxy devices with x86 CPU, apps from Google Play that depends on the CPU typemust install the relevant x86 APK (and therefore the Google Play entry will have twooptions that are transparent to the user installing it), but when the user installs the app,the device local play app will choose the relevant APK automatically. The same is truefor the Android OS versions dependencies—if your master device is Android 6 and thetarget devices are Android 4.44, there are apps that have different internal versions fordifferent OS platforms.This is why we allow you to set your own master devices. You can set more than onemaster device according to your needs.The master device will not be dedicated to being a master device—it is just a logicalconnection with Google Play.Preparing the master deviceChoose one of your devices that resembles the rest of the target devices.Set a Google account (can be specially registered for this task, does not have to be oneof your existing accounts). Make sure this account does not have two forms ofidentifications, but rather only a password.Enroll the device to the NDMS platform normally and copy the device ID as displayedin the console.Setting the master device on the NDMS platformOpen the DomainSettingsClick the “ ” button to add a new master deviceNDMS User GuidePage 25

1. Add the Google account of the master device and open the Google Play app.2. Enter the device ID of the master account (as appears on the device dashboard).Once you enter the device ID, the system will pull the unique Device Android IDautomatically as collected by the NDMS agent when the device enrolled.Confirm to save the new master device.NDMS User GuidePage 26

Workflow RepositoryCombining several actions and commands together may save you time and allowmultiple actions in one task instead of applying each command one by one.Note: This method can also be applied to a newly enrolled device for quick onboarding.Creating a new workflowOpen theworkflowrepository item.Click the “ ” button to add a new workflow.NDMS User GuidePage 27

Name the workflow and give it a description. In the description, write the differentactions and steps that the policy contains.Add a workflow step (item)Click on the “ ” button and select an action from the list.In this example, we selected the “Install Package” repository, so all packages on therepository show up.Select a package and click “add” to add it to the sequence. You may add severalpackages, then click the “close” button to close the packages repository screen. Noticethe message on the bottom right side indicating that the item was added.Repeat the “add commands to workflow” with all desired commands.NDMS User GuidePage 28

You now have a workflow with several packages, a timeout, and settings bundle.Workflow steps configurationDo not wait for this step—all these types of steps can evenhappen simultaneously if the general queue is not busy or thedevice can handle it.Wait for this step to finish before proceeding to the next step.This step can fail or succeed and flow will continue.Wait for this step to finish successfully before proceeding tothe next step. If this step fails, flow will not continue.Edit or delete the workflow step.Send the workflow item step sequence up and down, beforeor after the current location.NDMS User GuidePage 29

Execute CommandsOverviewIf you need to execute a more advanced command or a script, or even apply commandsthat are not currently available on the NDMS interface, using the Remote Executecommands repository is the best option. This works for both Android and Windows.Creating a new commandNote: You may run the commands with high local device privileges, so please use thisonly if you are familiar with writing batches and scripts and you know what you aredoing.Open the repositories and click the “Remote Exec” section. A list of existing commandsbundles will be displayed.Click the “ ” to add a new command and set a name to the new command.NDMS User GuidePage 30

Creating a new command can be done in several levels with different outcomes.Command: This is where you write the main commandArguments: This is where you write the command argumentsWait for exit: Will indicate if the command result should be sent after the commandfinishes to run on the remote device or notCollect output: This will indicate if the process standard result output is collected backas part of the command resultRun with high privileges: Run the command with higher local device privilegesNDMS User GuidePage 31

ExamplesAndroid command examplesWhat willit do?CommandArguments1DisableGooglePlaypm2Get a listofrunningapps anddisplayresult3Open awebsiteusingdefaultbrowser4Run thecalculatorWaitCollectPrivdisable com.android.vending top-n 1 amstart -a android.intent.action.VIEW-d https://www.radix-int.comstart–user 0 CalculatorNDMS User Guide Page 32

Result exampleResult example for item #2Open the command results, navigate to your command, and click the “!” for result info.NDMS User GuidePage 33

Create and Apply TriggersOverviewIn order to automate commands and act on events, open the triggers repository andcreate triggered events. You can set different events and their thresholds, andselectively apply different triggered events accordingly.There are three steps needed in order to complete the triggered event creation: Create the command which will be triggered (See separate guides for thisprocess on all other commands such as lock, file transfer, messages, policy, andso on) Create the trigger and set the threshold as explained below Select a group and tie up between the trigger and the command as explainedbelowSetting up a new triggerOpen the “Triggers” repository and select “ ” to add new.Select the type of trigger Geofencing: Trigger events based on locationWi-Fi SSID: Trigger events based on Wi-Fi SSID connectionTime: Time-based triggers (every X days, daily at 8:00 AM, once a month, etc.)Geofencing Name the trigger and add a descriptionNDMS User GuidePage 34

Select a region by zooming in to the relevant area (minimum 20 mile radius)Select what will happen “On Enter” and “On Exit.” It can either be:o Nothing: Nothing will happeno Start: Start the mode (like start a policy or start locking the device)o End: Stop the mode (like stop a policy or unlock the device)Wi-Fi Name the trigger and add a descriptionSelect an SSID to be triggered when connectedSelect what will happen “On Enter” and “On Exit.” It can either be:o Nothing: Nothing will happeno Start: Start the mode (like start a policy or start locking the device)o End: Stop the mode (like stop a policy or unlock the device)NDMS User GuidePage 35

Timing Name the trigger and add a descriptionSelect the time interval that will trigger the task:o Onceo Every minute, hour, day, week, montho Set if the trigger repeats and for how longo Set the time range—for example, if this is set to “daily” trigger a task, set itto work for 10 days and stopo Set the TTL (time to live) for when the triggers become irrelevant and willno longer applyCreate trigger-based commandsLocate the group you would like to create a triggered command for and click the“Actions” menu represented by the arrow facing down. Then, select “New Command”menu option.NDMS User GuidePage 36

Name the commandSelect the trigger created earlierSelect the command you would like to applyNDMS User GuidePage 37

Commands HistoryOverviewAfter applying commands to devices, groups, or creating a triggered command, youmay want to query command results and perhaps manage the ongoing commands.Open the “Commands” on the left and you will be presented with a command historysummary. You may sort and search results by any column.By clicking any line (Command), you can see more in-depth information about thecommand itself. In this case, the command to send a message was deliveredsuccessfully to all devices (in this case, only one device).In this case, the command to install a new package was delivered successfully to sevendevices out of 14 devices in total. If you set the mouse over the failed command, it willprompt with the failure reason. In this case, the indication is that the current installedversion is already higher than the attempted one.NDMS User GuidePage 38

You may always stop, start, edit, resend, or delete any commands.Note: The Resend command to failed devices is particularly useful and saves muchtime.NDMS User GuidePage 39

Ad-Hoc One-Time SessionOverviewThe ad-hoc session was introduced in order to allow management of devices acrossdifferent accounts and domains. You may temporarily add a device for remote supportor remote control without enrolling the device to your account.Note: The remote management session can be terminated at any time by the remoteuser or by the admin.User side: Starting an ad-hoc session and obtaining a session IDOpen the NDMS agent and select “Start Ad-Hoc session” on the menu.Send the session ID number to your admin.NDMS User GuidePage 40

Admin side: Adding a remote device using an ad-hoc session IDOpen the Ad-hocmenuInitiate remote ad-hoc session.Enter the session ID code as given to you by the user and click “Start.”Once the session starts, the user device will be visible in your list just like any otherdevice. You may apply any command, install apps, remote control the device, and soon.To end the session, simply click the “Stop session” button on the device dashboard:NDMS User GuidePage 41

Authentication TokenFor security reasons, a first handshake between a device and the NDMS server willcreate a unique authentication token. This token is stored on the server and the device.Missing authentication tokenWhen a device loses the authentication token, it will fail to register with the server. Thisis usually a result of an uninstall and new installation, factory reset, data wipe, or any ofthe app data is cleared.When you enroll the device again, you will see the following message on the wizardsummary screen when you click finish:When clicking on the notification for more information, you will see a detailed note.NDMS User GuidePage 42

Reset authentication tokenNavigate to the specific device control panel on the domain it was originally enrolled toand select “Reset Auth Token” under the “Manage” tab.When done, retry finishing the enrollment process and it should succeed.NDMS User GuidePage 43

Adding a New UserOverviewIn order to delegate rights to different users/managers, you may create new users withdifferent privileges, roles, interface languages, and group rights.Note: This user is an NDMS console user and has no relations to the local device user.Adding a new userOpen the UsersmenuClick the “ ” button to add a new user.NameBy default, any username will be added with your domain name as a suffix:[email protected] domain. This is also the proper name format when you log on.EmailThis will be used for alerts and messages to the user.PasswordPassword must be at least eight characters with a combination of letters Aa-Zz,numbers, and symbols.NDMS User GuidePage 44

User typeThere are several user types, each representing a different role:[email protected] domaindefault usersThe default mandatory user found in every account; hasall rightsAdmin rightsRights for all functionsUser rightsRights for all functions but user managementObserver rightsRights to view device locationsTeacher rightsCan use the Teacher mode functionalityTagBy setting tags to users, the users are then able to see only devices with correspondingtags. The devices must contain all the tags in order for the user to be able to see them.For example:If a user is not tagged at all, all devices enrolled are visible.If the user is tagged with 1234, only devices containing the 1234 tag will be visible.If the user is tagged with 1234 and abcd, only devices containing both tags will bevisible.LanguageSets the default console interface language for that user.NDMS User GuidePage 45

Boxlight Customer SupportThe Boxlight Customer Support team cannot actively assist in configuring the NetworkDevice Management System to your specific network and complement of devices.However, they can assist with general questions, technical background, and generalinformation. Boxlight Customer Support can be reached at 877.696.4646 ext. 1 [email protected] User GuidePage 46

NDMS User Guide Page 3 User: The user is the entity that manages devices. The format of a user will always be [email protected], with xxxx being the user and your-domain as the account name you enrolled. The default user name will be [email protected] and cannot be changed.