Highlighted
Trusted Contributor.
Trusted Contributor.
1554 views

Any way to deny automatic synchronization to new devices?

Hi All,

I want to keep a bit of control on wich devices are syncing to the server, so what I want to know is if there is any way to disable self-registraton for new devices to the server. May be with an approval procedure or something like this. I want to prevent people to start syncing any 'strange' device, causing issues and support requests. Just a tested/supported list of devices will be accepted.

Any idea?
Labels (1)
0 Likes
7 Replies
Highlighted
Absent Member.
Absent Member.

javichu wrote:

> I want to keep a bit of control on wich devices are syncing to the
> server, so what I want to know is if there is any way to disable
> self-registraton for new devices to the server. May be with an
> approval procedure or something like this. I want to prevent people
> to start syncing any 'strange' device, causing issues and support
> requests. Just a tested/supported list of devices will be accepted.


There isn't really a way to do this now. If a user has been added to
Mobility, the user can then add any devices. The best you can do is
configure a maximum number of devices that users can add. Just keep in
mind that this is done within the Mobility Connector, which means it
affects all users.

If you'd like more control, you may want to look into our MDM solution
ZENworks Mobile Management. Using ZMM in conjunction with Data Sync
and forcing everyone to go through ZMM to get their mail you can
whitelist & blacklist specific devices or even an entire platform. For
example, you can say that iOS devices are not allowed to use
ActiveSync, forcing everyone to an Android corporate standard if that's
your policy.

--
We're your Novell--again. http://www.novell.com/promo/backtobasics.html
Enhancement Requests: http://www.novell.com/rms

Joe Marton Emeritus Knowledge Partner
0 Likes
Highlighted
Absent Member.
Absent Member.

jmarton;2215969 wrote:
For
example, you can say that iOS devices are not allowed to use
ActiveSync, forcing everyone to an Android corporate standard if that's
your policy.


We looked at ZMM, and it looks really nice.. except when you get down to the problem of sites like ours that have a "bring your own device" policy where users come to us with whatever their personal phone is.

I too would love to see a feature that when enabled, would allow new devices to land in an unapproved pool, then could be enabled/disabled via the admin interface.

Enhancement request time eh?
0 Likes
Highlighted
Absent Member.
Absent Member.

dforsythe wrote:

> We looked at ZMM, and it looks really nice.. except when you get down
> to the problem of sites like ours that have a "bring your own device"
> policy where users come to us with whatever their personal phone is.


That's exactly the problem ZMM is geared towards fixing! Having a more
loose policy for people with their own devices, maybe don't do location
tracking, etc while you have a much more restrictive policy for devices
issued by the organization.

> I too would love to see a feature that when enabled, would allow new
> devices to land in an unapproved pool, then could be enabled/disabled
> via the admin interface.
>
> Enhancement request time eh?


It's definitely not a bad idea. In the meantime you may want to take
another look at ZMM. 🙂 We're running webinars every couple of weeks
on ZMM.

http://www.novell.com/events/mobile-management-webinars.html

--
We're your Novell--again. http://www.novell.com/promo/backtobasics.html
Enhancement Requests: http://www.novell.com/rms

Joe Marton Emeritus Knowledge Partner
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Obviously it's an unsupported way to address this issue, but what will happen if we create a trigger in devices table that changes state to 8 when a new row is added? I think that by this way, all newly created devices will be blocked until the admin activates it...
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Hi All,

I'm testing this script inside the mobility connector database, and it seems to work right. What it does is to leave the device Locked just after it's registrated in the connector, an then the admin can simply unlock via the web interface monitor screen. In this moment, the device has to be rebooted and it starts to sync inmediately. You may see that first of all it puts a {u} mark inside a field. This field seem to remain unused until the device is fully configured in the connector. Then, the procedure changes this field to "prevState": "0", + WhateverDataSyncWants and the state to '8' (locked). This is due of the registration process, that overwrites many times this row and if you set the state field to '8' (locked) with a trigger linked to the INSERT operation, it will be changed to '0' (unlocked) inmmediately. The {u} is an indication for the next laps of the script that the device is in its initial setup state. When the process send a value other than '{}' to this field, it indicates that the process has ended. Does anybody want to test it? I'm still working on it but any help will be appreciated.

Regards

Javier


srvgw004:~ # psql -d mobility -U datasync_user
Password for user datasync_user:
Welcome to psql 8.3.9, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

create or replace function devselflck() returns trigger as $devselflck$
begin
if (TG_OP='UPDATE') then
if (old.statedata='{u}') then
if (new.statedata='{}') then
new.statedata:='{u}';
else
new.state:=8;
new.statedata:='{"prevState": "0", ' || trim(leading '{' from new.statedata);
end if;
end if;
return new;
elsif (TG_OP='INSERT') then
new.statedata:='{u}';
return new;
end if;
return null;
end;


$devselflck$ language plpgsql;

create trigger devselflck before insert or update on devices for each row execute procedure devselflck();
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Probably you will need to install the plpgsql inside the postgres engine, with the following command, prior to test the script:

create procedural language plpgsql;
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

I've seen that my initial version of the script worked fine when you add a new device to an user that has another device(s) previously registered, but it failed when you add a device to a new user. Here comes a reviewed version that fixes this issue. Any volunteer(s) for testing?




srvgw004:~ # psql -d mobility -U datasync_user
Password for user datasync_user:
Welcome to psql 8.3.9, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

create procedural language plpgsql;

create or replace function devselflck() returns trigger as $devselflck$
begin
if (TG_OP='UPDATE') then
if (old.statedata='{u}' or (old.identifierstring='' and new.identifierstring!='')) then
if (new.statedata='{}') then
new.statedata:='{u}';
else
new.state:=8;
if (new.statedata='{u}') then
new.statedata:='{"prevState": "0"}';
else
new.statedata:='{"prevState": "0", ' || trim(leading '{' from new.statedata);
end if;
end if;
else
if (old.identifierstring<'A' and new.identifierstring > ' ') then
if (new.statedata='{u}') then
new.statedata:='{"prevState": "0"}';
else
new.statedata:='{"prevState": "0", ' || trim(leading '{' from new.statedata);
end if;
end if;
end if;
elsif (TG_OP='INSERT' and new.identifierstring!='') then
new.statedata:='{u}';
end if;
return new;
end;


$devselflck$ language plpgsql;

create trigger devselflck before insert or update on devices for each row execute procedure devselflck();
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.