At the time of writing the current version of the Symantec MDM solution does not allow you to send push notification messages to your users via the agent.
This article has been written in order to bridge the current gap and get you 90% of the way to a working push installation working with your MDM IN House agent and the Management Platform.
What you are going to need:
- A built version of the in house agent signed and exported (ipa enterprise distro) ready to be installed on iOS Devices
- The certificate that was request when the "App" was created in the provisioning portal @ developer.apple.com - this will need to be download and then reexported with it's private key as p12 file.
- An account with a push provider - There are a lot but for the sake of this article I am going to use http:///www.parse.com (for no other reason than I think that it is a good solution) - If you choose another provider then you need to make sure that they provide access to push messages and add devices via a API. Parse.com is free up to a certain number of pushes and then costs there after - for medium installations the free limit will be perfectly acceptable
- A Read Only user for the Symantec_CMDB database so that the vbscript that does the work looking for the token and matching this against a user can run.
- A good deal of time and patience as there are a number of steps and it never works first time!
Gotchas to watch out for before we start:
- That you have at least the 1.0.4716 - although I have not tested this completely I believe that it was only since this version that Symantec have incorporate the request for a token so that the user sees a pop up asking them if they want to accept push from the agent. You CANNOT at the moment use the app store agent as it would require that symantec make public the app APNS cert and also that they modify it to ask for push token.
- Make sure that you have enabled the "Client Push" on Parse.com under "Push Notification Settings"
Still with me! Then let's begin!
The first thing is to make sure that you have built the MDM in house agent and have it deployed on an iOS client - this is reasonably well documented in the symantec guides so I am not going to go through this here - if you have problems then post a comment or open a discussion and I am sure you will find someone to help you
As stated in the gotchas you need to make sure that you have enabled the "Apple Push Notification" section - there is a great video on how to do this from parse.com @ https://parse.com/tutorials/ios-push-notifications - ignore the end of it as we won't be using this.
Next you will need open the MDM in house agent on an iOS device and it should pop up and ask you whether you would like to enable "Push Notifications" for this app - choose YES! and then enroll the device in the normal fashion with your MMS.
Once the device is enrolled we need to check that it actually has registered its token with the MDM. You can find this token by navigating to the devices and the entering the "Resource Manager" for that device - choose "Inventory" from the "View" menu and then choose "Mobile_Device" from the "Mobile Inventory" folder. You are looking for an entry called "Agent Token" and there should be a long alpha numeric code. Don't confused it with the Auth Token or the MDM Device Token as they aren't the same!!!
If you successfully see the token then that's great we are now just about ready to send a push to that device!
On the parse.com site you will need to import the cert that you got from the apple developer site (with private key), this is what parse will send along with the deviceToken from the MDM to apple APNS servers to send the push to the device. Once again there is a guide for this @ https://parse.com/tutorials/ios-push-notifications that explains how to export the cert as p12 and where to import it.
I have create a little vbscript (it is attached and will need to be renamed from .txt to .vbs) that takes a number of command line arguments (in order see what arguments it takes run it like this "cscript SymantecMDMPushNotifications.txt /?" )in order to add the device into the list of devices on your parse.com account and then either send a push to a single device using it's token or to all the devices that a user has using there email address and finally another routine that scans an AD for members of an AD Group and then emails each of them (although I have tried to make this as generic as possible it would probably require some modifications to work with each specific environment - please post if you want some help!).
In order to get it working please rename the extension to vbs and then edit the file with your favourite editor (notepad++ or something will do find) - look for the parse api keys - these are what will identify the script to parse via the REST API - these appear on the dashboard of that app that you should have created. You will also need to create a read only user that can access the CMDB and enter the corresponding connection information into the section at the top.
The final part that I am working on and will post as soon as I have finished is an ASP page that references the afore mentioned VB that will be placed on the MMS. This can then easily be referenced in a right click action with a little form asking for the message and then can be send.
What is missing from this solution:
Logging - I haven't hand a chance yet to add any logging - I don't do anything with the response (positive or negative) then comes back from PARSE.com.
As every use this all at your own risk… It works well in my environment and there is no reason that it shouldn't in yours! But make sure that you understand the procedure
Questions:
Please feel free to post in the comments section and I will try and get back to you with a response.