VMware Hands-on Labs - VMware AirWatch - Mobile Application Management and Developer Tools


Lab Overview - HOL-1857-05-UEM - Workspace ONE - Mobile Application Management and Developer Tools

Lab Guidance


Note: It will take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

Enhance your enterprise application by leveraging AirWatch Developer Tools into an internal app. This lab targets Mobile Application Management (MAM), AirWatch REST APIs, Per-App VPN using AirWatch Tunnel, AirWatch Android SDK and Jenkins integration. At the end of each lab, we will validate the enhancements on an enrolled device to see the app enhancements in action.

Each Module can be taken independently or you can start at the beginning and work your way through each module in sequence. In most cases, a unique "sandbox" instance of AirWatch will be created just for you when you begin a Module. When the Module has ended, this sandbox will be deleted and the device that you are enrolling in the lab will be returned to the state that it was in prior to the lab. The approximate time it will take to go through all the modules is around 4 hours.

Lab Module List:

 Lab Captains:

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes you lab has not changed to "Ready", please ask for assistance.

 

Module 1 - Introduction to Mobile Application Management (60 Minutes)

Introduction


Let's go through the fundamentals of AirWatch Mobile Application Management with Workspace ONE. We will walk through how to deploy different types of apps via AirWatch Admin console and touch base on some of the basic management capabilities.


Different types of applications - Internal / Public / Purchased / Web Apps


Depending on the type and mode of deployment, AirWatch classifies applications as Internal, Public, Purchased and Web apps.

Platform/ Type Internal Public Web Purchased
iOS X X X X
Android X X X
macOS X
X X
Windows Phone X X

Windows Desktop X X X

Login to the Workspace ONE UEM Console


To perform most of the lab you will need to login to the Workspace ONE UEM Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the Workspace ONE UEM Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your Workspace ONE UEM Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter VMware1! for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the Workspace ONE UEM Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter VMware1! in the Password Recovery Answer field.
  4. Enter VMware1! in the Confirm Password Recovery Answer field.
  5. Enter 1234 in the Security PIN field.
  6. Enter 1234 in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the Workspace ONE UEM Console Highlights pop-up.

  1. Click on the Don't show this message on login check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

iOS Device Enrollment With Directory Account


You will now enroll your iOS device by using a directory account for use with this module.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

The first step is to make sure you know what your Organization Group ID is.  

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter hol.awmdm.com for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password for the basic user account.

  1. Enter aduser in the Username field.
  2. Enter VMware1! in the Password field.
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Allow Website to Open Settings (IF NEEDED)

 

If you prompted to allow the website to open Settings to show you a configuration profile, tap Allow.

NOTE - If you do not see this prompt, ignore this and continue to the next step.  This prompt will only occur for iOS Devices on iOS 10.3.3 or later

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

Download AppLifecycle Apps


In this section, we are going to download AppLifecycle Apps that we will be using as Internal apps for this lab.


 

Download AppLifecycle 101

 

  1. Open a new tab in Chrome Browser.
  2. Enter the following URL https://hol.awmdm.com/MyDevice/s/2239/be759588-38d0-4ad4-949e-88a1f4398f4b and hit Enter
  3. Validate that you have downloaded Applifecycle_101.ipa

 

 

Download AppLifecycle 102

 

  1. Open a new tab in Chrome Browser.
  2. Enter the following URL https://hol.awmdm.com/MyDevice/s/2239/86896741-33e4-43fd-a843-6225742f002c and hit Enter
  3. Validate that you have downloaded Applifecycle_102.ipa

 

Internal App Deployment


Use Workspace ONE to distribute, track, and manage your internal applications. These are applications built in-house and not hosted on Public App Stores. You can upload the application files directly to AirWatch console for deployment. However, if you use an external repository to host your internal applications, then you can easily integrate that host with AirWatch, instead of migrating the entire catalog to AirWatch.

Supported File types for different platforms:

Platform File Type
Android APK
iOS IPA
macOS APP Package Bundles
Windows Desktop APPX, EXE, MSI, ZIP
Windows Phone APPX, XAP

Once the application is installed, you can track the installation status and reason codes in case of failures.


 

Upload Internal Application with a Local File

In this section, we are going to add an iPA file to AirWatch console as an internal iOS app.

 

 

Add an Assignment to the Internal Application

We will now configure which devices will receive the internal application.

 

 

Provisioning Profiles for Enterprise Distribution

 

  1. Click Apps & Books
  2. Expand Applications
  3. Click Native
  4. Click the Internal tab.
  5. Validate that you have the application uploaded with the name as AppLifecycle.
  6. In the Version column, you will see the version as 1.0.1
  7. In the column Renewal Date, you will see when the provisioning profile is going to expire for this particular app.

You can renew this provisioning profile from AirWatch console itself (via Application Details > Files menu), without having to rebuild and re-upload the app to the AirWatch console. This simplifies the recurring task of profile renewal, without any intervention from App Developer and any interruption on the end user devices.

For this lab, we are not going to renew the provisioning profile of this app.

 

Public App Deployment - Workspace ONE Catalog


AirWatch offers two app catalogs - Workspace ONE and the AirWatch Catalog. Both catalogs support the features in the Apps Settings of the AirWatch Console.

The Workspace ONE catalog integrates resources from environments that use VMware Identity Manager and AirWatch. If your deployment does not use VMware Identity Manager, you still have access to the features previously released for the AirWatch Catalog.

In this lab, we are going to access the assigned apps via Workspace ONE catalog which is available as a public app from App Store.


 

Add Workspace One as a public app

 

  1. Click Add
  2. Click Public Application

 

 

Search Workspace ONE

 

  1. Select Platform as Apple iOS
  2. Select Source as Search App Store
  3. Select Name as VMware Workspace One
  4. Click Next

 

 

Select Workspace ONE

 

Select VMware Workspace ONE from the search results.

 

 

Save & Assign

 

Click Save & Assign

 

 

Add Assignment for Workspace ONE

 

Click Add Assignment

 

 

Select Group and Delivery Method

 

  1. Select Assignment Group as All Devices
  2. Select App Delivery Method as Auto

TIP - Automatic App Delivery ensure that the app is installed on the device automatically, without relying on end users to download it from the catalog. Use this setting for the apps that you want to make mandatory for your end users.

 

 

Modify Policies

 

  1. Scroll down to the Policies section.
  2. Select Enabled for Remove on Unenroll.
  3. Select Enabled for Application Configuration.

 

 

Add Application Configuration

 

In this section, we are going to configure Workspace ONE app, so that it auto-populates the server URL and device UDID at the time of launch.

TIP - Use AppConfig to pre-configure apps, which reduces end user inputs for a seamless end user experience.

  1. Scroll down to the bottom of the page.
  2. Enter key as AppServiceHost
  3. Enter value as "https://holmam.vidmpreview.com" with the type String
  4. Click on +Add
  5. Enter key as deviceUDID
  6. Enter value as {DeviceUid}
  7. Click Add

NOTE - All the keys and lookup values are case sensitive.

 

 

Save & Publish

 

Click Save & Publish

 

 

Publish the app

 

Validate that you are seeing your device enrolled in the assignment list. Click Publish to continue.

 

 

Accept the app installation prompt

 

As soon as the device checks in after the app is assigned, you see a prompt on the device to install the Workspace ONE app. Click Install to continue.

 

Log into Workspace ONE Catalog



 

Launch Workspace App

 

Click on the Workspace app to launch.

 

 

Create a Passcode (IF NEEDED)

If you do not already have a device passcode set on the iOS device, you will receive a warning message before being able to access the Workspace ONE app. Please navigate to Settings > Passcode > Turn Passcode On, to setup a new passcode, then return to Workspace ONE.

 

 

Validate App Service Host URL from AppConfig

 

This is the value that we entered for the key AppServiceHost while configuring the deployment options for Workspace ONE. This is how easy it is to pre-configure the Workspace ONE app for a seamless end user experience.

  1. Validate that the pre-populated URL is https://holmam.vidmpreview.com
  2. Tap Next to continue.

 

 

Select domain as corp.local

 

  1. Select domain as corp.local
  2. Check the box to Remember this settings
  3. Click Next

 

 

Enter Credentials

 

  1. Enter username as "aduser"
  2. Enter password as "VMware1!"
  3. Ensure that you are seeing corp.local as the domain.
  4. Tap on Sign in

 

 

Enter Workspace ONE

 

Whenever you see the message Your Workspace is ready, tap on Enter.

 

 

Accept the notifications prompt

 

Tap Allow to enable Notifications for Workspace.

 

Internal App Versioning


Internal and Enterprise apps get updated on a regular basis to offer latest functionality and security enhancements. Workspace ONE makes it easy to update these apps on end user devices over-the-air automatically, without having to connect the device to a computer. In this section, we are going to add an internal app on-demand and install it from Workspace ONE catalog. We will also see how to update the app in the AirWatch console so that it gets updated on the enrolled device without any app data loss.


 

Install the Internal app from Workspace ONE Catalog

Since we do not have many apps deployed in this lab, we can see all the apps from the default view. However, we are still going to validate the app category we assigned while deploying our internal app.

 

 

Add an updated version of the Internal app to AirWatch Console

We will upload a new version of our internal app to see how this reflects in the AirWatch Console as well as on our device.

 

 

Install the updated version of the app from Workspace ONE Catalog

Let's view the update process on the device in Workspace ONE when apps are updated through the AirWatch Console.

 

 

Uninstall the app from managed devices

As a part of AirWatch flexible deployment, the app removal from AirWatch has three different phases:

  1. Retire - Removes an application from all managed devices. For iOS devices, if an older version of the application exists in the AirWatch solution, then this older version is pushed to devices.
  2. Deactivate - Removes an application and all versions of it from all managed devices.
  3. Delete - Deletes the app from AirWatch Database. If the application is currently installed on any devices, it puts the app in the Deactivated state first. You can then remove the app by changing the filter to Inactive.

Use the Retire option if you want to revert to an earlier version, without uninstalling the app from all the enrolled devices.

 

Web App Deployment


Web applications are useful for navigating to complex URLs with many characters. You can place Web application icons on the springboard to minimize the frustration with accessing these website. These icons connect end-users to internal content repositories or login screens, so end-users do not open a browser and type out a long or complex URL.


 

Add Web App from AirWatch console

Continue to walk-through the process of adding a Web app through the AirWatch Console.

 

 

Access the Web App from enrolled device

Now that the Web app is added to the AirWatch Console and published to devices, let's view and interact with the Web app from our device.

 

Remove Apps via AirWatch Console


So far, we have seen how to deploy apps using AirWatch. Having the ability to remove the apps from a device is as important as deploying them, especially in the scenarios where a device is lost or stolen or if an employee leaves the organization. This not only clears the sensitive app data from the device but it also revokes access to the corporate resources and functionality that the app has access to.


 

Uninstall the Web App

In this section, we will see how to remove the apps from the enrolled devices.

 

Assume Management


Apple iOS enables AirWatch to assume management of user-installed applications without requiring the deletion of the previously installed application from the device. In this section, we are going to install a public app from App Store and assume the management for it. This will enable us to perform all the mobile application management policies on this user-installed app, including removal upon un-enrollment. We will validate this in the next article.

Consider the scenario where your employee has installed the app from App Store directly (very common in BYOD). In that case this app is unmanaged since it is not pushed down via AirWatch console. As a result, this app can not have MAM enhancements like per-app VPN (to connect to a backend resource), App Config (to auto-configure the app over-the-air), or Data Loss Prevention (removal of the app in case the device is stolen or compromised).

In this section, we will see how to convert such apps as managed apps so that they can leverage the above AirWatch Mobile Application Management (MAM) enhancements and much more.


 

Install an unmanaged app from App Store

Let's begin by downloading and installing an unmanaged app from the App Store on our device.  We will assume management of this app later.

 

 

Add the same application as a public app from AirWatch console

Now that we've downloaded an unmanaged app, we will publish the same app from the AirWatch Console as part of the process of assuming management.

 

 

Salesforce as managed app

We will now see how the Salesforce app becomes managed by AirWatch on our device.

 

 

Conclusion

This is how easy it is to manage a user installed device via AirWatch. This feature is very powerful in a BYOD scenario to enhance functionality and ensure proper security of the user installed apps.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from Workspace ONE UEM.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch Agent application from the device as this was downloaded manually before Workspace ONE UEM had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the Workspace ONE UEM Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and VMware1! as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console (1234).

  1. Enter 1234 for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  

    NOTE - If 1234 does not work, then you provided a different Security PIN when you first logged into the Workspace ONE UEM Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the Workspace ONE UEM services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through Workspace ONE UEM should have been removed from the device.

NOTE - The applications and settings pushed through Workspace ONE UEM should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the Verify the Un-Enrollment step to confirm the successful un-enrollment of the device.

 

Conclusion


In this lab, we went through how to deploy and manage different types of applications using Workspace ONE. We also saw how to remove a managed app from a device and how to assume management of apps installed by the end users.


Module 2 - VMware AirWatch REST API (30 minutes)

Introduction


AirWatch provides a collection of RESTful APIs which allow external programs to use the core product functionality by integrating the APIs with existing IT infrastructures and third-party applications. Leveraging the simplified REST style of software architecture, AirWatch REST APIs currently include Organization Group, Console Administration, Mobile Application Management, Mobile Device Management, Enrollment User Management, Smart Group Management and User Group Management functionalities.

In this lab, you will:


Login to the Workspace ONE UEM Console


To perform most of the lab you will need to login to the Workspace ONE UEM Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the Workspace ONE UEM Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your Workspace ONE UEM Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter VMware1! for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the Workspace ONE UEM Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter VMware1! in the Password Recovery Answer field.
  4. Enter VMware1! in the Confirm Password Recovery Answer field.
  5. Enter 1234 in the Security PIN field.
  6. Enter 1234 in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the Workspace ONE UEM Console Highlights pop-up.

  1. Click on the Don't show this message on login check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

iOS Device Enrollment


In this section, we are going to enroll an iOS device to complete the steps on the device side.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

 

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter hol.awmdm.com for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password for the basic user account.

  1. Enter testuser in the Username field.
  2. Enter VMware1! in the Password field.
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Allow Website to Open Settings (IF NEEDED)

 

If you prompted to allow the website to open Settings to show you a configuration profile, tap Allow.

NOTE - If you do not see this prompt, ignore this and continue to the next step.  This prompt will only occur for iOS Devices on iOS 10.3.3 or later

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

VMware AirWatch REST API


In this section we will go through several REST APIs using both GET and POST commands. We will wrap up the module by un-enrolling the device using a DELETE API request.


 

Get the REST API Key from console

In this section, we will get the REST API Key.

 

 

REST Client Setup

In this section, you will configure a REST Client application on the Main Console server. This application will allow you to easily send REST API calls to AirWatch without having to go through the process of actually creating an application. For this module we will be using an application called Postman.

 

 

GET Commands - Enrolled Devices for a User

GET commands are usually used to get some information from the server. The GET commands are primarily targeted towards 'get'ting information from the database without making any change to the data.

The following API command requests information on the enrolled devices for a user.

 

 

GET Commands - Enrollment User Details

This API command retrieves details about an enrollment user. For this lab, since we used 'testuser' to enroll the device, we going to use the user id of 'testuser' to retrieve the enrollment user details.

 

 

GET Commands - Device Applications

In this step you will use the API to search for all Applications that are in the AirWatch App Catalog for Apple devices.

 

 

POST Commands - Lock Device

POST REST API commands are usually intended to perform some action. In this section, we will 'post' some data to the database to make changes and we will verify those changes on the enrolled device.

 

 

POST Commands - Send a Message

This API command sends a push message to the enrolled device. In real world scenario, this API can be used to automate notifying managed devices about a certain event/action without requiring to login to the AirWatch UEM console and send push messages manually.

 

 

DELETE Request

In this section, you will see how to use a HTTP DELETE command. You will issue a single command to AirWatch to delete the device. Deleting a device will initiate an Enterprise Wipe (or un-enrollment) and will remove the device from the AirWatch database. This will NOT perform a factory reset on the device and will not in any way delete any data from the device that was there prior to enrolling the device into AirWatch.

 

 

 

Conclusion and Wrap Up

This concludes the AirWatch REST API Module. There are many more API's available which can be leveraged to automate many of the AirWatch UEM console actions without logging in to the console. REST APIs are powerful tools to perform bulk actions at the trigger of certain events to enhance the existing functionality of the AirWatch UEM solution.

 

Conclusion


In this lab, we saw how easy it is to use the AirWatch APIs to perform AirWatch Admin console actions externally without compromising on the security. Leveraging REST-based APIs also cloud offer several benefits to enterprises, including eliminated cost and time spent developing applications in-house. AirWatch APIs are fully able and ready to integrate with enterprise servers, programs and processes. Additionally, AirWatch APIs are efficient, run smoothly and are easily branded with enterprises.


Module 3 - Per-App VPN using VMware Tunnel (30 minutes)

Introduction


Leveraging Per-App VPN allows you to control which applications on a device have access to your VPN by automatically enabling disabling VPN access based on which applications are active.  This prevents you from needing to provide a device wide VPN on your devices, which allow unintended apps or processes to access your VPN and ensures only authorized apps have access to your VPN.


Login to the Workspace ONE UEM Console


To perform most of the lab you will need to login to the Workspace ONE UEM Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the Workspace ONE UEM Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your Workspace ONE UEM Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter VMware1! for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the Workspace ONE UEM Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter VMware1! in the Password Recovery Answer field.
  4. Enter VMware1! in the Confirm Password Recovery Answer field.
  5. Enter 1234 in the Security PIN field.
  6. Enter 1234 in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the Workspace ONE UEM Console Highlights pop-up.

  1. Click on the Don't show this message on login check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

AirWatch Console Configuration - Publish VMware Tunnel


In this chapter you will create a Per-App VPN profile and deploy an Application configured to use the VPN Tunnel on iOS.


 

Create an iOS VPN Profile

In this step you will configure the iOS profile that will be delivered to the device to configure the VMware Tunnel Client on the device to allow only designated applications to access content on internal servers. If you completed the previous module already, "Introduction to AppConfig", then you have already created the Per-App VPN profile and you may use the iOS Per-App VPN profile created in that lab. You may still walk through these steps if you'd like.

 

 

Add the VMware Tunnel Client as a Public Application

In order to leverage the VPN profile, the VMware Tunnel Client must be installed on your device. We can leverage AirWatch to deploy the client as a managed application to the device This step will walk you through the process of adding the client application to the AirWatch Console to automatically install on enrolled devices. Please note, while it is required that the Tunnel client application is installed on any device using Per App Tunnel, it does not have to be a managed application. Users can download the VMware Tunnel client from the App Store.

 

Configure VMware Browser for Per-App VPN



 

Add the VMware Browser as a Public Application

Now that the Tunnel client is assigned to the appropriate group, this section walks through adding an application that is enabled to use Per App Tunnel.  After enabling the setting that allows an application to use VPN, you must select the VPN profile that the app should use. This requires that any application you would like to leverage Per App VPN is pushed to the device from the AirWatch Console as a managed app. There is one exception to this, which is the Safari application on iOS.  This is covered in detail in a later section of this lab.

This step will walk you through the process of adding an application from the Public App store that will be associated to the VPN profile you created.

 

iOS Device Enrollment


In this section, we are going to enroll an iOS device to complete the steps on the device side.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

 

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter hol.awmdm.com for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password for the basic user account.

  1. Enter testuser in the Username field.
  2. Enter VMware1! in the Password field.
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Allow Website to Open Settings (IF NEEDED)

 

If you prompted to allow the website to open Settings to show you a configuration profile, tap Allow.

NOTE - If you do not see this prompt, ignore this and continue to the next step.  This prompt will only occur for iOS Devices on iOS 10.3.3 or later

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

Testing Per App VPN


Now that the device is enrolled and has received the settings we configured in the AirWatch Console, we are ready to begin testing the Per-App VPN functionality.


 

Testing Per App VPN on iOS

The applications assigned in the previous steps should push down during enrollment. The VMware Tunnel and VMware Browser applications should be installed on your device.

 

 

Launch the VMware Browser

 

Press the Home button on the iPad to return to the Launchpad. Swipe right to see the downloaded applications if needed.

Tap the VMware Browser icon to launch the application. If prompted, select OK to allow the Browser to send your device push notifications.

 

 

Access the Internal Website with VMware Browser

 

  1. The application will launch and you will see the VPN icon appear indicating the connection is active. The application will now connect to AirWatch and retrieve the settings for your Sandbox Organization Group. These settings include a default homepage that has been pre-configured for this lab. This website is available on an internal web server but not accessible from the public internet.
  2. The website will load and you'll see the Welcome message.

 

 

Attempt to Access the Website From Safari

We will now show that although the VPN connection is active, other applications on the device will not be able to access the Tunnel or the internal resources.

 

Safari Domain Profile Configuration


In this chapter you create a Per-App VPN profile and deploy an Application configured to use the VPN Tunnel on iOS.


 

Add a New Version to the iOS VPN Profile

In this step you will update the iOS profile created in the first step to include Safari domains.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from Workspace ONE UEM.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch Agent application from the device as this was downloaded manually before Workspace ONE UEM had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the Workspace ONE UEM Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and VMware1! as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console (1234).

  1. Enter 1234 for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  

    NOTE - If 1234 does not work, then you provided a different Security PIN when you first logged into the Workspace ONE UEM Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the Workspace ONE UEM services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through Workspace ONE UEM should have been removed from the device.

NOTE - The applications and settings pushed through Workspace ONE UEM should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the Verify the Un-Enrollment step to confirm the successful un-enrollment of the device.

 

Testing Safari Domains with Per App Tunnel


Now that the VPN profile is updated to include the domain tested in the first example in the Safari Domains list, we can confirm these settings have updated on the device and test in the native Safari application.


 

Confirm the VPN Configuration Has Updated

This section will walk-through how to confirm that the VPN configuration has successfully updated on your device.

 

 

Attempt to Access the Website From Safari

We will now show that browsing to a site in the domain added to the "Safari Domains" list will initiate a VPN connection.

 

Conclusion


This lab module reviewed how to leverage native Per-App VPN capabilities by publishing Per-App VPN profiles to your devices to ensure that only authorized apps are accessing your VPN.  This prevents users from needing to manually start and end VPN connections based on what apps they are accessing and provides an extra layer of security to your corporate resources by ensuring non-authorized apps are not able to connect to your VPN.

This concludes this lab module.


Module 4 - Introduction to AirWatch Android SDK (45 minutes)

Introduction


The AirWatch Software Development Kit (SDK) for Android allows you to enhance your enterprise applications with MDM capabilities. By incorporating AirWatch SDK code within your Android app project, you can use AirWatch information such as enrollment or compromised status to add a layer of security and business logic however you see fit within your application.

The Android SDK has two primary components or libraries:

  1. Client SDK - The client SDK is a lightweight library for retrieving basic management and device information such as compromised status, environment info, and user information.
  2. AWFramework - The AWFramework is a heavier library for more advanced SDK functionality such as application proxy and tunneling, integrated authentication, and encryption functions.

In this lab, we are not going into specifics of each of the components. Rather, this is a walkthrough of how to setup AirWatch Android SDK and deploy the SDK enhanced app to a managed device and validate the SDK integration.


 

Requirements

Before integrating AirWatch SDK into an app, let us discuss the prerequisites.

  1. Device Operating System - Android 4.0+ / Ice Cream Sandwich / APILevel14+
  2. IDE - Android Studio with the Gradle Android Build System (Gradle) v1.3.0+
  3. AirWatch Anchor App - AirWatch Agent v5.3+ for Android. The anchor app facilitates communication between the Enterprise Android App and the AirWatch environment.

 

Connect to Windows 10 VM


We have provided you a Windows 10 VM to complete the necessary steps for this lab. Let's connect to it to complete the steps in the following section.


 

Connect to the Windows 10 VM

 

Double-click the Win10-01a.rdp shortcut on the lab desktop.

If prompted, the login credentials for the Windows 10 VM are:

 

Explore AirWatch SDK for Android using Android Studio


This section will give an overview of the Android SDK for Android and walkthrough the process of building the sample project provided in Android Studio.


 

Whitelisting the Signing Key in AirWatch

The AirWatch SDK for Android offers feature enhancements for apps deployed as Internal apps as well as Public Apps deployed via Play Store. However, for the SDK function calls to work, you must ensure your application signing key is whitelisted with the AirWatch environment. Depending upon the mode of app deployment, the process changes slightly.

 

 

Integrate AirWatch SDK for Android into the Sample App

In this section, we will setup the Android SDK Sample app to use AirWatch Android SDK. We will use Android Studio as Integrated Development Environment (IDE) to include the SDK libraries into the sample app project. After that, we will build, sign, and export the APK to upload into the AirWatch admin console.

 

Login to the Workspace ONE UEM Console


To perform most of the lab you will need to login to the Workspace ONE UEM Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the Workspace ONE UEM Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your Workspace ONE UEM Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter VMware1! for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the Workspace ONE UEM Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter VMware1! in the Password Recovery Answer field.
  4. Enter VMware1! in the Confirm Password Recovery Answer field.
  5. Enter 1234 in the Security PIN field.
  6. Enter 1234 in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the Workspace ONE UEM Console Highlights pop-up.

  1. Click on the Don't show this message on login check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

VMware AirWatch Console configuration for the SDK Sample App


In this section, we will modify the default SDK profile and assign it to the sample app. If we have more than one set of configurations then we can create custom SDK profiles and assign them individually. However, to limit the scope of this lab, we are going to change only the default profile.

The profile payloads that we are targeting for this lab are, Authentication, Custom Settings and AirWatch App Tunnel. We will examine how these payloads take effect in the app by sending the configuration over the air. We will discuss each payload and the use case in the individual steps.


 

Configure the Default SDK Profile in the AirWatch Console

 

  1. Click on Apps & Books.
  2. Click on All Apps & Books Settings.

 

 

Configure the SDK Sample App in the AirWatch Console

Now we should have a SDK profile ready to be applied to the app. In this section, we will upload the app, assign the SDK profile we just configured and then setup the deployment option.

 

Enroll an Android Device



 

Enrolling an Android Device with the Basic Account

In this chapter you will be enrolling an Android device to install the SDK Sample App and validate the functionality.

NOTE - The device screenshots may differ slightly based on the device model you are using for the lab.

 

Explore AirWatch SDK on the enrolled device


In this section we are going to install the SDK Sample app on the device and explore the SDK functionalities related to the payloads we configured.

NOTE - This article uses device screenshots from a Nexus 5 device. However, they might differ slightly based on the device you are using for this lab.


 

Launch the SDK Sample App

 

Tap the AirWatch SDK Sample App to launch it.

 

 

Allow the prompt

 

The SDK sample app is targeting multiple features so you might see different prompts requesting access on the test device. Please go ahead and ALLOW all the prompts as they show up.

 

 

Enter Basic User Credentials (If Necessary)

 

If prompted, enter the Username and Password for the AirWatch Basic User account:

  1. Enter "testuser" for the Username.
  2. Enter "VMware1!" for the Password.
  3. Tap Login.

 

 

Review the Passcode Restrictions

 

  1. Click the Information button by the New Passcode field.
  2. Confirm that the Passcode Restrictions popup confirms the passcode restrictions that were configured earlier.
  3. Click Dismiss.

 

 

Validate Authentication

 

Notice how the application presents an authentication screen upon launch. As per the authentication configuration defined in the SDK profile, we have to setup a 6 character long passcode meeting the complexity requirements. This passcode will be required after the authentication timeout is expired to access the app data and app functionality so that it is secured during the idle period.

  1. Setup a passcode which meet the requirements (e.g. 112233).
  2. Confirm the passcode in the next text field.
  3. Tap Submit to set the passcode.

You will receive a toast notification confirming that Passcode has been set successfully.

 

 

Launch Client SDK

 

AirWatch SDK sample app is primarily composed of two sections:

Now we are going to validate the custom settings that we pushed as a payload from the custom settings. Custom settings is part of AirWatch Client SDK.

Click to select AIRWATCH CLIENT SDK.

 

 

Validate Custom Settings

 

  1. Select the option SDK Manager APIs.
  2. Scroll down until you are at the section Custom Settings. Validate that we are seeing the hardcoded value for URL as http://internal.airwlab.com and lookup field {EnrollmentUser} has been replaced by the actual value of enrollment user which is testuser.
    NOTE - In the sample app, we are just displaying the values of the custom settings that we received from the console. In a real world scenario, the developer can assign these values to variables and use them however they like.)
  3. Click on Back button twice until you return to the Home screen.

 

 

Launch AirWatch Framework

 

In this section, we are going to hit an internal splash page from a basic web view within the app. If you navigate to this URL outside the sample app, the splash page will not load. But since we are assigning the AirWatch Tunnel payload to the sample app, it could use it to proxy the traffic to the whitelisted URLs (in this case, the domain is *.airwlab.com).

AirWatch Tunnel is a part of advanced SDK kit, AirWatch Framework.

Click to select AIRWATCH FRAMEWORK.

 

 

Validate AirWatch Tunnel

 

  1. Scroll down to select Proxy Tunneling AWWebView/ Http/URL/OKHTTP.
  2. Click on Web View.
  3. Enter the URL in the text field as "http://internal.airwlab.com"
    NOTE - instead of entering the URL manually, we could have used the custom setting value that we pushed down from the last step, as an example.
  4. Click Go.
  5. Notice the splash page, which is not accessible outside this application, if we hit the same URL from a browser or any other app.

 

Conclusion


In this lab, we went through how to integrate AirWatch Android SDK using Android Studio. Then we configured the SDK profile to carry certain payloads and validate those on a managed device using the sample app. The basic SDK functionality is included in AirWatch Client SDK and advanced features are bundled in AirWatch Framework.


Module 5 - Jenkins Continuous Integration Plugin for AirWatch (45 minutes)

Introduction


Jenkins is an open source continuous integration solution that you can integrate with AirWatch to help manage lifecycle of internal applications. You can now have complete control over different phases of your app deployment, right from application build, testing to application release and retirement of old versions. By automating this end-to-end flow, your application testers and end users will have access to the latest app features and fixes keeping all the AirWatch Mobile Application Management (MAM) enhancements intact without any AirWatch admin activities involved.

In this lab, we will:

  1. Add VMware AirWatch App Deployment Plugin to Jenkins build server.
  2. Configure the plugin to integrate Jenkins build server with AirWatch for lifecycle management of internal apps.
  3. Enroll an iOS device to test the plugin functionality.
  4. Test the plugin to update the internal app and validate that on the enrolled device.
  5. Test the plugin to delete an old build from AirWatch.
  6. Learn more about the current version of the plugin.

Connect to Windows 10 VM


We have provided you a Windows 10 VM to complete the necessary steps for this lab. Let's connect to it to complete the steps in the following section.


 

Connect to the Windows 10 VM

 

Double-click the Win10-01a.rdp shortcut on the lab desktop.

If prompted, the login credentials for the Windows 10 VM are:

 

Add AirWatch App deployment plugin to Jenkins


In this section, we are going to add the AirWatch App Deployment plugin to our Jenkins server. This plugin is hosted on AirWatch Resource portal under the section Developer Tools and anyone with a valid myAirWatch ID can download this plugin. In order to limit the scope for this lab, we have already downloaded this plugin for you.

 


 

Open Chrome Browser

 

Double click on Google Chrome icon on the desktop to launch.

 

 

Navigate to Jenkins

 

  1. As you launch Chrome, you will see the default home page as AirWatch admin console URL. Click to open a new tab.
  2. Select the bookmark Jenkins.
  3. Enter user as "jenkinsadmin".
  4. Enter password as "VMware1!".
  5. Click on log in.

 

 

Navigate to Manage Plugins

 

  1. Click Manage Jenkins.
  2. Click Manage Plugins.

 

 

Plugin Manager Advanced Settings

 

Click the Advanced tab.

NOTE - If you see any prompts for updates available for plugin, then ignore them for this lab.

 

 

Navigate to the Upload Plugin Section

 

  1. Scroll down until you see the section Upload Plugin.
  2. Click on Choose File.

 

 

Select Jenkins Plugin File

 

  1. Click on Documents.
  2. Click on HOL.
  3. Select the Jenkins folder.
  4. Select the file JenkinsAirWatch.hpi.
  5. Click Open.

 

 

Upload Jenkins Plugin File

 

  1. Ensure that you have selected JenkinsAirWatch.hpi
  2. Click on Upload.

 

 

Install Plugin and Restart Jenkins

 

NOTE - The plugin may take a minute or two to install, please wait until the installation process has finished before continuing.

  1. Click to ENABLE AUTO REFRESH if not enabled already.
  2. Check the box to Restart Jenkins.  
  3. After successful installation of the plugin, you should see a Success status for seamlessdeploymentofairwatchapp.

Please wait while the Restarting Jenkins task begins.  This should take less than a minute.

 

 

Wait While Jenkins Restarts

 

Once the Restart task has been started, your browser will refresh and you will see a restarting screen while this processes.  Please wait while Jenkins restarts, you will be automatically taken back to the Jenkins login page once this completes.

 

 

Login to Jenkins After the Restart

 

Login using same credentials as before:

  1. Enter user as "jenkinsadmin".
  2. Enter password as "VMware1!".
  3. Click on log in.

 

 

Return to the Manage Plugins Page

 

Click on Manage Plugins.

 

 

Enable the Plugin

 

  1. Click the Installed tab.
  2. Click the checkbox under the Enabled column for the AirWatch Jenkins Plugin for App Deployment.

 

 

Restart Jenkins After Enabling the Plugin

 

  1. Scroll down to the bottom of the Installed section.
  2. Click Restart Once No Jobs Are Running.

 

 

Wait While Jenkins Prepares to Shutdown

 

You will see a status bar update that states Jenkins is going to shut down.  Please wait while Jenkins finalizes any jobs and shuts down, you will not need to take any further actions at this time.

NOTE - This task should complete within a minute.

 

 

Wait While Jenkins Restarts

 

Please wait while Jenkins restarts, you will be automatically taken back to the Jenkins login page once this completes.

 

 

Login to Jenkins After the Restart

 

Login using same credentials as before:

  1. Enter user as "jenkinsadmin".
  2. Enter password as "VMware1!".
  3. Click on log in.

 

Login to the Workspace ONE UEM Console


To perform most of the lab you will need to login to the Workspace ONE UEM Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the Workspace ONE UEM Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your Workspace ONE UEM Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter VMware1! for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the Workspace ONE UEM Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter VMware1! in the Password Recovery Answer field.
  4. Enter VMware1! in the Confirm Password Recovery Answer field.
  5. Enter 1234 in the Security PIN field.
  6. Enter 1234 in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the Workspace ONE UEM Console Highlights pop-up.

  1. Click on the Don't show this message on login check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

Download AppLifecycle Apps


In this section, we are going to download AppLifecycle Apps that we will be using as Internal apps for this lab.


 

Download AppLifecycle 101

 

  1. Open a new tab in Chrome Browser.
  2. Enter the following URL https://hol.awmdm.com/MyDevice/s/2239/be759588-38d0-4ad4-949e-88a1f4398f4b and hit Enter
  3. Validate that you have downloaded Applifecycle_101.ipa

 

 

Download AppLifecycle 102

 

  1. Open a new tab in Chrome Browser.
  2. Enter the following URL https://hol.awmdm.com/MyDevice/s/2239/86896741-33e4-43fd-a843-6225742f002c and hit Enter
  3. Validate that you have downloaded Applifecycle_102.ipa

 

iOS Device Enrollment


In this section, we are going to enroll an iOS device to complete the steps on the device side.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

 

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter hol.awmdm.com for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password for the basic user account.

  1. Enter testuser in the Username field.
  2. Enter VMware1! in the Password field.
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Allow Website to Open Settings (IF NEEDED)

 

If you prompted to allow the website to open Settings to show you a configuration profile, tap Allow.

NOTE - If you do not see this prompt, ignore this and continue to the next step.  This prompt will only occur for iOS Devices on iOS 10.3.3 or later

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

Configure Plugin to integrate with AirWatch


VMware AirWatch App Deployment plugin for Jenkins is relevant in the Post-Build action of your Jenkins Job. Since it is independent of your source code management and build configurations, it is very easy to incorporate this plugin into your existing as well as new projects. In conjunction with other Jenkins plugins such as Source Code management and build plugins, it can be a fully automated end-to-end app lifecycle management tool.

In this section, we are going to configure the plugin using values from AirWatch console. We are going to create a new freestyle project and add the plugin as a post deployment action.


 

Create a new job

 

  1. Click on the tab to switch to Jenkins.
  2. Click the Jenkins link to return to the Dashboard.
  3. Click on the hyperlink create new jobs.

NOTE - If you are prompted to login due to a timeout, the username is "jenkinsadmin" and the password is "VMware1!"

 

 

Enter name for the project

 

  1. Enter the project name as AW Jenkins Test
  2. Select type as Freestyle project
  3. Click OK

 

 

Configure Post-build Actions

 

To limit the scope of this lab, we are going to dive straight into configuring Post-build actions to demonstrate VMware AirWatch App Deployment plugin for Jenkins.

Click on Post-build Actions.

 

 

Add Plugin as the Post-build Action

 

  1. Click on Add post-build action.
  2. Select AirWatch Jenkins Plugin for App Deployment.

 

 

Configure AirWatch Server URL

 

NOTE - You may need to scroll up to view the AirWatch Server URL field.

This is nothing but the API server URL of the AirWatch instance that we are working with. Since for this lab setup, we have API server hosted on the same server as the console server, it has the same URL. Enter AirWatch Server URL as "hol.awmdm.com".

NOTE - Do not enter http or https before the URL. Ensure that you do not have any spaces in the URL.

 

 

Enter the File Path and Application Name

 

  1. Complete the File Path as C:\Users\holuser\Downloads\AppLifecycle_101.ipa
  2. Enter Application Name as "App Lifecycle"

 

 

Find REST API Key and Group ID from the AirWatch Console

 

For the next items in Jenkins, we will need to retrieve the REST API Key and your Group ID from the AirWatch Console.  Return to the AirWatch Console tab in your browser.

 

 

Finding your Group ID

 

The first step is to make sure you know what your Organization Group ID is.  

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

Remember or copy your Group ID and return to the Jenkins tab.

 

 

Enter Organization Group ID and Remaining Fields

 

Back in Jenkins, configure the remaining fields:

  1. Enter Organization Group ID as the Group ID you copied from the previous step.
  2. Enter Smart Group Name as "All Devices"
  3. Set Push Mode to Auto
  4. Enter Bundle ID as "com.seinternal.applifecycle"
  5. Click Save

 

Run the Plugin


In the last article, we configured the plugin to integrate with AirWatch admin console. We will now run the job to see the plugin in action. We will first upload version 1.0.1 to the console and install it on the enrolled iOS device. After that, we will upload a new version 1.0.2, while deleting the old version (1.0.1). We will validate this update on our enrolled device.


 

Build the app

 

  1. Click on Build Now
  2. The job may take a few minutes to complete.  After the job is completed you should see a Blue status, indicating success.
    NOTE - The page will auto refresh while you are waiting for the job to complete, so no need to manually refresh.  Please wait while the build finishes.

 

 

Validate the app upload on AirWatch console

 

  1. Click on the AirWatch tab to open the console.
  2. Click on Apps & Books.
  3. Expand Applications.
  4. Click on List View
  5. Click on Internal.
  6. Validate that you are now seeing the application App Lifecycle with version as 1.0.1

 

 

Install the internal app on your enrolled device

 

  1. Depending on if your device is supervised or not, you will get an App Installation prompt for the app App Lifecycle.
  2. Click on Install
  3. Confirm that the app is installed on the enrolled device.

 

 

Enable the App Catalog

To validate that we are receiving the correct AppLifecycle version on our iOS devices, we are going to enable the App Catalog in the AirWatch Console.

 

 

Confirm the app version from catalog

We will now use the App Catalog we published to our iOS Device to confirm the AppLifecycle app version is correct.

 

 

Run the plugin to update the internal app

 

  1. Click on the tab to switch to Jenkins dashboard.
  2. Click on Configure.

 

 

Upload the new version and delete the old version

 

In this step, we will run the same Jenkins job again but targeting the version 1.0.2 of the same app. This will update the existing app in the console from version 1.0.1 and 1.0.2. At the same time, we will delete the previous version (1.0.1) in the same step. So, in one run, we are not only updating the app on the device but also retiring the old versions which are no longer needed.

NOTE - Retiring / deleting previous versions is an optional step. You can still update the app to a new version, while keeping the old versions in the console.

  1. Click on Post-build Actions.
  2. Change the File Path - change only the file name in the end from AppLifecycle_101.ipa to AppLifecycle_102.ipa.
  3. Click on Get Available Version(s)
  4. Ensure that you see version 1.0.1 in Delete Previous Versions.  If it does not display, enter "1.0.1" for this field.
  5. Click Save

 

 

Run the job version 1.0.2

 

Click on Build Now.  Confirm that Build #2 under Build History completes.

 

 

Validate in AirWatch Console

 

  1. Click on the AirWatch console tab to switch.
  2. Click Apps & Books.
  3. Expand Applications.
  4. Click List View.
  5. Click the Internal tab.
  6. Validate that you now see the version 1.0.2 for App LIfecycle.

 

 

Validate on the device

 

The app might update too quickly to notice but as soon as the upgrade is completed, you will see a blue dot before the name, indicating that the app is just updated to a new version.

 

 

Confirm the app version from catalog

We will now use the App Catalog we published to our iOS Device to confirm the AppLifecycle app version is correct.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from Workspace ONE UEM.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch Agent application from the device as this was downloaded manually before Workspace ONE UEM had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the Workspace ONE UEM Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and VMware1! as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console (1234).

  1. Enter 1234 for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  

    NOTE - If 1234 does not work, then you provided a different Security PIN when you first logged into the Workspace ONE UEM Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the Workspace ONE UEM services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through Workspace ONE UEM should have been removed from the device.

NOTE - The applications and settings pushed through Workspace ONE UEM should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the Verify the Un-Enrollment step to confirm the successful un-enrollment of the device.

 

Additional Reading



 

Integrate with Jenkins in Master-Slave Configuration

In this configuration, a master node serves as the central controller, and assigns build jobs to the slave node(s). If using a master-slave configuration for Jenkins, the VMware AirWatch plugin requires the Copy-To-Slave plugin to work. The Copy-To-Slave plugin copies the builds from slave(s) to the master, and then you can use the VMware AirWatch plugin to deliver new builds.

 

 

Limitations with the current version of the Plugin

 

 

Plugin for other Continuous Integration solutions

The plugin discussed in this lab was designed for Jenkins. However, to get support for a different continuous integration solution, you can always build a custom plugin. The VMware AirWatch plugin for Jenkins is composed of certain VMware AirWatch REST APIs called in a specific order:

 

 

Conclusion


VMware AirWatch Plugin for Jenkins can be used with your existing Jenkins setup (Standalone or Master-Slave mode) to deploy and manage Internal applications via AirWatch. You can use AirWatch REST APIs to build customized plugin for other Continuous Integration solutions. Along with other source code management and build plugins, you can build a fully automated, end-to-end App Lifecycle Management solution.


Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1857-05-UEM

Version: 20180822-174718