Skip to main content

Mobile Device Management workflow

Security for Mobile Devices prerequisites

To manage mobile devices from GravityZone Control Center, a series of conditions must be satisfied.

Mobile Device Management components

  1. GravityZone

    • Control Center. A web-based dashboard and unified management console that provides full visibility into organization's overall security posture, global security threats, and control over its security services.

    • Endpoint Communication Server and Endpoint Events Processing Server. GravityZone roles that handle communication with managed mobile devices. Communication with iOS devices is performed via a dedicated plugin called MDM Server.

    • GravityZone Mobile Client, exclusively distributed via Apple App Store and Google Play.

  2. Mobile Device Notification Services

    • Firebase Cloud Messaging (FCM) service for Android devices.

    • Apple Push Notification Service (APNs) for iOS devices.

  3. Mobile Devices

    • Android devices.

    • iOS devices.

Communication workflow

The following diagram describes the communication flow between Control Center and managed mobile devices:

6904_1.png

Push notifications are synchronization requests used to prompt devices to connect to GravityZone communication server appliance to get policy updates and tasks. Push notifications do not include the policy update or task; they only inform the device that it must connect to GravityZone Control Center.

Normally, the synchronization of mobile devices with the communication server appliance is done automatically through the Push Notifications mechanism. The user can also manually synchronize the mobile device with Communication / MDM Server by tapping the Synchronize button in GravityZone Mobile Client.

If your company uses a firewall that restricts internet traffic, you will need to open the required ports to allow connectivity to Google / Apple notification services.

GravityZone Mobile Client can also start the synchronization with the communication server appliance (without receiving any Push Notification) to communicate significant changes or events, in the following situations:

  • Manual profile change

  • Device administrator change

  • Accessing webpages blacklisted by policy (web security alert)

  • Lock screen password required by policy not changed on due date

  • Malware not removed after one hour

  • USB debugging status change

  • Manual scan results

Communication workflow for Android devices

Communication workflow for Android devices

  1. A task or policy update is sent from Control Center to the mobile device.

  2. The communication server appliance sends a push notification to the device via Firebase Cloud Messaging service.

  3. When the notification arrives, the Android system informs GravityZone Mobile Client to synchronize with the communication server appliance.

    • GravityZone Mobile Client is not required to run to receive push notifications. The Android system wakes up GravityZone Mobile Client as soon as the notification arrives.

    • If the device is offline, it will receive notifications from FCM as soon as it gets back online.

  4. GravityZone Mobile Client connects to the communication server appliance to receive data.

  5. The device sends the task status to the communication server appliance.

  6. The task status is updated in Control Center. Any encountered errors are displayed in the task status.

Any change affecting the device compliance is immediately detected and sent to the communication server appliance by GravityZone Mobile Client. If the device is offline, GravityZone Mobile Client retries every minute to send the compliance changes information to communication server appliance until the device gets back online.

In addition to synchronizations triggered by push notifications, Mobile Client automatically synchronizes with the communication server appliance every 3 hours. The automatic synchronization ensures all tasks and policy updates get applied even if some push notifications are lost.

Communication workflow for iOS Devices

Communication workflow for iOS Devices

  1. A task or policy update is sent from Control Center to the mobile device

  2. MDM server sends a push notification to the device via Apple Push Notification service.

  3. When the notification arrives, iOS is asked to synchronize with MDM Server.

    • GravityZone Mobile Client is not required to run to receive push notifications.

    • If the device is offline, it will receive notifications from Apple Push Notification service as soon as it gets back online.

  4. The device's operating system (iOS) connects to MDM server to receive data.

  5. The device sends the task status to MDM Server.

  6. The task status is updated in Control Center. Any encountered errors are displayed in the task status.

Note

In addition to synchronization requests following a task or policy update in Control Center, MDM server also sends synchronization requests automatically every three hours. The automatic synchronization ensures all tasks and policy updates get applied even if some push notifications are lost. Moreover, the periodic communication is used to perform password validity checks and application auditing (a future new functionality).

In this section: