AEDO enrollment and management in an offline/firewalled environment.

AEDO enrollment and management in an offline/firewalled environment.

I'm fairly certain I already know the answer (no) but is there any way to bind a Managed Enterprise and utilize AEDO management in an On Premise SOTI instance if the SOTI server has no external network access? 

2 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 18 January 2019

Very likely impossible for 100% offline server. 

 

Though I haven't performed a thorough test, I believe it should be possible for normally offline server that can at least be temporarily online (for a few minutes say per device) with firewall allowing communication with Google server during device enrollment, MGA account creation, etc.   Some policies (e.g. feature control)  are quite static , especially for COSU use cases, and can have policies deployed right after device enrollment and enforced by device agent for months without needing the server online.    Dynamically managing policies, especially those related to app deployment from Managed Google Play store, likely becomes very limited or even impossible when the server resumes its normally offline state.  

 

Also, if Mobicontrol needs Firebase Cloud Messaging (FCM) to deploy some policies or device actions, then I believe maybe contolability can remain quite good if the server firewall can allow exception for FCM related traffic to Google's servers rather than enforcing a totally offline server.

 

Hopefully, experts from Soti in the know of their actual implementation can clarify whether my guesses above are correct or not.

 

 

  • 0
  • 0
Wayne Wang | posted this 20 January 2019

I am not 100% sure the followings, please test and confirm with SOTI.

From what i understand, Google play services are not compulsory for SOTI Android Enterprise agent enrollment.

For example, there is no Google services in China, but the Chinese companies are still able to manage the AEDO devices via SOTI.

The devices enrolled to SOTI via NFC will try to download the agent from Google Play store.

The devices enrolled to SOTI via QRcode will try to download the agent directly from SOTI OEM page.

There is a chance that you can manage the devices via Android Enterprise agent without the Google Play service connection.

Instead of opening the connections to all the google services, all you need to do is open the connection to SOTI OEM page.

Hope this information helps.

  • 1
  • 0

Give us your feedback
Give us your feedback
Feedback