Configuring CIFS content site for Android Enterprise mode with Core

Common Internet File System (CIFS) allows administrators to access group shared folders located on different servers by transparently connecting them to one or more CIFS name spaces. New Components in the JSON file:

  • Sentry hostname
  • Sentry port
  • Domain pattern
  • Sentry service

Configuring SCEP Identity Certificate and Sentry Profile

To configure SCEP Identity Certificate and Sentry Profile on Core perform the following steps:

  1. In Core, go to Services > Local CA tab > Add Generate self-signed cert. See, Generating a self-signed certificate section in the Core Device Management Guide for Android and Android Enterprise Devices guide.

Configuring AppTunnel Rules in Sentry on Core

Before you configure CIFS in Android Enterprise mode, you need to configure AppTunnel rule in Sentry:

1. In the Admin Portal, go to Services > Sentry.
2. Edit the entry for the Standalone Sentry that supports AppTunnel.
3. Select the Enable AppTunnel option in the edit Standalone Sentry window.
4. In the AppTunnel Configuration section:

Select CIFS_ANY in the service name.

Select pass through and Kerberos from the drop-down menu.

Configuring CIFS content site on Core

1. In the Core Admin Portal, go to Apps > Add +.
2. Select Google Play and import the [email protected] app from Google Play store.

After completing the import in the [email protected], configure the app restrictions.

3. Select App catalog> edit> configuration choices:
  • Enter the Device UUID value as $DEVICE_UUID$.
  • Enter the User ID value as $USERID$.
  • Enter Group Site Configuration, for example CIFS group site configuration:

Configuration

JSON

For Basic Authentication

[{"auth":"","domain":"CIFS","name":"CIFS-Site","priority":"false","subDomain":"NetworkDrive","url":"https://cifs.company.com:445","webView":"false"}]

For Kerberos Authentication

[{"auth":"NoAuthn","domain":"CIFS","name":"CIFS-Site","priority":"false","subDomain":"NetworkDrive","url":"https://cifs.company.com:445","webView":"false"}]

  • Enter AppTunnel rules in JSON array format, for example:

[{"sentryHostName":"https://sentry.company.com", "sentryPort":"443",

"sentryService":"CIFS_1", "domainPattern":["cifs.company.com"]},

{"sentryHostName":"https://sentry.company.com", "sentryPort":"443",

"sentryService":"SERV_2", "domainPattern":["sharepoint.company.com"]}]

where;

sentryHostName: Standalone Sentry URL that you want to tunnel the sites URL listed in group site.

sentryPort: Sentry Tunnel port. Use port 443.

domainPattern:Content server's hostname. For example: finance.yourcomany.com or hostname with wildcards. The wildcard character is *. For example: *.yourcompany.com.

sentryService: The service name is used in the [email protected] configuration for setting up tunnelling to the content repository.

Identity_certificate: For Android AppConnect, drop - down is auto populated with SCEP Identity created while configuring sentry profile. For example: NEW_SCEP

For Android Enterprise, enter the following in the Identity Certificate text field:

$CERT_ALIAS:NEW_SCEP$.

4. Click Save.

Configuring digital signatures for PDF files in Core

1. In the Core Admin Portal, go to Apps > Add +.
2. Select Google Play and import the [email protected] app from Google Play store. After completing the import in the [email protected], configure the app restrictions.
3. In app restrictions options, for signing certificate:
  • Enter Signing Certificate alias, for example: $CERT_ALIAS:LOCAL$ This is the certificate alias set up in the Core.

Where;

$CERT_ALIAS:$; Is the Certificate Enrollment setting configured in the Core user interface for the devices. For example: $CERT_ALIAS:scepIdentityCert$, where;

scepIdentityCert is the name of the SCEP configured in Core.

4. Click Save.