You are on page 1of 316

Administration Reference

Afaria 7
DOCUMENT ID: DC-AR-7-00-00
LAST REVISED: March 2012
Copyright 2012 by Sybase, Inc. All rights reserved.
This publication pertains to Sybase software and to any subsequent release until otherwise indicated in new editions or
technical notes. Information in this document is subject to change without notice. The software described herein is furnished
under a license agreement, and it may be used or copied only in accordance with the terms of that agreement.
Upgrades are provided only at regularly scheduled software release dates. No part of this publication may be reproduced,
transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without the prior
written permission of Sybase, Inc.
Sybase trademarks can be viewed at the Sybase trademarks page at http://www.sybase.com/detail?id=1011207. Sybase and
the marks listed are trademarks of Sybase, Inc. A indicates registration in the United States of America.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP AG in Germany and in several other countries all over the world.
Java and all Java-based marks are trademarks or registered trademarks of Oracle and/or its affiliates in the U.S. and other
countries.
Unicode and the Unicode Logo are registered trademarks of Unicode, Inc.
All other company and product names used herein may be trademarks or registered trademarks of the respective companies
with which they are associated.
Use, duplication, or disclosure by the government is subject to the restrictions set forth in subparagraph (c)(1)(ii) of DFARS
52.227-7013 for the DOD and as set forth in FAR 52.227-19(a)-(d) for civilian agencies.
Sybase, Inc., One Sybase Drive, Dublin, CA 94568
Contents
Administrator Assumptions .................................................1
Afaria Technical Support ......................................................3
Sybase Social Media Channels ............................................5
Afaria Device Management ...................................................7
Access Control for Email ...............................................8
Device Activity Collection ................................................8
Application Onboarding ..................................................9
Viewing Licensing ...........................................................9
Enrolling Devices in Management ....................................11
Enrollment Policies .......................................................11
Enrollment Codes .........................................................11
Afaria Self-Service Portal ..............................................12
Device Enrollment with Enrollment Codes ....................12
Device Enrollment with Self-Service Portal ..................13
Afaria Self-Service Portal Address ...............................13
Device Enrollment with Custom Installations ................14
Afaria Application Source and Enrollment Options .......15
Device Reenrollment ....................................................16
Android Devices ............................................................16
Android Management Life Cycle ..........................16
Enrolling Android Devices in Management ..........17
Enrollment Actions for Android Devices ...............17
E-Mail User Name Formats for Android Devices
.........................................................................18
Removing Afaria from Android Devices ...............18
iOS Devices ..................................................................18
iOS Management Life Cycle ................................18
Enrolling iOS Devices in Management ................19
Enrollment Actions for iOS Devices .....................19
Resetting Afaria User Credentials on an iOS
Device ..............................................................20

Administration Reference iii


Contents

iOS Device Data Elements as Variables in


Policies ............................................................20
BlackBerry Devices .......................................................22
BlackBerry Management Life Cycle .....................22
Enrolling BlackBerry Devices in Afaria
Management ...................................................22
Installation Considerations for BlackBerry
Devices ............................................................23
Starting the Afaria BlackBerry Application ...........24
Updating the Afaria BlackBerry Application .........24
Windows Mobile Devices ..............................................24
Windows Mobile Device Management Life Cycle
.........................................................................24
Enrolling Windows Mobile Devices in Afaria
Management ...................................................25
Enrolling Windows CE Devices in Afaria
Management ...................................................25
Download Type Requirements for Windows
Mobile ..............................................................26
Starting the Afaria Windows Mobile Application
.........................................................................26
Updating the Afaria Windows Mobile Application
.........................................................................26
Windows Devices ..........................................................26
Windows Device Management Life Cycle ............26
Enrolling Windows Computers in Afaria
Management ...................................................27
Installing Afaria on Windows Computers .............27
Starting the Afaria Windows Application ..............27
Updating the Afaria Windows Application ............27
Update Considerations for Windows Devices ......27
Windows OS Variations and Afaria Operations . . .28
Windows Browser Sessions ................................30
Approving and Unapproving a Device for Afaria
Management ............................................................30

iv Afaria
Contents

Device ...................................................................................31
Viewing the Device List in the Default View ..................31
Viewing the Device List in a Non-default View ..............31
Viewing the Device Dashboard .....................................31
Creating Custom Device Views .................................... 32
Device Activity Collection ..............................................32
Viewing the Device Activity List in the Default
View .................................................................33
Viewing the Device Activity List in the Non-
default View .....................................................33
Device Activity Views ...........................................33
Creating Custom Device Activity Views ...............34
Subscriber Data Collected by Device Type ..........35
Device Activity Calls by Device Type ...................37
Device Activity Details Connections by Device
Type .................................................................37
Device Activity Messages by Device Type ...........39
Removing Device Activity Data for a Subscriber
.........................................................................39
Displaying Device Location on Map .....................40
Latitude and Longitude Definitions ...................... 40
Searching for Devices ...................................................40
Inspecting a Device ...................................................... 41
Viewing the Device Summary ..............................41
Afaria Hardware Inventory Data Collection ..........41
Hardware Inventory for iOS Devices ....................42
Editing a Device ............................................................44
Editing an Android Device ................................... 44
Editing a BlackBerry Device ................................ 45
Editing an iOS Device ..........................................45
Editing a Windows Mobile Device ........................47
Editing a Windows Device ................................... 47
Device Naming "Database Specific Value"
Considerations ................................................ 48
Moving a Device to Another Tenant ..............................48

Administration Reference v
Contents

Approving and Unapproving a Device for Afaria


Management ............................................................ 49
Modifying the Device Owner .........................................49
Deleting a Device or its Data from the Server ..............50
Performing Security Actions on Devices .......................50
Security Actions for Android Devices ...................50
Security Actions for BlackBerry Devices ..............51
Security Actions for iOS Devices .........................51
Security Actions for Windows Mobile Devices .....52
Connecting a Device to Apply Policies .........................52
Connecting a Device to Run a Channel ........................53
Viewing a Device's Group Links ...................................53
Linking a Static Group to a Device ...............................54
Unlinking a Static Group from a Device ........................54
Viewing a Device's Policy Links ....................................55
Importing a Corporate Device List ................................55
Corporate Device Import File Requirements ................56
Group ....................................................................................59
Group Types .................................................................59
Viewing the Group List ..................................................59
Viewing the Group Dashboard ......................................60
Creating and Editing a Group .......................................60
Creating a Static Group .......................................60
Linking a Device to a Static Group ......................60
Unlinking a Device from a Static Group ...............61
Creating a Dynamic Group ..................................61
Creating a User Group .........................................61
Creating a Composite Group ...............................62
Editing a Group ....................................................62
Deleting a Group ..................................................62
Inspecting a Group .......................................................62
Connecting a Group's Devices to Apply Policies ..........63
Connecting a Group's Devices to Run a Channel ........63
Viewing a Group's Policy Links .....................................63
Viewing a Group's Devices ...........................................64

vi Afaria
Contents

Linking a Policy to a Group ...........................................64


Unlinking a Policy from a Group ...................................65
Exporting a Group View ................................................65
Policy ....................................................................................67
Policy Types ..................................................................67
Viewing the Policy List ..................................................67
Viewing the Policy Dashboard ......................................68
Application Policies .......................................................68
App Store Application Policies for iOS Devices
.........................................................................68
Enterprise Application Policies for iOS Devices
.........................................................................70
Google Play Application Policies for Android
Devices ............................................................75
Enterprise Application Policies for Android
Devices ............................................................77
Configuration Policies ...................................................80
Configuration Policy User Interface Controls .......80
Creating a Configuration Policy for Android .........81
Creating a Configuration Policy for BlackBerry ....97
Creating a Configuration Policy for iOS ...............98
Creating a Configuration Policy for Windows .....102
Creating a Configuration Policy for Windows
Mobile ............................................................103
Afaria Hardware Inventory Data Collection ........122
Enrollment Policies ..................................................... 123
Creating an Enrollment Policy for Android ......... 123
Automatic Naming Data for Android Enrollment
Policies .......................................................... 125
Creating an Enrollment Policy for BlackBerry .... 125
Creating an Enrollment Policy for iOS ............... 127
Creating an Enrollment Policy for Windows CE
....................................................................... 128
Creating an Enrollment Policy for Windows
Mobile Professional ....................................... 130

Administration Reference vii


Contents

Creating an Enrollment Policy for Windows


Mobile Standard ............................................ 133
Creating an Enrollment Policy for Windows -
Vista, 2008, or 7 ............................................136
Creating an Enrollment Policy for Windows XP
or 2003 ..........................................................138
Device Naming "Database Specific Value"
Considerations ..............................................140
Security for Enrollment Policies .........................141
Session Policies ..........................................................141
Session Channel Reference Documentation .....141
Creating a Session Policy ..................................141
Editing a Policy ...........................................................142
Deleting a Policy .........................................................142
Inspecting a Policy ......................................................142
Publishing and Unpublishing Policies .........................143
Viewing a Policy's Group Links ...................................143
Viewing a Policy's Device Links ..................................144
Linking a Group to a Policy .........................................144
Unlinking a Group from a Policy .................................145
Exporting a Policy View ..............................................145
Application Onboarding ....................................................147
Data Provisioning for iOS and for Android ..................147
Compiling Applications for iOS and Android
Data Provisioning ..........................................147
Output Requirements for iOS and Android Data
Provisioning ...................................................147
Provisioning Data for iOS and Android
Applications ...................................................148
Data Provisioning for BlackBerry ................................148
Compiling Applications for BlackBerry Data
Provisioning ...................................................148
Output Requirements for BlackBerry Data
Provisioning ...................................................148

viii Afaria
Contents

Provisioning Configuration Data for a BlackBerry


Application .....................................................149
Certificate Provisioning for Android and for BlackBerry
................................................................................149
Compiling Applications for Android and
BlackBerry Certificate Provisioning ...............149
Output Requirements for Android or BlackBerry
Certificate Provisioning ..................................150
Certificate Provisioning for iOS ...................................150
Compiling Applications for iOS Certificate
Provisioning ...................................................150
Output Requirements for iOS Certificate
Provisioning ...................................................151
Server Configuration for Installation and Management
.........................................................................................153
Showing or Hiding Servers in the Server List .............154
Configuration for Tenants ............................................154
Adding a Tenant .................................................154
Disabling a Tenant .............................................155
Deleting a Tenant ...............................................155
Configuration for Schedules .......................................156
Editing a Schedule .............................................156
Enabling or Disabling Schedules .......................156
Running a Schedule on Demand .......................157
Configuration for Logging ...........................................157
Configuring Log Options ....................................157
Configuring Log Cleanup ...................................157
Configuring for Outbound Notifications .......................158
Configuration for Google C2DM for Android ...............158
Signing Up for Google Android C2DM Service . .158
Configuring C2DM on the Afaria Server ............159
Using Google Android C2DM Service in Afaria . 159
Configuration for iOS ..................................................160
Enabling or Disabling Schedules .......................160

Administration Reference ix
Contents

Adding Customized Branding to the App Store


Application .....................................................160
Configuring Access Control Policies ...........................165
Defining an Access Control Policy for Android . .165
Defining an Access Control Policy for iOS .........165
Defining an Access Control Policy for Windows
Mobile ............................................................166
Defining an Access Control Policy for Unknown
Devices ..........................................................167
Defining an Access Control Policy to Block or
Allow by Group ..............................................167
Access Control Policy Conflict Resolution .........168
Access Control Device List ................................168
Manually Adding a Device for Access Control ...168
Exchange Environment Unique Device ID Value
.......................................................................169
E-Mail User Name Formats for Android Devices
.......................................................................169
Changing a Device's Access Control Policy ......170
End-User Access Control Policy Notification .....170
Configuration for Device Activity Collection ................170
Preparing Devices for Activity Collection ...........170
Device Activity Collection Considerations ..........171
Device Activity Collection Frequency .................171
Starting Device Activity Collection .....................172
Stopping Device Activity Collection ...................172
Reprompting for Device Activity Enrollment .......172
Subscriber Data Collected by Device Type ........173
Removing Device Activity Data for a Subscriber
.......................................................................175
Device Activity Calls by Device Type .................175
Device Activity Details Connections by Device
Type ...............................................................176
Device Activity Messages by Device Type .........177
Configuring General Device Activity Settings ....178

x Afaria
Contents

Configuring Device Activity Settings for


Roaming ........................................................178
Configuring Device Activity Settings for Data
Views .............................................................179
Enabling Device Activity Cleanup ......................180
Customizing Device Activity Cleanup Schedule
.......................................................................180
Latitude and Longitude Definitions ....................180
Configuration for Alerts ...............................................181
Acknowledging an Alert .....................................181
Deleting an Alert ................................................181
Viewing Pending Alerts .....................................182
Creating an Alert Definition ................................182
Creating a Contact for Alerts .............................183
Configuring an Alert Response ..........................183
Viewing Defined Events .....................................183
Creating a New Event for Configuring an Alert . .184
Configuration for Session Policies ..............................184
Configuring Bandwidth Throttling .......................184
Configuring for File Compression ......................185
Configuring File Differencing .............................185
Configuring Failed Session Cleanup ..................186
Configuring Authentication and Assignments for
Sessions ........................................................186
Configuring User Defined Field ..........................187
Session Channel Reference .............................................189
Afaria Channel Administrator ......................................189
Create or Edit a Session Manager Channel ......189
Session Manager Channel Editor ......................190
Events View .......................................................191
Create a New Worklist or Sendlist for a Channel
.......................................................................191
Assign a Worklist or Sendlist to your Channel . . .192
Unassign Objects from your Channel ................193
Add Events to a Worklist or Sendlist ..................193

Administration Reference xi
Contents

Define Event Properties .....................................194


Import or Export Events .....................................199
Optimize Channel Sessions ...............................199
Session Manager Events ............................................201
Windows Clients and Afaria Events ........................... 201
Session Event Summary ............................................ 202
File/Disk Operations Events Summary .............. 202
Variable Events Summary ................................. 209
Session Control Events Summary ..................... 214
Miscellaneous Events Summary ........................215
Session Manager Event Detail .................................. 220
Append Channel Event ......................................220
Append File Event ............................................. 221
Check File Event ................................................222
Check Memory Event ........................................ 223
Check Speed Event ........................................... 224
Check Volume Event ..........................................224
Comment Event ................................................. 225
Copy File Event ..................................................225
Create Registry Key Event .................................227
Delete File Event ............................................... 227
Delete Registry Key Event ................................. 228
Delete Registry Value Event .............................. 229
Delete Variable File Event ..................................230
Directory Listing Event .......................................230
Disconnect Event ...............................................232
Else Event ..........................................................232
End If Event ....................................................... 233
End Impersonation Event .................................. 233
End Quota Event ............................................... 233
End Repeat Event ..............................................234
End Session Event ............................................ 234
End Work Object Event ..................................... 235
Execute Program Event ..................................... 236
File Status Event ................................................237

xii Afaria
Contents

Find File Event ...................................................238


Get Database Field Event ..................................239
Get File from Client Event ..................................240
Get Registry Value Event ...................................243
Get Script Variable Event ...................................243
If Event ...............................................................244
Impersonate User Event ....................................245
Increment Variable Event ...................................247
Insert Channel Event .........................................248
Insert Worklist Event ..........................................248
Load Script Event ..............................................249
Make Directory Event ........................................249
Message Event ..................................................250
Notify Program Event .........................................250
Quota Event .......................................................251
Raise Event Event .............................................252
Read Variable File Event ...................................253
Reboot Client at End of Session Event ..............254
Release Script Event .........................................255
Remove Directory Event ....................................255
Rename File Event ............................................256
Repeat Event .....................................................257
Run Script Function Event .................................258
Search Registry Event .......................................260
Send File to Client Event ...................................260
Set Bandwidth Throttling Config Event ..............263
Set Client Time Event ........................................264
Set Database Field Event ..................................264
Set File Attributes Event ....................................266
Set Registry Value Event ...................................267
Set Script Variable Event ...................................268
Set Variable Event .............................................269
Test Group Membership Event ..........................270
Test Variable Event ............................................271
Update Variable File Event ................................271

Administration Reference xiii


Contents

Wait for File to Exist Event .................................272


Session Manager Variables ........................................273
Predefined Session Variables ............................274
User-Defined Session Variables ........................283
Environment Variables .......................................284
Variable Modifiers ..............................................284
Work Object Execution Problems and Solutions ........285
Glossary .............................................................................289
Additional Copyright Information .....................................293
Index ................................................................................295

xiv Afaria
Administrator Assumptions

Administrator Assumptions
This guide is intended for the person operating and supporting an installed and configured
Afaria environment. You need administrator-level knowledge of the device types you plan to
support.

Administration Reference 1
Administrator Assumptions

2 Afaria
Afaria Technical Support

Afaria Technical Support


Sybase provides industry-leading support and a variety of downloads to help you get the most
out of your Sybase products and solutions.
For information about Sybase Customer Service and Support, visit www.sybase.com/
support.
If you have a technical support contract, you can locate your local technical support center at
www.sybase.com/contactus/support.
For Afaria customers with a maintenance agreement, visit METS at http://
frontline.sybase.com/support.

Administration Reference 3
Afaria Technical Support

4 Afaria
Sybase Social Media Channels

Sybase Social Media Channels


Sybase is active on a number of social media channels, such as Twitter, blogs, and YouTube.
Visit us online for our social media channels at www.sybase.com/resources/socialmedia.

Administration Reference 5
Sybase Social Media Channels

6 Afaria
Afaria Device Management

Afaria Device Management


Afaria is an enterprise tool for securing and managing corporate-owned and personally owned
user devices with your enterprise policies. Devices include phone and computing devices,
such as smartphones, tablets, and desktop or laptop computers.
Policies let you:
Provision and enroll devices in management
Define device settings
Secure devices and data
Collect inventory
Distribute software
Collect device activity data for managing expenses
Managing your devices with policies is the core of device management. Afaria uses policies
and groups to affect management on devices.

Figure 1: Afaria Policy-Group-Device Relationship

Administration Reference 7
Afaria Device Management

Policies linked to groups and manage devices.


Enrollment policies are applied to devices when they enroll in management. An
enrollment policy may define group links for an enrolling device.
Policies for other aspects of ongoing management are explicitly linked to groups.
Policies are implicitly linked to devices through their common relationship with
groups.
Groups linked to devices and policies. Groups are containers for devices. In Afaria, using
groups is similar to using groups and organizational units to simplify network resource
management in IT operations.
Groups are explicitly linked to devices. Define group-device links in an enrollment
policy, or after a device is enrolled.
A variety of group types are available. Define group links based on manual selection of
individual devices, dynamic selection of devices based on device attributes, and
dynamic selection of devices based on user groups for users who have devices. You can
also define a group that is a composite of multiple groups.
Groups are explicitly linked to policies.
Devices linked to groups and are managed by policies.
Devices are explicitly linked to groups either at enrollment time, if defined in an
enrollment policy, or later during management.
Devices are implicitly linked to policies through their common relationship with
groups.

Access Control for Email


Afaria Access Control for Email adds a layer of protection to your enterprise e-mail platforms
by filtering mobile device synchronization requests according to your access control policies.
Access control discards any synchronization requests that do not meet the policies you define
on the Afaria server and save on the Afaria database. Access control policies include the list of
known devices, their associated policies, and any defined polices for unknown devices.
In addition to mobile device synchronization requests, access control can prevent
synchronization requests initiated by alternate means, such as:
Web browser client
E-mail client installed on a companion PC
iAnywhere Mobile Office client

Device Activity Collection


Afaria Device Activity allows administrators to monitor and report on device activities on
enrolled devices, such as monitoring for activity that incurs expenses.
Depending on the device type, monitored activities include:

8 Afaria
Afaria Device Management

Cellular data
Wi-Fi data
Outgoing and incoming phone calls
Outgoing and incoming Short Message Service (SMS) and Multimedia Messaging
Service (MMS) messages
International roaming status and usage

Application Onboarding
For commercial or enterprise applications for iOS, Android, and BlackBerry devices, Afaria
can provision data and certificates to facilitate onboarding.
Data provisioning Afaria delivers application configuration data as needed, such as for
connectivity or operations.
Certificate provisioning Afaria delivers a certificate to a device as needed, such as for
user authentication.

Viewing Licensing
View licensing for devices, maximum concurrent sessions allowed, and when the server was
installed.
On the Server page, on the left toolbar, click Configuration > Server > License.

Administration Reference 9
Afaria Device Management

10 Afaria
Enrolling Devices in Management

Enrolling Devices in Management


Enrollment is adding unmanaged devices to Afaria device management. Enrollment is
complete when a device has connected to its Afaria and received policies.
Use enrollment policies, enrollment codes, Afaria applications, and the Afaria Self-Service
Portal to enroll devices. All users need to install an Afaria application. The availability and use
of the other enrollment tools varies by device type.

Enrollment Policies
Enrollment policies let you define provisioning details for devices that you plan to enroll in
Afaria management. Create enrollment policies for all device types.
Policies vary based on type. Policies can include, but are not limited to:
Enrollment codes
Custom client naming
Afaria connection address
Group assignments
Values for substitution variables, such as for user name or email address
Default channel
Signed or unsigned Afaria application

Enrollment Codes
Enrollment codes simplify connecting a device to Afaria for enrollment. Enrollment codes are
available for Android, BlackBerry, iOS, and Windows Mobile devices. Enrollment codes are
not available for Windows CE or Windows.
The codes are short codes that are easy for users to enter on the Afaria application on their
device. You can communicate enrollment codes to users directly or they can get an enrollment
code from the Afaria Self-Service Portal. The user interface and the provisioning details you
defined in the enrollment policy drives the rest of the interaction.
Create one or more enrollment codes when creating enrollment policies. Each code has its
own attributes for an optional expiration date, use with Self-Service Portal, and its enabled or
disabled state.

Administration Reference 11
Enrolling Devices in Management

Afaria Self-Service Portal


The Afaria Self-Service Portal is an optional server in the Afaria architecture. You can use it to
allow end-users to enroll their BlackBerry, Android, and Windows Mobile devices. It is not
available for Windows CE or Windows.
The portal includes:
Instructions for users guidance to step a user through getting the enrollment steps for
their device type.
Link to download the Afaria application link to download from Afaria or from a
commercial market, such as Google Play or Apple App Store.
Enrollment code gives user a code to enter into their device.
The implementation details vary by enrolling device type.
For ongoing management, enrolled Android and iOS device users can use the portal for
limited self-management, such as unlocking a locked device.

Device Enrollment with Enrollment Codes


For device types that support enrollment codes, and when you are not using an Afaria Self-
Service Portal, the end-users can open the Afaria application on their device and enter an
enrollment code to connect to Afaria and enroll in management.
Enrollment codes are supported on these device types:
Android
BlackBerry
iOS
Windows Mobile Professional
Windows Mobile Standard
After a user enters an enrollment code in the application, the application contacts a public
URL shortening service to get an expanded address, then connects to that address. The
expanded address is for connecting a device to an Afaria enrollment server, or its relay server
proxy, to enroll in management.

12 Afaria
Enrolling Devices in Management

Device Enrollment with Self-Service Portal


For device types that support using the Afaria Self-Service Portal, end-users visit the portal to
get the Afaria application and an enrollment code. Users then open the Afaria application and
enter an enrollment code to connect to Afaria and enroll in management.
The portal is supported for these device types:
Android
BlackBerry
iOS
Windows Mobile Professional
Windows Mobile Standard
The portal experience varies for end-users by device type:
Android, iOS access the portal with the enrolling device or a personal computer. Portal
includes a link to the appropriate commercial market for installing Afaria and provides an
enrollment code.
BlackBerry access the portal with the enrolling device or a personal computer. Portal
includes a link to install or download the Afaria application from the Afaria enrollment
policy, as stored in the database, and provides an enrollment code.
Windows Mobile Professional and Standard access the portal with a personal computer.
Portal includes a link to download the Afaria application from the Afaria enrollment
policy, as stored in the database, and provides an enrollment code.
After an end-user enters an enrollment code in the application, the application contacts a
public URL shortening service to get an expanded address, then connects to that address. The
expanded address is for connecting a device to an Afaria enrollment server, or its relay server
proxy, to enroll in management.

Afaria Self-Service Portal Address


The address for end-users to access the portal uses the portal's server address and the virtual
directory you define during installation. To use a different enrollment code , you can add the
code to the address.
You can inspect the codes that you selected during a portal installation by opening the Web
site's configuration file in path <web.config. Look in the <configuration> element
for the <add> element with attribute key="EUSSPRegPath". For example:
<add key="EUSSPRegPath" value="EUSSP\sspdla"/><add
key="iOSCode" value="tc8bnyvk"/><add key="AndroidCode"
value=""/><add key="WMProCode" value=""/><add key="WMStdCode"

Administration Reference 13
Enrolling Devices in Management

value=""/><add key="WMCECode" value=""/><add key="Win32Code"


value=""/>
The portal address for using an enrollment code that you selected during the portal installation
uses this syntax:
<protocol>://<PortalAddress>/ <VirtualDirectory>
For example:
HTTP://portal.company.com/ssp
HTTP://63.176.1.74/ssp14
HTTPS://portal.company.com/sspsales
The portal address for using an enrollment code other than the one you selected during the
portal installation uses this syntax:
<protocol>://<PortalAddress>/ <VirtualDirectory>/<TypeCode><EnrollmentCode>
Using these device type codes:
a Android
b BlackBerry
i iOS
p Windows Mobile Pro
s Windows Mobile Standard
For example:
For an Android code HTTP://portal.company.com/ssp/agclpfzjs
For an iOS code HTTP://63.176.1.74/ssp14/itc8bnyvk
For a Windows Mobile Smartphone code HTTPS://portal.company.com/sspsales/
stcthxyrk

Device Enrollment with Custom Installations


You can create custom installations for the Afaria application that end-users can install
directly on end-user devices. You can configure it to connect to the Afaria server to enroll the
device. If you did not define a server address in the enrollment policy, you need to configure it
on the device after installation.
Custom installations are supported on these device types:
BlackBerry
Windows CE
Windows Mobile Professional
Windows Mobile Standard

14 Afaria
Enrolling Devices in Management

Windows
For BlackBerry and Windows Mobile, the user opens the application and cancels the
enrollment code prompt, defines configuration if not already defined, and then initiates a
connection to the Afaria enrollment server, or its relay server proxy, to enroll in management.
For Windows CE and Windows, the user opens the application, defines configuration if not
already defined, and then initiates a connection to the Afaria server, or its relay server proxy, to
enroll in management.

Afaria Application Source and Enrollment Options


The summary tables describe the Afaria application sources and enrollment options for
different device types.
Key:
Android Android
BB BlackBerry
iOS iOS
Win CE Windows CE
Win Pro Windows Mobile Professional
Win Std Windows Mobile Standard
Win Windows

Application Android BB iOS Win CE Win Pro Win Std Win


Sources
Application from
Commercial Market

Application from
Enrollment Policy

Custom
Enterprise
Application

Contact your Afaria representative for information about the custom enterprise application for
iOS devices.

Administration Reference 15
Enrolling Devices in Management

Enrollment Android BB iOS Win CE Win Pro Win Std Win


Options
Enrollment with
Enrollment Codes

Enrollment with
Self-Service
Portal

Enrollment with
Custom Installations

Device Reenrollment
Restart management for a device with the same server without hard resetting the device.
Reenrollment helps you resolve scenarios, which may vary by device type:
Need for user to reenter user prompts.
Device has been hard reset.
User removed, then reinstalled, the Afaria application.
To let user have access to Afaria Self-Service Portal management, user can reenroll over
the portal.
Device state was enrolled but not yet approved for management; but now device is
approved for management.
Need to change a device's tenant.
Changes to server address, such as the Afaria server, enrollment server, or relay server.

Android Devices
Android devices have an Afaria application installed from the Google Play market.

Android Management Life Cycle


Manage devices using an Afaria application, as published to a commercial market.
The market is managed by a third party, with Sybase as the clients developing entity.
This life cycle is generalized:
1. The user installs an Afaria application from a commercial Android market, such as Google
Play.

16 Afaria
Enrolling Devices in Management

2. Enroll in management to connect the device to the Afaria environment.


3. When updates are available on the market, the user updates the application.
4. To terminate management, the administrator wipes the device, or the user removes the
application.

Enrolling Android Devices in Management


Enroll devices using applications installed from the Google Play market, with enrollment
codes that you distribute, or users get from the Afaria Self-Service Portal.

1. On the Afaria server, create an enrollment policy.


2. If enrolling users with Afaria Self-Service Portal, install the portal using an enrollment
code from the policy.
3. On the device, install a Afaria application from the Google Play market.
4. Give users the enrollment code from the enrollment policy, or instruct users visit the self-
service portal to enroll and get an enrollment code.
5. On the device, open the application and enter the enrollment code.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve devices,
then Afaria completes enrollment.
If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.
6. On the Afaria Administrator, if the device is unapproved, approve the device for Afaria
management according to your organizations processes.
7. (Optional) If you approved a device, take additional action to affect management actions,
such as sending an outbound notification to apply policies or have the user reenroll.

Enrollment Actions for Android Devices


Enrolling in management completes several actions for your devices.
Enrollment actions for devices include:
Configuring the Afaria application.
(Optional) Generating the Afaria client name.
(Optional) Applying Access Control for Email policy.
(Optional) Enrolling in groups.
If automatically approving devices, applying policies.

Administration Reference 17
Enrolling Devices in Management

E-Mail User Name Formats for Android Devices


For Android devices, the e-mail user name requirement for Afaria Access Control for Email
varies according to your enterprise environment.
It is your responsibility to ensure that your users enter the information correctly. On the
device's Afaria application configuration page (Afaria > Configuration), the e-mail user name
must comply with your e-mail server's requirement for user name. The format, as observed in
Afaria table A_ANDROID_DEVICES, takes one of these forms:
<Domain>\<UserName> examples:
mycompany\sbrowne
mycompany.com\sbrowne
mycompany.net\sbrowne
<UserName> example: sbrowne

Removing Afaria from Android Devices


To remove the Afaria client from the device, first deactivate the device administrator privilege
that was granted at installation time, then uninstall the client.
On most devices, find the client, deactivate command, and remove command on the Settings >
Location and Security > Device Administrators page.

1. On the device, for the Afaria client, deactivate the device administrator privilege.
2. Remove the client from the device.

iOS Devices
iOS devices have native support for device management using Apple Mobile Device
Management (MDM) and have an Afaria application installed from the Apple App Store.

iOS Management Life Cycle


Manage devices using an Afaria application, as published to a commercial market, along with
Mobile Device Management (MDM) control.
The market is managed by a third party, with Sybase as the application's developing entity.
MDM uses native iOS capabilities.
This life cycle is generalized:
1. The user installs an Afaria application from the Apple App Store.
2. Enroll in management to connect the device to the Afaria environment.
3. When updates are available on the market, the user updates the application.

18 Afaria
Enrolling Devices in Management

4. To terminate management, the administrator wipes the device, which removes MDM
control and the application, or the user removes the MDM configuration and the
application.

Enrolling iOS Devices in Management


Enroll devices using applications installed from the Apple App Store, with enrollment codes
that you distribute, or users get from the Afaria Self-Service Portal.

1. On the Afaria server, create an enrollment policy.


2. If enrolling users with Afaria Self-Service Portal, install the portal using an enrollment
code from the policy.
3. On the device, install a Afaria application from the Apple App Store.
4. Give users the enrollment code from the enrollment policy, or instruct users visit the self-
service portal to enroll and get an enrollment code.
5. On the device, open the application and enter the enrollment code.
6. On the device, open the application and enter the enrollment code.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve clients, or
you have taken action to approve a device, Afaria completes enrollment. The user must
accept and install the Mobile Device Management (MDM) policy to complete MDM
enrollment.
If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.
7. On the Afaria Administrator, if the device is unapproved, approve the device for Afaria
management according to your organizations processes.
8. (Optional) If you approved a device, take additional action to affect management actions,
such as sending an outbound notification to apply policies or have the user reenroll.

Enrollment Actions for iOS Devices


Enrolling in management completes several actions for your devices.
Enrollment actions for devices include:
Configuring the Afaria application.
(Optional) Generating the Afaria client name.
(Optional) Applying Access Control for Email policy.
(Optional) Enrolling in groups.
If automatically approving devices, provisioning Afaria Mobile Device Management
(MDM).

Administration Reference 19
Enrolling Devices in Management

If automatically approving devices, applying policies.


If automatically approving devices, collecting inventory.

Resetting Afaria User Credentials on an iOS Device


Change the domain, user name, or password that the Afaria application uses for
authentication.

1. On the device, close the Afaria application.


2. Navigate to Settings > General > Afaria > Reset Credentials and set to On.

The user is prompted to enter credentials the next time the application requires authentication.

iOS Device Data Elements as Variables in Policies


In an iOS device record, some of the data elements populate predefined or user-defined
substitution variables that you can use for values in an Afaria configuration policy or an Apple
iPhone Configuration Utility policy.
Variables are global for the current tenant. The values you define in iOS device records for the
variables are for only the current device.

Substitution Variables in Configuration Policies


As part of an Afaria configuration policy, you can add variables to your policy from the list of
predefined and user-defined substitution variables. At delivery time, the policy is populated
with the variables value, as stored in the iOS device record. Variables are supported for many,
but not all, policy fields.

End-User Prompts for Substitution Variables in Enrollment Policies


As part of an enrollment policy, you can add end-user prompts at the device to populate
substitution variables on the iOS device recprd at the server. For example, you can prompt for a
users name to populate the predefined variable UserName. The server can then reference
the variable in the device configuration policies it delivers as it completes the devices
enrollment.

Substitution Variables and Multitenancy


Substitution variable ownership and management has additional considerations in a
multitenancy environment:
Predefined variables are global for all tenants.
User-defined variables defined by a tenant are visible only to that tenant.
If the system tenant defines a variable that was previously defined by another tenant, the
system tenant takes ownership of the variable, and it becomes available to all tenants. If the
system tenant later deletes the variable, the variable is restored to the originating tenant and
deleted from all other tenants.
Tenants cannot create user-defined variables that are already defined by the system tenant.

20 Afaria
Enrolling Devices in Management

Only the system tenant can delete its user-defined variables.


If you move a device from one tenant to another, its variables and associated values are
visible only if they are defined in the target tenant.

Predefined Substitution Variables


Predefined variables, when used in a configuration policy, reference iOS device data elements
that are on the device record.
Excerpt from an iOS Device Definition Record
Define the value for a variable in the iOS Device Definition dialog. Reference the variable
using the example syntax when you are defining a device configuration policy. For example, to
use a variable as a substitute for a literal value in a policy to refer to the e-mail domain, define
the domain in the Afaria iOS device definition as mycompany.com and insert the variable
reference into your policy as %ExchangeDomain%.
Predefined variables, as defined by the Afaria iOS device record, are:
%NotificationAddress%
%UserName%
%AfariaDeviceID%
%ExchangeDomain% (for Exchange and Domino environments)
%ExchangeUser% (for Exchange and Domino environments)
%ExchangeID% (for Exchange and Domino environments, concatenation of the Domain
and User ID)
%ExchangePassword% (for Exchange and Domino environments)
Predefined variables, as defined by values on the device, are:
%UDID%
%ICCID%
%IMEI%
%SerialNumber%
%Product%
%Version%

User-Defined Substitution Variables


The user-defined substitution variables operate in the same way as predefined variables,
except you can add your own variables and populate them with values that serve your
requirements. For example, to use a variable as a substitute for a literal value in a policy to refer
to each users organization, add variable SalesTeam, define the value in the Afaria iOS device
record as NWSales, and insert the variable reference into your policy as %SalesTeam%.

Administration Reference 21
Enrolling Devices in Management

BlackBerry Devices
BlackBerry devices have an installed application for Afaria management, as deployed by your
organization.

BlackBerry Management Life Cycle


Users manage devices using applications created in enrollment policies, then downloaded and
distributed by the Afaria administrator.
This life cycle is generalized and may differ by device type:

1. Create an enrollment policy. The policy creates an Afaria application for the device on the
server.
2. Download the application from the enrollment policy.
3. Deploy and install the application on the device. The Afaria administrator may configure
the application for Afaria connections prior to deployment to a device.
4. If the application is not configured prior to deployment, configure the application for
Afaria connections.
5. Connect the device to Afaria.
6. When updates are available on the Afaria server, update the application by connecting to
Afaria or reinstalling the application.
7. To terminate management, the administrator wipes the device, or the user removes the
application.

Enrolling BlackBerry Devices in Afaria Management


Enroll devices using applications and enrollment codes from enrollment policies that you
distribute, or users get from the Afaria Self-Service Portal.
Installing on BlackBerry devices requires third-party applications to install on the device.
BlackBerry Enterprise Server (BES) includes this setting as a configuration item.

1. On the Afaria server, create an enrollment policy.


2. If enrolling users with Afaria Self-Service Portal, install the portal using an enrollment
code from the policy.
3. Deploy the application using either of these methods:
Download the application from the enrollment policy and distribute to users with an
enrollment code.
Install an Afaria Self-Service Portal instance that uses the enrollment policy and let
users connect with their devices and download the application and get an enrollment
code.

22 Afaria
Enrolling Devices in Management

4. On the device, install the application.


5. On the device, open the application and enter the enrollment code.
6. Connect the device to Afaria.
On the device, the Afaria program may prompt to allow the following specific actions:
AfariaSMSListener requests an SMS connection
AfariaSMSListener requests to act as a server
AfariaSMSListener requests access to ///store
AfariaApplication requests a socket connection
Allow these connections to have successful Afaria client sessions. You can allow the
connections on demand, or you can allow all Afaria connections.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve devices,
then Afaria completes enrollment.
If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.
7. On the Afaria Administrator, if the device is unapproved, approve the device for Afaria
management according to your organizations processes.
8. (Optional) If you approved a device, take additional action to affect management actions,
such as sending an outbound notification to apply policies or have the user reenroll.

Installation Considerations for BlackBerry Devices


Consider third-party application rights and carriers when installing the Afaria application on
BlackBerry devices.
Installing on BlackBerry devices requires that you allow third-party applications to install.
BlackBerry Enterprise Server (BES) includes this setting as a configuration item. Ensure
that this setting is at least temporarily set to allow third-party applications at the time that
you plan to complete the Afaria installation. You can change the configuration setting after
the Afaria installation is complete.
Different carriers may require different levels of user intervention during installation and
the first time that you exercise Afaria functionality.

Administration Reference 23
Enrolling Devices in Management

Starting the Afaria BlackBerry Application


The Afaria applications starts when the device powers on.

Updating the Afaria BlackBerry Application


Connect the device to the Afaria server to update or upgrade the application. Afaria
automatically delivers file updates, and the application automatically applies the updates
without any user interaction.

Windows Mobile Devices


Windows Mobile devices have an installed application for Afaria management, as deployed
by your organization. Windows Mobile is a general reference to Windows Mobile
Professional, Windows Mobile Standard, and Windows CE device types.

Windows Mobile Device Management Life Cycle


Manage devices using applications created in enrollment policies, then downloaded and
distributed by the Afaria administrator or over the Afaria Self-Service Portal.
This life cycle is generalized:

1. Create an enrollment policy. The policy defines configuration settings and creates an
Afaria application.
2. Deploy the application using either of these methods:
Download the application from the enrollment policy and distribute to users with an
enrollment code.
Install an Afaria Self-Service Portal instance that uses the enrollment policy and let
users connect with their desktop computers and download the application and get an
enrollment code.
3. Users install the application on their devices. The Afaria administrator may configure the
application for Afaria connections prior to deployment to a device.
4. Users enter their enrollment code and connect to Afaria.
5. Connect the device to Afaria.
6. When updates are available on the Afaria server, update the application by connecting to
Afaria or reinstalling the application.
7. To terminate management, the administrator wipes the device, or the user removes the
application.

24 Afaria
Enrolling Devices in Management

Enrolling Windows Mobile Devices in Afaria Management


Enroll devices using applications and enrollment codes from enrollment policies that you
distribute, or users get from the Afaria Self-Service Portal.

1. On the Afaria server, create an enrollment policy.


2. If enrolling users with Afaria Self-Service Portal, install the portal using an enrollment
code from the policy.
3. Deploy the application using either of these methods:
Download the application from the enrollment policy and distribute to users with an
enrollment code.
Install an Afaria Self-Service Portal instance that uses the enrollment policy and let
users connect with their desktop computers and download the application and get an
enrollment code.
4. On the device, install the application.
5. On the device, open the application and enter the enrollment code.
6. Connect the device to Afaria.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve devices,
then Afaria completes enrollment.
If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.
7. On the Afaria Administrator, if the device is unapproved, approve the device for Afaria
management according to your organizations processes.
8. (Optional) If you approved a device, take additional action to affect management actions,
such as sending an outbound notification to apply policies or have the user reenroll.

Enrolling Windows CE Devices in Afaria Management


Enroll devices using applications from enrollment policies that you distribute to users.

1. On the Afaria server, create an enrollment policy and download the Afaria application.
2. Deploy the application using any appropriate method.
3. On the device, install the application.
4. Connect to the Afaria server.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve devices,
then Afaria completes enrollment.

Administration Reference 25
Enrolling Devices in Management

If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.

Download Type Requirements for Windows Mobile


If you are deploying the Afaria Windows Mobile application directly to devices from a Web
server, you may encounter errors installing the Afaria application if the download file type
requirements are not met.
Some devices do not preserve a file's extension when downloading it. These devices may have
errors installing the application.
Successful installation at the device requires that the application is downloaded and saved
with the .CAB file extension.
User can use the save as command to manually define the file name and correct extension,
rather than allowing the devices default behavior to save it incorrectly.

Starting the Afaria Windows Mobile Application


The Afaria applications starts when the device powers on.

Updating the Afaria Windows Mobile Application


Connect the device to the Afaria server to update or upgrade the application. Afaria
automatically delivers file updates, and the application automatically applies the updates
without any user interaction.

Windows Devices
Windows devices have an installed application for Afaria management, as deployed by your
organization.

Windows Device Management Life Cycle


Manage devices using applications created in enrollment policies, then downloaded and
distributed by the Afaria administrator.
This life cycle is generalized:

1. Create an enrollment policy. The policy defines configuration settings and creates an
Afaria application.
2. Download the application from the enrollment policy.
3. Deploy and install the application on the device.
4. Connect the device to Afaria.

26 Afaria
Enrolling Devices in Management

5. When updates are available on the Afaria server, update the application by connecting to
Afaria or reinstalling the application.
6. To terminate management, the user removes the application.

Enrolling Windows Computers in Afaria Management


Enroll devices using applications from enrollment policies that you distribute to users.

1. On the Afaria server, create an enrollment policy and download the Afaria application.
2. Deploy the application using network, local, or portable media.
3. On the device, install the application.
4. Connect to the Afaria server.
The device connects to Afaria through its proxy or directly, according to the Afaria
environment configuration.
If either server security or the enrollment policy is set to automatically approve devices,
then Afaria completes enrollment.
If both the server security and the enrollment policy is set to not automatically approve
devices, then the device is in an unapproved state. If reenrolling for a new tenant, the device
may be in an unapproved state.

Installing Afaria on Windows Computers


Windows application users run the setup executable file on their PCs to install the product.

Starting the Afaria Windows Application


The Windows Afaria application starts when the device powers on.

Updating the Afaria Windows Application


Connect the computer to the Afaria server to update or upgrade the application. Afaria
automatically delivers file updates, and the application automatically applies the updates
without any user interaction.

Update Considerations for Windows Devices


The beginning of each device session checks whether the server has file updates for the device
to apply. Afaria automatically delivers file updates.
How the device retrieves and applies the updates depends on the value of the following Afaria
server registry key that is installed during product installation:
hklm\software\afaria\afaria\server\silentupgrade

The key is defined according to the following values:


0 Not silent.
1 Silent, attended reboot. Prompts device user for reboot.

Administration Reference 27
Enrolling Devices in Management

2 Silent, unattended reboot. No prompting.


3 Obsolete key. Defaults to behavior of value 5.
4 Silent, no reboot. If upgrade requires reboot, the process is aborted. This key is
included only for backwards compatibility and should be used with caution.
5 Silent, delayed reboot. If reboot is necessary, waits until the device user performs a
reboot to continue the upgrade process.

Update to Upgrade Windows Device


When Afaria applies an upgrade for the Afaria Windows device, a system restart may be
required to fully complete the upgrade.
If a reboot is required and your device user connects to the server before rebooting, the
upgrade process is incomplete and the Afaria application does not run a session but the server
does create a log entry.
If the user defers the system restart until a later time, and then attempts to run a session, Afaria
will display a brief message to the device user that the system must be restarted before running
any sessions. After the user restarts the device system, and the upgrade is completed, all
sessions run normally.
When a device in need of a restart attempts to run a session, a message is added to the server log
to record the event. Administrators can read the Messages log to identify devices in need of a
reboot.

Windows OS Variations and Afaria Operations


The Windows OS versions that Afaria supports use different native APIs, .NET Framework
technologies, and have differences in user and application security and management. These
differences significantly affect the execution of, and results produced by, some Afaria
operations.
Afaria is designed to install and operate in different contexts: as logged on user, as a service
without associated user credentials, and as a service with associated user credentials. This
flexibility lets you manage Windows computers in ways that best suit your enterprise.
While it is your responsibility to understand the behavior of each Windows OS version that
you use in your organization, the variations in Windows OS versions warrant advisement
about some of the Afaria behavior impacted by the differences. Consider the following
subjects as you plan and manage Afaria Windows client operations for different Windows OS
versions.

Installation and Data Storage


Installation and data directory Windows OS versions vary with respect to the security
restrictions enforced when writing application data to the Program Files folder. Therefore,
Afaria Windows devices use different implementations for storing install files and data
files based on Windows OS version.

28 Afaria
Enrolling Devices in Management

Windows Vista client default install folder %PROGRAMFILES%\Aclient\Bin


Windows Vista client default data folder %ALLUSERSPROFILE%\AClient\Data
Windows pre-Vista clients install and data folder %PROGRAMFILES%\Aclient
Session variables You may want to use session variables <ClientDataDir> and
<ClientOS> during operations to help you decide upon and execute behavior that is
appropriate for different OS versions.
Install package and application installation
Windows Vista Within the User Access Control (UAC) security framework, the
application is installed with the LOCALSYSTEM account and does not require a set of
credentials to run an application as a service.
Windows pre-Vista The security framework for running an application as a service
optionally permits associating user credentials with the service operations.

Session Channel Operations


Channels often need to perform tasks that require elevated privileges in order to be successful.
You need to understand the interrelationship between the Afaria client context, the operating
system security restrictions on specific channel tasks, and the channels features you choose.
It is the interrelationship of these items that impacts a channels ability to successfully
execute.
Afaria context the Afaria service or user context for performing channel tasks:
Afaria installed as a service without associated administrator credentials
Afaria installed as a service with associated administrator credentials
Afaria installed as the logged on user
Operating system security restrictions the operating system may restrict or limit channel
tasks at the client. These restrictions may vary by Windows OS version.
Write to the root folder
Write to the Windows folder
Write to the Windows system folder
Write to the registry
Interact with the user interface
Session channels include features and options that enable you to work successfully within the
operating system security framework.
Read, write, and delete files and folders
Get, set and delete registry values
Impersonate user events
Execute programs and scripts
Expose message to user interface event
Use and set session variables
Use and read environmental variables

Administration Reference 29
Enrolling Devices in Management

Windows Browser Sessions


Afaria supports HTML-based channels that Windows devices can execute via a Web browser.
Windows devices that run a channel this way are referred to as Afaria browser sessions.
Browser sessions can also run non-HTML channels.

Browser Sessions in a Server Farm


Afaria browser sessions may warrant special consideration in an Afaria server farm
environment. By default, browser sessions connect only to the main Afaria server. If you feel it
is necessary that you distribute browser session connections across your farm environment,
then you can force the distribution by using a round robin load balancer.

Approving and Unapproving a Device for Afaria


Management
Approve devices that are in an unapproved state so they can be managed with policies on
future connections. Unapprove devices to discontinue management.
Your server may be configured to automatically approve devices, as per the Server >
Configuration > Security page.

1. On the Device page, select one or more devices.


2. On the top toolbar:
Click Approve to approve all selected devices for management.
Click Unapprove to unapprove all selected devices for management.
3. (Optional) For devices that you approve, take additional action to affect management
actions, such as:
iOS example reenroll a device using the same enrollment code. Reenrolling
provisions mobile device management (MDM) and applies policies.
Non-iOS example send a command to run a channel.

30 Afaria
Device

Device
Devices are phone and computing devices, such as smartphones, tablets, and desktop or laptop
computers that you manage with groups and policies. In the Afaria Administrator, the Device
page is the landing page for device-focused tasks.

Viewing the Device List in the Default View


View all devices with summary information, such as the state of approval, operating system,
client ID, and corporate or personal ownership of the device.

1. On the Home page banner, click Device.


2. Review the device list.
The default view is unfiltered; it includes all devices and may span multiple pages.
3. (Optional) Click the title of any column to sort by that column.

Viewing the Device List in a Non-default View


View devices in a system or custom view that filters which devices populate the list.

1. On the Device page, on the left toolbar, click Select View.


2. Navigate the System Views and Custom Views folders, then click a view of interest.
System Views folder contains views with predefined popular filters applied, such as
device type iOS or devices with an unapproved status.
System view "All Devices" restores the view to the default, unfiltered view.
Custom Views folder populated custom views that you create.
3. On the View toolbar, click Select to open the view in the Device page.
4. (Optional) Click the title of any column to sort by that column.

Viewing the Device Dashboard


View a graphical representation of device metrics, such as the number of devices in approved
or unapproved states, and days since last connection.

1. On the Device page, on the left toolbar, click Device Dashboard.


2. Review the dashboard.
The Top Carriers list is limited to 10 carriers.

Administration Reference 31
Device

Creating Custom Device Views


Select columns for a custom view, and define criteria for selecting which devices populate
your view.
For example, you can define a view that returns only Android devices that have Bluetooth
turned off and displays only columns for client name, user name, and phone number, all sorted
by user name.

1. On the Device page, on the left toolbar, click Select View.


2. On the view list, select the Custom Views folder or one of its child folders.
3. (Optional) To define a new folder for the view, on the View toolbar, click Add new folder
within currently opened folder, enter a folder name and note, and then click Save.
4. With a custom view folder selected, on the View toolbar, click Add new view within
currently opened folder to open the Custom View dialog.
5. Enter a view name and note.
6. To select the columns to include in your view, select fields in the Data Fields list and click
the Add column icon.
You can further define the columns in the list by selecting a row and using the right-side
icons to move a row's order and edit a row's alias, show/hide property, and sort properties.
Row order in this list indicates the resulting custom view's column order from left to right.
7. To define criteria for which devices are returned in your view, select fields in the Data
Fields list, click the Add criteria icon, select the row in the list, and click the right-side
Edit icon to edit a row's criteria definition.
You can further define criteria by selecting multiple criteria rows and using the right-side
icons to group or ungroup the selection.
8. (Optional) When the view is defined, click the Show as SQL statement link to open the
resulting SQL statement and review it or copy it to the Windows clipboard for subsequent
pasting.
9. Click Save.

The view is added to your custom views list. Select the view to show devices that meet the
view's criteria.

Device Activity Collection


Afaria Device Activity allows administrators to monitor and report on device activities on
enrolled devices, such as monitoring for activity that incurs expenses.
Depending on the device type, monitored activities include:

32 Afaria
Device

Cellular data
Wi-Fi data
Outgoing and incoming phone calls
Outgoing and incoming Short Message Service (SMS) and Multimedia Messaging
Service (MMS) messages
International roaming status and usage

Viewing the Device Activity List in the Default View


Display the Afaria Device Activity List in the default system-defined data view.

1. On the Device page, on the left toolbar, click Activity List.


The Subscribers view is the default view.
2. (Optional) Click the title of any column to sort by that column.

Viewing the Device Activity List in the Non-default View


Display the system-defined data views that allow you to review Afaria Device Activity data.

1. On the Device > Activity page, on the left toolbar, click Select View.
2. Navigate the Activity views folders, then click on a view of interest.
3. On the View toolbar, click Select to open the view in the Device > Activity page.
4. (Optional) Click the title of any column to sort by that column.

Device Activity Views


The Afaria Device Activity views display subsets of the device activity data stored in your
database tables.
Available data views include the following system-defined views:
Subscribers view lists all subscribers who have connected to the Afaria server at least
once after you enable device activity.
Roaming subscribers view lists subscribers whose last known state was roaming.
Exceed threshold summary views list subscribers who have exceeded user-defined
thresholds for at least one kind of activity within an accounting period.
Activity summary views show aggregate values for data, call, and message activities for
each subscriber within an accounting period.
Activity thresholds views let you compare aggregate values for data, call, and message
activities to user-defined thresholds.
Location view shows last determined latitude and longitude of devices enrolled in device
activity.
Network info view shows worldwide cellular networks.
Activity Details view for each subscriber shows call, data, and message activitities for
individual subscribers.

Administration Reference 33
Device

Custom views that you create with a view editor.


When applicable, the device activity list aggregates and displays data based on current and
previous accounting periods. Each accounting period is one month. Change the period start
date in the month to match the billing cycle of your cellular provider, as defined on the Server
> Configuration > Device Activity > Data Views page.
Device activity monitors date and time appear in UTC.

Creating Custom Device Activity Views


Select columns for a custom device activity view, and define criteria for selecting which
subscribers populate your view.

1. On the Device page, on the left toolbar, click Activity List.


2. On the left toolbar, click Select View.
3. (Optional) To define a new folder for the view, select a target folder, then on the View
toolbar, and click Add new view within currently opened folder to open the Custom
View dialog.
4. Enter a view name and note.
5. To select the columns to include in your view, populate the column list by selecting fields
in the Data Fields list and clicking the Add column icon.
You can further define the columns in the list by selecting a row and using the right-side
icons to move a row's order and edit a row's alias, show/hide property, and sort properties.
Row order in this list indicates the resulting custom view's column order from left to right.
6. To define criteria for which devices are returned in your view, populate the criteria list by
selecting fields in the Data Fields list, clicking the Add criteria icon, select the row in the
list, and click the right-side Edit icon to edit a row's criteria definition.
You can further define criteria by selecting multiple criteria rows and using the right-side
icons to group or ungroup the selection.
7. (Optional) When the view is defined, click the Show as SQL statement link to open the
resulting SQL statement and review it or copy it to the Windows clipboard for subsequent
pasting.
8. Click Save.

The view is added to your custom views list. Select the view to show subscribers that meet the
view's criteria.

34 Afaria
Device

Subscriber Data Collected by Device Type


Definitions of subscriber data, such as IMSI, ICCID, and MSISDN, collected by each device
type.

Subscriber iOS Android BlackBerry Definitions


Data
IMSI X X International Mobile Subscriber Identi-
ty, conforming to International Tele-
communication Union (ITU) standard.

ICCID X Integrated Circuit Card Identifier, con-


forming to International Telecommuni-
cation Union (ITU) standard.

Note: iOS 5 devices do not collect IC-


CIDs.

Cell ID X X Last reported cell ID.


On CDMA networks, the Base Station
ID (BID).

Current Afa- X X X Afaria client global unique identifier


ria Client ID (GUID).

Current De- X X X iOS Unique Device Identifier


vice ID (UDID).
Android and BB GSM devices - Inter-
national Mobile Equipment Identity
(IMEI).

MSISDN X X Mobile Subscriber Integrated Services


Digital Network Number which is the
literal phone number as reported by the
device.
Not all SIM cards, specifically in Eu-
rope, are preprogrammed with an
MSISDN.

Home MCC X X X Home network Mobile Country Code.

Home MNC X X X Home network Mobile Network Code.

Activity Last X X X Date on which Device Activity data was


Collected last posted on the server by the device.

Administration Reference 35
Device

Subscriber iOS Android BlackBerry Definitions


Data
Last MCC X X X Last reported Mobile Country Code
(MCC).

Last MNC X X X Last reported Mobile Network Code


(MNC).
On CDMA networks, the network Sys-
tem Identifier (SID).

Latitude X X X Last reported approximate latitude,


based on crowd-sourced Wi-Fi hotspot
and mobile cell tower location.
For all BlackBerry devices, the ability
to collect latitude depends on the wire-
less service provider and if the device
connects to a BlackBerry Enterprise
Server (BES), on BES policy settings.

Longitude X X X Last reported approximate longitude,


based on crowd-sourced Wi-Fi hotspot
and mobile cell tower location.
For all BlackBerry devices, the ability
to collect latitude depends on the wire-
less service provider and if the device
connects to a BlackBerry Enterprise
Server (BES), on BES policy settings.

Location Last X X X Date and time of the last location


Determined change.

Opt In X X X User answer to request for Device Ac-


tivity Enrollment (accepted/declined).

Roaming X X X Date and time of the last roaming state


Change Date change.

Status of Lo- X X X Status of Location Services on the de-


cation Serv- vice (enabled or disabled).
ices

36 Afaria
Device

Device Activity Calls by Device Type


Definitions of voice call details collected by each device type, for example, Cell ID and MCC.

Voice iOS Android BlackBer- Definitions


ry
Call
Details
Remote Party X X Remote party phone number.

Start Time X X X Start time of the call event.

End Time X X X End time of the call event.


End Time does not appear in data views and
reports.

Duration X X X Duration of call event.

Call Direction X X X Outbound or inbound call.

Cell ID X X Mobile cell ID at the start of connection.


On CDMA networks, the Base Station ID
(BID) at the start of the connection.

Roaming State X X X Roaming status.

Latitude X X X Latitude generated at the start of a call.

Longitude X X X Longitude generated at the start of a call.

MCC X X X Mobile Country Code of the network on


which the call event occurred.

MNC X X X Mobile Network Code of the network on


which the call event occurred.

Device Activity Details Connections by Device Type


Definitions of data collection details connections by each device type, for example, Bearer
Type and MNC.

Data iOS Android BlackBerry Definitions


Connection
Details
Start Time X X X Start time of the call event

Administration Reference 37
Device

Data iOS Android BlackBerry Definitions


Connection
Details
End Time X X X End time of the call event.
End Time does not appear in data
views and reports.

Duration X X X Duration of call event.


BlackBerry CDMA OS 5 and 6 devi-
ces do not collect data connection de-
tails.

Bearer Type X X X Network type, such as CMDA, GSM


and Wi-Fi, at the start of the connec-
tion.

Connection X X Network name.


Name

Access Point X X Access Point Name.


Name

Cell ID X X Mobile cell ID at the start of connec-


tion.
On CDMA networks, the Base Sta-
tion ID (BID) at the start of the con-
nection.

Roaming State X X X Roaming status.

Latitude X X X Latitude generated at the start of the


connection.

Longitude X X X Longitude generated at the start of the


connection.

MCC X X X Mobile Country Code of the network


on which the connection occurred.

MNC X X X Mobile Network Code of the network


on which the connection occurred.

Sent X X X Number of bytes transmitted.

Received X X X Number of bytes received.

38 Afaria
Device

Device Activity Messages by Device Type


Definitions of message details collected by each device type, for example, cell ID and Type.

Voice Call iOS Android BlackBerry Definitions


Details
Remote Party X X Remote party phone number.

Start Time X X Start time of the call event.

Message Direc- X X Outbound or inbound message.


tion

Type X X SMS or MMS.

Cell ID X X Mobile cell ID at the start of connection.


On CDMA networks, the Base Station ID
(BID) at the time the message is sent.

Roaming State X X Roaming status.

Latitude X X Latitude generated when message is initi-


ated/received.

Longitude X X Longitude generated when message is ini-


tiated or received.

MCC X X Mobile Country Code of the network on


which the message occurred.

MNC X X Mobile Network Code of the network on


which the message occurred.

Removing Device Activity Data for a Subscriber


Remove all Afaria Device Activity data related to one subscriber.

1. On the Device page, on the left toolbar, click Device List.


2. Select a subscriber.
3. On the top toolbar, click Delete.
4. Select Device Activity.
All device activity data collected for the subscriber is deleted, regardless of when it was
collected.

Administration Reference 39
Device

Displaying Device Location on Map


The last reported location of the device.
The location view also shows the date and time when the device location was last determined,
based on the local time zone of the browser session of the Afaria Administrator console.
Note: Maps are available only for devices for which Afaria has collected longitude and
latitude.

1. On the Device page, on the left toolbar, click Activity List.


2. On the left toolbar, click Select View and navigate the Activity views, select Location
view, and click Select to display the view.
3. Select a subscriber.
4. On the top toolbar, click Map.

Latitude and Longitude Definitions


Definitions for longitude and latitude data collection values.
Latitude and Longitude columns appear in the Location view in the device activity data view.

Value Definition
<longitude > <latitude> Last retrieved approximate longitude and latitude of the device,
based on crowd-sourced Wi-Fi hotspot and mobile cell tower lo-
cation. Level of accuracy varies by device type. For iOS and An-
droid, accuracy requested is 1km (0.62 miles).

Unknown The location of the device is temporarily unknown.

Disabled Location services are disabled on the device.

Not Collected Collection of subscriber location information is disabled on the


Device Activity General Settings tab of the Afaria Administrator.

Unsupported The device does not support location services.

Searching for Devices


Search across tenants for devices. Search criteria includes multiple, user-selected data, such as
operating system, device ID, client name, and telephone number.

1. On the Device page, on the left toolbar, click Search.


2. (Optional) In the Search dialog, type a search string for searching the client name field.

40 Afaria
Device

You can use literal, or literal plus wildcard, characters to define the string. The search
supports wildcard characters * and ? for multiple characters and single characters,
respectively.
For example, type br*n to search for devices with names that have a "br" string and then
an "n," such as "J Brown" and "LBromein."
Leave the search string empty to include all client names.
3. For the tenant, OS, and field columns, select or unselect your criteria.
The tenant list includes only the tenants in your user role.
4. Click Search.
Results appear in the last column, grouped by tenant.
5. To view a tenant's results list, double-click the tenant in the list.
A search result page opens with the tenant's list of devices that meet your criteria.
6. Review the results list and continue with operations.
7. (Optional) To restore the list to show all devices, on the left toolbar, click Device List.

Inspecting a Device
Inspect summary and detail information for a device. Details vary by device type but may
include data, such as hardware inventory, software inventory, and file transfers.

1. On the Devices page, select a device.


2. On the left toolbar, click Show/Hide Inspector to display summary information about the
device.
3. On the Inspector panel toolbar, click icons to view additional detail pages.

Viewing the Device Summary


Quickly glance and capture information. View details like the device ID, user, OS, state, last
connection and first connection details, and registration information.

1. On the Home page, click Device .


2. Select a device.
3. On the left toolbar, click Show/Hide Inspector

Afaria Hardware Inventory Data Collection


Due to several factors, Afaria cannot collect all inventory information from all devices types,
nor can it collect all the same inventory items from all of the same device types. Understanding
these variations can help you better understand your Afaria inventory data and custom views.
Several device and environmental variables can impact the ability to collect phone, network,
identifier, and other data from your device. For example:

Administration Reference 41
Device

Device type
Device manufacturer and model exposed APIs
Mobile/cellular service provider
Carrier network type
Operating system implementation
Device's power state
Device's settings for Wi-Fi radio state

Inventory Data Elements with Greatest Variability


For smartphones and other handheld devices, the greatest variability for data collection is
often observed on these data elements:
Serial number and similar identifiers, such as International Mobile Equipment Identity
(IMEI) and Mobile Equipment Identifier (MEID)
For Android devices, Afaria cannot always retrieve a serial number. Therefore, it may
reuse IMEI and MEID values as the serial number and client name values.
Some devices return a manufacturer-specific serial number or some other number that
may not match the number that is visible on the outside of the device.
Phone some devices on GSM or CDMA do not expose their phone number.
Wi-Fi
Most non-Wi-Fi devices do not return a value for Wi-Fi Supported and Wi-Fi status.
Many Windows Mobile Standard devices do not expose their MAC address.
Bluetooth some device manufacturers protect their Bluetooth data with driver licensing.

Implications for Inspector Hardware Data and Device Views


Afaria does not create device inventory records for class data groups that are not supported on
a device. This has implications for understanding Inspector hardware data and creating device
views:
Device Inspector hardware data list the list always includes all of a device types possible
inventory data classes. However, individual device results for specific data classes appear
only when there are corresponding device inventory records for the associated data class.
Custom device views Afaria does not create device inventory records for a data class,
such as Phone or Wi-Fi, if the feature is unsupported on a device when you build custom
views. Plan your queries to account for the possible absence of a record type, rather than
the record type containing a null or blank value.

Hardware Inventory for iOS Devices


The majority of hardware inventory is collected and defined by the Apple MDM protocol.
Some data is collected by the Afaria application on the device.
Scan Date reported in database local time when inventory is reported to the server.

42 Afaria
Device

The value is blank until the first inventory report is received. The report may have a
delay, such as due to the delay between the start of the enrollment process and when
Afaria sends an APNS push for first inventory.
The date is affected by latency introduced by APNS services, with may vary based on
APNS peak periods, device type priority in APNS queue, and robustness of device
connectivity.
iPod touch and iPad devices typically experience greater APNS service latency than do
iPhone devices.
Afaria > Afaria detected jailbreak Afaria application check for a security-compromised
state. Value is available as an option for Afaria Access Control for Email policies. The
application checks the device state every time it opens, refreshes, and every time it
connects to the server.
Unknown device has not connected yet to report the state.
Yes application checked and found a compromised state.
No application checked but did not find any compromised state.
Timing values that help you distinguish outbound and inbound activity:
Afaria > Last client connect time of most recent connection initiated by the device
application.
Afaria > Last policy connect time of most recent connection initiated by the server
sending a command to connect and apply a policy. Time is subject to APNS push
latency.
Afaria > Last notification sent time of most recent notification to connect and apply
policy or connect and report inventory, as sent from server.
Under MDM Control value is available as an option for Afaria Access Control for Email
policies.
Device > IOS version, device, and model first reported by the Afaria application, then by
MDM inventory.
Device > serial number reported by the Afaria application.
Device > Notification address an SMS-addressable value as the device phone number or
an email address for the phone. Value is populated only if included as a user prompt in an
enrollment policy of if you edit the device record.
MS Exchange class values related to Afaria Access Control for Email, applicable to both
Microsoft Exchange and IBM Domino environments. Value is populated only if included
as a user prompt in an enrollment policy of if you edit the device record.
DeviceID device's ActiveSync ID, as defined by the email server.
UserID concatenation of the domain and email User ID
Provisioning Profiles all provisioning profiles detected on device, regardless of source.
Provisioning files are associated with enterprise applications on the device and, if
removed, may cause an application launch to fail.
Restrictions list of restrictions, as defined by Afaria configuration policy restriction
payloads. Restrictions defined by the device holder are not reported.

Administration Reference 43
Device

Security > Hardware encryption capability defined by Apple MDM protocol:


0 none
1 file level
2 block level
3 file and block level

Editing a Device
Edit device information, such as its Self-Service Portal registered user name, device name,
and Afaria Access Control for Email policy.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
4. On the top of the page, click Save.

Editing an Android Device


Edit device information, such as device name, device ownership type, Self-Service Portal
registered user name, and SMS address.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
Device click Setup to open the ID Setup dialog and select naming options:
Optional Prefix enter a prefix to use for the name. For example "Sales_".
Data Column select a data item to concatenate with the prefix. The list includes
predefined columns, the user name variable, and any additional user-defined
substitution variables you defined. Selecting something meaningful to your
organization can help facilitate effective searching, create a value for building
custom views, or differentiate like-named devices.
If you select a data item that is based on a users response to a user prompt that you
add to the enrollment policy, the users response forms the name, even if it is
inaccurate. For example, if you prompt for an e-mail address and the user
incorrectly types the address, the name contains the incorrect address, even if the
correct address gets stored in inventory later.
Device owner set a corporate or personally owned device, or reset to the default
value.
(SSP) Registered User device user name, as a user would provide for Windows NT or
LDAP authentication in your Afaria environment, such as Domain\UserName. If users
have enrolled in management, this is the user name they provided for authentication on
the Afaria Self-Service Portal or in response to a user name prompt.

44 Afaria
Device

SMS address address to which the server sends outbound notifications to connect and
run a channel or apply a policy.
User IP address if an SMS address is unavailable, address to which the server sends
outbound notifications to connect and run a channel or apply a policy.
4. On the top of the page, click Save.

Editing a BlackBerry Device


Edit device information, such as device name, device ownership type, Self-Service Portal
registered user name, and SMS address.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
Device click Setup to open the ID Setup dialog and select naming options:
(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Device owner set a corporate or personally owned device, or reset to the default
value.
(SSP) Registered User device user name, as a user would provide for Windows NT or
LDAP authentication in your Afaria environment, such as Domain\UserName. If users
have enrolled in management, this is the user name they provided for authentication on
the Afaria Self-Service Portal or in response to a user name prompt.
SMS address address to which the server sends outbound notifications to connect and
run a channel or apply a policy.
User IP address if an SMS address is unavailable, address to which the server sends
outbound notifications to connect and run a channel or apply a policy.
4. On the top of the page, click Save.

Editing an iOS Device


Edit device information, such as device name, device ownership type, values for user
variables, Self-Service Portal registered user name, and Afaria Access Control for Email
policy.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
Device click Setup to open the ID Setup dialog and select naming options:

Administration Reference 45
Device

(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Device owner set a corporate or personally owned device or reset to default value.
(SSP) Registered User device user name, as a user would provide for Windows NT or
LDAP authentication in your Afaria environment, such as Domain\UserName. If users
have enrolled in management, this is the user name they provided for authentication on
the Afaria Self-Service Portal or in response to a user name prompt.
Notification Address if a phone number is unavailable for SMS messaging, address
for the server to send outbound notifications to configure the Afaria application.
Email Address and password e-mail address and password for access control policy.
Access Control Policy click Setup to open the Access Control Policy dialog and
select the default policy:
Always allow allow synchronization requests at all times.
Always block block synchronization requests at all times.
Allow when:
Administered by mobile device management the device is under Afaria iOS
mobile device management (MDM) control.
Afaria installed and device connected the Afaria App Store application is
installed.
Assigned policy delivered assigned policies are reported to the Afaria server
as delivered and installed on the device, as verified in the Policy Delivery log.
Device hardware encrypted the device has the hardware encryption feature
enabled.
Device uncompromised the device's most recent connection did not report the
device's status as jailbroken.
4. (Optional) Substitution if you include user-defined substitution variables in policies that
are planned for this device, define values for the appropriate variables. If the variable is not
yet on the list, click Add to enter the variable name and value for the current device, as
appropriate for your requirements.
The variables on the list are global for the current tenant. The values you define for the
variables are for only the current device.
5. On the top of the page, click Save.

46 Afaria
Device

Editing a Windows Mobile Device


Edit device information, such as device name, device ownership type, Self-Service Portal
registered user name, and SMS address.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
Device click Setup to open the ID Setup dialog and select naming options:
(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Device owner set a corporate or personally owned device or reset to default value.
(SSP) Registered User device user name, as a user would provide for Windows NT or
LDAP authentication in your Afaria environment, such as Domain\UserName. If users
have enrolled in management, this is the user name they provided for authentication on
the Afaria Self-Service Portal or in response to a user name prompt.
SMS address address to which the server sends outbound notifications to connect and
run a channel or apply a policy.
User IP address if an SMS address is unavailable, address to which the server sends
outbound notifications to connect and run a channel or apply a policy.
4. On the top of the page, click Save.

Editing a Windows Device


Edit device information, such as device name, device ownership type, Self-Service Portal
registered user name, and IP address.

1. On the Device page, select a device.


2. On the top toolbar, click Edit.
3. Edit data as appropriate.
Device click Setup to open the ID Setup dialog and select naming options:
(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Device owner set a corporate or personally owned device or reset to default value.

Administration Reference 47
Device

(SSP) Registered User device user name, as a user would provide for Windows NT or
LDAP authentication in your Afaria environment, such as Domain\UserName. If users
have enrolled in management, this is the user name they provided for authentication on
the Afaria Self-Service Portal or in response to a user name prompt.
User IP address address to which the server sends outbound notifications to connect
and run a channel or apply a policy.
4. On the top of the page, click Save.

Device Naming "Database Specific Value" Considerations


When using the database column section "Database Specific Value" to name your devices, the
associated Data Value data element defines a database table and column to use to populate the
device record and use in the device's client name.
Database Specific Value is a data column option for device naming when you are:
Creating an enrollment policy for Windows CE, Windows Mobile Professional, Windows
Mobile Standard, or any Windows variation.
Editing any device type.
Syntax: tableName.columnName
Consider these items:
It is your responsibility to ensure that the table, column, and row exist in the Afaria
database.
The value is retrieved during each device's initial connection, but always returns the first
row of the table.
It is your responsibility to populate the table at connection time. Consider using techniques
such as stored procedures and triggers to detect a connection and the device's identity, and
to populate the table accordingly.

Moving a Device to Another Tenant


Move a device to associate the devices future sessions with a different tenant. A device's
associated data is also moved to the tenant.

Prerequisites
Move a device to a tenant only after creating the new tenant's groups and policies.

Task

1. On the Device page, select one or more devices.


2. On the top toolbar, click Move to Tenant to open the Tenant Browser dialog.
3. Select a tenant.

48 Afaria
Device

4. On the dialog toolbar, click Select.

The device is moved to the tenant. The next time the device connects, it is updated with the new
tenants policies.

Approving and Unapproving a Device for Afaria


Management
Approve devices that are in an unapproved state so they can be managed with policies on
future connections. Unapprove devices to discontinue management.
Your server may be configured to automatically approve devices, as per the Server >
Configuration > Security page.

1. On the Device page, select one or more devices.


2. On the top toolbar:
Click Approve to approve all selected devices for management.
Click Unapprove to unapprove all selected devices for management.
3. (Optional) For devices that you approve, take additional action to affect management
actions, such as:
iOS example reenroll a device using the same enrollment code. Reenrolling
provisions mobile device management (MDM) and applies policies.
Non-iOS example send a command to run a channel.

Modifying the Device Owner


Set the owner of the device to corporate, personal, or to the device type's default setting.
Default ownership settings for device types are:
Android personal
BlackBerry corporate
iOS personal
Windows corporate
Windows CE corporate
Windows Mobile Professional corporate
Windows Mobile Standard corporate
To make a bulk update to Android or iOS device records to apply the corporate device
ownership setting, import a corporate device list.

1. On the Device page, select a device.

Administration Reference 49
Device

2. On the top toolbar, click Modify Device Owner.


3. Select Corporate, Personal, or Reset to Default, and then click Yes, Continue.

The device record is updated and the new value appears in the device list's Owner column and
in the device Inspector.

Deleting a Device or its Data from the Server


Delete a device's record and all of its data from the server, or keep the device record but delete
some of its data from the server.

1. On the Device page, select one or more devices.


2. On the top toolbar click, Delete.
3. Select All Device Data Below to delete the device and all its data from the server, or select
the data of interest from the list to keep the device but delete the selected data from the
server.

Performing Security Actions on Devices


Send a security command to a device to perform actions such as lock, unlock, delete data, and
wipe, without requiring user interaction. Commands and results vary by device type and state.
Using security commands requires appropriate user role rights.

1. On the Device page, select a device.


2. On the top toolbar, click a security command, such as Lock.

The server sends the command to the device using an available communication transport, such
as SMS, Apple push notification, or Google C2DM as appropriate for the device. The action
occurs on the device without user interaction.

Security Actions for Android Devices


Security commands to delete data and lock or unlock Android devices. The server attempts to
send the command by available communication transport in priority of Google C2DM
notification, SMS, or TCP/IP. The device receives the message and executes the command
without any user interaction.

Actions for
Android Devices

Delete Data Reset your device to factory condition, including removing the Afaria client.

50 Afaria
Device

Actions for
Android Devices

Lock device Lock the device. Device keys are disabled unless you dial an emergency call.
The device remains locked, even if it is reset or the battery is replaced.

Unlock device Restore all locked features. When the device is unlocked, the password is
removed. You or an Afaria administrator can add a password.

Wipe NitroDesk Da- Delete all configuration and user data associated with the NitroDesk Touch-
ta Down application from the device.

Wipe NitroDesk Da- Delete all configuration and user data associated with the NitroDesk Touch-
ta & SD Card Down application from the device, and all data on the SD card.

Security Actions for BlackBerry Devices


Security commands to delete date and lock or unlock BlackBerry devices. The server attempts
to send the command by available communication transport in priority of SMS, then SMTP.
The device receives the message and executes the command without any user interaction.
Warning! The delete device data option deletes application data, including Afaria application
and configuration data. It is comparable to using a BlackBerry Security > Wipe Handheld
option. Consider using the BlackBerry Desktop Manager for backup and restoration.

Actions for BlackBerry


Devices

Delete device data Also known as device wipe. Delete all application data, including the
Afaria client application data.

Lock device Lock the device. Device keys are disabled unless the user dials an
emergency call. Afaria preserves the locked state through device resets
and battery replacements.

Unlock device Restore all locked features to an unlocked state.

Security Actions for iOS Devices


Security commands to lock or unlock iOS devices, clear forgotten passcodes, remove Afaria
mobile device management (MDM) control, or wipe iOS devices. The server attempts to send
the command by Apple push notification.

Actions for iOS


Devices

Lock Force the device to lock and show the passcode entry screen. If the device has a
passcode, enter the passcode to unlock the device.

Administration Reference 51
Device

Actions for iOS


Devices

Unlock - Clear Reset the passcode to blank. If the device is configured by an Afaria device
passcode configuration policy to require a passcode, you are prompted to create a new
passcode.

Remove control Remove device from Afaria "MDM" control and all the content under its control.
The device remains enrolled in Afaria management with limited management
capabilities.

Remote wipe Reset the device. The device is removed from Afaria management. If you choose
this option, you need to reconnect to iTunes to restore functionality.

Security Actions for Windows Mobile Devices


Security commands to wipe Windows mobile devices that require attention. Wiping a device
resets it to its factory condition or to an unusable condition. The server attempts to send the
command by available communication transport in priority of SMS, then TCP/IP. The device
receives the message and executes the command without any user interaction.
Note: If you disabled the devices external card using configuration policy's port control
properties, a remote wipe command that includes wiping the external data card leaves the card
intact because the device cannot mount the card. For Windows Mobile 6.1 and later, if you
disabled the device's SMS messaging using configuration policy's port control properties,
Microsoft messaging applications on the device do not receive the remote wipe command.

Actions for
Windows
Mobile Devices

Remote wipe Erase external data card erases all data from the device's primary data card.
Add device to the Access Control policy Always block list for Afaria
Access Control for Email devices, sets the access control policy for the
device to always block synchronization requests.

Connecting a Device to Apply Policies


Send a notification to a device to make it connect immediately to an Afaria server and apply its
policies.
1. On the Device page, select a device.
2. On the top toolbar, click Apply Policies
The server attempts to notify the device to connect and apply its policies. If notification is
successful, the device attempts to connect to the server. The Messages log captures the success

52 Afaria
Device

or failure of sending the notification. If the notification fails due to an unknown or invalid
address, you can edit the device to update the SMS, IP, or SMTP address.

Connecting a Device to Run a Channel


Send a notification to a device to make it connect immediately to an Afaria server to request a
specific, published channel. For the device to be able to run the channel, the channel must be
included in one of its session policies.

1. On the Device page, select a device.


2. On the top toolbar, click Run Channel.
3. Select one published channel that is appropriate for the selected device, and include it one
of the device's session policies.
4. On the Run Channel toolbar, click Select.

The server attempts to notify the device to connect and request the channel. If notification is
successful, the device attempts to connect to the server and request the selected channel. The
Messages log captures the success or failure of sending the notification. If the notification fails
due to an unknown or invalid address, you can edit the device to update the SMS, IP, or SMTP
address.

Viewing a Device's Group Links


View the groups linked to a device.

1. On the Device page, select one or more devices.


2. On the left toolbar, click Show/Hide Link.
By default, the Link panel is filtered to show linked items.
The filters for the group panel behave differently depending upon how many devices you
have selected.
If you have one device selected:
All displays all available groups, regardless of link state.
Linked displays groups linked to the device.
Unlinked displays groups that are not linked to the device.
Mixed linked is not applicable when only one device is selected.
If you have multiple devices selected:
All displays all available groups, regardless of link state.
Linked displays groups that are linked to all selected devices.
Unlinked displays groups that are not linked to any of the selected devices.

Administration Reference 53
Device

Mixed linked displays groups that are linked to some of the selected devices, but
not all.

Linking a Static Group to a Device


Manually add a device to a static group.

1. On the Device page, select the device to add to a static group.


2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Link panel group list, in the Link column filter, change the filter to Unlinked to
display the list of groups not linked to the device. To narrow the list further, use the filter
columns.
4. Select the static group to add the device to and click Link on the group panel toolbar.
5. (Optional) For verification, in the Link column, change the filter to Linked to show the
groups linked to selected device.

See also
Group Types on page 59
Creating a Static Group on page 60

Unlinking a Static Group from a Device


Manually remove a device from a static group.

1. On the Device page, select the device to remove from a static group.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. Select the static group to remove the device from and click Unlink on the group panel
toolbar.
4. (Optional) For verification in the Link column, click Unlink to show the groups unlinked
from the device.

See also
Group Types on page 59
Creating a Static Group on page 60

54 Afaria
Device

Viewing a Device's Policy Links


View the policies linked to a device. Devices are implicitly linked to policies through their
common relationship with groups.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.

1. On the Device page, select one or more devices.


2. On the left toolbar, click Show/Hide Link.
By default, the Link panel is filtered to show linked items.
The filters for the policy panel behave differently depending upon how many devices you
have selected.
If you have one device selected:
All displays all available policies, regardless of link state.
Linked displays policies linked to the device.
Unlinked displays policies that are not linked to the device.
Mixed linked is not applicable when only one device is selected.
If you have multiple devices selected:
All displays all available policies, regardless of link state.
Linked displays policies that are linked to all selected devices.
Unlinked displays policies that are not linked to any of the selected devices.
Mixed linked displays policies that are linked to some of the selected devices, but
not all.

Importing a Corporate Device List


Make a bulk update to change existing Android or iOS device records to override the default
personal device ownership setting with the corporate device ownership setting.
By default during enrollment, iOS and Android devices are defined as personally owned.
The update process comprises two stages. First, complete this procedure to import the device
list, which populates the A_Corporate table with device identifying values. Then, as devices
identified on the list connect with new hardware inventory reports, the corporate device
override is applied to the device record.
The corporate device list import process ignores values that are redundant of any value it
already processed in the current list.

Administration Reference 55
Device

1. On the Device page, on the left toolbar, click Import Corporate Device List.
2. Click Browse.
3. On the File Upload dialog, navigate to an import file (.CSV) with required syntax, then
click on the file to select it.
4. On the File Upload dialog, click Open to start the import.
The import file is processed. Processing populates the A_Corporate_Device table with the
values. You return to the Import Corporate Device List dialog with a results message.
5. Click the dialog's Close icon to return to the Device page.

Corporate Device Import File Requirements


To import a corporate device list to make a bulk update to change existing Android or iOS
device records to apply the corporate device ownership setting, the import file must be of
type .CSV and use appropriate syntax.

Corporate Device List File Requirements


Import file type comma-separated values (.CSV, also known as comma delimited).
You can use editors such as Notepad and Microsoft Excel to edit the device list file.
File structure:
First row, first field CorporateDeviceID
Additional rows, one per device to update, first field DeviceIdentifyingField

Corporate Device List Device-Identifying Fields


Device-identifying fields are a subset of Afaria values associated with a device that uniquely
identify the device in Afaria.
For Android, valid fields are:
From the Device Inspector Summary page:
User, but only when populated by enrollment policy user prompts
Phone number
IMEI (IMSI, MEID)
ClientFriendlyName
From the Device Inspector Hardware pages:
Android > Phone SIM serial number
Android > WIFI MAC address
Android > PhoneSIMSubscriberID
Bluetooth > Device address
Note: Hardware inventory item Device > Serial number is not guaranteed to be unique
across all Android devices.

56 Afaria
Device

For iOS, valid fields are:


From the Device Inspector Summary page:
User, but only when populated by enrollment policy user prompts
Phone number
IMEI
UDID
Serial number
From the Device Inspector Hardware pages:
WIFI > WIFI MAC address
Bluetooth > Bluetooth MAC address
Corporate Device List File ExampleMixed Identifiers
A corporate device list file can use different identifiers in a single file.

Figure 2: Multiple Devices, Mixed Identifiers

Corporate Device List File ExampleLike Identifiers


A corporate device list file can use different identifiers in a single file.

Administration Reference 57
Device

Figure 3: Multiple Devices, Like Identifiers

58 Afaria
Group

Group
A group is a collection of devices. Link a group to a policy to manage all devices in that group.
In the Afaria Administrator, the Group page is the landing page for group-focused tasks.

Group Types
A group is a collection of devices. Link a group to a policy to manage all devices in that
group.
These types of groups are available:
Static includes devices that you manually select. Membership changes only when you
add a device to the group, or delete a device from the group or from Afaria.
Dynamic includes devices that are included in a device view, as defined in the Device
page, when you click Select View on the left toolbar. Membership changes automatically
based on changes to the results of the view.
User includes devices that are associated with users that are included in a user group, as
defined by the Afaria servers Windows users groups, LDAP groups, or NT domain
groups. Device members may change as user group membership changes. Membership
changes automatically based on changes to the selected groups.
Composite includes one or more Afaria groups.

Viewing the Group List


View group summary information, such as the size of the group and when a device from the
group last connected.
The group list includes a pre-defined group "All Devices" that is first in the list. The remainder
of the groups in the list are sorted by size, and the sort order is subject to dynamic change. The
group size for a composite group is the number of groups it contains. The group size for all
other group types is the number of devices.

1. On the Home page banner, click Group to display the group list.
2. Review the group list.
The default view is unfiltered; it includes all groups and may span multiple pages.
3. (Optional) Click the title of any column to sort by that column.

Administration Reference 59
Group

Viewing the Group Dashboard


View a graphical representation of group types and sizes.

1. On the Group page, click Group Dashboard.


2. On the left toolbar, click Group List to return a more detailed view.

Creating and Editing a Group


Create, edit, or delete a group.

Creating a Static Group


Create an empty static group. To populate the group afterward, use the Link panel to manually
add devices to a group. Membership changes only when you make modifications or delete a
device from Afaria.

1. On the Group page, on the top toolbar, click New > Static.
2. Enter a group name and note, and then click Save.
An empty group is created.
3. To populate the group, use the Link panel to link devices to the static group.

Linking a Device to a Static Group


Manually add a device to a static group.
As group size changes, the sort order may change which group has focus. When you link and
unlink devices and policies, make sure you have the correct group selected.
While the Link panel list may span multiple pages, toolbar actions, such as link or unlink, can
affect only the items selected on the current page. Navigating from one page to another clears
prior selections.

1. On the Group page, select the static group to which to add devices.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Device panel in the Link column filter, change the filter to Unlinked to display the
list of devices not linked to this group. To narrow the list, use the filter columns or click the
column title to sort.
4. Select the devices you want to add to the group and click Link on the device panel toolbar.
5. In the Link column, change the filter to Linked to show the devices linked to this group.

60 Afaria
Group

Unlinking a Device from a Static Group


Manually remove a device from a static group.

1. On the Group page, select the static group from which to remove devices.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Device panel in the Link column filter, click Link to display the list of devices linked
to this group.
4. Select the devices to remove from the group and click Unlink on the device panel toolbar.
The page refreshes without the devices in the list.

Creating a Dynamic Group


Create a dynamic group whose membership updates automatically based on changes to the
results of the device view.
You define the device view in the Device page when you click Select View on the left toolbar.

1. On the Group page, on the top toolbar, click New > Dynamic.
2. Enter a group name and note.
A list of device views from the Device page appears.
3. In the selected view list, select the view to define the group, and then click OK.
The dynamic group includes the devices from the view you selected.
4. Click Save.

Creating a User Group


Create a group that includes devices that are associated with users that are included in a user
group, as defined by the Afaria servers Windows users groups, LDAP groups, or NT domain
groups.
Device members may change as user group membership changes. Membership changes
automatically based on changes to the selected groups.

1. On the Group page, on the top toolbar, click New > User.
2. Enter a group name and note.
3. Select groups from the available groups list and click Add selected group.
To filter LDAP groups, use filter syntax (|cn=Group)(cn=CommonName) to filter
the results by group and common name. The syntax is compliant with the Internet
Engineering Task Force RFC 2254 standard for String Representation of LDAP Search
Filters.
4. Click Save.

Administration Reference 61
Group

Creating a Composite Group


Create one or more composite groups, which let you manage various types of groups as a
single entity.

1. On the Group page, on the top toolbar, click New > Composite.
2. Enter a group name and note.
3. Select groups from the available groups list and click Add selected group.
The groups you selected are added to the linked groups list.
4. Click Save.

Editing a Group
Edit the group information, such as name, note, and definition.

1. On the Group page, select the group to edit.


2. On the top toolbar, click Edit.
3. Edit the group name, note, and group setup as required.
To change the device membership for a static group, link and unlink devices from the Link
panel.

Deleting a Group
Delete a group from the group list.

1. On the Group page, select groups.


2. On the top toolbar, click Delete.

Inspecting a Group
Inspect the contents of a group, such as the groups that make up a composite group. The
information you see varies by group type.
To view the device membership for a static group, click Show/Hide Link to display the Link
panel.

1. On the Group page, select a group.


2. On the left toolbar, click Show/Hide Inspector to display information about the group.

62 Afaria
Group

Connecting a Group's Devices to Apply Policies


Apply policies to devices immediately, rather than waiting for a manual or scheduled
connection.

1. On the Group page, select groups.


2. On the top toolbar, click Apply Policy.

Connecting a Group's Devices to Run a Channel


Run session policies for devices in a group that has a linked session policy.

1. On the Group page, select groups.


2. On the top toolbar, click Run Channel.

Viewing a Group's Policy Links


View the policies linked to a group.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.

1. On the Group page, select groups.


2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
The filters for the policy panel behave differently depending upon how many groups you
have selected.
If you have one group selected:
All displays all available policies, regardless of link state.
Linked displays policies linked to the group.
Unlinked displays policies that are not linked to the group.
Mixed linked is not applicable when only one group is selected.
If you have multiple groups selected:
All displays all available policies, regardless of link state.
Linked displays policies that are linked to all selected groups.
Unlinked displays policies that are not linked to any of the selected groups.
Mixed linked displays policies that are linked to some of the selected groups, but
not all.

Administration Reference 63
Group

Viewing a Group's Devices


View the devices in a group.

1. On the Group page, select groups.


2. On the left toolbar, click Show/Hide Link to display the Link panel.
The default view displays linked devices.
The filters for the device panel behave differently depending upon how many groups you
have selected.
If you have one group selected:
All displays all available devices, regardless of link state.
Linked displays devices linked to the group.
Unlinked displays devices that are not linked to the group.
Mixed linked is not applicable when only one group is selected.
If you have multiple groups selected:
All displays all available devices, regardless of link state.
Linked displays devices that are linked to all selected groups.
Unlinked displays devices that are not linked to any of the selected groups.
Mixed linked displays devices that are linked to some of the selected groups, but
not all.

Linking a Policy to a Group


Link a policy to a group. All devices in the group receive the policy when they connect.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.
As group size changes, the sort order may change which group has focus. When you link and
unlink devices and policies, make sure you have the correct group selected.
While the Link panel list may span multiple pages, toolbar actions, such as link or unlink, can
affect only the items selected on the current page. Navigating from one page to another clears
prior selections.

1. On the Group page, select the groups for which you want to link policies.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.

64 Afaria
Group

3. In the Policy panel in the Link column filter, change the filter to Unlinked to display the list
of policies not linked to this group. To narrow the list, use the filter columns.
4. Select the policies to add to the group, and click Link on the policy panel toolbar.
5. In the Link column, change the filter to Linked to show the policies linked to groups.

Unlinking a Policy from a Group


Remove a policy from a group to discontinue managing the group's devices with the policy.
As group size changes, the sort order may change which group has focus. When you link and
unlink devices and policies, make sure you have the correct group selected.

1. On the Group page, select the groups from which to remove policies.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Policy panel in the Link column filter, click Link to display the list of policies linked
to the groups.
4. Select the policies you want to remove from the group and click Unlink on the policy panel
toolbar.
The page refreshes with the policies removed from the list.

Exporting a Group View


Export the group list in its current state with any filters or sort applied. You can export to Excel,
Word, and CSV.

1. From the Group list, click Export View.


2. Select All to export all pages of the view, or select Current Page Only.
3. Select the export format, and then click OK.

Administration Reference 65
Group

66 Afaria
Policy

Policy
Use policies to enroll and manage devices. In the Afaria Administrator, the Policy page is the
landing page for policy-focused tasks.
Policies let you:
Provision and enroll devices in management
Define device settings
Secure devices and data
Collect inventory
Distribute software
Collect device activity data

Policy Types
Several types of policies are available that allow you to enroll and manage different
applications, devices, and channels.
These types of policies are available:
Application manage applications for iOS and Android devices.
Configuration define device settings and options, and collect device inventory and
device activity data.
Enrollment enroll and provision devices that are assigned configuration policies so you
can enforce security parameters and deploy and manage enterprise applications.
Session select channels for devices to run. Channels include scripted events and logic to
perform tasks on the devices, such as file transfers and registry updates.

Viewing the Policy List


View policy summary information, such as operating system and type.
The default sorting on the policy page is by name.

1. On the Home page banner, click Policy, or click one of the links on the Policy tile.
2. Review the policy list.
The default view is unfiltered; it includes all policies and may span multiple pages.
3. (Optional) Click the title of any column to sort by that column.

Administration Reference 67
Policy

Viewing the Policy Dashboard


View a graphical representation of policies, such as type, published state, and distribution
across device types.

1. On the Policy page, click Policy Dashboard.


2. On the left toolbar, click Policy List to return a more detailed view.

Application Policies
Application policies define commercial and enterprise application packages for iOS and
Android devices. The policies determine which applications are available for devices to
browse and install.

App Store Application Policies for iOS Devices


iOS App Store application policies define which Apple App Store applications are available
for devices to browse and install from the Afaria application app list.
Commercial applications are delivered from the Apple App Store commercial market.
Application packages include:
Identifying information for the application
(Optional) Information for Apple redemption codes
(Application onboarding) File or data for application onboarding data provisioning

Note: Information for application onboarding is described in the Administration Reference.

Preparing iOS Devices for Application Management


Enroll iOS devices in management prior to deploying applications to prepare them for
application management.
Enroll devices in Afaria management, which includes installing and configuring the Afaria
application from the Apple App Store and installing Afaria mobile device management
(MDM) control.

Preparing for iOS App Store Application Management


For each App Store application of interest, collect required application information.

In the App Store, or by using a Web search, locate and record an App Store number and
country code.
For example, the App Store number for application Paper Toss developed by Backflip
Studios is 317917431, and the country code is US, as extracted from the URL http://
itunes.apple.com/us/app/paper-toss/id317917431?mt=8.

68 Afaria
Policy

Creating an Application Policy for iOS App Store Apps


Create a policy for an application from the Apple App Store.

Prerequisites
Complete the procedure to prepare for an App Store application, which includes recording the
application's App Store number and country code.

Task
The device user must have an iTunes account with Apple. App Store user agreements and costs
are independent of Afaria operations.
The application policies configuration page is reserved for application onboarding data
provisioning and is not part of this procedure. Refer to Administration Reference.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the top toolbar, click New > Application > iOS App Store.
2. On the Summary page, enter the policy name and note and click to indicate published or
unpublished.
Connecting devices receive only published policies.
3. On the General page, define an application's information, then click Update to populate
the Information box.
Category select an appropriate category.
If the category is not yet on the list, click Manage to open the Manage Categories
dialog, then click New to add a new category.
App Store Number
Country Code
(Optional) App ID to support Afaria package tracking capabilities, enter the
identifier, as defined by the developing entity.
For example, the identifier for application Paper Toss developed by Backflip Studios
is com.backflipstudios.PaperToss. Afaria reports this value in a device's software
inventory Identifier field. Enter the application package after you retrieve the
identifier from the software view.
Data retrival is subject to data availability from the App Store.
4. (Optional) On the Redemption Codes page, click Add to add a redemption code purchase
order spreadsheet, as received from Apple.
5. At the top of the page, click Save.

Administration Reference 69
Policy

Deploying iOS App Store Apps


Deploy iOS App Store applications by deploying the application policy. On the device's
Afaria application, users can use the application list to browse the list of applications and
launch an App Store installation. After installing an application, only the user can remove it.

Prerequisites
Complete the procedures to prepare for an iOS App Store application, which includes creating
the application policy.

Task
The device user must have an iTunes account with Apple. App Store user agreements and costs
are independent of Afaria operations.
Application onboarding data provisioning is optional for applications.

1. On the Policy page, link the application policy to a group.


2. On the Group page, connect the group's devices to apply policies.
The device connects to Afaria and reports its current software inventory.
3. On the device, the user opens the Afaria application and can browse the list of
applications.
If you use the optional category attribute, applications are grouped by category.
4. On the device, the user taps Install to launch an installation.
The Afaria application closes and the device connects to Apple App Store, where the user
can initiate the installation.

Enterprise Application Policies for iOS Devices


iOS enterprise application policies define which enterprise-signed applications are available
for devices to install.
Enterprise-signed applications are produced by your developing entity and are delivered from
the Afaria package server. Application packages include:
Identifying information for the application
(Application onboarding) File or data for application onboarding data provisioning

Note: Information for application onboarding is described in the Administration Reference.


The preparation and deployment process differs based on whether you define the application
as required or optional in the application policy:
Required for deployment, users are prompted from the Afaria application to install the
application automatically without browsing a list of applications. Preparing for
deployment includes:

70 Afaria
Policy

1. Compile the application.


2. Deploy its provisioning file in a configuration policy.
3. Create an application policy.
Optional for deployment, users must use the Afaria Self-Service Portal for device
management to browse and install applications. Preparing for deployment includes:
1. Compile the application.
2. Deploy its provisioning file in a configuration policy.
3. Create an application policy.
4. Create an enrollment policy to define the appropriate group for the application policy.
5. Install, reinstall, or verify an instance of Afaria Self-Service Portal that is configured
for the enrollment policy.
6. Update the enrollment policy with a reference to the portal for the app list that appears
in the device's Afaria application.

Preparing iOS Devices for Application Management


Enroll iOS devices in management prior to deploying applications to prepare them for
application management.
Enroll devices in Afaria management, which includes installing and configuring the Afaria
application from the Apple App Store and installing Afaria mobile device management
(MDM) control.

Preparing for iOS Enterprise Application Management for Required Apps


For each required enterprise-signed application of interest, make the compiled application and
its provisioning file available for Afaria use, deploy the provisioning file to devices, and create
the application policy. Deploying the provisioning file in advance of the application ensures
that you can disable the application in the future if needed.

Prerequisites
This procedure describes preparing for managing devices that have the Apple App Store
version of the Afaria application installed, rather than an enterprise-signed version of Afaria.

Task

1. Compile your application according to iOS Developer Enterprise Program procedures.


The Apple iOS Developer Enterprise Program is defined and managed by Apple. See
https://developer.apple.com/support/ios/enterprise.html
2. Make a copy of the compiled application (.ipa) and the application's associated
provisioning file (.mobileprovision)) available to the Afaria Administrator user
responsible for creating application policies.
The application must include a complete manifest file (.plist), as defined by Apple iOS
Developer Enterprise Program.

Administration Reference 71
Policy

3. On the Afaria Administrator Policy page, create a configuration policy for iOS devices that
use the application's provisioning file to define an MDM Payload > Provisioning File
item.
4. Deploy the provisioning file to the group to which you plan to deploy the application.
a) On the Policy page, link the configuration policy to the group.
b) On the Group page, send a command to the group to connect the group's devices to
apply policies.
Devices connect to Afaria and install the provisioning file without requiring user
interaction. You can verify the file on the device on the Settings > General > Profiles
page.
5. On the Afaria Administrator Policy page, create an application policy for the application
with the required attribute.

Preparing for iOS Enterprise Application Management for Optional Apps


For each optional enterprise-signed application of interest, make the compiled application and
its provisioning file available for Afaria use, prepare for Afaria Self-Service Portal use, and
deploy the provisioning file to devices. The portal self-management lets users browse and
install optional enterprise applications. Deploying the provisioning file in advance of the
application ensures that you can disable the application in the future if needed.

Prerequisites
This procedure describes preparing for managing devices that have the Apple App Store
version of the Afaria application installed, rather than an enterprise-signed version of Afaria.

Task

1. Compile your application according to iOS Developer Enterprise Program procedures.


The Apple iOS Developer Enterprise Program is defined and managed by Apple. See
https://developer.apple.com/support/ios/enterprise.html
2. Make a copy of the compiled application (.ipa) and the application's associated
provisioning file (.mobileprovision)) available to the Afaria Administrator user
responsible for creating application policies.
The application must include a complete manifest file (.plist), as defined by Apple iOS
Developer Enterprise Program.
3. On the Afaria Administrator Policy page, create a configuration policy for iOS devices that
uses the application's provisioning file to define an MDM Payload > Provisioning File
item.
4. Deploy the provisioning file to the group to which you plan to deploy the application.
a) On the Policy page, link the configuration policy to the group.
b) On the Group page, send a command to the group to connect the group's devices to
apply policies.

72 Afaria
Policy

Devices connect to Afaria and install the provisioning file without requiring user
interaction.
5. On the Afaria Administrator Policy page, create an application policy for the application
with the optional attribute.
6. On the Afaria Administrator Policy page, create an enrollment policy that includes the
group.
7. Install, reinstall, or verify an instance of Afaria Self-Service Portal that is configured for
the enrollment policy to which the group can connect for reenrollment and
management.
8. On the Afaria Administrator Policy page, update the enrollment policy on the General
page to define the attributes for Self-Service Portal.
Title user-facing title for identifying the portal in the Afaria application app list on the
device.
Description user-facing description for the portal in the Afaria application app list on
the device.
URL address for the portal that is configured with the enrollment policy.

Creating an Application Policy for iOS Enterprise Apps


Create a policy for optional or required enterprise-signed applications on iOS devices.
The application policies configuration page is reserved for application onboarding data
provisioning and is not part of this procedure. Refer to the Administration Reference.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the top toolbar, click New > Application > iOS Enterprise Application.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished.
Install click to choose optional or required. For required applications, the Afaria
application prompts users to install the application when they open Afaria until they
install it, but cannot force the installation.
3. On the General page, define an application's information.
Passcode click to require passcode before allowing the application to install. The
passcode must be enabled on the device, as recorded in the device's inventory on the
server, before allowing the application to install.
(Optional) Category select an appropriate category.
If the category is not yet on the list, click Manage to open the Manage Categories
dialog, and then click New to add a new category.
IPA click Browse to locate and upload the application (.ipa).
The path is relative to the administrator user's workstation.
4. At the top of the page, click Save.

Administration Reference 73
Policy

Deploying iOS Enterprise Required Apps


Deploy required iOS enterprise applications by deploying the application policy. Users are
automatically prompted to install the application. After installing an application, only the user
can remove it.

Prerequisites
Complete the procedures to prepare for an iOS enterprise required application, which includes
creating the application policy.

Task
Enterprise applications installed and provisioned by Afaria can be disabled only by Afaria
operations.

1. On the Policy page, link the application policy to a group.


2. On the Group page, connect the group's devices to apply policies.
The device connects to Afaria and reports its current software inventory.
3. On the device, the user opens the Afaria application and is prompted to install the
application.
When the user opens the application, the device connects to the package server. Based on
the device's software inventory, as known to the Afaria database, the server prompts the
user to install any required applications not yet installed. A user can postpone an
installation, but not cancel it. Prompting continues until the user installs the application.
For applications that are 100MB or smaller, the status bar effectively tracks progress. For
applications larger than 100MB, the device may appear to freeze at the 100% progress
point, but just needs additional time to complete. Set expectations with your users.
Note: Some latency exists between the time a user installs software and the time it is
reported to the database. Therefore, a user may be prompted to install software that is
already installed. To force an inventory update, connect the group's devices to apply
policies again or run the iOS Device Refresh schedule.

Deploying iOS Enterprise Optional Apps


Deploy optional iOS enterprise applications by having uses browse and install applications
from the Afaria Self-Service Portal. After installing an application, only the user can remove
it.

Prerequisites
Complete the procedures to prepare for an iOS enterprise optional application, which includes
creating the application policy and installing a Self-Service Portal instance with an
appropriate enrollment policy.

74 Afaria
Policy

Task
Enterprise applications installed and provisioned by Afaria can be disabled only by Afaria
operations.

1. Provide users with the address to the portal and instruct them to reenroll in
management.
2. After reenrollment, users manage their devices to browse and install optional enterprise
applications.
When the user clicks to install the application, the device connects to the package server to
launch the installation.
For applications that are 100MB or smaller, the status bar effectively tracks progress. For
applications larger than 100MB, the device may appear to freeze at the 100% progress
point, but just needs additional time to complete. Set expectations with your users.

Disabling an iOS Enterprise Application on a Device


Disable an optional or required enterprise application to prevent the user from running it.
Disabling does not remove the application from the device. Once installed, only the user can
remove it.

1. On the configuration policy that delivered the application's provisioning file to the device,
remove the provisioning file payload from the policy.
2. On the Group page, send a command to the group to connect the group's devices to apply
policies.
The device connects to Afaria and reports its current inventory. The server delivers
instructions to remove the provisioning file from the device.

Subsequent attempts to launch the application fail. You can restore the user's ability to run the
application by reinstalling the provisioning file payload.

Google Play Application Policies for Android Devices


Google Play Android application policies define which Google Play applications are available
for devices to browse and install from the Afaria application app list.
Commercial applications are delivered from the Google Play commercial market. Application
packages include:
Identifying information for the application
(Application onboarding) File or data for application onboarding data provisioning

Note: Information for application onboarding is described in Administration Reference.

Preparing Android Devices for Application Management


Enable applications from unknown sources and enroll Android devices in Afaria management
to prepare them for application management.

Administration Reference 75
Policy

1. To allow enterprise application deployment, ensure that devices allow installing


applications from unknown sources. On the 2.x and 3.x devices, tap Settings >
Applications and enable unknown sources. On 4.x devices, tap Settings > Security and
enable unknown sources.
2. Ensure that devices have installed the Afaria application.
3. Ensure that devices have a configuration policy that has inventory enabled.
4. Ensure that devices have either a configuration policy that configures C2DM messaging or
have an SMS address on their device record.

Preparing for Android Google Play Application Management


For each Google Play application of interest, collect required application information.

Use a Web search or other means to locate and record an application name, as defined by the
developing entity.
You can use the Google Play site from your desktop to discover the package name by selecting
an application and extracting the package name from the URL. For example, the application
package name for the Kindle for Android application is com.amazon.kindle, as extracted from
URL https://play.google.com/store/apps/details?id=com.amazon.kindle&hl=en.
You can use Afaria to discover the package name by collecting software inventory from a
device that has the application of interest installed. The application package name is reported
as the software name.

Creating an Application Policy for Android Google Play Apps


Create policies for managing applications from Google Play.

Prerequisites
Complete the procedure to prepare for a Google Play application, which includes recording
the application name.

Task
The device user must have an account with Google Play. Google Play user agreements and
costs are independent of Afaria operations.
The application policies configuration page is reserved for application onboarding data
provisioning and is not part of this procedure. Refer to Administration Reference.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the top toolbar, click New > Application > Android Market.
Google Android Market is renamed to Google Play.
2. On the Summary page, enter the policy name and note and click to indicate published or
unpublished.

76 Afaria
Policy

Connecting devices receive only published policies.


3. On the General page, define an application's information, and then click Update to
populate the Information box.
Category select an appropriate category.
If the category is not yet on the list, click Manage, then click New to add a new
category, and click Select to select it.
Package application name, such as com.amazon.kindle.
Data retrieval is subject to data availability from the Google Play.
4. At the top of the page, click Save.

Deploying Android Google Play Apps


Deploy Android Google Play applications by deploying the application policy. On the device's
Afaria application, users can use the application list to browse the list of applications and
launch a Google Play installation.

Prerequisites
The device user must have an account with Google Play. Google Play user agreements and
costs are independent of Afaria operations.

Task
After installing an application, only the user can remove it, unless the device is a Samsung
AES device and you use a configuration policy with Samsung application properties to
remove it.

1. On the Policy page, link the application policy to a group.


Linking to a user group for Android policies is not supported.
2. On the Group page, connect the group's devices to apply policies.
The device connects to Afaria and reports its current software inventory.
3. On the device, the user opens the Afaria application and can browse the list of applications
by going to the Apps page.
If you use the optional category attribute, applications are grouped by category.
4. On the device, the user taps Install to launch an installation.
The Afaria application closes and the device connects to Google Play, where the user can
initiate the installation.

Enterprise Application Policies for Android Devices


Android enterprise application policies define which enterprise applications are available for
devices to browse and install from the Afaria application app list.
Enterprise applications are produced by third-party entities and are delivered from the Afaria
package server. Application packages include:

Administration Reference 77
Policy

Identifying information for the application


(Application onboarding) File or data for application onboarding data provisioning

Note: Information for application onboarding is described in Administration Reference.

Preparing Android Devices for Application Management


Enable applications from unknown sources and enroll Android devices in Afaria management
to prepare them for application management.

1. To allow enterprise application deployment, ensure that devices allow installing


applications from unknown sources. On the 2.x and 3.x devices, tap Settings >
Applications and enable unknown sources. On 4.x devices, tap Settings > Security and
enable unknown sources.
2. Ensure that devices have installed the Afaria application.
3. Ensure that devices have a configuration policy that has inventory enabled.
4. Ensure that devices have either a configuration policy that configures C2DM messaging or
have an SMS address on their device record.

Preparing for Android Enterprise Application Management


For each enterprise-developed application of interest, use Android development procedures to
make compiled applications available for Afaria use.

1. Make a copy of the compiled application (.apk) available to the Afaria Administrator
user responsible for creating application policies.
2. On the Afaria Administrator Policy page, create an application policy for the
application.

Creating an Application Policy for Android Enterprise Apps


Create policies for managing enterprise-developed applications on Android devices. For
Samsung AES devices using the Samsung-signed Afaria application, you can create a
required enterprise application for silent installation that the user cannot remove it unless you
change the application's attribute to optional and redeliver the policy.
The application policies configuration page is reserved for application onboarding data
provisioning and is not part of this procedure. Refer to Administration Reference.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Application > Android
Enterprise.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished.

78 Afaria
Policy

Install click to choose optional or required. The required attribute affects only
Samsung-signed Afaria devices. It lets the application install silently at the device,
without user interaction, and the user cannot remove it. Use a configuration policy to
remove an Android required enterprise application.
3. On the General page, define an application's information, and wait for it to populate the
information box before continuing.
Category select an appropriate category.
If the category is not yet on the list, click Manage, then click New to add a new
category, and click Select to select it.
APK browse to the application (.apk).
The path is relative to the administrator user's workstation.
4. On the top of the page, click Save.

Deploying Android Enterprise Apps


Deploy Android enterprise applications by deploying the application policy. On the device's
Afaria application, users can use the application list to browse the list of applications and
launch a package-server-based installation.
After installing an application, only the user can remove it, unless the device is a Samsung
AES device and you use a configuration policy with Samsung application properties to
remove it.

1. On the Policy page, link the application policy to a group.


Linking to a user group for Android policies is not supported.
2. On the Group page, connect the group's devices to apply policies.
The device connects to Afaria and reports its current software inventory.
3. On the device, the user opens the Afaria application and can browse the list of applications
by going to the Apps page.
When the user opens the Apps page, the device connects to the package server. The server
refreshes the device's list of applications.
4. The user browses the application list and installs the application.
If you use the optional category attribute, applications are grouped by category.
5. On the device, the user taps Install to launch an installation.
The Afaria application connects to the package server, downloads the application, and
initiates the installation.

Removing an Android Required Enterprise Application from a Device


For required enterprise applications installed on Samsung AES devices that have the
Samsung-signed Afaria application, remove a required enterprise application to prevent its

Administration Reference 79
Policy

use on the device. The user cannot remove it unless you change the application's attribute to
optional and redeliver the policy.
1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. Define the policy with these Samsung > Application policy page properties:
Samsung Application Enable/Disable Policy add the application to the list and set the
Uninstallation Enable/Disable attribute to enabled.
Samsung Application Install/Remove/Update Policy add the application package
name to the list and set the Policy attribute to remove.
3. On the Policy page, link the configuration policy to a group.
4. On the Group page, send a command to the group to connect the group's devices to apply
policies.
The device connects to Afaria and reports inventory. The server delivers instructions to
remove the application from the device.
After a subsequent connection, the Device Inspector > Managed Software inventory will show
the application is removed.

Configuration Policies
Configuration policies collect inventory and set device settings without engaging users.
Inventory is collected for hardware, software, or both. Configuration policy settings vary by
device type, but may include settings such as for passwords, Wi-Fi, roaming, and VPN.
For many settings, the policy determines the items that are visible on the device user interface.
For some devices, such as some Samsung and Motorola Android models, the policy can set
items that are available only through manufacturer APIs, and are not visible in the user
interface.

Configuration Policy User Interface Controls


For many of the Android and Windows Mobile configuration policy attributes, setting the
attribute requires selecting a check box to enable the setting, then setting or selecting a value.
For most attributes listed on configuration policy pages, such as the Schedule page for an
Android configuration policy or the Connection > Ports page for a Windows Mobile
Professional policy, affecting a setting on a device requires selecting a check box, then setting
a value:
Check box select the check box to include the setting in the policy.
Value set the value for the setting by using the appropriate controls, such as typing in a
text field, selecting a list value, or other as available on the user interface.
For example, on the Android configuration policy Schedule page, select a check box to
include the schedule setting, then select a time from the list to set the schedule time. To stop
setting a value, clear the check box.

80 Afaria
Policy

Creating a Configuration Policy for Android


Create a policy for scheduling device connections, collecting inventory, and configuring
device settings for Android devices.
The policy includes multiple pages, such as Summary and Schedule. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished. Connecting devices receive only
published policies.
Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A high priority prevails over a lower priority.
Authentication select to require the server to verify the connecting users identity
against your authentication authority before allowing the policy to run. This option is
available only if you have authentication enabled on the server, as defined on the
Server > Configuration > Security page.
Inventory select the inventory type to collect. Inventory is viewed on the Device
page's Device Inspector.
Do not collect Inventory no inventory collection.
Hardware scan collects data relating to the device's physical components, such as
processors and memory cards.
Hardware and Software scan collects hardware data and data for installed
software.
3. (Optional) Configure additional pages according to your requirements.
4. At the top of the page, click Save.

Android Basic Configuration


Configuration policy properties apply to all supported Android devices, such as for
passwords, Afaria configuration settings, and a daily connection.

Configuring Basic Settings for Android Devices


For Android devices, use Afaria to configure basic settings for password, Bluetooth, Wi-Fi,
and a daily connection.
The password security goes into effect only when the device has a password enabled.

1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. On the Summary page, enter the policy name, note, and remaining properties.
3. (Optional) To configure a daily connection, define Afaria > Schedule page properties.
4. (Optional) To configure password attributes, define Android > Security page properties.

Administration Reference 81
Policy

For Samsung devices with Advanced Enterprise Security (AES) capability, you can define
additional password attributes on the Samsung > Device Policy page.
5. (Optional) To configure Bluetooth capabilities, define Android > Bluetooth page
properties.
For Samsung devices with AES capability, you can configure and enforce enabling
Bluetooth, rather than just configuring it, on the Samsung > Miscellaneous Policy page.
6. (Optional) To configure devices for wireless LAN (WLAN) connectivity, define Android
> Wireless LAN page properties.
For Samsung devices with AES capability, you can configure and enforce enabling
connectivity, rather than just configuring it, on the Samsung > Miscellaneous Policy
page.
7. (Optional) To configure devices for an Afaria server connection, define Android > Client
Communications property page.
8. Save and publish the policy, link it to a group profile, then connect the devices.

Security Property Page


For Android devices, sets properties for passwords. For remote device unlock authority,
Afaria requires exclusive device administrator privileges for password management.
The properties are set only if the device has a password enabled.
Password required enables password protection. Enable this field to configure the
remaining fields.
Password format the alphabetic, numeric, or alphanumeric composition of the password.
Minimum password length the minimum length for the password.
Invalid password attempts before the device hard resets the number of times a user can
incorrectly enter in the wrong password before the device hard resets.
Maximum time till lock amount of idle time before a device locks.
Android 3X Only for properties set to 0, the property does not restrict the policy. If you
previously deployed a policy using a non-zero value for this property, and now want to
deploy a policy that ignores the property, set the value to 0.
Minimum password letters minimum number of letters in the password.
Minimum password lowercase minimum number of lowercase letters in the
password.
Minimum password uppercase minimum number of uppercase letters in the
password.
Minimum password non-letter minimum number of non-letter characters in the
password.
Minimum password numeric minimum number of numerals in the password.
Minimum password complex characters minimum number of characters from the
devices symbol keyboard in a password. For example, the ampersand (&).
Password history number of passwords stored on the history list.

82 Afaria
Policy

Password expiration timeout in days number of days a password remains valid.


Encrypt storage encrypt device memory.

Android Schedule Property Page


For Android configuration policies, sets properties for a daily connection to run a default
channel.
Schedule starting hour daily connection time, as defined by the devices regional
settings. If the device is turned off and misses the scheduled time, the device does not retry
the connection at start-up.
Maximum schedule retries specify the number of times Afaria attempts to retry failed
connection attempts.
Retry wait time (minutes) set the time to wait before attempting the connection again.

Bluetooth Property Page


For Android devices, sets properties for using Bluetooth capabilities.
Enable Bluetooth enables the Bluetooth radio.
Scan Devices enables scanning for nearby discoverable devices.

Wireless LAN Property Page


For Android devices, sets properties for a single wireless LAN (WLAN) connection per
session. To set properties for multiple connections, connect the device for multiple sessions,
and define one Wireless LAN connection in each separate session.
Some values are established by your network administrator.
Enable WiFi enables wireless access to a LAN. Enable and define this field to configure
other, dependent WLAN settings.
SSID defines the Service Set Identifier (SSID) for the WLAN.
Hidden SSID defines whether to broadcast the SSID.
Security defines the network mode used by the network:
WEP
WPA/WPA2 PSK
802.1x Enterprise
Pre-shared key defines the passphrase used to access the network.
WEP key 1 WEP key value.

Device Communications Property Page


For Android devices, sets Afaria application configuration properties to connect to the Afaria
server, either directly or through its relay server proxy.
Server fully-qualified host name or IP address of the Afaria server.
Relay server farm ID if using a relay server proxy, the farm ID, as defined on the Server >
Configuration > Relay Server page.

Administration Reference 83
Policy

Relay server prefix if using a relay server proxy, the relay server prefix, as defined on the
Server > Configuration > Relay Server page.
Channel name published channel or channel set for the device to request when
connecting to the Afaria server.
Server C2DM Send Account account as configured on the Server > Configuration >
C2DM Server page.

Android NitroDesk TouchDown Configuration


Configure NitroDesk TouchDown clients to connect to an enterprise Microsoft Exchange
environment.
TouchDown provides access to Exchange e-mail, contacts, and calendars using ActiveSync
technology. NitroDesk product documentation for configuring and using the TouchDown
client is available on the NitroDesk Web site.

Configuring NitroDesk TouchDown on Android Devices


For planned NitroDesk TouchDown client users, define a configuration policy that launches
the TouchDown client configuration wizard with optional license key and optional
configuration data.

1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. On the Summary page, enter the policy name, note, and remaining properties.
3. On the NitroDesk > Account Configuration page, select Enable Account
Configuration to launch the configuration wizard.
4. (Optional) To apply a license key as purchased from NitroDesk, enter the license key.
5. Define account configuration data.
Some data elements are optional.
6. (Optional) To override Exchange ActiveSync settings with more restrictive settings,
define NitroDesk > EAS Overrides page properties.
7. (Optional) To define additional security settings for using the TouchDown client, define
NitroDesk > Security Settings page properties.
8. (Optional) To define additional settings for using the TouchDown client, define
NitroDesk > User Setting, NitroDesk > Email Options, or NitroDesk > Calendar
Options page properties.
9. Save and publish the policy, link it to a group profile, and then connect the devices.
10. On the device, at the conclusion of the Afaria session, the TouchDown client configuration
wizard launches and the user completes the configuration steps.
For configuration data not defined in the policy, the wizard prompts the user.
When the wizard is complete, the device connects to the e-mail server.

84 Afaria
Policy

Converting NitroDesk TouchDown Trial Clients to Licensed Clients


For current NitroDesk TouchDown trial client users, apply a license key to convert a trial
TouchDown instance to a licensed instance, without reinstalling the client.

Prerequisites
A TouchDown license from NitroDesk is required for this task.

Task

1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. On the Summary page, enter the policy name, note, and remaining properties.
3. On the NitroDesk > Account Configuration page, select Enable Account
Configuration to launch the configuration wizard.
4. Enter the license key.
5. Save and publish the policy, link it to a group profile, and then connect the devices.

Wiping NitroDesk TouchDown Data and SD Card Data


For NitroDesk TouchDown client users, from the device list on the Device page, you can
delete all configuration and user data associated with the NitroDesk TouchDown application
from main memory and all data on the SD card.

NitroDesk Account Configuration


For planned NitroDesk TouchDown client users, sets properties for a new TouchDown client
when launching the TouchDown client configuration wizard. For current NitroDesk
TouchDown trial client users, applies an account license key to an installed trial version.
Enable account configuration on the device, launches the TouchDown client
configuration wizard.
Account license key as purchased from NitroDesk, the license key for the TouchDown
client. For TouchDown trial users, applying the license key converts the trial instance to a
licensed instance.
Account configuration
User ID user id for the users Exchange account.
Password password for the users Exchange account.
(Optional) Email address e-mail address for the users Exchange account. If not
provided, the user is prompted to enter a value.
Domain defines the name of the network domain on which the Exchange server
resides.
Exchange server fully qualified domain name for the server that hosts the ActiveSync
service.
Allow any server certificate click Yes to allow.

Administration Reference 85
Policy

Certificate click Browse to navigate to the certificate.


Certificate password password for client authentication certificate.
Auto-start automatically launch the TouchDown client configuration wizard.

NitroDesk EAS Overrides


For NitroDesk TouchDown client users, sets properties to override Exchange ActiveSync
settings. These settings override the Exchange settings only if they are more restrictive than
the Exchange settings.
Consider these items:
Reset polices clears all existing policies before assigning override policies.
TouchDown password required only if enabled.

NitroDesk Security Settings


For NitroDesk TouchDown client users, sets properties for additional security settings for
using the TouchDown client.
Consider these items:
Phone book copy fields comma-delimited list of data elements that are eligible for copy
to phone book.
org
photo
note
title
location
dept
wphone
wphone2
hphone
hphone2
mphone
ofax
hfax
assistantphone
radiophone
carphone
pager
compphone
email1
email2
email3

86 Afaria
Policy

homeaddress
workaddress
otheraddress
Set signature if left blank, users can enter their own signature.
Set suppressions comma-delimited list of codes for suppressing user-facing items after
TouchDown has been configured. Examples of suppression codes and associated items:
101 Quick Configuration Button
102 Connection Mode
103 User ID, Domain, and Email Address
104 Language
150 Server Information
151 ISA Flags Settings
200 Push and Polling Settings
201 Email History
203 Signature
A complete list of suppression codes is available in the NitroDesk client users guide.

NitroDesk User Settings


For NitroDesk TouchDown client users, sets properties for general user settings.
Consider the following:
Email body style specify fonts, sizes, colors, and styles used to create new HTML
messages.
Email body style syntax is:
font-family:<FONT_NAME>;font-size:<FONT_SIZE>

NitroDesk Email Options


For NitroDesk TouchDown client users, sets properties for additional email options.

NitroDesk Calendar Options


For NitroDesk TouchDown client users, sets properties for calendar options.

Android Motorola Configuration


Configure Motorola Android devices that support enterprise device management for
certificates, Microsoft Exchange ActiveSync accounts, and VPN connections.
Motorola product documentation for devices is available on the Motorola support downloads
site.

Administration Reference 87
Policy

Motorola Certificate Configuration


For Motorola Android devices, sets properties for, and installs, user authentication and
certificate authority (CA) certificates that are present on the devices SD card.
Check box select to deploy the policy during the next session. If you unselect the check
box, the policy remains on the list but is not deployed on the device.
Identifier user-defined identifier for your certificate. This uniquely identifies the
certificate in Afaria and on the device.
File path path and file name on the device, such as /sdcard/newpkcs12cert.p12 or /sdcard/
newpemcert.crt.
Type types supported:
PKCS12 enter PKCS12
PEM enter CERT
(PKCS12) Password a password required for certificate type PKCS12 installation. If left
blank in the channel, the installation prompts the user for the password.
Consider these items:
When installing PKCS12 certificates, in some instances, users may be prompted for a
password.
For CA certificates, you can verify the certificates presence in the trusted certificate store
on the device by navigating to Settings > Location and Security > Certificates >
Manage Trusted Certificates > Settings, or in the VPN add settings page by navigating
to Wireless and Network Settings > VPN Settings > Add VPN > Add L2TP/IPSec
CRT VPN > Set CA certificate. The certificate populates the list of certificates.
For user authentication certificates, you can verify the certificates presence on the device
by navigating to Settings > Wireless and Network Settings > VPN Settings > Add VPN
> Add L2TP/IPSec CRT VPN > Set user certificate. The certificate populates the list of
certificates.

Motorola EAS Configuration


For a Motorola Android user that is already defined in the Microsoft Exchange environment,
sets properties for the native Microsoft Exchange ActiveSync (EAS) client. Once the client is
defined on a device, lets you remove it from the device.
Identifier uniquely identifies the Exchange account in Afaria and on the device. You can
configure the account for a user on multiple devices. You can configure multiple accounts
for a user on a device.
Email Address users Exchange e-mail address.
Host Server fully qualified domain name for the Microsoft Exchange server.
User Name users Exchange user name.
Password users Exchange password.
SSL indicates whether to use secure protocol for Exchange sessions.

88 Afaria
Policy

Warning! Do not remove an item from the list in the policy editor until after you remove the
configuration from a device. You cannot remove the configuration from a device if it is not on
the editors list with the same identifier originally delivered to the device.
To add a configuration item to the list in the policy editor, click Add. To remove a defined item,
select it in the list and click Remove.
To add a configuration item to a device, add the configuration item to the list, and run the
policy on the device. To remove a configuration item from a device, delete the e-mail address
from the configuration on the channel, and run the policy on the device.
You can verify the accounts presence on the device by navigating to the devices Settings and
locating the account.

Motorola VPN Configuration


For Motorola Android devices, sets properties for VPN connections. Once the connection is
defined on a device, lets you modify or remove it from the device.
Afaria can configure these VPN types:
PPTP
L2TP
L2TP-IPSec-CRT
L2TP-IPSec-PSK
VPN types require many of the same data values, many of which are defined by your IT
administrator. Data values include:
Identifier network identifier. The value uniquely identifies the VPN configuration in
Afaria and on the device.
Name name for VPN connection.
Server fully qualified domain name.
DNS Search one or more comma-delimited domains to use for authenticating the user.
(PPTP) Encryption indicates whether to encrypt all communications for the connection.
Secret indicates whether a secret string is required.
Secret String ASCII string.
(L2TP-IPSec-CRT) CA Cert location of certificate authority (CA) certificate on the
device.
L2TP-IPSec-CRT) User Cert location of the user certificate on the device.
(L2TP-IPSec-PSK) PreShared Key the value of the preshared key.

Warning! Do not remove an item from the list in the policy editor until after you remove the
configuration from a device. You cannot remove the configuration from a device if it is not on
the editors list with the same identifier originally delivered to the device.

Administration Reference 89
Policy

When a VPN policy is applied at the device, it is a known behavior of the Motorola APIs that at
the conclusion of the session, the user may continue to see messages such as Configuring...,
Removing..., Result: Failure, Result: Success, which the user can dismiss.
To add a configuration item to the list in the policy editor, click Add. To remove a defined item,
select it in the list and click Remove.
To add a configuration item to a device, add the configuration item to the list, and run the
policy on the device. To remove a configuration item from a device, delete the VPN name from
the configuration on the policy, and run the policy on the device.

Android Samsung Configuration


Configuration policy Samsung features let you use Afaria Advanced Enterprise Security
(AES) on Samsung Android devices that support enterprise device management, and have
installed the Samsung-signed Afaria application. The application is available from either the
Samsung Apps store or Google Play.
Use configuration policy Samsung property pages for:
Security management
Application management
Configuration management
Microsoft Exchange client configuration
Samsung product documentation for devices is available from the Samsung support site.

Configuring AES General Settings for Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability,
configure AES settings for stronger passwords, device restarts, device feature capabilities,
encryption, roaming data synchronization, or install a certificate.

1. On the Policy page, on the top toolbar, click New > Configuration > Android.
2. On the Summary page, enter the policy name, note, and remaining properties.
3. (Optional) To strengthen password attributes or force a device restart, define Samsung >
Device Policy page properties.
4. (Optional) To enable functionality for Bluetooth, Wi-Fi, camera, microphone, encryption,
or install a certificate, define Samsung > Miscellaneous Policy page properties.
Once the Encrypt device property is applied at the device, for each subsequent
connection that includes the Encrypt device attribute, it is a known behavior of the
Samsung APIs that the user may see message The same policy is already applied,
and can disregard it.
If Encrypt SD card property is applied at the device, it is a known behavior of the
Samsung APIs that the user may see messages similar to Unable to use SD card
without data encryption, and can dismiss them. The device encrypts the data.

90 Afaria
Policy

If installing a certificate, it is a known behavior of the Samsung APIs that the certificate
installs during each connection for which the certificate property is set, regardless of
whether the certificate is already installed.
5. (Optional) To manage data synchronization while roaming, define Samsung > Roaming
Policy page properties.
6. Save and publish the policy, link it to a group profile, then connect the devices.

Configuring Exchange ActiveSync for Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability, for the
native Microsoft Exchange ActiveSync (EAS) client, deploy a single Microsoft Exchange
policy to configure one or more e-mail accounts on a device.
1. On the Policy page, on the top toolbar, click New > Configuration > Android and create a
configuration policy for Android devices that includes the Samsung > Exchange
Account Policy page with defined configuration items.
To define policies that you can deploy to multiple users, use temporary values in the data
elements that require differentiation for each user.
2. In the policy configuration list, select the check box for each item on the list to deploy;
unselect the other check boxes.
3. Save and publish the policy, link it to a group profile, then connect the devices.
If a policy includes temporary values for some of the Exchange account data elements,
synchronization with the e-mail server fails at this point.
4. On the devices Settings, the user locates the account and verifies and personalizes any
configuration data elements, such as user name and password.
5. On the device using the native Microsoft Exchange ActiveSync client, the user
synchronizes with the e-mail server.

Removing Exchange ActiveSync Configuration from Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability, for the
native Microsoft Exchange ActiveSync (EAS) client, remove Afaria-defined Microsoft
Exchange account from a device as needed.
1. On the Policy page, on the top toolbar, click New > Configuration > Android and create a
configuration policy for Android devices that includes the Samsung > Exchange
Account Policy page with the defined accounts.
2. In the policy configuration list, select an account to remove.
3. On the toolbar, click Edit to invoke the inline editor.
4. Delete the e-mail address, then select the Update icon at the end of the editor row.
5. Save and publish the policy, link it to a group profile, then connect the devices.

Installing and Updating Applications for Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability, install
enterprise applications from compiled application files (.apk) that are present on the device,

Administration Reference 91
Policy

or update applications that are already installed from compiled application files that are
present on the device.

1. On the Policy page, on the top toolbar, click New > Configuration > Android and create a
configuration policy for Android devices.
2. On the Samsung > Application Policy page, in the Samsung Application Install/
Remove/Update Policy list area, click Add.
3. Define the application item for installation or update.
Policy select whether the item is for installation or update.
Package Path define the path and file name, such as /data/new/app1.apk or
mnt/sdcard/app1.apk, to the compiled application file.
The APK file must be stored on the device in a location that is read- and write-
accessible to the Afaria client. Locations may vary by device.
Package Name not required for installation or update.
4. Save and publish the policy, link it to a group profile, then connect the devices.
5. On the device, at the conclusion of the Afaria session, the application is installed.

Viewing Managed Application Inventory for Samsung Devices


For Samsung Android devices with managed applications, view the associated inventory data
on a device's Device Inspector > Hardware > Managed Software page.

Managing Installed or Known Applications for Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability, control
access to Google Play, control application actions, or wipe application data on the device and
Afaria server.
Management actions are for enterprise or market applications that are already installed on the
device, or are known but not installed.

1. On the Policy page, on the top toolbar, click New > Configuration > Android and create a
configuration policy for Android devices that includes the Samsung > Application Policy
page.
2. (Optional) To control whether the user can use the Google Play application on the device,
select Enable Android Market, then select to disable (No) or enable (Yes) the market.
3. In the Samsung Application Enable/Disable Policy list area, add applications to the policy
list by clicking Add.
4. For each policy on the list, set policy properties as appropriate.
5. On the list, select the check box for each application to manage, and then unselect the
others.
Only selected policies go into effect when the device connects.
6. Save and publish the policy, link it to a group profile, and then connect the devices.

92 Afaria
Policy

Removing Applications from Samsung Devices


For Android Samsung devices with Advanced Enterprise Security (AES) capability, remove
installed enterprise applications.

1. On the Policy page, on the top toolbar, click New > Configuration > Android and create a
configuration policy for Android devices that includes the Samsung > Application Policy
page that installed the application, or create one.
2. In the Samsung Application Install/Remove/Update Policy list area, select the application
on the list or click Add.
3. Define or verify the application item for removal.
Policy select Remove.
Package Path not required for removal.
Package Name name, as defined by the developing entity, such as com.apps.app1.
4. Save and publish the policy, link it to a group profile, and then connect the devices.
5. On the device, at the conclusion of the Afaria session, the application is removed.

Samsung Application Policy


For Samsung Android devices, sets properties for accessing Google Play (renamed from
Android Market), managing consumer and enterprise applications, and managing application
data.
User interaction is required to install applications from a consumer market, such as Google
Play. User interaction is not required to install applications from your Afaria package server.
Warning! Do not disable the Afaria application, as doing so causes subsequent sessions to
fail. Removing the disabled application may fail, and reinstalling the application may not
restore normal operations.
The Application Policy page includes these properties:
Enable Android Market disable (No) or enable (Yes) the Android Market application.
Samsung Application Enable/Disable Policy define a policy to associate with a known or
installed application.
Check box select to deploy the policy during the next session. If you unselect the
check box, the policy remains on the list but is not deployed to the client.
Package name use a complete package name, as defined by the developing entity,
such as com.apps.app1.
App Enable/Disable select to enable or disable the application. Disabled applications
remain installed, but do not function.
Installation Enable/Disable select to enable or disable the users ability to install the
named application.

Administration Reference 93
Policy

Attempting to install an application when the installation is set to Disable may result
in user-facing error messages that do not describe the condition. Set expectations with
your users.
Uninstallation Enable/Disable select to enable or disable the users ability to remove
the named application.
Wipe App Data delete application data associated with the named application.
Delete Managed App Info after the next session that runs an inventory channel, delete
the inventory data for the managed application from Afaria Administrator > Data
Views > Inventory.
Samsung Application Install/Remove/Update Policy define a policy to install, remove,
or update an application.
check box select to deploy the policy during the next session. If you unselect the
check box, the policy remains on the list but is not deployed to the client.
Policy select to install, remove, or update an application.
Package Path required for installing and updating an application. Define the path and
file name, such as /data/new/app1.apk or mnt/sdcard/app1.apk, to the compiled
application file.
The APK file must be stored on the device in a location that is read- and write-
accessible to the Afaria device. Locations may vary by device.
Package Name required for removing an application. Package name, as defined by
the developing entity, such as com.apps.app1.

Samsung Device Policy


For Samsung Android devices, sets properties for additional security for the password you
enable on the policy editor's Security page, and lets you execute a remote restart on the device.
Maximum number of days until password expires the maximum number of days for a
password to remain valid. When set to 0, the property does not restrict the policy.
If you previously deployed a policy using a non-zero value for this property, and now want
to deploy a policy that ignores the property, set the value to 0.
Minimum number of complex characters in password enforce a minimum number of
complex characters.
Password history the number of previous passwords stored on the system's history list.
When set to 0, the property does not restrict the policy.
If you previously deployed a policy using a non-zero value for this property, and now want
to deploy a policy that ignores the property, set the value to 0.
Remote reset restarts the device.

Warning! The reset occurs after the session ends as the first configuration action, cancelling
any other actions in the session. Therefore, it is recommended that you apply the remote reset
property as the policy's only setting. Re-running the session repeats the action.

94 Afaria
Policy

Samsung Exchange Account Policy


For a Samsung Android user that is already defined in the Microsoft Exchange environment,
sets properties for the native Microsoft Exchange ActiveSync (EAS) client. Once the client is
defined on a device, lets you remove it from the device.
Warning! Do not remove an item from the list in the policy editor until after you remove the
configuration from a device. You cannot remove the configuration from a device if it is not on
the editors list with the same identifier originally delivered to the device.
Check box select to deploy the policy during the next session. If you unselect the check
box, the policy remains on the list but is not deployed to the client.
Identifier uniquely identifies the Exchange account in Afaria and on the device. You can
configure the account for a user on multiple devices. You can configure multiple accounts
for a user on a device.
Active Sync host fully qualified domain name for the Microsoft Exchange server.
Domain users e-mail domain for the Exchange account.
Email address users Exchange e-mail address.
User users Exchange user name.
Password users Exchange password.
Account name name of the account on the device. Name appears on the devices Settings
> Accounts and Sync page as a managed account.
Accept all certificates device accepts certificates without user intervention.
Use SSL indicates whether to use secure protocol for Exchange sessions.
Set client authentication certificate path on device to the certificate, such as /mnt/sdcard/
certname.p12.
Certificate password password for client authentication certificate.
Amount to synchronize time range or amount of history to synchronize for each
synchronization request.
Sync interval (Off-Peak) interval or method for ongoing synchronization during off-
peak hours.
Vibrate on email notification notification mode.
Signature signature for user-initiated messages. If blank, user can enter a signature.
If the client has multiple e-mail accounts, and the accounts use shared preference settings, then
all accounts use one preferred signature setting. In Afaria, the last account on the policy editor
list is applied last and becomes the preferred setting for all accounts.
To add a configuration item to the list in the policy editor, click Add account. To remove a
defined item, select it in the list and click Remove current account.

Administration Reference 95
Policy

Samsung Miscellaneous Policy


For Samsung Android devices, enables functionality for Bluetooth, Wi-Fi, camera,
microphone, device encryption, and SD card encryption.
Enable Bluetooth enable the Bluetooth radio. The user cannot change this value. This
setting overrides the Bluetooth setting on the policy editors Bluetooth page.
Enable WiFi enable Wi-Fi. The user cannot change this value. This setting overrides the
Wi-Fi setting on the policy editors Wireless LAN page.
Enable camera enable the Camera application.
Enable microphone enable the Voice Dialer application.
Encrypt device encrypt the device memory and USB storage.
Once Encrypt device is applied at the device, for each subsequent connection that includes
the Encrypt device attribute, it is a known behavior of the Samsung APIs that the user may
observe the message The same policy is already applied. The user can disregard the
message.
Encrypt SD card encrypt the external SD card.
If Encrypt SD card is applied at the device, it is a known behavior of the Samsung APIs that
the user may observe messages such as Unable to use SD card without data encryption,
or similar. The user can dismiss the message by clicking OK. The device encrypts the
data.
Install certificate path and file name on the root of the devices SD card for the PKCS12
certificate (.P12) to install, such as /mnt/sdcard/companycertificate.p12.
If installing a certificate, it is a known behavior of the Samsung APIs that the certificate
installs during each connection for which the certificate property is set, regardless of
whether the certificate in already installed.

Samsung Roaming Policy


For Samsung Android devices, sets properties for data synchronization while roaming. The
properties set values on your devices Settings > Wireless and Network > Mobile
Networks.
Allow roaming data
Allow automatic sync while roaming
Allow push while roaming

Post-Session Processing for Channels


For configuration policies, some configuration items require processing after the Afaria
session ends.
After an Afaria session ends, the user may see informational and error messages in the device
log. Messages are received from the device and appear in the device log without formatting.
These messages are normal. Set expectations with your users.

96 Afaria
Policy

Creating a Configuration Policy for BlackBerry


Create a policy for scheduling device connections, collecting inventory, and configuring
device settings for BlackBerry devices.
The policy includes multiple pages, such as Summary and Schedule. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Configuration > BlackBerry.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished. Connecting devices receive only
published policies.
Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A high priority prevails over a lower priority.
Authentication select to require the server to verify the connecting users identity
against your authentication authority before allowing the channel to run. This option is
available only if you have authentication enabled on the server, as defined on the
Server > Configuration > Security page
Inventory select the inventory type to collect. Inventory is viewed on the Device
page's Device Inspector.
None no inventory collection.
Hardware scan collects data relating to the device's physical components, such as
processors and memory cards.
Hardware and Software scan collects hardware data and data for installed
software.
3. On the Schedule page, you can select, edit, create, or delete schedules to define a
schedules basic type and time properties.
In the selected schedule click Retries which defines the number of times the server should
retry the scheduled task if the task fails. The retry interval is the time to wait after a retry
fails before the next retry attempt. Retry attempts cease if the scheduled task succeeds.
Enter the following details to create a new schedule:
Schedule a meaningful name for the schedule.
Note description of the scheduled task.
Type type of schedule:
For Daily or Weekly type, displays the days of the week to select.
For Monthly type, displays the months of the year to select.
For Once type, provides options to select: Immediately, on earliest day at
specified time or at specified date/time schedule.
Setting the start date, time, repeat preferences and set it to retry to run after failing by
changing the settings for each individually listed schedule.

Administration Reference 97
Policy

Rate enter the start time and days for the schedule and indicate whether to run the
schedule at start-up if the server was not running at the defined start time. The
options displayed here are based on the schedule type selected.
Range indicate whether to run the schedule always or enter the starting and the
ending date range for the schedule.
Repeat enter the parameters for repeating the scheduled task. You can repeat until
a certain time or day or for a certain duration.
Randomize enter the parameters for randomizing the start time for the scheduled
task.
4. At the top of the page, click Save.

Creating a Configuration Policy for iOS


Create a policy to create MDM payloads, which define settings such as settings for items such
as Wi-Fi and passcodes.
The policy includes multiple pages, such as Summary and MDM Payload. Complete them in
any order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Configuration > iOS.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished. Connecting devices recieve only
published policies.
Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A high priority prevails over a lower priority.
3. (Optional) Configure additional pages according to your requirements.
4. At the top of the page, click Save.

iOS Configuration Policy MDM Payloads


Afaria configuration policy MDM payload items let you manage device settings for items
such as Wi-Fi, passwords, and e-mail applications. Policy definitions are compliant with the
Apple iPhone Configuration Utility definitions. Refer to Apple resources for detailed
guidance, such as the utilitys help and Apple support resources for enterprises.
Policies include these payload types:
Advanced changes the device's Access Point Name (APN) and cell network proxy
settings. These settings define how the device connects to the carriers network. Change
these settings only as directed by the carrier.
CalDAV configures a connection to a CalDAV calendar server. The account is added to
the device and the user is prompted for any information that is required but not defined by
the policy.
CardDAV configures a connection to a CardDAV contact list.

98 Afaria
Policy

Credentials adds certificates and identities to the device. Certificates must be resident in
the current Afaria Administrator user trusted certificate store or personal certificate store.
When installing credentials on a device, install all the intermediate certificates that link to a
trusted certificate.
Email configures POP or IMAP e-mail accounts. To add a Microsoft Exchange account,
use an Exchange ActiveSync policy.
Exchange ActiveSync configures an Exchange ActiveSync account with a Microsoft
Exchange server. You can create a policy for users by specifying the user name, host name,
and e-mail address, or only the host name; users provide other values when they install the
policy.
Consider these items about user accounts:
If you specify the name, host name, and SSL settings in the policy, the user cannot
change these settings on the device
The password data element cannot contain a percent (%) character.
Accounts that you add to a device by installing a policy can be deleted only by
removing the policy from the device.
Generic - lets you select from any imported payloads that do not match any other payload
types in the Afaria policy.
LDAP configures a connection to an LDAP (LDAPv3) directory. You can specify
multiple search bases for each directory and configure multiple connections.
Passcode defines passcode requirements, how often it must be changed, and its
characteristics. When the configuration policy is loaded, the user must enter a passcode
that meets the policy; otherwise, the policy is not installed.
Provisioning File adds a provisioning file (.mobileprovision) to the device, which have a
role in managing enterpise-signed applications.
Restrictions defines restrictions for user access to certain features, such as explicit Web
content or camera use.
For iOS 3.x devices, restricting Safari prevents the device from processing further Afaria
configuration policies. If your requirements dictate restricting Safari, consider applying
the policy as the last of all Afaria policies. To recover the device from the restriction, the
user can tap Settings > General > Reset > Reset All Settings.
SCEP configures settings that allow the device to obtain certificates over the air from a
certificate authority (CA) server that is using SCEP (Simple Certificate Enrollment
Protocol).
SCEP requests that are added in Wi-Fi or VPN policies do not appear in the SCEP policy
list; they are accessible only through their containing policy.
Setting - configures voice and data roaming.
Subscribed Calendar adds read-only calendar subscriptions to the device Calendar
application.
VPN configures VPN networks. There are several supported VPN protocols and
methods of authentication. Depending on the configuration settings you select, the options
in the editor vary.

Administration Reference 99
Policy

Web Clips adds Web clips to the device home screen. Web clips provide fast access to
favorite Web pages. The URL must begin with http:// or https://.
WiFi configures Wi-Fi networks.
Consider these items:
Password for WEP or WPA security authentication if you do not specify a password
in the policy, the user enters a password when connecting to the network.
Enterprise security types expose additional settings for protocols, authentication, and
trust.
Wi-Fi policies can configure and save a network definition on a device only when the
device is detecting the network when it attempts configuration.

Sending Multiple Configuration Policies to Devices


Afaria combines multiple policies into a single delivery payload before sending them to a
device. Apple designed iOS management to support multiple instances of some policy types
and support only a single instance of other policy types. Apple reserves the right to change
requirements without notice.
The following policy types are limited to a single instance on a device:
Passcode
Restrictions
Exchange ActiveSync
Advanced

The SSL Option in Policies


If you plan to use the SSL option in any policy that includes SSL as an option, the device may
require a certificate with appropriate credentials. For some policy types, you can select the
appropriate certificate from within the policy editor to define credentials. For other policy
types, define a separate Credentials policy.

Embedded SCEP Requests as Identity Certificates


Wi-Fi and VPN policies include an option to define and embed a SCEP request to obtain an
identify certificate when the policy is deployed.
Embedded SCEP requests always use the certificate authority that is configured for Afaria
iOS operations, as defined on the Server > Configuration > Enrollment Server page.
All required data elements in the SCEP request are pre-populated with values from
Enrollment Server page.
To edit the SCEP requests Subject data, open the Enrollment Server page and click
Certificate Request.
For a Wi-Fi with SCEP policy, on a devices General > Settings > Profiles page, the
policys Contains list includes a SCEP enrollment request item and a Wi-Fi Network item.
For a VPN with SCEP policy, on a devices General > Settings > Profiles page, the
policys Contains list includes a SCEP enrollment request item and a VPN Settings item.

100 Afaria
Policy

Using Substitution Variables in a Device Configuration Policy


The Afaria device configuration policy interface lets you add substitution variables to your
policy directly from the accumulated list of predefined and user-defined substitution
variables. Variables are supported for many, but not all, fields.

1. Open a device configuration policy.


2. For any data element that includes the browse features, click Substitution.
The variables dialog opens. The list combines predefined and user-defined variables.
3. Select a variable and click Select to add it to the policy.
For a device that uses this policy and includes a value for the variable on its device record,
the variable value is applied to the policy when the policy is applied to the device. For a
device that uses this policy and does not include a value for the variable, the value is left
empty on the policy when the policy is applied.
If the variable is not yet on the list, click Add to define it, as is appropriate for your
requirements.
To delete a variable from the list, select it and click Delete. This action deletes the variable
and any associated value from all iOS device definitions.
4. Complete your policy.

Importing iOS Device Configuration Policies


Import Apple iPhone (iOS) configuration policies or exported Afaria policies to make them
available as Afaria configuration policies.

1. On the Policy > List page, on the top toolbar, click Import iOS Mobile Configuration
File.
2. Click Browse to navigate to the source file (.mobileconfig).
3. (Optional) To change the policy name and description as imported from the source file,
enter a new name and description.
4. Click OK.
The process imports a snapshot of the policy. Once imported, Afaria assumes management
of the policy, and subsequent changes to the original target policy file does not impact the
Afaria policy.

iOS Policies from the Apple iPhone Configuration Utility


As an alternative to using the Afaria Administrator application to create device configuration
policies, you can import policies that you export from the Apple iPhone Configuration Utility.
From the utility, export and save policies as individual files (.mobileconfig). From the
Afaria Administrator application policy page, import policies.

Administration Reference 101


Policy

Export Security Requirement


Policies that you export from the Apple iPhone Configuration Utility for importing into Afaria
cannot be encrypted or signed. Therefore, select None as the security method when exporting
policies from the configuration utility.

Creating a Configuration Policy for Windows


Create a policy for scheduling device connections, collecting inventory, and configuring
device settings for Windows computers.
The policy includes multiple pages, such as Summary and Schedule. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Configuration > Windows.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished. Connecting devices receive only
published policies.
Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A high priority prevails over a lower priority.
Authentication select to require the server to verify the connecting users identity
against your authentication authority before allowing the channel to run. This option is
available only if you have authentication enabled on the server, as defined on the
Server > Configuration > Security page
Inventory select the inventory type to collect. Inventory is viewed on the Device
page's Device Inspector.
None no inventory collection.
Hardware scan collects data relating to the device's physical components, such as
processors and memory cards.
Hardware and Software scan collects hardware data and data for installed
software.
3. On the Schedule page, you can select, edit, create, or delete schedules to define a
schedules basic type and time properties.
In the selected schedule click Retries which defines the number of times the server should
retry the scheduled task if the task fails. The retry interval is the time to wait after a retry
fails before the next retry attempt. Retry attempts cease if the scheduled task succeeds.
Enter the following details to create a new schedule:
Schedule a meaningful name for the schedule.
Note description of the scheduled task.
Type type of schedule:
For Daily or Weekly type, displays the days of the week to select.
For Monthly type, displays the months of the year to select.

102 Afaria
Policy

For Once type, provides options to select: Immediately, on earliest day at


specified time, or at specified date/time schedule.
Setting the start date, time, repeat preferences and set it to retry to run after failing by
changing the settings for each individually listed schedule.
Rate enter the start time and days for the schedule and indicate whether to run the
schedule at start-up if the server was not running at the defined start time. The
options displayed here are based on the schedule type selected.
Range indicate whether to run the schedule always or enter the starting and the
ending date range for the schedule.
Repeat enter the parameters for repeating the scheduled task. You can repeat until
a certain time or day or for a certain duration.
Randomize enter the parameters for randomizing the start time for the scheduled
task.
4. At the top of the page, click Save.

Creating a Configuration Policy for Windows Mobile


For Windows Mobile Professional or Windows Mobile Standard devices, create a policy for
scheduling device connections, collecting inventory, and configuring device settings.
The policy includes multiple pages, such as Summary and Schedule. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.
1. On the Policy page, on the top toolbar, click New > Configuration > Windows Mobile
Professional or New > Configuration > Windows Mobile Standard.
2. On the Summary page, enter the policy name, note, and remaining properties.
State click to indicate published or unpublished. Connecting devices receive only
published policies.
Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A higher priority prevails over a lower priority.
Authentication select to require the server to verify the connecting users identity
against your authentication authority before allowing the channel to run. This option is
available only if you have authentication enabled on the server, as defined on the
Server > Configuration > Security page.
Inventory select the inventory type to collect. Inventory is viewed on the Device
page's Device Inspector.
None no inventory collection.
Hardware only scan collects data relating to the device's physical components,
such as processors and memory cards.
Hardware and Software scan collects hardware data and data for installed
software.
3. On the Schedule page, you can select, edit, or create schedules for tasks performed by the
server on a regular basis.

Administration Reference 103


Policy

Enter the following details to create a new schedule:


Schedule a meaningful name for the schedule.
Note description of the scheduled task.
Type type of schedule: Daily, Weekly, Monthly, or Once.
Setting the start date, time, repeat preferences, and other properties for the schedule.
Rate enter the start time and days for the schedule and indicate whether to run the
schedule at start-up if the server was not running at the defined start time. The
options displayed here are based on the schedule type selected.
Range indicate whether to run the schedule always or enter the starting and the
ending date range for the schedule.
Repeat enter the parameters for repeating the scheduled task. You can repeat until
a certain time or day or for a certain duration.
Randomize enter the parameters for randomizing the start time for the scheduled
task.
4. (Optional) Configure additional pages according to your requirements.
5. At the top of the page, click Save.

Connection Properties
Specify connection properties such as dialing methods, dialing locations, network details,
DNS and IP settings, roaming controls, and port controls.

General Page
Specify connection options such as dialing methods, local and remote phone numbers for
dialup, and area codes.
You can also specify dialing patterns and TCP/IP settings used for RAS connections. You can
set the following options on the Connection property page:
Name specifies a name for the RAS connection profile.
Delete this RAS entry on the Client permanently removes this RAS connection profile on
the device. When you select this option, the RAS connection settings options become
unavailable. Selecting this option disables all the property settings on the Connection
page.
Type specifies modem for the RAS connection. You can also enter the modem name
exactly as it appears on the device.
Username specifies the account user name for the device.
Password specifies the account password for the device.
Domain specifies the domain to which the client device belongs.
Country code if devices must dial a country code to complete a connection, this option
specifies the country code in the area provided.
Area code specifies the correct area code in the area provided if devices must dial a 10-
digit number.

104 Afaria
Policy

Phone number specifies the phone number devices must dial to connect.
Baud rate specifies the baud rate (in bits per second) for the RAS connection.
Data bits specifies the number of data bits to use for each character that is transmitted and
received in this RAS connection.
Parity specifies the level of error checking for this RAS connection.
Stop bits determines the number of stop bits to tell the system a packet of information has
been sent.
Flow Control specifies whether to use hardware or software to control the flow of data
between the modem and the computer.
Use terminal before connecting determines whether the user can type commands directly
to the modem before dialing.
Use terminal after connecting determines whether the user can type commands directly
to the modem after dialing.
Enter dialing commands manually allows the device user to enter dialing commands
manually on the device.
Cancel call if time-out occurs ends the call automatically if it does not connect after the
amount of time you specify.
Wait for dial tone before dialing specifies whether the device should wait for a dial tone.
Wait for credit card tone (seconds) specifies the number of seconds the device should
wait for a tone before entering a credit card or calling card number.
Extra dial-string modem commands this area lets you enter any extra dial-string modem
commands.

Note: The options in this area are unavailable unless you specify a RAS connection profile.

Use server-assigned name server addresses specifies whether the device should use
server-assigned name server addresses. If you select No, you must manually enter the DNS
or WINS addresses in the areas provided. If you select Yes, the DHCP server will set the
addresses.
Use SLIP specifies whether to use SLIP as the primary TCP/IP protocol for the
connection.
Compression specifies a compression type for the connection.

Dialing Locations Page


Specify dialing options and set default location.
You can set the following options on the Dialing locations page:
When dialing from lets you create a profile for a specific location. You can choose a
location from the list, or create your own locations, such as Local or Remote. When
you select this option, all the remaining options become available.
Set as default dialing location sets the location you specify as the default on the device.

Administration Reference 105


Policy

Delete this dialing location on the Client permanently removes the dialing location
profile from the device. When you delete a dialing location profile, the remaining options
become unavailable.
Local area code specifies the correct area code in the area provided, if devices must dial a
10-digit number.
Local country code specifies the country code in the area provided if devices must dial a
country code to complete a connection.
Dialing method specifies the correct dialing mode, Tone or Pulse.
Disable call waiting you can disable call waiting on the device. If you disable call
waiting, select or enter the string that disables this feature on the device.
Local dial pattern specifies a dialing pattern for local calls. For instance, if devices must
dial 9 and then a 10-digit number, the local dial pattern would be 9,FG.
Long distance dial pattern specifies a dialing pattern for long-distance calls. For instance,
if devices can dial a long distance number directly, the pattern would be 1FG.
International dial pattern specifies a dialing pattern for international calls. For instance, if
devices must dial 9 and then the number, the pattern would be 9,011, EFG.

DNS/IP Page
Configure network adapter, DNS, IP, or WINS settings.
The IP addresses used on this page are for the network interface on the device. For dial-up
settings, use the Connection page.
Network Adapter select the network adapter for your device from the list or type in a
custom adapter name. The custom name must match either that adapter types display
name or the exact adapter name in the registry.
Note: This option is available only for Windows Mobile Professional.
If you provide a custom network adapter name, it must match either that adapter type's
display name (example: Socket LP-E Driver) or the exact adapter name in the registry
(example: SOCKETLPE1).
Obtain IP information if you select to obtain IP information automatically, the device
will use DHCP to obtain the IP address. If you select to obtain IP information manually, the
Subnet Mask and Gateway options become available. You can select either or both of these
options to help the TCP/IP layer make a decision about when to forward requests to
computers outside the local network.
Note: Setting a manual IP does not set the specific IP address on a device. Set up separate
policies for each device needing a manual IP address assigned. If the IP information is
obtained automatically, the primary and secondary DNS and WINS settings are applied as
alternate DNS/INS addresses after those obtained through DHCP.
Primary/Secondary DNS use this option to resolve any host names into IP addresses
within the network.

106 Afaria
Policy

Primary/Secondary WINS use this option to resolve NetBIOS names to IP addresses


within the network.

Network Property Page


Set properties for network connections.

Roaming Control Property Page


Sets properties for roaming controls.
Afaria relies on the phones native capabilities to recognize the roaming state. Supported
device types Windows Mobile Professional 5.0 or later and Windows Mobile Standard.
Enable roaming controls enforces all selected roaming control options while the device
is roaming. If not selected, the devices current settings are used.
Disable all GPRS/CDMA data connections disables all connections that use General
Packet Radio Service or Code Division Multiple Access protocol. The device can continue
to use WiFi connections.
Disable email attachments disables automatic e-mail attachment downloading when
synchronizing e-mail with the Microsoft Exchange Server. The user can download
attachments manually by opening the e-mail and selecting an attachment.
Disable Afaria connections disables all Afaria connections that use GPRS/CDMA,
except for connections initiated by an outbound notification from the server. The device
can continue to use WiFi connections. This option only blocks connections; it does not
disable any Afaria setup options.
Note: If you disable both GPRS/CDMA connections and Afaria connections, outbound
notifications cannot initiate a connection to the server.
Configuration Managers Port Control page includes setting Disable WiFi radio. If the
setting is selected on the Port Control page, it disables WiFi continuously.
(Windows Mobile 6.1 or later) Disable IMAP and POP3 disables using IMAP or POP3
e-mail accounts.
Note: Configuration Managers Port Control page includes setting Disable IMAP/
POP3. If the setting is selected on the Port Control page, it disables the IMAP and POP3
e-mail continuously.
Display message when entering roaming displays the specified message when a device
enters the roaming state.
Display message when exiting roaming displays the specified message when a device
exits the roaming state.
Number of seconds to delay roaming transactions defines the length of time a roaming
state must be sustained before roaming control actions are enforced.

Administration Reference 107


Policy

Port Control Property Page


Sets properties for port controls and data transfer.
Supported devices Windows Mobile Professional 5.0 and later, Windows Mobile Standard
By regulating the use of hardware ports, you can enforce the availability of key device
features, such as Bluetooth connectivity, data transfer methods, and the use of external data
cards.
Note: Enforce means the device holder is not able to change the settings you establish.
Attempting to use a disabled feature on a device results in a notification message informing the
device holder that the system administrator has disabled the feature. However, attempting to
use a disabled camera or infrared (IR) port does not generate a notification message.
Use the following settings to determine port control behavior:
Enable Port/Device Control enables the configuration and enforcement of port control
options.
Show disabled device list provides the device holder with a list of device features you
have disabled. The disabled list displays during an Afaria connection and at device startup.
The list includes only the disabled features that are installed on a device. Disabled features
that do not exist on a device, e.g., a camera, infrared port, etc., will not appear in the list.
Data transfer settings control the availability of Bluetooth connectivity and other data transfer
modes:
Bluetooth radio determines if the device can communicate with other Bluetooth devices.
A disabled Bluetooth radio prevents all Bluetooth communication.
Discoverable broadcasts the devices connection availability to other Bluetooth devices
that are actively searching for a connection. When you disable this feature, connections are
still possible if devices that try to connect know the devices ID. For complete information
about the discovery options supported by a device, see its related documentation.

Note: Enabling the discoverable mode may create a conflicting setting for devices that are
using a discoverable mode time out setting. The conflict causes frequent notifications to the
users, one each time Configuration Manager restarts discoverable mode. Users can set the
time out value to never time out to resolve the conflict.
Disabling Bluetooth connections by device type is not possible for all Bluetooth protocol
stacks. For Bluetooth protocols supplied by some vendors, you may need to disable the
Bluetooth radio. See the Afaria system requirements for vendor-specific details.

The following table shows the Bluetooth profiles associated with each device type.

108 Afaria
Policy

Device type Bluetooth profiles included Profile


acro-
nym
Miscellaneous device Object Push Profile OPP

Computer File Transfer Profile FTP

Phone Book Access Profile PBAP

Synchronization Profile SYNCH

Phone Cordless Telephone Profile CTP

Subscriber Identity Module (SIM) Access Profile SAP,


SIM

LAN Access Point Common Integrated Services Digital Network (ISDN) Access CIP
Profile

Dial-Up Networking Profile DUN

LAN Access Profile LAP

Audio Video Advanced Audio Distribution Profile A2DP

Audio/Video Remote Control Profile AVRCP

Hands-Free Profile HFP

Headset Profile HSP

Intercom Profile ICP

Video Distribution Profile VDP

Peripheral Basic Printing Profile BPP

Fax Profile FAX

Hard Copy Cable Replacement Profile HCRP

Human Interface Device Profile HID

Imaging Basic Imaging Profile BIP

Unclassified Any profile not associated with another device type. n/a

Disable infrared port determines if the IR port can be used to send and receive data. A
disabled IR port remains in a powered off state and will no longer be accessible via the
devices Control Panel or data transfer application.

Administration Reference 109


Policy

Disable WiFi radio determines if access to a wireless LAN via a WiFi connection is
possible. When you disable the WiFi radio, all wireless network access is blocked.
Disabling the WiFi radio, while also provisioning a WiFi connection in the same policy,
results in an alert message to tell you of a configuration conflict. Disabling the WiFi radio
overrides WiFi provisioning.
Disable USB communications determines if a USB connection can be used to send and
receive data. A device with USB communications disabled cannot utilize any type of USB
connection. If Afaria detects that a USB device has connected, it is disabled immediately.
Use the following settings to manage the availability of device features:
Disable external data cards controls the ability of the device to access an external data
card. Use of an external card for reading or writing data will not be possible on the device.
Disable camera determines if the device camera can be used. When disabled, starting the
camera has no effect.
Afarias disable camera implementation intercepts camera driver activity on a device.
Disabling the camera is not possible for devices that interface directly with the camera, i.e.,
without the use of drivers.
Supported devices Windows Mobile Professional 6.1 and later, Windows Mobile Standard
6.1 and later
Mobile Device Management settings enable you to control the types of messaging available
on the device. Select from the following options:
Disable IMAP and POP3 when using a Microsoft e-mail client application,
synchronization with IMAP or POP3 e-mail servers is blocked.

Note: This setting applies only to Microsoft e-mail applications.


This setting applies only to e-mail that has not yet been downloaded.

Disable MMS and SMS when using text messaging native to the operating system, the
ability to send and receive Multimedia Messaging Service (MMS) and Short Message
Service (SMS) messages is blocked.

Note: This setting applies only to Microsoft messaging applications.

Device Properties
Specify device properties such as owner details, device sounds, and executable file properties.

General Page
Sets properties for desktop connection and power.
You can enter a unique description for the device, which may help you differentiate between
devices and/or users.
Device Description a suitable description for the device.

110 Afaria
Policy

Allow connection to desktop PC when attached enables the device to connect through a
companion PC. You can select a connection method from the Connect to desktop PC using
drop-down list, or enter the connection name exactly as it is listed on the device.
On battery power, suspend after idle for specifies the number of minutes a device can
remain idle before suspending battery power.
Note: This option is available only for Windows Mobile Professional.
Suspend while on external power if you enable this option, you can determine the
number of minutes after which the device should suspend external power.

Owner Property Page


Sets properties for owner identification.
Owner information is not displayed in the same manner on all Windows Mobile devices. Some
information items may be unavailable on some devices. The sample user interface depicted
here is for a Windows Mobile Professional or a Windows Mobile Standard device.

Sound Property Page


Sets properties for device sounds.
Supported device types Windows Mobile Professional (including Windows CE) and
Windows Mobile Standard
You can set the following options on the Sound page:
Main sound volume determine the volume level on the device.
Event sounds enable or disable event sounds (such as errors) on the device.
Program sounds enable or disable program sounds for the device. If you enable Program
sounds, the Notification sounds option becomes available.
Key click sounds enable or disable key click sounds for the device.
Screen tap sounds enable or disable screen tap sounds for the device.
You can also select for users to be notified of specific events on their device. For example, if
you select the check box next to ActiveSync: Begin sync, users will hear the sound you select
to signify that ActiveSync has started. You can change options in the Sound, Msg, or Flash
categories by clicking the item in the column that you want to change; a drop-down menu
appears and lets you select another item.

User Access Property Page


Sets properties for executable files.
You can set the following options on the User Access page:
Prevent user from accessing the Run Dialog determines if the can accessing the run
dialog on the device.
Disallow loading of external executables (Windows Mobile Professional) determines
whether users can run an executable from its location, copy an executable from its location,
and open any non-executable files from its location. This setting does not impact the users

Administration Reference 111


Policy

ability to manually copy non-executable files from its external location to another location
for use.
Note: This option is available only for Windows Mobile Professional.
Disallow autorun executables on storage cards if an autorun.exe file is on the storage
card, this setting determines whether it runs when the card is inserted. This setting does not
impact the users ability to manually run executables or open non-executable files on the
card.
Locked-out applications select the Locked-out applications check box and type the
names of the applications (for example, game1.exe) that you want to prevent from running
on the device. Use a semicolon (;) to delimit multiple application names. This value
overwrites the existing Locked-out Applications value on the device, rather than creating a
cumulative list.
A single application may have different ways of being invoked. For example, you may be able
to launch a calendar application by pressing a specific button on a handheld device or by
navigating to the program file on the device's file system and running the file. If these different
user launch points launch different processes or applications, then define each launching
application or process in your policy to effectively prevent an application from running.
Note: You can use a bogus value to effectively remove the current Locked-out Applications
list from the device, without causing an adverse effect. Clearing the value or clearing the check
box does not send a value to the device and therefore, does not have the effect of removing the
current Locked-out applications list from the device.

Windows Mobile Update Property Page


Configure and enforce how software and security updates issued by Microsoft are applied to
the device.
Supported devices Windows Mobile Professional 6 and later, Windows Mobile Standard 6
and later.
Note: Enforce means the device holder cannot change the settings you establish.
Select from the following options:
Choose Windows Mobile update schedule check automatically for device updates from
Microsoft or only when manually requested by the device holder.
Use my data plan to check for and download updates use the subscribed data service plan
when checking for and downloading updates.

Format Properties
Specify format properties for language, numbers, currency, time, and date.
Language preset Using this option, you can determine the default settings for a particular
language. When you select a language from the drop-down list, the default settings for that
language appear in any area that applies. If you select this check box and do not configure any

112 Afaria
Policy

of the other options on the related Formats pages, the formats on the devices are set to the
defaults for the language you selected.
On the Numbers page, you can configure the formatting for number properties, such as
decimal placements, negative number formats, and measurement systems. This feature is
useful is you have devices from several different countries that need to communicate with your
server.
On the Currency page, you can set options such as the currency symbol and position, the
decimal format, and the negative number format. This feature is useful when you have devices
traveling to or working in countries with other currency formats.
On the Time page, you can configure the way devices keep and report time on the device. This
feature is especially useful when devices from other time zones communicate with the server;
you can configure all devices to use the same time format for reporting purposes, or you can set
the time format on the devices to synchronize with the time on the server, for communication
purposes. Note that these formats are pre-determined by the language you choose on the
Formats page; you can override this default setting by selecting the check box and choosing
the format you want to use from the list box.
On the Date page, you can configure the way devices report the date. This is useful when
devices working in or traveling to other countries communicate with the server. Note that these
formats are pre-determined by the language you choose on the Formats page; you can override
this default setting by selecting the check box and choosing the format you want to use from
the list box.

Device Configuration CSP Properties


Specify device configuration properties such as e-mail settings, synchronization settings and
other device configuration details.

Favorites Page
Manage favorite URLs on devices.
To add a favorite to the device:
Click Add to enter a favorite name and a URL. The favorite is added to the device when the
device runs the policy.
To remove a favorite from the device:
Clear the URL field value to remove a previously defined favorite. The favorite is removed
from the device when the device runs the policy.

E-Mail Page
Configure the Internet protocol e-mail services on your Windows Mobile devices.
You can set the following options:
GUID lets you generate a valid new GUID.

Administration Reference 113


Policy

Delete this e-mail entry on the Client permanently deletes this e-mail setting on the
device.
Connection ID lets you select a connection ID type from the drop-down list box.
Service name lets you provide a service name for e-mail on the device.
Service type lets you determine the type of incoming e-mail service from the server from
the drop-down list box.
Logon name lets you provide a login name for e-mail on the device.
Password lets you provide a password for e-mail on the device.
Domain lets you provide a service name for e-mail on the device. Lets you provide a
domain name for e-mail on the device.
Display name lets you set an e-mail a display name on the device.
Users e-mail address lets you set a user e-mail address on the device.
Incoming e-mail server lets you set an incoming e-mail server name on the device.
Outgoing e-mail server lets you set an outgoing e-mail server name on the device.
Server requires authentication determines whether authentication is required from the
server.
Days of e-mail to retrieve lets you set the number of days worth of e-mail to retrieve.
Maximum message size lets you set the maximum message size to retrieve.
Maximum attachment size lets you set the maximum attachment size to retrieve.

Sync Page
Configure synchronization settings on the device.
You can set the following options on the Sync page:
Auto-sync when cradled set whether or not to perform active sync when the device is
cradled.
Maximum size of notes allows you set the maximum size of notes for the device.
Conflict resolution select how synchronization conflicts are handled.
Device addressing method lets you select how the devices are addressed.
Device phone number specifies the phone number for the modem to use when
synchronizing the device.
Device SMS address allows you set the SMS address for the device.
Disconnect when done set whether the device will disconnect when synchronization is
complete.
Sync during off-peak hours lets you select when to synchronize the device during a pre-
determined off-peak hour.
Sync during peak hours lets you select when to synchronize the device during a pre-
determined peak hour.
Outbound mail delay (minutes) lets you set the time, in minutes, before sending
outbound messages.

114 Afaria
Policy

Peak start time (24h format) specifies what time of the day to start using peak service
synchronization settings.
Peak end time (24h format) specifies what time of the day to stop using peak service
synchronization settings
Send mail immediately lets you have messages sent immediately upon synchronization.
Sync time when cradled lets you set a specific sync time when the device is cradled.
Sync when roaming lets you specify how to synchronize when roaming.
Peak Days area use the peak days area to select the days of the week considered to be
peak periods.

Custom Page
Specify device configuration options specific or unique to your supported device. Palm and
Symbian devices do not support custom provisioning.
Customized configuration settings you create are included on the device when the policy is run
on the device. You can set the following options on the Custom page:
Custom provisioning XML check this box to enable the provisioning text box where you
can write your XML information or paste it in from another tool used to create your XML
data file. You can use any of the sample provisioning files in the MSDN library on
Microsofts Web site to help build your files, or you can follow the example owner.xml file
below:
owner.xml<wap-provisioningdoc>
<characteristic type="Registry">
<characteristic type="HKCU\ControlPanel\Owner">
<parm name="Name" value="Name" datatype="string" />
<parm name="Notes" value="Notes" datatype="string" />
<parm name="Telephone" value="telephone number"
datatype="string" />
<parm name="E-Mail" value="email address" datatype="string" />
</characteristic>
</characteristic>
</wap-provisioningdoc>

Note: Do not add the <wap-provisioningdoc> tags around the XML in the provisioning
text box.
You must create separate XML files for each configuration task you want to accomplish on
the device. For example, if you want to set owner information on the device and also set
browser favorites for the device, you must have a separate XML file for each task; for
instance, owner.xml and addfavorite.xml.
Additional PXML files check this box to include one or more XML provisioning files
created using another tool used to create your XML data. Use full path names and separate
each file name with semicolons (example: C:\XML\file1.xml;C:\XML\file2.xml).

Administration Reference 115


Policy

Network CSP Properties


Specify network properties such as GPRS details, proxy details, VPN details, and WiFi
properties for the device.

GPRS Page
Configure your General Packet Radio Service (GPRS) communications entries on the device.
You can set the following options on the GPRS page:
Entry Name identifies a name for the GPRS entry. A blank value is invalid when this box
is checked.
Delete this GPRS entry on the Client permanently deletes the GPRS entry on the device.
Destination the location where the GPRS communication is being sent.
Access point name the name you provide to access the GPRS access point.
Username specifies the GPRS user name for the device.
Password specifies the GPRS password for the device. A blank value is invalid when this
box is checked.
Domain specifies the domain to which the GPRS device belongs.

GPRS Advanced Page


Use the Advanced page in conjunction with the GPRS page to set General Packet Radio
Service (GPRS) properties on the device. The GPRS Advanced page is only enabled when you
place a check next to the Entry name field on the GRPS page and you must also provide an
entry name on the GPRS page.
You can set the following options on the GPRS Advanced page:
Enable this entry lets you enable the option on the GPRS page
Use specific name servers enables the primary and alternate DNS and WINS options.
Primary/Alternate DNS lets you manually enter the DNS addresses in the area provided.
Primary/Alternate WINS allows you to manually enter the WINS addresses in the area
provided.
Country code allows you to provide a country code for the GPRS connection.
Area code allows you to provide and area code for the GPRS connection.
Use country and area codes determines whether to use both county and area codes when
establishing a GPRS connection.
Phone number specifies the phone number to use for the GPRS connection for the device.
Device name lets you specify the device name for the connection.
Device type lets you specify a device type for the connection.
Dial as local call determines if the number should be dialed as a local call.
Frame Size lets you determine the frame size for your device display.
Framing determines the frame speed for your device display.
SW data compression determines whether or not to use SW data compression.

116 Afaria
Policy

IP header compression determines whether or not to use IP header compression.


Require data encryption determines whether or not to require data encryption.
Require password determines whether or not to require a password for your connection.
Require encrypted password determines whether or not an encrypted password is
required for your connection.
Require MS encrypted password determines whether or not a Microsoft encrypted
password is required for your connection.
Script (full path) lets you provide the full path name for the script running on your
device.

Cellular TAPI Page


Use the GPRS Cellular TAPI page in conjunction with the GPRS page to set GPRS properties
on the device.
Note: The GPRS Cellular TAPI page is only enabled when you place a check next to the Entry
name field on the GRPS page; and you must also provide an entry name on the GPRS page.
You can set the following options on the GPRS Cellular TAPI page:
Bearer info valid determines whether or not bearer information is used for your device.
Bearer info connection element lets you select the bearer information type.
Bearer info service lets you select the bearer information service type.
Bearer info speed lets you select the speed for the bearer information connection.
GPRS info valid lets you validate your GPRS information.
Protocol type lets you specify the GPRS protocol type for the device.
L2 protocol type lets you specify the GPRS L2 protocol type for the device.
Address allows you to specify the packet address to use for the connection.
Info data compression lets you indicate data compression information as off, on, or
unknown.
Info header compression lets you indicate off, on, or unknown.
GPRS info parameters lets you specify protocol-specific values when defining a GPRS
context.
Compression info direction lets you specify the transmit or receive direction for the
connection.
Compression max dict entries lets you control the maximum number of dictionary
entries for data compression.
Compression max string length lets you control the maximum string length for data
compression.
Compression info required determines whether compression information is required.
Compression info valid determines whether compression information is valid.
Info QOS delay class lets you specify the Quality of Service (QOS) delay profile value.
Info QOS mean throughput lets you specify the Quality of Service (QOS) mean
throughput value.

Administration Reference 117


Policy

Info QOS peak throughput lets you specify the Quality of Service (QOS) peak
throughput value.
Requested QOS profile precedence lets you specify the Quality of Service (QOS) profile
precedence value.
Requested QOS reliability lets you specify the Quality of Service (QOS) profile
reliability value.
QOS info is valid determines whether the Quality of Service (QOS) information is valid.
Info min QOS delay class lets you specify the minimum Quality of Service (QOS) delay
profile value.
Info min QOS mean throughput lets you specify the minimum Quality of Service (QOS)
mean throughput value.
Info min QOS peak throughput lets you specify the minimum Quality of Service (QOS)
peak throughput value.
Requested min QOS profile precedence lets you specify the requested minimum Quality
of Service (QOS) profile precedence value.
Requested min QOS reliability lets you specify the requested minimum Quality of
Service (QOS) profile reliability value.
Min QOS info is valid determines whether the minimum Quality of Service (QOS)
information is valid.

Networks Page
Configures additional network entries, such as ActiveSync Desktop Pass-through (DTPT),
and metanetworks, such as the Internet, on the device.

Planner Page
Configure the preferred connections for each network, including pending connection
requests, and active connections available on the device.
You can set the following options on the Planner page:
Name lets you provide a name for the Internet connection for the device.
GUID lets you provide a valid GUID in the proper format.
Cache time lets you specify the default time, in seconds, for which the planner will cache
released connections.
Retry count lets you specify the number of times the planner attempts to retry failed
connection attempts.
Bandwidth coeff. lets you set a bandwidth coefficient, in 16.16 fixed point, for planner
path calculations.
Cost coeff. lets you set a cost coefficient, in 16.16 fixed point, for planner path
calculations.
Latency coeff. lets you set a latency coefficient, in 16.16 fixed point, for planner path
calculations.
Failover default determines whether you can set the default value for the failover prompt.

118 Afaria
Policy

Failover prompt lets you determine whether the planner sets a yes/no prompt before
using a non-preferred connection.

PPP Page
Configure point-to-point entries on the device.
You can set the following options on the PPP page:
Entry name identifies a name for the PPP connection entry. A blank value is invalid when
this box is checked.
Delete this PPP connection on the Client permanently deletes this PPP connection on the
device.
Destination location where the PPP communication is being sent.
Device name lets you specify the device name for the connection.
Country code specifies the country code to use for the PPP connection.
Area code specifies the area code to use for the PPP connection.
Phone number specifies the phone number to use for the PPP network connection for the
device.
User name specifies the user for the PPP network connection.
Password lets you provide a password for the PPP connection on the client.
Domain specifies the domain for the PPP connection on the client.
Use specific name servers determines whether or not to use specific primary and
alternate name servers.
Primary/Alternate DNS lets you manually enter the DNS addresses in the areas
provided.
Primary/Alternate WINS lets you manually enter the WINS addresses in the areas
provided.
Enable entry lets you enable or disable a connection entry without removing it from the
system.

Proxy Page
Configure proxy connections on the device.
You can set the following options on the Proxy page:
Name specifies the name of the proxy setting.
Delete this proxy on the Client permanently deletes this proxy on the device.
Type lets you select the type of proxy connection.
Source lets you select the source of location for the proxy connection.
Destination location where the proxy communication is being sent.
Proxy server specifies the name of the proxy server on the device.
Proxy port specifies the port for the proxy connection.
User name specifies the user name required for the proxy connection on the device.

Administration Reference 119


Policy

Password lets you provide a password for the proxy connection on the device.

WAP Proxies Page


Configure wireless proxy settings on the device and add one or more proxies on the device.
You can set the following options on the WAP Proxies page:
Proxy ID specifies the ID for the WAP proxy connection on the device.
Name allows you type the name of proxy connection in the area provided.
Delete this WAP proxy entry on the Client permanently deletes this WAP proxy entry on
the device.
Start page specifies the start Web page for the proxy connection on the device.
Domains specifies the domain for the proxy connection on the device.
Start page user ID specifies the user ID for the WAP proxies start Web page on the
device.
Start page password lets you provide a password for the WAP proxy start page
connection on the device.
Push operations lets you enable or disable push operations on the device.
Enable trust for physical proxies lets you define whether or not the physical proxies in
this logical proxy are trusted.
Physical proxies lets you add one or more physical proxies on the device. To add a proxy,
click Add to display an area for including a new proxy entry in the Proxy ID column. Type
a name in the field, then type a valid address in the Address column. Select a proxy type
from the Type drop-down list, and type valid NAP ID, Port 1, Port 2, and Services in their
respective columns.
To exclude a proxy or all proxies, select the specific proxy or all the proxies and click
Exclude.

VPN Page
Configure Virtual Private Network (VPN) entries on the device.
You can set the following options on the VPN page:
Entry name identifies a name for the GPRS entry. A blank value is invalid when this box
is checked.
Delete this VPN connection on the Client permanently deletes this VPN connection on
the device.
Source lets you select the source of location for the proxy connection from the drop-
down list box.
Destination location where the VPN communication is being sent.
Host Address lets you provide the host address for the connection.
User name specifies the VPN account user name for the device.
Password lets you provide a password for the VPN connection on the device.

120 Afaria
Policy

Domain lets you provide a domain name for the VPN connection on the device.
Use specific name servers specifies whether the device should use server-assigned
addresses.
Primary/Alternate DNS lets you manually enter the DNS addresses in the areas
provided.
Primary/Alternate WINS lets you manually enter the WINS addresses in the areas
provided.
Enable entry lets you enable or disable a connection entry without removing it from the
system.
Type lets you select the VPN connection type for the device.
Authentication lets you select authentication type.
Preshared key lets you define the key.

WiFi Network Page


Configure wireless local network associations with private or Internet network on the device.
You can set the following options on the WiFi page:
Name lets you provide a name for the WiFi connection on the device.
Provisioning a WiFi connection, while also disabling the WiFi radio in the same policy,
results in an alert message to tell you of a configuration conflict. Disabling the WiFi radio
overrides WiFi provisioning.
Destination ID lets you select a destination ID for the WiFi connection on the device.

NAPDEF Page
Modify, add, and delete Wireless Application Protocol (WAP) network access point
definitions and their associated settings using standard Windows Mobile Professional or WAP
techniques on the device.
You can set the following options on the NAPDEF page:
NAP ID lets you provide a NAP ID name for the wireless connection on the device.
Permanently delete this NAPDEF entry on the Client permanently deletes the NAPDEF
entry on the device.
Name lets you set a NAP ID name.
Address lets you enter an address for wireless connection on the device.
Address Type lets you select a NAP address type.
Authentication Type, Name, and Password lets you set a name address and password for
the NAP connection.

Administration Reference 121


Policy

Afaria Hardware Inventory Data Collection


Due to several factors, Afaria cannot collect all inventory information from all devices types,
nor can it collect all the same inventory items from all of the same device types. Understanding
these variations can help you better understand your Afaria inventory data and custom views.
Several device and environmental variables can impact the ability to collect phone, network,
identifier, and other data from your device. For example:
Device type
Device manufacturer and model exposed APIs
Mobile/cellular service provider
Carrier network type
Operating system implementation
Device's power state
Device's settings for Wi-Fi radio state

Inventory Data Elements with Greatest Variability


For smartphones and other handheld devices, the greatest variability for data collection is
often observed on these data elements:
Serial number and similar identifiers, such as International Mobile Equipment Identity
(IMEI) and Mobile Equipment Identifier (MEID)
For Android devices, Afaria cannot always retrieve a serial number. Therefore, it may
reuse IMEI and MEID values as the serial number and client name values.
Some devices return a manufacturer-specific serial number or some other number that
may not match the number that is visible on the outside of the device.
Phone some devices on GSM or CDMA do not expose their phone number.
Wi-Fi
Most non-Wi-Fi devices do not return a value for Wi-Fi Supported and Wi-Fi status.
Many Windows Mobile Standard devices do not expose their MAC address.
Bluetooth some device manufacturers protect their Bluetooth data with driver licensing.

Implications for Inspector Hardware Data and Device Views


Afaria does not create device inventory records for class data groups that are not supported on
a device. This has implications for understanding Inspector hardware data and creating device
views:
Device Inspector hardware data list the list always includes all of a device types possible
inventory data classes. However, individual device results for specific data classes appear
only when there are corresponding device inventory records for the associated data class.
Custom device views Afaria does not create device inventory records for a data class,
such as Phone or Wi-Fi, if the feature is unsupported on a device when you build custom

122 Afaria
Policy

views. Plan your queries to account for the possible absence of a record type, rather than
the record type containing a null or blank value.

Enrollment Policies
Enrollment policies automate enrolling a device in management with initial settings.
Based on device type, an enrollment policy can define items such as a device's connection
address, device ID, and whether the device uses Afaria Access Control for Email. It can
prompt the user to collect user information, and it adds a device to groups for additional and
ongoing management.
Enrollment policies are always in a published state. As an alternative to unpublishing an
enrollment policy, edit the policy and disable or delete its enrollment codes.

Creating an Enrollment Policy for Android


Create a policy for enrolling Android devices in Afaria management.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Enrollment > Android.
2. On the Summary page, enter the policy name and note.
3. In the Code field, click Add and define the code properties:
State select enabled or disabled to indicate whether devices are prevented from
enrolling if the code is disabled at enrollment time. If you do not want to use the code
yet, you can set the state to disabled and enable it later.
Portal Only select yes or no to indicate whether the code is valid only when used with
Afaria Self-Service Portal enrollment.
Code the system generates an enrollment code when you save the code properties.
URL Service select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
(Optional) Expiration Date expiration occurs at the selected day's end. If you do not
specify a date, the code does not expire. Devices are prevented from enrolling if the
code is expired at enrollment time.
Creation Date the system generates a creation date when you save the code
properties.
4. In the Code field, at the end of the line you are editing, click the Save icon.
The enrollment code is generated.
5. On the General page, define the policy for enrolling the devices.

Administration Reference 123


Policy

Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
(Optional) C2DM Send Account select to configure the Afaria client for Afaria-
based Google Cloud to Device Messaging (C2DM) push notifications.
(Optional) Channel default channel or channel set for the devices to request when
they connect to the Afaria server. It must be created, published, and for Android
devices to appear on the list.
(Optional) Connection select automatic connection after install to have the device
initiate its first connection to the server without requiring user interaction.
If automatically creating a client name for enrolling devices, select naming options:
Optional Prefix enter a prefix to use for the name. For example "Sales_".
Data Column select a data item to concatenate with the prefix. The list includes
predefined columns, the user name variable, and any additional user-defined
substitution variables you defined. Selecting something meaningful to your
organization can help facilitate effective searching, create a value for building
custom views, or differentiate like-named devices.
If you select a data item that is based on a users response to a user prompt that you
add to the enrollment policy, the users response forms the name, even if it is
inaccurate. For example, if you prompt for an e-mail address and the user
incorrectly types the address, the name contains the incorrect address, even if the
correct address gets stored in inventory later.
Selecting an item that requires user prompts automatically adds the variable to the
policy's Variable page.
6. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that group's definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
7. On the Variable page, click Add to select any variables to populate during enrollment.
Users are prompted on the device during enrollment.
Define the variable prompts:
Variable from the database, the variable to populate with the user's response.
Device Prompt the text for the user-facing prompt.
Entry Mask select yes or no to indicate whether the entry at the device is masked with
asterisk (*) characters as the user types.
8. At the top of the page, click Save.

124 Afaria
Policy

Automatic Naming Data for Android Enrollment Policies


Automatic naming data columns include predefined columns, the user name variable, and any
additional user-defined substitution variables you defined.
Columns include:
Device Serial Number
Device Sync Name
Device type concatenation of device OS and platform version.
IMEI/MEID/ESN for GSM devices, IMEI; for CDMA devices, MEID; for non-
telephony devices, serial number.
International Mobile Subscriber Identity (IMSI) Number.
Telephone Number blank for non-telephony devices.
UserName variable. User is prompted for a value during enrollment. Review the device
prompt text and mask on the enrollment policy's Variable page.

Creating an Enrollment Policy for BlackBerry


Create a policy and installable Afaria application for enrolling BlackBerry devices in Afaria
management. After creating or editing the policy, download and distribute the application
when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Enrollment > BlackBerry .
2. On the Summary panel, enter the policy name and note.
3. In the Code field, click Add, and define the code properties:
State select enabled or disabled to indicate whether devices are prevented from
enrolling if the code is disabled at enrollment time. If you do not want to use the code
yet, you can set the state to disabled and enable it later.
Portal Only not applicable.
Code the system generates an enrollment code when you save the code properties.
URL Service select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
(Optional) Expiration Date expiration occurs at the selected day's end. If you do not
specify a date, the code does not expire. Devices are prevented from enrolling if the
code is expired at enrollment time.
Creation Date the system generates a creation date when you save the code
properties.
4. In the Code field, at the end of the line you are editing, click the Save icon.

Administration Reference 125


Policy

The enrollment code is generated.


5. On the General panel, define the policy for enrolling the devices.
Connection Address Afaria server address or relay server address. The value is
initially populated by the Address for Client Communication value, as defined on the
Server > Configuration > Device Communication page. You can change it in the
policy.
Device Connect String - Access Point Name value for the Afaria client to use when
connecting to the Afaria server. The requirement for using this value may vary by
carrier. Some carriers may require a password.
Syntax: socket://
[ServerIP:ServerPort];apn=[CarrierAPN];tunnelauthusernam
e=[CarrierAssignedUserName];tunnelauthpassword=[CarrierA
ssignedUserPassword];deviceside=true .
T-Mobile example: socket://
[ServerIP:ServerPort];apn=wap.tmobile.com;tunnelauthuser
name=[CarrierAssignedUserName];tunnelauthpassword=[Carri
erAssignedUserPassword];deviceside=true
Cingular does not require user name or password. Cingular example: socket://
[ServerIP:ServerPort];apn=proxy;tunnelauthusername=[Carr
ierAssignedUserName];tunnelauthpassword=[CarrierAssigned
UserPassword];deviceside=true
(Optional) Channel default channel or channel set for the clients to request when they
connect to the Afaria server. It must be created and published to appear on the list.
User Name - select to prompt users to enter a network user name. The prompt occurs
during or after the installation process, depending on device type. The information is
stored on the Afaria application and is used for making channel assignments prior to
running channels that use assignments.
Select to have the device installation process prompt users to enter a network user name
prior to installing the Afaria application on their devices. The information is stored on
the device and is used for making channel assignments prior to running channels that
use assignments.
Configuration - select to allow users to edit the Afaria configuration settings on their
devices. Configuration settings include the Afaria server address and port, and the
default channel to run.
You can use this device-side setting in conjunction with Afaria server-side settings for
assignments and authentication to control the device users ability to connect and run
channels.
6. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that groups definition criteria. Upon execution of the Dynamic Group

126 Afaria
Policy

Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
7. At the top of the page, click Save.

Creating an Enrollment Policy for iOS


Create a policy for enrolling iOS devices in Afaria management.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Enrollment > iOS.
2. On the Summary page, enter the policy name and note.
3. In the Code field, click Add and define the following code properties:
State select enabled or disabled to indicate whether devices are prevented from
enrolling if the code is disabled at enrollment time. If you do not want to use the code
yet, you can set the state to disabled and enable it later.
Portal Only select yes or no to indicate whether the code is valid only when used with
Afaria Self-Service Portal enrollment.
Code the system generates an enrollment code when you save the code properties.
URL Service select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
(Optional) Expiration Date expiration occurs at the selected day's end. If you do not
specify a date, the code does not expire. Devices are prevented from enrolling if the
code is expired at enrollment time.
Creation Date the system generates a creation date when you save the code
properties.
4. In the Code field, at the end of the line you are editing, click the Save icon.
The enrollment code is generated.
5. On the General page, define the policy for enrolling the devices.
New device if your server is configured on the Server > Configuration > Server >
Security page to not automatically approve new devices, select to override the server
configuration and automatically approve enrolling devices. If your server is configured
for automatic approval, deselecting the check box does not override the server setting.
Access Control Domain domain node of the e-mail address, expressed as a fully
qualified domain.
Access Control Policy accept or override the enterprise default policy for iOS, as
defined on the iOS tab on the Server > Configuration > Access Control Option
page.
If automatically creating a client name for enrolling devices, select naming options:

Administration Reference 127


Policy

(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix. The list
includes predefined columns, the user name variable, and any additional user-
defined substitution variables you defined. Selecting something meaningful to
your organization can help facilitate effective searching, create a value for building
custom views, or differentiate like-named devices.
If you select a data item that is based on a user's response to a user prompt that you
add to the enrollment policy, the user's response forms the name, even if it is
inaccurate. For example, if you prompt for an e-mail address and the user
incorrectly types the address, the name contains the incorrect address, even if the
correct address gets stored in inventory later.
Selecting an item that requires user prompts automatically adds the variable to the
policy's Variable page.
If you are preparing to deploy optional enterprise applications, define a shortcut to the
Self-Service Portal for the Afaria application's application list:
Title user-facing title.
Description user-facing description.
URL address for the portal that is configured with the enrollment policy.
6. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that group's definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
7. On the Variable page, click Add to select any variables to populate during enrollment.
Users are prompted on the device during enrollment.
Define the variable prompts:
Variable from the database, the variable to populate with the user's response.
Device Prompt the text for the user-facing prompt.
Entry Mask select yes or no to indicate whether the entry at the device is masked with
asterisk (*) characters as the user types.
8. At the end of the line you are editing, click Save icon to save the variable selection.
9. At the top of the page, click Save.

Creating an Enrollment Policy for Windows CE


Create a policy and installable Afaria application for enrolling Microsoft Windows CE
devices in Afaria management. After creating or editing the policy, download and distribute
the application when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

128 Afaria
Policy

1. On the Policy page, on the toolbar, click New > Enrollment > Windows CE.
2. On the Summary page, enter the policy name and note.
3. On the General page, define the policy for enrolling the devices.
Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
(Optional) Optional Network - type a connection name that you want devices to use to
connect to the Afaria server when an active connection is not already available on the
device. The client device must have a connection defined with the same name. Some
values are valid only for iAnywhere Mobile Office client devices.
(Optional) Channel default channel or channel set for the devices to request when
they connect to the Afaria server. It must be created and published to appear on the list.
None may be an appropriate choice if you are using API instructions to control
connections.
If automatically creating a client name for enrollling devices, select naming options:
(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Define the user properties.
User Name select to prompt users to enter a network user name. The prompt
occurs during or after the installation process, depending on device type. The
information is used for user authentication when required for a session.
Configuration select to allow users to edit the Afaria configuration settings on
their hand-held devices. Configuration settings include the Afaria server address
and port, and the default channel to run.
4. On the Group page, you can assign the client to one or more static client groups if you have
already used Afaria Administrator to create any client groups. Only static groups are
eligible for assignments in this manner. Select one or more client groups and click -> to
move client groups from Available Groups box to Selected Groups box.
5. On the Advanced page, define the configuration policies.
Configuration Policy select the Configuration Policy that matches the Afaria device
type you are creating. You can select a single policy or you can choose "none". The
policy you select executes during the device installation, thereby allowing you to
establish device settings prior to the device's first connection to the Afaria server.
Choosing "none" indicates that you are not including a policy in the device install.
Device Connect select the preferences to indicate how the device connects to the
Afaria server after device installation.

Administration Reference 129


Policy

After ActiveSync synchronization select to connect to Afaria when ActiveSync is


synchronizing lets you decide whether the device should run Afaria during an
ActiveSync session.
Require no user information select to define a setting to have the device initiate a
connection to the Afaria server without requiring user interaction.
hours between connections indicate the number of hours that should elapse after
an Afaria session completes before the ActiveSync relationship invokes another
Afaria session.
After device installation select to define options for connecting the device to the
Afaria server after installation
Some delay may occur before initiating the connection if connectivity is not
available or if device resources are dedicated to another task that may not be related
to Afaria processing.
Immediately select to initiate a connection to the server as soon after the
device installation is complete as possible.
Time Picker select to specify a time for the device to initiate a connection to
the server.
Device Reboot select the option to prompt for device reboot, after the installation
completes.
Required prompt the user to notify that a reboot is required. Allow only for the
user to accept; do not allow the user to cancel. The user can save data and close
applications before accepting the reboot action.
Optional prompt the user to notify that a reboot is required. Allow the user to
accept or cancel. The user can save data and close applications before accepting the
reboot action.
None do not prompt the user; do not execute a reboot action. The installation
becomes complete the next time the user reboots his device.
6. On the Certificate page, specify the certificate details for platforms that support device
authentication.
Path and File Name define the device-side path and file name for the signed device
certificate. The certificate file must be in the Personal Information Exchange (PFX)
format.
Password enter the password that was used for the certificate.
7. At the top of the page, click Save.
8. To download the application, return to the Summary page and click Download.

Creating an Enrollment Policy for Windows Mobile Professional


Create a policy and installable Afaria application for enrolling Windows Mobile Professional
devices in Afaria management. After creating or editing the policy, download and distribute
the application when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

130 Afaria
Policy

1. On the Policy page, on the top toolbar, click New > Enrollment > Windows Mobile
Professional.
2. On the Summary page, enter policy name and note.
3. In the Code field, click Add and define the code properties.
State select enabled or disabled to indicate whether devices are prevented from
enrolling if the code is disabled at enrollment time. If you do not want to use the code
yet, you can set the state to disabled and enable it later.
Portal Only not applicable.
Code the system generates an enrollment code when you save the code properties.
URL Service select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
(Optional) Expiration Date expiration occurs at the selected day's end. If you do not
specify a date, the code does not expire. Devices are prevented from enrolling if the
code is expired at enrollment time.
Creation Date the system generates a creation date when you save the code
properties.
4. In the Code field, at the end of the line you are editing, click the Save icon.
The enrollment code is generated.
5. Select an installation kit type, based on your device or enterprise requirements for
installing signed or unsigned applications.
Signed without seed data Afaria application is signed by a trusted public certificate
authority. Seed data, which includes the settings from the enrollment policy, is
distributed as a separate file. When the seed file is stored on the device with the
application, the application can apply the seed data settings, such as the Afaria server
address.
Unsigned with seed data Afaria application is unsigned and includes seed data, which
includes the settings from the enrollment policy, such as the Afaria server address.
6. On the General page, define the policy for enrolling the devices.
Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
(Optional) Optional Network type a specific connection name that you want the
device to use to connect to the Afaria server when an active connection is not already
available on the device. The device must have a connection defined with the same
name. Some values are valid only for iAnywhere Mobile Office devices.
(Optional) Channel default channel or channel set for the clients to request when they
connect to the Afaria server. It must be created and published to appear on the list.
None may be an appropriate choice if you are using API instructions to control
connections.
If automatically creating a client name for enrolling devices, select naming options:

Administration Reference 131


Policy

(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Define the user properties.
User Name select to prompt users to enter a network user name. The prompt
occurs during or after the installation process, depending on device type. The
information is used for user authentication when required for a session.
Configuration select to allow users to edit the Afaria configuration settings on
their hand-held devices. Configuration settings include the Afaria server address
and port, and the default channel to request.
7. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that groups definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
8. On the Advanced page, define the following device properties:
Configuration Policy select the Configuration Policy that matches the Afaria device
type you are creating. You can select a single policy or you can choose "none". The
policy you select executes during the device installation, thereby allowing you to
establish device settings prior to the device's first connection to the Afaria server.
Choosing "none" indicates that you are not including a policy in the device install.
Device Connect select the preferences to indicate how the device connects to the
Afaria server after device installation.
After ActiveSync synchronization select to connect to Afaria when ActiveSync is
synchronizing lets you decide whether the device should run Afaria during an
ActiveSync session.
Require no user information select to define a setting to have the device initiate a
connection to the Afaria server without requiring user interaction.
Hours between connections indicate the number of hours that should elapse after
an Afaria session completes before the ActiveSync relationship invokes another
Afaria session.
After device installation select to define options for connecting the device to the
Afaria server after installation
Some delay may occur before initiating the connection if connectivity is not
available or if device resources are dedicated to another task that may not be related
to Afaria processing.

132 Afaria
Policy

Immediately select to initiate a connection to the server as soon after the


device installation is complete as possible.
Time Picker select to specify a time for the device to initiate a connection to
the server.
Device Reboot select the option to prompt for device reboot, after the installation
completes.
Required prompt the user to notify that a reboot is required. Allow only for the
user to accept; do not allow the user to cancel. The user can save data and close
applications before accepting the reboot action.
Optional prompt the user to notify that a reboot is required. Allow the user to
accept or cancel. The user can save data and close applications before accepting the
reboot action.
None do not prompt the user; do not execute a reboot action. The installation
completes the next time the user reboots his device.
9. On the Certificate page, specify the certificate details for platforms that support device
authentication.
Path and File Name define the device-side path and file name for the signed device
certificate. The certificate file must be in the Personal Information Exchange (PFX)
format.
Password enter the password that was used for the certificate.
10. At the top of the page, click Save.
11. To download the application, return to the Summary page and click the available download
button or buttons.

Creating an Enrollment Policy for Windows Mobile Standard


Create a policy and installable Afaria application enrolling Microsoft Windows Mobile
Standard devices in Afaria management. After creating or editing the policy, download and
distribute the application when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Enrollment > Windows Mobile
Standard.
2. On the Summary page, enter the policy name and note.
3. In the Code field, click Add, and define the code properties:
State select enabled or disabled to indicate whether devices are prevented from
enrolling if the code is disabled at enrollment time. If you do not want to use the code
yet, you can set the state to disabled and enable it later.
Portal Only not applicable.
Code the system generates an enrollment code when you save the code properties.

Administration Reference 133


Policy

URL Service select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
(Optional) Expiration Date expiration occurs at the selected day's end. If you do not
specify a date, the code does not expire. Devices are prevented from enrolling if the
code is expired at enrollment time.
Creation Date the system generates a creation date when you save the code
properties.
4. In the Code field, at the end of the line you are editing, click the Save icon.
The enrollment code is generated.
5. Select an installation kit type, based on your device or enterprise requirements for
installing signed or unsigned applications.
Signed without seed data Afaria application is signed by a trusted public certificate
authority. Seed data, which includes the settings from the enrollment policy, is
distributed as a separate file. When the seed file is stored on the device with the
application, the application can apply the seed data settings, such as the Afaria server
address.
Unsigned with seed data Afaria application is unsigned and includes seed data, which
includes the settings from the enrollment policy, such as the Afaria server address.
6. On the General page, define the policy for enrolling the devices.
Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
(Optional) Optional Network - type a connection name that you want devices to use to
connect to the Afaria server when an active connection is not already available on the
device. The device must have a connection defined with the same name. Some values
are valid only for iAnywhere Mobile Office devices.
(Optional) Channel default channel or channel set for the devices to request when
they connect to the Afaria server. It must be created and published to appear on the list.
None may be an appropriate choice if you are using API instructions to control
connections.
If automatically creating a client name for enrolling devices, select naming options:
(Optional) Optional Prefix enter a prefix to use for the name. For example
"Sales_".
(Optional) Data Column select a data item to concatenate with the prefix.
Selecting something meaningful to your organization can help facilitate effective
searching, create a value for building custom views, or differentiate like-named
devices.
Define the user properties.

134 Afaria
Policy

User Name select to prompt users to enter a network user name. The prompt
occurs during or after the installation process, depending on device type. The
information is used for user authentication when required for a session.
Configuration select to allow users to edit the Afaria configuration settings on
their hand-held devices. Configuration settings include the Afaria server address
and port and the default channel to run.
7. On the Group page, you can assign the client to one or more static client groups if you have
already used Afaria Administrator to create any client groups. Only static groups are
eligible for assignments in this manner. Select one or more client groups and click -> to
move client groups from Available Groups box to Selected Groups box.
8. On the Advanced page, define the configuration policies.
Configuration Policy select the Configuration Policy that matches the Afaria device
type you are creating. You can select a single policy or you can choose "none". The
policy you select executes during the device installation, thereby allowing you to
establish device settings prior to the device's first connection to the Afaria server.
Choosing "none" indicates that you are not including a policy in the device install.
Device Connect select the preferences to indicate how the device connects to the
Afaria server after device installation.
After ActiveSync synchronization select to connect to Afaria when ActiveSync is
synchronizing lets you decide whether the device should run Afaria during an
ActiveSync session.
Require no user information select to define a setting to have the device initiate a
connection to the Afaria server without requiring user interaction.
Hours between connections indicate the number of hours that should elapse after
an Afaria session completes before the ActiveSync relationship invokes another
Afaria session.
After device installation select to define options for connecting the device to the
Afaria server after installation
Some delay may occur before initiating the connection if connectivity is not
available or if device resources are dedicated to another task that may not be related
to Afaria processing.
Immediately select to initiate a connection to the server as soon after the
device installation is complete as possible.
Time Picker select to specify a time for the device to initiate a connection to
the server.
Device Reboot select the option to prompt for device reboot, after the installation
completes.
Required prompt the user to notify that a reboot is required. Allow only for the
user to accept; do not allow the user to cancel. The user can save data and close
applications before accepting the reboot action.

Administration Reference 135


Policy

Optional prompt the user to notify that a reboot is required. Allow the user to
accept or cancel. The user can save data and close applications before accepting the
reboot action.
None do not prompt the user; do not execute a reboot action. The installation
completes the next time the user reboots his device.
9. On the Certificate page, specify the certificate details for platforms that support device
authentication.
Path and File Name define the device-side path and file name for the signed device
certificate. The certificate file must be in the Personal Information Exchange (PFX)
format.
Password enter the password that was used for the certificate.
10. At the top of the page, click Save.
11. To download the application, return to the Summary page and click the available download
button or buttons.

Creating an Enrollment Policy for Windows - Vista, 2008, or 7


Create a policy and installable Afaria application for enrolling Windows Vista, Windows
2008, or Windows 7 devices in Afaria management. After creating or editing the policy,
download and distribute the application when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking Save at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Enrollment > Windows Vista,
Windows 2008, or Windows 7.
2. On the Summary page, enter the policy name and note.
3. On the General page, define the policy for enrolling the devices.
Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
Name type a user-friendly name for the server.
(Optional) Channel default channel or channel set for the clients to request when they
connect to the Afaria server. It must be created and published to appear on the list.
None may be an appropriate choice if you are using API instructions to control
connections.
(Optional) Optional Prefix if automatically creating a client name for enrolling
devices, enter a prefix to use for automatically naming the client. For example
"Sales_".
(Optional) Data Column if automatically creating a client name for enrolling devices,
select a data item to concatenate with the prefix for automatically naming the client.
The list includes predefined columns, the user name variable, and any additional user-
defined substitution variables you defined. Selecting something meaningful to your

136 Afaria
Policy

organization can help facilitate effective searching, create a value for building custom
views, or differentiate like-named clients.
4. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that groups definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
5. On the Advanced page, define the following device properties.
Device Connect select to define a setting to have the device initiate a connection to
the Afaria server without requiring user interaction. Windows devices request the
servers listing channel. Windows Mobile Professional and Standard devices request
the channel previously selected or the servers listings channel if there was no previous
selection.
Some delay may occur before initiating the connection if connectivity is not available
or if device resources are dedicated to another task that may not be related to Afaria
processing.
Immediately select to initiate a connection to the server as soon after the device
installation is complete as possible.
Time Picker select to specify a time for the device to initiate a connection to the
server.
Device Install select the preferences for the visibility of the Device Install interface
and device reboot prompt
Device Option select the optional components for the device.
Desktop shortcut select to create a shortcut to the Afaria server on the device
desktop.
Start menu shortcut select to create a shortcut to the Afaria server on the device
Start menu.
System tray icon during session select to create a system tray icon while the
session is in progress.
Outbound listener and firewall select to enable outbound listener and firewall
settings on the device so that the Afaria server can initiate connection with the
device.
Device Binary Path define a complete path on the planned client computer to serve as
the default installation path during the installation at the client. The installer can
change the path to a non-default value at installation time.
Device Data Path define a complete path on the planned computer to serve as the
default path for storing Afaria data during device operations. The installer can change
the path to a non-default value at installation time.
User Context define a user context for authentication when the Afaria application is
running without a user logged onto the computer. These settings are in effect only when
a user is not logged on.

Administration Reference 137


Policy

None the device runs only with the service settings


From installation account use the same user name and domain credentials as the
logged on user that is installing the device
From user the user that installs the device must supply a user name and domain for
the user context. The user name and domain do not need to belong to the installing
user.
Specifically as define values that become the user context for all devices installed
with the current device package. Enter a user name and domain for the context.
6. On the Certificate page, specify the certificate details for platforms that support device
authentication.
Path and File Name define the device-side path and file name for the signed device
certificate. The certificate file must be in the Personal Information Exchange (PFX)
format.
Password enter the password that was used for the certificate.
7. At the top of the page, click Save.
8. To download the application, return to the Summary page and click Download.

Creating an Enrollment Policy for Windows XP or 2003


Create a policy and installable Afaria application for enrolling Windows XP or 2003 devices
in Afaria management. After creating or editing the policy, download and distribute the
application when you want users to install it for enrollment.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. Clicking the Save button at the top of any page saves all pages.
1. On the Policy page, on the top toolbar, click New > Enrollment > Windows XP or
Windows 2003 .
2. On the Summary panel, enter the policy name and note.
3. On the General panel, define the server properties.
Server Address Afaria server address or relay server address. The value is initially
populated by the Address for Client Communication value, as defined on the Server >
Configuration > Device Communication page. You can change it in the policy.
Name type a user-friendly name for the server.
(Optional) Channel default channel or channel set for the clients to request when they
connect to the Afaria server. It must be created and published to appear on the list.
None may be an appropriate choice if you are using API instructions to control
connections.
(Optional) Optional Prefix if automatically creating a client name for enrolling
devices, enter a prefix to use for automatically naming the client. For example
"Sales_".
(Optional) Data Column if automatically creating a client name for enrolling devices,
select a data item to concatenate with the prefix for automatically naming the client.
The list includes predefined columns. Selecting something meaningful to your

138 Afaria
Policy

organization can help facilitate effective searching, create a value for building custom
views, or differentiate like-named clients.
4. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that groups definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, the device is removed from
the group.
5. On the Advanced panel, define the following device properties.
Device Connect select to define a setting to have the device initiate a connection to
the Afaria server without requiring user interaction. Windows devices request the
servers listing channel. Windows Mobile Professional and Standard devices request
the channel previously selected or the servers listing channel if there was no previous
selection.
Some delay may occur before initiating the connection if connectivity is not available
or if device resources are dedicated to another task that may not be related to Afaria
processing.
Immediately select to initiate a connection to the server as soon as the device
installation is complete.
Time Picker select to specify a time for the device to initiate a connection to the
server.
Device Install select the preferences for the visibility of the Device Install interface
and device reboot prompt
Device Option select the optional components for the device.
Desktop shortcut select to create a shortcut to the Afaria server on the device
desktop.
Start menu shortcut select to create a shortcut to the Afaria server on the device
Start menu.
System tray icon during session select to create a system tray icon while the
session is in progress.
Outbound listener and firewall select to enable outbound listener and firewall
settings on the device so that the Afaria server can initiate connection with the
device.
Device Binary Path define a complete path on the planned client computer to serve as
the default installation path during the installation at the client. The installer can
change the path to a non-default value at installation time.
Device Service select to supply credentials for running the Afaria client as a service.
Running the client as a service suppresses the user interface and prevents the program
icon from appearing in the system tray.
Account - Afaria client service account name.
Password - Afaria client service account password.

Administration Reference 139


Policy

Warning! If the account password that you specify changes, you must create a new
executable file and distribute it to your clients to implement the new password.
User - select to supply installation credentials that have administrative privileges on the
planned Afaria client. Using privileged credentials helps to ensure successful
installation at the client.
Account - administrative account name. The account is assumed to be a local
account unless you specify a domain with the account name (<domain>
\<accountname>)
Warning! Attempting to launch the install package with improper credentials fails
to launch the setup program without any user-facing message.
Password - administrative account password.
6. On the Certificate panel, specify the certificate details to enable client authentication.
Path and File Name define the client-side path and file name for the signed client
certificate. The certificate file must be in the Personal Information Exchange (PFX)
format.
Password enter the password for the certificate
7. At the top of the page, click Save.
8. To download the application, return to the Summary page and click Download.

Device Naming "Database Specific Value" Considerations


When using the database column section "Database Specific Value" to name your devices, the
associated Data Value data element defines a database table and column to use to populate the
device record and use in the device's client name.
Database Specific Value is a data column option for device naming when you are:
Creating an enrollment policy for Windows CE, Windows Mobile Professional, Windows
Mobile Standard, or any Windows variation.
Editing any device type.
Syntax: tableName.columnName
Consider these items:
It is your responsibility to ensure that the table, column, and row exist in the Afaria
database.
The value is retrieved during each device's initial connection, but always returns the first
row of the table.
It is your responsibility to populate the table at connection time. Consider using techniques
such as stored procedures and triggers to detect a connection and the device's identity, and
to populate the table accordingly.

140 Afaria
Policy

Security for Enrollment Policies


Several layers of security prevent rogue devices from using enrollment codes and policies to
enroll in Afaria management.
Security includes:
Relay server use a relay server as a secure proxy for incoming client connections to your
Afaria server components.
Afaria provisioning server install the provisioning server behind your enterprise firewall
and with authentication enabled.
Enrollment code expiration when creating enrollment policies, create enrollment codes
with expiration dates to manage the time during which a code is valid.
Self-service portal only flag create enrollment codes that are valid only when used with
the Afaria Self-Service Portal.
Enrollment code disable disable an active enrollment code any time you feel it is
necessary.

Session Policies
For one or more device types in a single policy, session policies define default and additional
channels to run. Channels include scripted events and registry updates. Some device types let
users select a schedule for running the session channels.
Session channels are created and managed on the Afaria Channel Administrator, as standalone
Windows application on the Afaria master server.

Session Channel Reference Documentation


The session channel reference describes using the channel editor, events, and variables.
See the Administration Reference.

Creating a Session Policy


Create a policy for running session channels on Android, BlackBerry, Windows Mobile, or
Windows devices.
The policy includes multiple pages. Clicking the Save button at the top of any page saves all
pages.

1. On the Policy page, on the top toolbar, click New > Session.
2. On the Summary page, enter the policy name, note, and remaining properties, except the
default channel.
State click to indicate published or unpublished. Connecting devices receive only
published policies.

Administration Reference 141


Policy

OS click to select the target device type.


Priority set a user-defined value that Afaria uses to determine which configuration
policy prevails when multiple policies define the same default settings. The lower the
numeric value, the higher the priority. A high priority prevails over a lower priority.
Authentication select to require the server to verify the connecting user's identity
against your authentication authority before allowing the policy to run. This option is
available only if you have authentication enabled on the server, as defined on the
Server > Configuration > Security page.
3. On the Channels page, click Select Channel to add channels to the list of channels that a
device is allowed to request.
4. (Optional) Return to the general page and select a default channel from the list of allowed
channels.
The connecting device requests the default channel during every connection.
5. At the top of the page, click Save.

Editing a Policy
Edit the policy information, such as name, note, and published state.

1. On the Policy page, select the policy to edit.


2. On the top toolbar, click Edit.
3. Edit the policy information, such as note, published state, and supporting settings.

Deleting a Policy
Delete a policy from the policy list.

1. On the Policy page, select one or more policies to delete.


2. On the top toolbar, click Delete.

Inspecting a Policy
Inspect the contents of a policy, such as enrollment codes and supporting settings.

1. On the Policy page, select a policy.


2. On the left toolbar, click Show/Hide Inspector to display information about the policy.

142 Afaria
Policy

Publishing and Unpublishing Policies


Publish policies to put them in effect. Unpublish policies to take them out of effect.
Enrollment policies are always in a published state. As an alternative to unpublishing an
enrollment policy, edit the policy and disable or delete its enrollment codes.

1. On the Policy page, select policies to publish or unpublish.


2. On the top toolbar:
Click Publish to publish all selected policies.
Click Unpublish to unpublish all selected policies.

Viewing a Policy's Group Links


View the groups linked to a policy.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.

1. On the Policy page, select the policies for which to view links.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
The filters for the groups panel behave differently depending upon how many policies you
have selected.
If you have one policy selected:
All displays all available groups, regardless of link state.
Linked displays groups linked to the policy.
Unlinked displays groups that are not linked to the policy.
Mixed linked is not applicable when only one group is selected.
If you have multiple policies selected:
All displays all available groups, regardless of link state.
Linked displays groups that are linked to all selected policies.
Unlinked displays groups that are not linked to any of the selected policies.
Mixed linked displays groups that are linked to some of the selected policies, but
not all.

Administration Reference 143


Policy

Viewing a Policy's Device Links


View the devices linked to a policy. Devices are indirectly linked to policies through their
membership in a group. You can link a device to a group, and you can link a group to a policy.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.

1. On the Policy page, select the policies for which to view links.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
The filters for the device panel behave differently depending upon how many policies you
have selected.
If you have one policy selected:
All displays all available devices, regardless of link state.
Linked displays devices linked to the policy.
Unlinked displays devices that are not linked to the policy.
Mixed linked is not applicable when only one policy is selected.
If you have multiple policies selected:
All displays all available devices, regardless of link state.
Linked displays devices that are linked to all selected policies.
Unlinked displays devices that are not linked to any of the selected policies.
Mixed linked displays devices that are linked to some of the selected policies, but
not all.

Linking a Group to a Policy


Link a group to a policy to manage the group's devices with the policy.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.
As group size changes, the sort order may change which group has focus. When you link and
unlink devices and policies, make sure you have the correct group selected.
While the Link panel list may span multiple pages, toolbar actions, such as link or unlink, can
affect only the items selected on the current page. Navigating from one page to another clears
prior selections.

144 Afaria
Policy

1. On the Policy page, select the policies for which to link to groups.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Group panel in the Link column filter, change the filter to Unlinked to display the
groups not linked to this policy. To narrow the list, use the filter columns or click the title to
sort.
4. Select the groups to add to the policies, and click Link on the group panel toolbar.
5. In the Link column, change the filter to Linked to show the groups linked to the policies.

Unlinking a Group from a Policy


Remove a group from a policy to discontinue managing the group's devices with the policy.
Enrollment policy link relationships to groups or devices always appear as blank and cannot
link to groups. Enrollment policies are applied to a device only once, when the device enrolls
in management.
As group size changes, the sort order may change which group has focus. When you link and
unlink devices and policies, make sure you have the correct group selected.

1. On the Policy page, select the policies from which to remove groups.
2. On the left toolbar, click Show/Hide Link to display the Link panel.
By default, the Link panel is filtered to show linked items.
3. In the Group panel in the Link column filter, change the filter to Linked to display the list
of groups linked to the policies.
4. Select the groups you want to remove from the policy and click Unlink on the group panel
toolbar.

Exporting a Policy View


Export the policy list in its current state with any filters or sort applied. You can export to
Excel, Word, and CSV.

1. From the Policy list, click Export View.


2. Select All to export all pages of the view, or select Current Page Only.
3. Select the export format, and then click OK.

Administration Reference 145


Policy

146 Afaria
Application Onboarding

Application Onboarding
For commercial or enterprise applications for iOS, Android, and BlackBerry devices, Afaria
can provision data and certificates to facilitate onboarding.
Data provisioning Afaria delivers application configuration data as needed, such as for
connectivity or operations.
Certificate provisioning Afaria delivers a certificate to a device as needed, such as for
user authentication.

Data Provisioning for iOS and for Android


For iOS and for Android commercial or enterprise applications, Afaria can deliver application
configuration data to devices as needed, such as for connectivity or operations.

Compiling Applications for iOS and Android Data Provisioning


Compile applications with the Afaria Static Link Library (SLL) with calls that retrieve data
from Afaria as defined in an portal application package.
For Sybase Unwired Platform (SUP) development, see SUP documentation at SyBooks
Online (http://infocenter.sybase.com) instead of this procedure.

1. Refer to the Afaria Static Link Library documentation, as available on the Afaria product
image in folder \Libraries.
Documentation is available for iOS and Android development.
2. Follow documented procedures for using the library to make a retrieveSeedData call.
3. As required for your application, develop response for retrieving, using, and deleting the
data.

Output Requirements for iOS and Android Data Provisioning


Provisioning requires an application call and configuration data.
For the device, an application compiled with the Afaria SLL retrieveSeedData call.
For the Afaria administrator, configuration data, as either:
A file of any type with any extension.
Data that an Afaria administrator enters into the Afaria interface.

Administration Reference 147


Application Onboarding

Provisioning Data for iOS and Android Applications


Create an iOS or Android enterprise or commercial application package that includes
configuration data for application onboarding.

1. On the Administration > Policies and Profile page, select or create a new application
package, and ensure that the general settings are defined.
2. On the Configuration tab, type or import your application seeding configuration data.
Import source location is relative to the browsing computer.
Importing a file overwrites the content in the data box. If you edit the file in the Afaria
Administrator interface, it is stored in UTF-8 format. If you do not edit the file, it is stored
in its original format.
3. Click Save.

Data Provisioning for BlackBerry


For BlackBerry commercial or enterprise applications, Afaria can deliver application
configuration data to devices as needed, such as for connectivity or operations.

Compiling Applications for BlackBerry Data Provisioning


Compile applications with the Afaria Static Link Library (SLL) with calls that retrieve data
from the Afaria server.
For Sybase Unwired Platform (SUP) development, see SUP documentation at SyBooks
Online (http://infocenter.sybase.com) instead of this procedure.

1. Refer to the Afaria Static Link Library documentation, as requested from Afaria technical
support.
2. Follow documented procedures for using the library to make a retrieveSeedData call.
3. As required for your application, develop response for retrieving, using, and deleting the
data.

Output Requirements for BlackBerry Data Provisioning


Provisioning requires an application call and a configuration data file.
For the device, an application compiled with the Afaria SLL retrieveSeedData call.
For the Afaria administrator, configuration data as a file of any type, with the file name
matching the applications file name, per the RIM SDK ApplicationDescriptor class
getModuleName call, and without any extension.

148 Afaria
Application Onboarding

Provisioning Configuration Data for a BlackBerry Application


Prepare application configuration data for BlackBerry devices and store it on a user-defined
Afaria server folder.

Prerequisites
Administrator must have a configuration file from the developing entity, named to match the
calling application, as per the RIM SDK ApplicationDescriptor class getModuleName call.

Task

1. On the Afaria server, create the path for the application configuration data file.
<ServerDataDir>\SeedDataRequest\<TenantID>\. Tenant ID is defined in table
A_Tenant.
2. Copy the file to the path.
3. On the device, run the calling application and make the Afaria SLL retrieveSeedData call.

Certificate Provisioning for Android and for BlackBerry


For commercial or enterprise applications, Afaria can deliver certificates to devices as needed,
such as for user authentication, from your certificate authority (CA).
This feature requires a configured provisioning server and CA, as defined on Server
Configuration > Properties > Component Configuration > Portal Package Server Server
page, including any certificate request information.

Compiling Applications for Android and BlackBerry Certificate


Provisioning
Compile applications with the Afaria Static Link Library (SLL) with calls that retrieve a
certificate from your enterprise certificate authority (CA) server.
For Sybase Unwired Platform (SUP) development, see SUP documentation at SyBooks
Online (http://infocenter.sybase.com) instead of this procedure.

1. Refer to the Afaria Static Link Library documentation.


For Android, the library documentation is available on the Afaria product image in folder
\Libraries. For BlackBerry, request the documentation from Afaria technical support.
2. Follow documented procedures for using the library to make the retrieveCertificate call.
Defining values for call parameters is the responsibility of the developing party:
Cert public key
Cert private key

Administration Reference 149


Application Onboarding

Cert common name


CA challenge response
If using authentication the portal package server, user credentials as <domain>
\<username> and password or <username> and password.
3. As required for your application, develop a response for using the certificate.

Output Requirements for Android or BlackBerry Certificate


Provisioning
For the device, an application compiled with the Afaria Static Link Library retrieveCertificate
call.

Certificate Provisioning for iOS


For iOS commercial or enterprise applications, Afaria can deliver application configuration
certificates as needed for authentication, connectivity, or operations.
This feature requires a configured provisioning server and CA, as defined on Server
Configuration > Properties > Component Configuration > Portal Package Server page,
including any certificate request information.

Compiling Applications for iOS Certificate Provisioning


Compile applications with the Afaria Static Link Library (SLL) with calls that retrieve a
certificate from your enterprise certificate authority (CA) server.
For Sybase Unwired Platform (SUP) development, see SUP documentation at SyBooks
Online (http://infocenter.sybase.com) instead of this procedure.

1. Refer to the Afaria Static Link Library documentation, as available on the Afaria product
image in folder \Libraries.
2. Follow documented procedures for using the library to make the
retrieveCertificateWithPrivateKey and retrieveCertificateWithUrl calls.
Defining values for call parameters is the responsibility of the developing party:
Cert public key
Cert private key
Cert common name
CA challenge response
If using authentication the portal package server, user credentials as <domain>
\<username> and password or <username> and password.
3. As required for your application, develop a response for using the certificate.

150 Afaria
Application Onboarding

Output Requirements for iOS Certificate Provisioning


For the device, an application compiled with the Afaria Static Link Library
retrieveCertificateWithPrivateKey and retrieveCertificateWithUrl calls.

Administration Reference 151


Application Onboarding

152 Afaria
Server Configuration for Installation and Management

Server Configuration for Installation and


Management
Documentation for Afaria Server configuration properties, as defined in the Afaria
Administrator Server Configuration page, are located in different documentation references,
based on their purpose as properties for general operations or for optional features.
Properties documented in the Installation Guide basic for core operations, such as for
configuration for the SMS gateway or connectivity for the access control server:
Device communication
Access control server
Enrollment code
Relay server
Security
SMS gateway
SMTP
Enrollment server
iOS notification
Package server
Properties documented in the Administration Reference optional based on the features
you license or choose to use, or performance optimizations, such as for defining access
control policies for users:
Tenants
Schedules
Logging option and cleanup
Outbound notifications
Google C2DM for Android
Device Activity
For session policies:
Bandwidth throttling
File compression
File differencing
User defined fields
iOS branding
For access control, options for known and unknown device policies
For device activity management:
General settings to enable and notify users
Roaming

Administration Reference 153


Server Configuration for Installation and Management

Thresholds for data views


Device activity log cleanup

Showing or Hiding Servers in the Server List


To allow or disallow selection of a server in the Afaria Administrator banner bar's server list,
show or hide a server. For example, hide a server that you want to take down for maintenance.
You cannot hide the master server.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Server Farm.
3. Select a server and click Edit.
4. Select Visible or Hidden:
Visible the server appears in the server list.
Hidden the server does not appear in the server list.
5. On the server row you are editing, click Save below the Replication Address.
6. Click Save at the top of the page.

Configuration for Tenants


A tenant is an entity you associate with a subset of the device base and its related operations
and assets. You must create a tenant record before you can enroll devices for a tenant.
Status the state of the tenant:
Enabled associated devices can connect and get managed and Afaria Administrator users
can operate and support the tenant.
Disabled associated devices can connect but are denied additional management.
However, the existing data remains accessible to Afaria Administrator users.
You can change a tenants status at any time.

Adding a Tenant
Add a tenant to establish an entity for associating devices, groups, and policies.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Tenant.
3. Click New.
4. Enter settings:
State enabled or disabled.

154 Afaria
Server Configuration for Installation and Management

Tenant name of the tenant.


Note a short description of the tenant.
5. Click Save next to the Note field.
6. Click Save at the top of the page.

Disabling a Tenant
Disable a tenant to prevent devices from running sessions for a tenant but preserve all the
tenant's existing data. You can disable a tenant on a temporary or permanent basis; you cannot
disable the system tenant.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Tenant.
3. Select a tenant in an Enabled state.
4. Click Disable.
5. Click Save.

Deleting a Tenant
Delete a tenant to permanently remove the record from your system. You cannot delete the
system tenant.
The scope of the tenant delete action includes deleting:
Devices
Groups
Server schedules
Substitution variables
If you plan to delete a tenant, you are advised to first delete the tenant-based items that are
outside the scope of the tenant delete action:
Logs
Policies
Device activity data, as defined on the Device Activity List page.
This tenant data is subject to becoming orphaned during a tenant delete action.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Tenant.
3. Select a tenant to delete.
4. Click Delete.
5. Click Yes, Continue.
6. Click Save.

Administration Reference 155


Server Configuration for Installation and Management

Configuration for Schedules


Schedules enable you to set specific tasks, such as updating channel content or refreshing
dynamic groups, to perform automatically at specific times, days, and for a specified length of
time. You have the ability to edit schedule settings, enable or disable schedules, and run
schedules on demand.

Editing a Schedule
Edit a schedule's start and end times, how long and often it runs, and set it to retry to run after
failing by changing the settings for each individually listed schedule.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Schedule.
3. Select one of the listed schedules.
4. Click Edit connection rule.
5. Select the type of schedule from the drop-down menu.
6. Click the tabs to edit the settings:
Rate set the start time and how many days the schedule runs.
Range select a start and end date for the schedule.
Repeat select how often the schedule repeats.
Retry select how many times and how often the schedule tries after failing to run.
Randomize not applicable.
7. Click Save.

Enabling or Disabling Schedules


Manually enable or disable schedules to temporarily or permanently start or stop the task each
schedule is set to perform. By default, iOS schedules are disabled after installation.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Schedule.
3. Select one or multiple schedules.
4. Click Enable or Disable.
Enable starts running the schedule according to the saved settings.
Disable stops running the schedule according to the saved settings.

156 Afaria
Server Configuration for Installation and Management

Running a Schedule on Demand


Manually run a schedule as needed, without changing the schedule's normal run time.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Schedule.
3. Select one of the listed schedules.
4. Click Run Now.

The selected schedule runs, and the Last Run column is updated.

Configuration for Logging


Configure the type, detail level, and cleanup frequency for Afaria server-side logging.

Configuring Log Options


Configure the Afaria server-side logging options by type and detail level. By default, all logs
are enabled..

1. On the Server page, on the left toolbar, click Configuration > Server > Log Option.
2. Click Disable every log below to disable all logging options or select logs to enable in
different areas:
Message log records information, warning, and error messages specific to the server.
Replication log records replication-specific information, warning and error
messages.
Session log records information about past sessions, such as the channel involved, the
end time and duration, the user and computer information, and the session event status.
Session event detail records log details at the object level pertaining to File Transfers
or Sessions.
Device action log records information about actions occurring on the devices.
Alert log enables the server to log both raised events and closed alerts on your server.
3. Click Save.

Configuring Log Cleanup


Specify the cleanup frequency for server-side logs.

1. On the Server page, on the left toolbar, click Configuration > Server > Log Cleanup.
2. Enable or disable cleanup for individual log types and select how many days old a record
should be before it is deleted, or click Reset to defaults to reset all options.
3. Click Save.

Administration Reference 157


Server Configuration for Installation and Management

Configuring for Outbound Notifications


Set the flood control level to prevent the Afaria server from being overwhelmed with incoming
sessions. Enable the notification retries to control when to re-notify devices and the maximum
number of retries allowed.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Outbound Notification.
3. In the Flood control area, set the values to control the number of client notifications sent
during a given time period:
High water notifications stop going out when the active sessions reach this number.
Low water notifications resume when the active sessions drop to this number.
Maximum per time period number of active sessions that occur within the specified
time period.
Time period in seconds time period for the maximum per time period.
Max simultaneous notifications number of notifications to group together.
To ignore values set them equal to zero.
4. In the Notification Retries area, select Enable Notification Retries.
5. Set the values to control the retry wait time and number of retries:
Retry wait time set the amount of time in days, hours, and minutes. The maximum
values for the days, hours and minutes are 30, 23, and 59.
Maximum SMS retries set the number of SMS and C2DM retries that can occur in the
specified time period. The maximum value is 100.
Maximum IP retries set the number of IP retries that can occur in the specified time
period. The maximum value is 100.
To ignore values set them equal to zero.
6. Click Save.

Configuration for Google C2DM for Android


Use the Google Android Cloud to Device Messaging (C2DM) service to reduce SMS data
usage and simplify the Afaria implementation.
Devices must have an active Google account to participate in the C2DM service.

Signing Up for Google Android C2DM Service


In Afaria, Cloud to Device Messaging (C2DM) outbound notifications must be associated
with a Google gmail account that identifies your organization as the calling entity.

158 Afaria
Server Configuration for Installation and Management

1. Go to code.google.com/android/c2dm/signup.html and log in on behalf of your


organization.
2. Sign up for the Android Cloud to Device Messging service.
3. Record the associated email account address and password for use in Afaira.
4. Wait for confirmation from Google that the account is registered.

Configuring C2DM on the Afaria Server


Configure the Afaria server to use the Google Android Cloud to Device Messaging (C2DM)
service as an alternative to SMS-based notifications.

Prerequisites
Before configuring Afaria C2DM properties, your enterprise must sign up for the Google
Android C2DM service.

Task

1. On Home page Server tile, click Configuration to open the Server Configuration page.
2. Navigate to the Component > C2DM Server page.
3. Click Enable C2DM.
4. Enter the Google C2DM send server address, as defined by Google.
5. Enter the Google gmail address that you used to signup for the C2DM service in the Server
C2DM field.
6. Enter the password.
7. Click Save.
8. Restart the Afaria server service.

Using Google Android C2DM Service in Afaria


Using the Google Android Cloud to Device Messaging (C2DM) service to reduce SMS data
usage and simplify the Afaria implementation.
Devices must have an active Google account to participate in the C2DM service. SMS
messaging is used for devices that do not participate.

1. Configure C2DM on the Afaria Server.


2. Configure devices for C2DM service using preferred method:
Enroll device in management using an enrollment policy with the Include C2DM Send
Account attribute.
For enrolled devices, create a configuration policy with the Device Communications >
Server C2DM Send Account attribute.

Administration Reference 159


Server Configuration for Installation and Management

For devices that report inventory and connect after C2DM configuration, you can observe
a C2DM registration ID in the Device Inspector hardware view.

Configuration for iOS


For iOS management, enable iOS Apply Policies and iOS Device Refresh schedules that are
disabled by default. Optionally, configure custom branding for the Afaria application that is
installed on devices.

Enabling or Disabling Schedules


Manually enable or disable schedules to temporarily or permanently start or stop the task each
schedule is set to perform. By default, iOS schedules are disabled after installation.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Schedule.
3. Select one or multiple schedules.
4. Click Enable or Disable.
Enable starts running the schedule according to the saved settings.
Disable stops running the schedule according to the saved settings.

Adding Customized Branding to the App Store Application


Add custom elements, such as a banner graphic, background image, text, and text colors to
represent your enterprise brand and messages to the Apple App Store Afaria application.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > iOS Branding page.
3. On the Text tab, select options for Home and About Screens text branding.
For the Home screen:
Home Screen title and text - use default or custom text. As needed, clickLanguages to
define the title in additional languages for devices in supported regions. Default values:
Screen Title Sybase Afaria
Screen Text For technical assistance and support, please contact your IT help
desk.
Color Text use default white text (R=255, G=255, B=255) or define RGB values for a
custom color.
For the About screen:
Home Screen title and text use default or custom text. As needed, clickLanguages to
define the title in additional languages for devices in supported regions. Default values:

160 Afaria
Server Configuration for Installation and Management

Screen Title About Afaria


Screen Text For technical assistance and support, please contact your IT help
desk. For more information, visit: www.sybase.com/afaria.
Color Text use default white text (R=255, G=255, B=255) or define RGB values for a
custom color.
4. On the Image tab, select options for the Home and About screen image branding.
Define branding options for all of your supported device types by using the type selector
next to the home Screen and About Screen text labels.
Use default or custom images (.JPG or .PNG). Custopme images replace default images.
The size recommendations that appear on the interface area are as recommened by Apple.
Default images reflect Sybase Afaria branding.
5. On the iOS device, open the Afaria application. Devices get their new or changed branding
when the user opens the application.

iOS Home Branding Element Map


Branding elements on the Home Branding diagram map to elements on the Apple App Store
Afaria Application Home screen.

Administration Reference 161


Server Configuration for Installation and Management

Element Maps to... on iOS Branding Text and Image Tabs


1 Title to display on home client screen

2 Logo image to display, centered

3 (Optional) Text to display on home client screen Text color to display on home
client screen

4 Text color to display on home client screen

5 Background image to display in portrait mode

N/A Background image to display in landscape mode

iOS About Branding Element Map


Branding elements on the About Branding diagram map to elements on the Apple App Store
Afaria Application Home screen.

Element Maps to... on iOS Branding Text and Image Tabs


1 Title to display on about client screen

2 Logo image to display, centered

162 Afaria
Server Configuration for Installation and Management

Element Maps to... on iOS Branding Text and Image Tabs


3 (Optional) Text to display on about client screen Text color to display on
home client screen

4 Background image to display in portrait mode

N/A Background image to display in portrait mode

Language Localization and Branding on the Afaria iOS Client


For text on the Afaria client home screen and About screen, the text that appears on the client is
determined by the settings you use on the associated Server Configuration > iOS Branding
page, the languages supported on the Afaria device, and the devices regional setting.
Supported languages for the Afaria iOS device are listed in the Afaria Release Notes > Afaria
System Requirements. Visit the technical support site for the most current release notes.
The Home Branding and About Branding pages each include a Languages link for the Multi-
Language Branding Dialog to define branding text for supported languages.

Administration Reference 163


Server Configuration for Installation and Management

Localization and branding results for branding page settings:


Default text, without language branding for devices using a regional setting for a
supported language, text is localized with system-localized content. For devices using a
regional setting for a unsupported language, the text is in English.
Custom text, without language branding all devices display custom text, regardless of
regional setting.
Default or custom text, with language branding for devices using a regional setting for a
language that has defined text in the language branding dialog, text appears as defined.

164 Afaria
Server Configuration for Installation and Management

Configuring Access Control Policies


Access Control Policies define default synchronization policies, by device type or by group,
for devices that synchronize with your enterprises e-mail environment, including those that
are not managed by Afaria.

Defining an Access Control Policy for Android


Define a default access control policy to manage e-mail synchronization for Android devices
that enroll or reenroll in Afaria device management. When both group policies and device type
policies are defined, the most restrictive policy prevails.
Changing the default policy impacts only newly enrolling or reenrolling devices; Afaria does
not retroactively apply a change to previously enrolled devices.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > Access Control Option page.
3. Click the Android tab.
4. Select the default policy:
Always allow allow synchronization requests at all times.
Always block block synchronization requests at all times.
Allow when:
Administrator setting enabled allow synchronization requests if Afaria is
installed on the device with administrator privileges activated.
Password policy enabled allow synchronization requests if a password is enabled
at the device and managed by an Afaria configuration policy with defined password
settings.
Device not compromised allow synchronization requests the device's most recent
device connection did not report the device's status as rooted.

Defining an Access Control Policy for iOS


Define a default access control policy to manage e-mail synchronization for iOS devices that
enroll or reenroll in Afaria device management. When both group policies and device type
policies are defined, the most restrictive policy prevails.
Changing the default policy impacts only newly enrolling or reenrolling devices; Afaria does
not retroactively apply a change to previously enrolled devices.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.

Administration Reference 165


Server Configuration for Installation and Management

2. Navigate to the Component > Access Control Option page.


3. Click the iOS tab.
4. Select the default policy:
Always allow allow synchronization requests at all times.
Always block block synchronization requests at all times.
Allow when:
Administered by mobile device management the device is under Afaria iOS
mobile device management (MDM) control.
Afaria installed and device connected the Afaria App Store application is
installed.
Assigned policy delivered assigned policies are reported to the Afaria server as
delivered and installed on the device, as verified in the Policy Delivery log.
Device hardware encrypted the device has the hardware encryption feature
enabled.
Device uncompromised the device's most recent connection did not report the
device's status as jailbroken.
If a time frame is not selected or is zero, there is no effect on policy enforcement. If the time
frame is selected and greater than zero, the most recent Afaria device connection or policy
notification occurred within the defined policy time frame.

Defining an Access Control Policy for Windows Mobile


Define a default access control policy to manage e-mail synchronization for Windows Mobile
devices that enroll or reenroll in Afaria device management. When both group policies and
device type policies are defined, the most restrictive policy prevails.
Changing the default policy impacts only newly enrolling or reenrolling devices; Afaria does
not retroactively apply a change to previously enrolled devices.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > Access Control Option page.
3. Click the Windows Mobile tab.
4. Select the default policy:
Always allow allow synchronization requests at all times.
Always block block synchronization requests at all times.
Allow when connected within time frame allow synchronization requests if its most
recent Afaria device connection occurred within the defined time frame.

166 Afaria
Server Configuration for Installation and Management

Defining an Access Control Policy for Unknown Devices


Define a default access control policy to manage e-mail synchronization for devices that do
not enroll in Afaria device management.
You are advised to define an unknown device policy for each domain managed by your e-mail
server.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > Access Control Option page.
3. Click the Unknown tab.
4. Click Add to define unknown device properties.
5. Enter the e-mail server's domain.
6. Select the default policy for that domain.
7. Define the interval at which the Afaria ISAPI filter's polling agent queries the Afaria server
for a list of known devices and policies.
8. In the inline editor row, click the Check icon to save.

Defining an Access Control Policy to Block or Allow by Group


To allow or block e-mail synchronization requests by group, create group-specific policy.
When both group policies and device type policies are defined, the most restrictive policy
prevails.
Blocking and allowing by groups can let you block devices that do not meet some criteria, or
allow devices that meet some criteria. You define dynamic group with your criteria to use with
this feature.
The frequency of the Dynamic Group Refresh schedule, access control polling interval, and
device inventory reporting all affect the timing of when a group policy goes into effect on a
device.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > Access Control Option page
3. Click the Groups tab.
4. (Optional) For blocking specific groups, in the block area, select a group in the available
list and click the Arrow icon to move it to the selected list.
5. (Optional) For allowing groups, in the allow area, click Enable, select a group in the
available list and click the Arrow icon to move it to the selected list.
All groups are blocked except for the selected groups.
6. Click Save.

Administration Reference 167


Server Configuration for Installation and Management

A server restart is not required.

If you create a policies that conflict for a device, the most restrictive policy prevails.

Access Control Policy Conflict Resolution


When a device is subject to more than one access control policy, the most restrictive policy
prevails.
For example, if an Android device is subject to a default policy for Android that allows access,
and a group policy that blocks access, then the device is blocked from synchronizing with the
e-mail server.

Access Control Device List


Afaria displays access control devices and their policy assignments in different locations of
the user interface, depending upon the device type.
Assignment locations include:
Android and Windows Mobile Access Control Option > Devices page tab.
On the Device tab, the device list displays your Afaria devices and white list devices that
are access control devices. The Afaria server populates this list with Afaria devices after it
assigns a synchronization policy to a connecting device. White list devices populate the list
as you add them. Therefore, the list starts empty and grows as each Afaria device connects
and receives its synchronization policy assignment, and as you manually add devices.
iOS Device List page
The list, for all devices types, includes this information as last retrieved from devices:

Manually Adding a Device for Access Control


In some circumstances for Windows Mobile or Android devices that are not yet managed,
manually add a device for access control.
iOS devices do not follow this procedure. For iOS devices, add devices for access control
when you define its enrollment policy and enroll the device, or when you manually edit its
device record. Add a device when:
The device synchronizes with your e-mail server but does not have an installed Afaria
application.
The device has, or will have, an installed Afaria application that has not connected to the
server yet, and you want to ensure that the first synchronization request is managed with a
nondefault policy.
To add a device:

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.

168 Afaria
Server Configuration for Installation and Management

2. Navigate to the Component > Access Control Option page.


3. Click the Devices tab.
4. Click Add.
5. Complete the new device information.
Device e-mail environment's identifier for the synchronizing device.
User name the user node of the fully qualified e-mail user name used to synchronize
with the email server.
Domain the domain node of the fully qualified e-mail user name used to synchronize
with the email server.
6. Select OS.
7. Select the default policy.
8. In the device properties field, click the Save icon.

Exchange Environment Unique Device ID Value


For the Afaria Access Control for Email feature in a Microsoft Exchange environment, the
Unique Device ID value is the DeviceID value stored in the device's registry.
You can obtain the value from a device if it has already connected to the e-mail server. Afaria
cannot retrieve the value for you if an Afaria client is not installed. You can use your own
method to retrieve the value or:
Use a device utility to read the value.
Use your Exchange Server ActiveSync Web Administration tool (browser address: http://
<YourExchangeServer>/mobileadmin, this is the default location) to run a query to
retrieve the value. Choose the Remote Device Wipe menu option and query for the user of
interest. The query returns information about the devices associated with the user. Copy
the value from the Device ID column and exit the page without initiating any further
action.

E-Mail User Name Formats for Android Devices


For Android devices, the e-mail user name requirement for Afaria Access Control for Email
varies according to your enterprise environment.
It is your responsibility to ensure that your users enter the information correctly. On the
device's Afaria application configuration page (Afaria > Configuration), the e-mail user name
must comply with your e-mail server's requirement for user name. The format, as observed in
Afaria table A_ANDROID_DEVICES, takes one of these forms:
<Domain>\<UserName> examples:
mycompany\sbrowne
mycompany.com\sbrowne
mycompany.net\sbrowne

Administration Reference 169


Server Configuration for Installation and Management

<UserName> example: sbrowne

Changing a Device's Access Control Policy


For Windows Mobile or Android devices, and as your requirements dictate, change the
device's synchronization policy to affect its next synchronization. For iOS devices, change the
policy by editing its device record.

1. On the Home page Server tile, click Configuration to open the Server Configuration
page.
2. Navigate to the Component > Access Control Option page.
3. Click the Devices tab.
4. Select one or more devices on the managed device list.
5. Click Edit.
6. Select new policy and click the Save icon.
7. (Android) For devices changing from a blocked policy to an allow policy, a device restart
may be required.
Test a representative set of devices in your environment to learn whether this step is
required.

End-User Access Control Policy Notification


Notify your access control device users about their synchronization policy assignment.
It is your responsibility to establish an appropriate understanding about complying with policy
requirements and establishing expectations about a device's synchronization-denied behavior
and corrective action if it falls out of compliance.

Configuration for Device Activity Collection


Configure Afaria Device Activity settings on the Afaria server and prepare the devices that
support device activity.
No additional server components are required. Use the Afaria Administrator to configure
device activity settings on a tenant-by-tenant basis.

Preparing Devices for Activity Collection


Prepare the device for activity collection by installing the Afaria application and enabling
Location Services.
Preparing the device varies by device type.

1. Install the Afaria application on the device and enroll in Afaria device management.
2. During the application installation, authorize and enable Location Services.

170 Afaria
Server Configuration for Installation and Management

On iOS devices, the Afaria application must continuously run for device activity to be able
to monitor activities. Enabling Location Services for Afaria keeps the Afaria application
continuously running in the background.

Device Activity Collection Considerations


Afaria Device Activity data collection allows you to collect various types of data from
enrolled devices and use it for monitoring and report purposes.
Note: Device activity data collection is disabled by default.
Starting data collection:
If user authorization is required, device activity data collection begins after the user
accepts device activity enrollment. The user response (accept or decline) is sent back to the
Afaria server and appears in the Opt-in column of the Subscribers view.
If user authorization is not required, device activity data collection begins after you enable
device activity collection; restart the Afaria server service; and the device connects to the
server.
A device retains its device activity collection preference (accept or decline) when it
changes tenant. However, if the user has previously declined and you move the device to a
tenant where user acceptance of device activity is not required, device activity collection
begins without further user notification.
Ongoing data collection:
Device activity data is associated with a subscriber. If a device has an SIM, the subscriber
is identified by the SIM IMSI or ICCID. Device activity data moves with the SIM from
device to device.
On iOS devices, device activity data collection stops automatically if the user turns off
location services for more than 10 minutes.

Device Activity Collection Frequency


Data collection frequency settings indicate when Afaria collects device activity data from
enrolled devices.
The frequency of data collection varies by device type.
For iOS devices, Afaria collects device activity data once a day between 2:00 a.m. and 3:00
a.m. (server local time).
For Android devices, Afaria collects device activity data at the frequency based on the
heartbeat settings defined in the Configuration Manager Channel.
For BlackBerry devices, Afaria collects device activity data when either:
The user opens the Afaria application on the device and successfully establishes a
connection to the server, or
The administrator sends an outbound notification to the applicable devices.

Administration Reference 171


Server Configuration for Installation and Management

Starting Device Activity Collection


Start collecting Afaria Device Activity from devices.

1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the General Settings tab, select Enable Activity Collection.
If you select Prompt Subscriber for Activity Enrollment, data collection begins when
the user accepts enrollment.
3. Save changes.
4. Click Restart Server to restart the Afaria server service.
After you restart the server, Afaria begins collecting device activity data when the device
connects to the server.

Stopping Device Activity Collection


Stop collecting Afaria Device Activity from various devices.

1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the General Settings tab, unselect Enable Activity Collection.
3. Save changes.
4. Click Restart Server to restart the Afaria server service.
After you restart the server, device activity data collection stops for each device connecting
to the server.

Reprompting for Device Activity Enrollment


Reprompt users and resend the Afaria Device Activity enrollment notifications to those who
have previously accepted or declined enrollment.

Prerequisites
Before you set up the reprompt, verify that Prompt Subscriber for Activity Enrollment is
selected on the Device Activity General Settings tab on the Server > Configuration >
Component > Device Activity page.

Task

1. On the Device page, select Activity List.


2. Navigate the Activity views, select Subscribers view, and click Select.
3. Select a subscriber and click Reprompt to resend the notification.
The Opt In column in the Subscribers view indicates which users have accepted or
declined enrollment.

172 Afaria
Server Configuration for Installation and Management

The user receives either the default enrollment notification or the custom notification you
set up on the Device Activity General Settings page.

Subscriber Data Collected by Device Type


Definitions of subscriber data, such as IMSI, ICCID, and MSISDN, collected by each device
type.

Subscriber iOS Android BlackBerry Definitions


Data
IMSI X X International Mobile Subscriber Identi-
ty, conforming to International Tele-
communication Union (ITU) standard.

ICCID X Integrated Circuit Card Identifier, con-


forming to International Telecommuni-
cation Union (ITU) standard.

Note: iOS 5 devices do not collect IC-


CIDs.

Cell ID X X Last reported cell ID.


On CDMA networks, the Base Station
ID (BID).

Current Afa- X X X Afaria client global unique identifier


ria Client ID (GUID).

Current De- X X X iOS Unique Device Identifier


vice ID (UDID).
Android and BB GSM devices - Inter-
national Mobile Equipment Identity
(IMEI).

MSISDN X X Mobile Subscriber Integrated Services


Digital Network Number which is the
literal phone number as reported by the
device.
Not all SIM cards, specifically in Eu-
rope, are preprogrammed with an
MSISDN.

Home MCC X X X Home network Mobile Country Code.

Home MNC X X X Home network Mobile Network Code.

Administration Reference 173


Server Configuration for Installation and Management

Subscriber iOS Android BlackBerry Definitions


Data
Activity Last X X X Date on which Device Activity data was
Collected last posted on the server by the device.

Last MCC X X X Last reported Mobile Country Code


(MCC).

Last MNC X X X Last reported Mobile Network Code


(MNC).
On CDMA networks, the network Sys-
tem Identifier (SID).

Latitude X X X Last reported approximate latitude,


based on crowd-sourced Wi-Fi hotspot
and mobile cell tower location.
For all BlackBerry devices, the ability
to collect latitude depends on the wire-
less service provider and if the device
connects to a BlackBerry Enterprise
Server (BES), on BES policy settings.

Longitude X X X Last reported approximate longitude,


based on crowd-sourced Wi-Fi hotspot
and mobile cell tower location.
For all BlackBerry devices, the ability
to collect latitude depends on the wire-
less service provider and if the device
connects to a BlackBerry Enterprise
Server (BES), on BES policy settings.

Location Last X X X Date and time of the last location


Determined change.

Opt In X X X User answer to request for Device Ac-


tivity Enrollment (accepted/declined).

Roaming X X X Date and time of the last roaming state


Change Date change.

Status of Lo- X X X Status of Location Services on the de-


cation Serv- vice (enabled or disabled).
ices

174 Afaria
Server Configuration for Installation and Management

Removing Device Activity Data for a Subscriber


Remove all Afaria Device Activity data related to one subscriber.

1. On the Device page, on the left toolbar, click Device List.


2. Select a subscriber.
3. On the top toolbar, click Delete.
4. Select Device Activity.
All device activity data collected for the subscriber is deleted, regardless of when it was
collected.

Device Activity Calls by Device Type


Definitions of voice call details collected by each device type, for example, Cell ID and MCC.

Voice iOS Android BlackBer- Definitions


ry
Call
Details
Remote Party X X Remote party phone number.

Start Time X X X Start time of the call event.

End Time X X X End time of the call event.


End Time does not appear in data views and
reports.

Duration X X X Duration of call event.

Call Direction X X X Outbound or inbound call.

Cell ID X X Mobile cell ID at the start of connection.


On CDMA networks, the Base Station ID
(BID) at the start of the connection.

Roaming State X X X Roaming status.

Latitude X X X Latitude generated at the start of a call.

Longitude X X X Longitude generated at the start of a call.

MCC X X X Mobile Country Code of the network on


which the call event occurred.

MNC X X X Mobile Network Code of the network on


which the call event occurred.

Administration Reference 175


Server Configuration for Installation and Management

Device Activity Details Connections by Device Type


Definitions of data collection details connections by each device type, for example, Bearer
Type and MNC.

Data iOS Android BlackBerry Definitions


Connection
Details
Start Time X X X Start time of the call event

End Time X X X End time of the call event.


End Time does not appear in data
views and reports.

Duration X X X Duration of call event.


BlackBerry CDMA OS 5 and 6 devi-
ces do not collect data connection de-
tails.

Bearer Type X X X Network type, such as CMDA, GSM


and Wi-Fi, at the start of the connec-
tion.

Connection X X Network name.


Name

Access Point X X Access Point Name.


Name

Cell ID X X Mobile cell ID at the start of connec-


tion.
On CDMA networks, the Base Sta-
tion ID (BID) at the start of the con-
nection.

Roaming State X X X Roaming status.

Latitude X X X Latitude generated at the start of the


connection.

Longitude X X X Longitude generated at the start of the


connection.

MCC X X X Mobile Country Code of the network


on which the connection occurred.

176 Afaria
Server Configuration for Installation and Management

Data iOS Android BlackBerry Definitions


Connection
Details
MNC X X X Mobile Network Code of the network
on which the connection occurred.

Sent X X X Number of bytes transmitted.

Received X X X Number of bytes received.

Device Activity Messages by Device Type


Definitions of message details collected by each device type, for example, cell ID and Type.

Voice Call iOS Android BlackBerry Definitions


Details
Remote Party X X Remote party phone number.

Start Time X X Start time of the call event.

Message Direc- X X Outbound or inbound message.


tion

Type X X SMS or MMS.

Cell ID X X Mobile cell ID at the start of connection.


On CDMA networks, the Base Station ID
(BID) at the time the message is sent.

Roaming State X X Roaming status.

Latitude X X Latitude generated when message is initi-


ated/received.

Longitude X X Longitude generated when message is ini-


tiated or received.

MCC X X Mobile Country Code of the network on


which the message occurred.

MNC X X Mobile Network Code of the network on


which the message occurred.

Administration Reference 177


Server Configuration for Installation and Management

Configuring General Device Activity Settings


Enable and configure Afaria Device Activity data collection by configuring the Afaria
Administrator.
Do not restart the Afaria server service after configuring device activity settings unless you
want to initiate device activity data collection.

1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the General Settings tab, select Enable Activity Collection.
If you do not want to start data collection at the next service restart, unselect Enable
Activity Collection.
3. (Optional) To collect the phone numbers of remote devices, select Collect Remote Party
Phone Numbers.
4. (Optional) Select Collect Subscriber Location Information.
5. (Optional) Select Prompt Subscriber for Activity Enrollment and compose the
enrollment notification for users to view on their devices.
When device activity collection is enabled the first time, actual data collection begins after
you restart the Afaria server service and the device successfully connects to the server.

Configuring Device Activity Settings for Roaming


Configure Afaria Device Activity International Roaming settings to notify users that their
devices are in an international roaming state and additional charges may apply.
You do not need to configure device activity settings to restart the Afaria server service unless
you want to initiate device activity data collection.

1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the General Settings tab, select Enable Activity Collection.
If device activity is enabled, a notification appears on the device every time the device
enters international roaming.
3. On the Roaming Settings tab:
a) Select Enable Roaming Notification.
b) (Optional) Customize notification content.
c) (Optional) To reduce the number of notifications when close to a roaming boundary,
set the length of time a device must be in roaming status before a user receives a
notification.
d) Save changes.
e) If you do not want to begin or resume device activity data collection at the next service
restart, return to the General Settings tab and unselect Enable Activity Collection.

178 Afaria
Server Configuration for Installation and Management

Configuring Device Activity Settings for Data Views


Customize how Afaria Device Activity data appears in Data Views.
Afaria is highly customizable and allows you to model data views on the details of your
enterprise mobility plan.
1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the Data Views tab:
a) In the Accounting Period area, set the start day in the month of the current and previous
accounting periods.
b) In the Threshold area, set the threshold fields for each type of activity in the local
network while in a roaming state.
c) In the Roaming Network area, set the percentage threshold value for each type of
activity occurring in the local network while in a roaming state.
3. Save changes.
Example: Enterprise mobile plan with prepaid activities for each subscriber
each accounting period
Your enterprise mobile plan includes these prepaid activities, for each accounting period and
for each subscriber:
Local network:
1000MB for data
700 outgoing messages
Unlimited outgoing local calls
Unlimited incoming calls and messages
Roaming:
400MB for data
500 messages (both outgoing and incoming)
300 minutes for calls (both outgoing and incoming)
Set the threshold field for each activity accordingly. For example, enter 700 in the Number of
Outgoing Messages field in the Local Network area; and 0 in the Total Outgoing Calls field
in the Local Network. Incoming calls and messages in the local network are usually unlimited
prepaid activities. As a result, you do not need to set thresholds for those activities. The
Roaming Network views show the percentage of the prepaid activities for each subscriber
during the current or previous accounting period.
For example, if a subscriber has sent 350 messages while in the local network, the Msg Out %
column of the Message Threshold Summary view shows 50%.
To flag subscribers who are about to exceed the prepaid activities allowed by your enterprise
mobile plan, set the percentage value for each activity to 95%.

Administration Reference 179


Server Configuration for Installation and Management

The Exceed Threshold Summary view lists all subscribers who have exceeded 95% for any of
the prepaid activities. A subscriber who has exceeded the percentage threshold for one kind
activity but not for all others, continues to appear in the Exceed Threshold Summary view. The
Activity threshold views show the percentage of the prepaid activities that each subscriber has
carried on during either the current or previous accounting period. For example, if a subscriber
has sent 350 messages while in the local network, the Msg Out % column of the Message
Threshold Summary view shows 50%.

Enabling Device Activity Cleanup


Remove old Afaria Device Activity data from your system.

1. In the Afaria Administrator, on the Server page, select Configuration > Component >
Device Activity.
2. On the Cleanup Settings tab:
a) Select Enable Activity Cleanup.
b) (Optional) Set the number of days to keep device activity data before it is removed from
your system.
When device activity cleanup is enabled, Afaria automatically removes old device activity
data at the time of the default schedule (12:00 a.m. everyday) or at the time specified in
your custom device activity cleanup schedule.

Customizing Device Activity Cleanup Schedule


Customize the date and time at which the Afaria server deletes old Device Activity data.
The device activity cleanup schedule applies to all tenants with device activity cleanup
enabled.

1. In the Afaria Administrator, on the Server page, select Configuration > Server >
Schedule.
2. Click Edit connection rule to open the Schedule Editor.
3. Specify your schedule settings.
4. (Optional) On the Range tab, specifiy a date range for the schedule.
5. (Optional) On the Rate and Repeat tabs, set the schedule to run on a recurring basis.
6. Click Save.
When Activity Cleanup is enabled, Afaria removes old device activity data at the time and
frequency you have set in your schedule.

Latitude and Longitude Definitions


Definitions for longitude and latitude data collection values.
Latitude and Longitude columns appear in the Location view in the device activity data view.

180 Afaria
Server Configuration for Installation and Management

Value Definition
<longitude > <latitude> Last retrieved approximate longitude and latitude of the device,
based on crowd-sourced Wi-Fi hotspot and mobile cell tower lo-
cation. Level of accuracy varies by device type. For iOS and An-
droid, accuracy requested is 1km (0.62 miles).

Unknown The location of the device is temporarily unknown.

Disabled Location services are disabled on the device.

Not Collected Collection of subscriber location information is disabled on the


Device Activity General Settings tab of the Afaria Administrator.

Unsupported The device does not support location services.

Configuration for Alerts


Alerts increase the visibility of system event that may require your attention.

Acknowledging an Alert
Acknowledge an alert raised to inform others that the alert has been noticed and is being
worked on.
Acknowledging an alert does not close it; acknowledging lets others know that steps are being
taken to resolve the alert. Acknowledging the alert stops any response that was defined for the
alert, such as paging or sending e-mail to a contact.

1. On the Server > Alert page, select Raised Alert tab to view the list of alerts raised.
2. Select the alert and click Acknowledge on the top toolbar.
3. In the confirmation dialog box, click Yes, Continue to acknowledge the alert.
The state of the alert changes from Unacknowledged to Acknowledged.

Deleting an Alert
Delete an alert to remove it from the list of raised alerts when no further action is required on
the alert. You can delete either an acknowledged alert or an unacknowledged alert.

1. On the Server > Alert page, select Raised Alert tab to view the list of alerts raised.
2. Select the alert and click Delete in the top toolbar.
3. (Optional) In the Server alert > Delete raised alert dialog box, enter any comments you
have about deleting the alert.
4. Click OK.

Administration Reference 181


Server Configuration for Installation and Management

The alert is deleted from the raised alerts list. The deleted alert details are available in the
Alerts Log.

Viewing Pending Alerts


View alerts for which at least one associated event has occurred.
Alerts having mutiple associated events can cause pending alerts, when any one of the events
associated with the alert occurs.

1. On the Server > Alert page, select Pending Alert tab to view the list of alerts that are
pending.
2. (Optional) To view additional details related to a pending alert, select the alert and click
Inspect on the top toolbar.

Creating an Alert Definition


Create an alert to define the events and actions related to the alert.

Prerequisites
Before creating an alert, create alert contacts, configure alert response addresses for messages
to contacts and for sending SNMP traps to IP addresses.

Task
No alerts will appear on the Raised Alerts page until you have defined and enabled them.

1. On the Server > Alert page, select Defined Alert tab to view the list of alerts defined.
2. On the top toolbar, click New to open the Add alert dialog.
3. On the Alert properties page, define an alerts general properties, such as name and
priority, and enable the alert, if required.
4. On the Assigned events page, assign events that raise the alert by selecting one or more
events from the Available events list and click Add.
You can specify any combination of system-defined and user-defined events to trigger an
alert.
You can remove an event from the Assigned events list by selecting it in the Assigned
events list box and clicking Remove.
5. On the Alert response page, indicate how you want the server to respond when an alert is
raised.
You can select any of the following options:
To contact a person, select the contact name and specify the message to deliver to e-
mail or pager.
To send an SNMP trap to a server, select Send SNMP trap.
To run an executable file, browse and select the file.

182 Afaria
Server Configuration for Installation and Management

6. (Optional) On the Alert threshold page, specify the number of times an event or set of
events must occur during a certain time period to raise an alert.
Select Unlimited to raise the alert if the number is met, without regard to the time period.
7. (Optional) On the Alert response repeat interval page, specify how often you want the
system to repeat the response until the alert is acknowledged and the number of times to
repeat the response.
Click Unlimited to raise the alert if the number is met, without regard to a time window.
8. Click Save.

Creating a Contact for Alerts


Create a contact who is responsible for handling raised alerts.

1. On the Server > Alert page, select Defined Contact tab to view the list of contacts.
2. Click New in the top toolbar.
3. Enter the contact details such as name, pager or mobile number, and e-mail address.
4. Click Save.

Configuring an Alert Response


Configure an alert response to designate the mail server where your contacts reside or the IP
address where you can forward SNMP traps.
You can configure alert responses from any of the following pages: Defined Alert, Defined
Event, or Defined Contact.

1. On the Server > Alert page, select Defined Alert, Defined Event, or Defined Contact
tab.
2. Click Configure alert response on the top toolbar.
3. In the Server Alert > Configure alert response dialog box, specify a host name for the mail
server, or enter an IP address for forwarding SNMP traps.
4. Click OK.

Viewing Defined Events


View the system-defined and user-defined events on the system.
Defined Events page displays the event details such as event name, description, and the
component associated with the event. A component indicates a general category for grouping
events based on a functional area of the product.

1. On the Server > Alert page, select Defined Event tab to view the list of alerts.
2. (Optional) To view the alert associated with an event, select the event and click Inspect
assigned alert on the top toolbar.

Administration Reference 183


Server Configuration for Installation and Management

Creating a New Event for Configuring an Alert


Create custom events to trigger alerts in the system.
You can define events that work alone or together with other system-defined events to trigger
an alert on your system. Any event you define on your server appears as User-defined.

1. On the Server > Alert page, select Defined Events tab to view the list of alerts defined.
2. Click New in the top toolbar.
3. Enter the event details such as a unique event name and description.
The component field displays the default value User-Defined. You cannot edit this
value.
4. Click Save.

Configuration for Session Policies


For session policies, Afaria Administrator lets you define system-wide parameters, such as
bandwidth throttling, file compression, file differencing, failed session cleanup, and session
authentication.
If you change any values, you must stop and restart the Afaria server for the changes to take
effect.

Configuring Bandwidth Throttling


Configure bandwidth throttling to increase or decrease the communications rate allowing
device users to run other network applications more effectively when they communicate with
the Afaria server.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Communication > Bandwidth Throttling.
3. Select Enable bandwidth throttling and its associated settings to enable bandwidth
throttling on the server.
Enable calibration select to modify configuration parameters without having to stop
and restart the server service in order for changes to take effect. Enabling calibration
also causes the server to log bandwidth throttling information to the Messages log at
the end of a session.
Enable event logging select to enable bandwidth throttling events to associate with
alert definitions.
In a server farm, enable throttling on all servers.
4. Select a configuration using the drop-down menu in Configurations or create a new
configuration by clicking New.

184 Afaria
Server Configuration for Installation and Management

Using a bandwidth configuration set at 14.6 Kbps, in conjunction with 10-minute or


greater channel delivery segmentation criteria, may result in dropped connections.
5. In Client throughput, specify the minimum and maximum throughput rate by entering
numerical values in the fields.
6. In Throttle down, specify percentages and times by entering numerical values in the
Threshold, Wait time, and Percent fields.
Warning! If you enter a value of 0 (zero) in the Percent field, bandwidth throttling never
occurs.
7. Click Save.

Configuring for File Compression


Compress session channel files to reduce connection times for sessions that include file
transfers.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Communicaton > Compression.
3. Configure and manage the compression cache.
Size specify the percentage of disk space allocated.
Remove files from compression cache if the source file is not found during a
compression refresh select to delete files from the list of files that Afaria attempts to
cache when Afaria cannot find the file during a refresh action.
It is recommended that you store your cached files locally when using this option in
order to prevent occurrences of network access outages from unintentionally causing
Afaria to delete files that you would prefer to keep.
Show select to view the list of files or add files to the compression cache.
Refresh select to reload the files in the list.
4. Click Save.

Configuring File Differencing


Use file differencing to maintain different versions of files that you frequently send to Afaria
devices, which reduces connection times for sessions that include the stored files.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Communication > Differencing.
3. Configure and manage the differencing cache.
Size specify the percentage of disk space allocated.
Remove files from differencing cache if the source file was not found during a
differencing refresh select to delete files from the list of files that Afaria attempts to
cache when Afaria cannot find the file during a refresh action.

Administration Reference 185


Server Configuration for Installation and Management

It is recommended that you store your cached files locally when using this option in
order to prevent occurrences of network access outages from unintentionally causing
Afaria to delete files that you would prefer to keep.
Show select to view the list of files or add files to the differencing cache.
Refresh select to reload the files in the list.
4. Click Save.

Configuring Failed Session Cleanup


Configure the automatic cleanup to recover sessions that were interrupted, or force a channel
to restart from the beginning by configuring the manual cleanup.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Failed Session Cleanup.
3. Set the Automatic Cleanup by entering a numeric value and choosing the unit of time from
the drop-down menu.
4. If a channel continues to fail, use the Manual Cleanup by clicking Show List.
a) Select a channel and click Delete.
b) Click Save.
The channel restarts during the next session.
5. Click Save.

Configuring Authentication and Assignments for Sessions


For running session channels with user authentication andd group validation security,
configure user authentication and user group assignment timeouts.
On the Server > Configuration > Security page, the Device Approval and Domain areas are
used for other tasks.
A typical timeout value for both authentication and assignments is 30 days.

1. On the Server page, on the left toolbar, click Configuration.


2. Select Server > Security.
3. In the Authentication area, select Enable authentication to enable authentication for
session channels.
4. To specify the amount of time an authentication cookie is valid, set the Authentication
Timeout and Auto renew period.
5. In the Assignment area, specify the amount of time the user group assignments cookie
remains valid, by setting the Assignment Timeout.
6. Click Save.

186 Afaria
Server Configuration for Installation and Management

Configuring User Defined Field


Define or remove user defined fields in your Afaria database.

1. On the Server page, on the left toolbar, click Configuration > Server > User Defined
Field.
2. Click Add column.
3. Enter the column name and select the type:
Integer
Float a floating point decimal)
Date/Time
Varchar a variable length string
4. Click OK.
5. To delete a user defined field, select one and click Delect selected column.
6. Click Yes, Continue.

Administration Reference 187


Server Configuration for Installation and Management

188 Afaria
Session Channel Reference

Session Channel Reference


Session channels are selected in session policies and let you to perform a variety of scripted
tasks on your non-iOS Afaria devices.
Create session channels using the Afaria Channel Administrator, then select them in session
policies. In addition to sending and retrieving files, you can perform system tasks such as disk
maintenance, registry updates, and script execution. You can also utilize control flow logic to
condition task execution.
Device types supported are:
Windows Mobile Professional
Windows Mobile Standard
BlackBerry
Windows
Android

Afaria Channel Administrator


From the Afaria server desktop, click Start > Programs > Afaria > Afaria Channel
Administrator to create and publish session channels for selection in session policies.

Create or Edit a Session Manager Channel


Create or edit session channels to provide custom, systems-management channels that send
and receive data, execute programs, and more, during a session between the device and a
server.
Create a channel on the toolbar click File > New Channel > Session Manager Channel
to launch the channel wizard. The wizard guides you through the channel creation process,
and then opens the channel editor.
Edit a channel in the left pane, right-click a channel and click Edit to open the channel
editor
To deploy a channel to devices, publish it, add it to a session policy, and link the policy to a
group.

Administration Reference 189


Session Channel Reference

Session Manager Channel Editor


The Session Manager Channel Editor opens when you create or edit a Session Manager
channel. The editor uses a tri-pane window view that includes a channel tree, a results page,
and a toolbar to allow you to create or edit a channel.

Assignments View Default View


Assignments view is the default view when you create or edit a Session Manager channel. It
displays any worklist and sendlist objects associated with the selected channel. Select any
channel in the channel tree to open the Channels view. The channel you are creating or editing
is in edit mode, while any channel listed in the Other channels folder is in read-only mode.
The assignments view contains worklist and sendlist objects associated with the selected
channel.
Worklist perform file and directory management, notifications, and system registry
management tasks.
Sendlist worklists that are optimized for file transfer. Much of the session processing
happens before the connection occurs, so using a sendlist can result in shorter connection
times. Sendlists are very limited in the events that are available however, and should only
be used when you only want to send files to a client.

190 Afaria
Session Channel Reference

Filter the View


Assignments view allows you to the view to include all worklist and sendlist objects, sendlists
only, or worklists only. Filter the view by selecting a filter from the View drop-down list.

Channels View
Channels view displays all defined Session Manager channels. Select the Session Manager
Channels item in the left pane of the editor to open the Channels view. The results pane lists all
the Session Manager channels.

Events View
Worklists and sendlists contain events. When you select a worklist or sendlist in the left pane
of the editor, Events view displays in the right pane, with the adjacent event list. This view lists
all of the events contained in the selected object. Objects that do not contain any events appear
blank, as depicted in the graphic below. Events listed define the task order and details
associated with that object.
The event list displays all Session Manager events. For worklists, all events in the event list are
valid selections and display in full color. For sendlists, only events that are valid for sendlists
display in full color and are available for use.

Create a New Worklist or Sendlist for a Channel


After you create the session channel, youll define instructions to execute during a connection
with a client or as part of a session. These instructions are called worklist or sendlist objects.
Worklist perform file and directory management, notifications, and system registry
management tasks.

Administration Reference 191


Session Channel Reference

Sendlist worklists that are optimized for file transfer. Much of the session processing
happens before the connection occurs, so using a sendlist can result in shorter connection
times. Sendlists are very limited in the events that are available however, and should only
be used when you only want to send files to a client.

Note: The worklists and sendlists that you create and edit are objects that are independent
from the session channel to which theyre assigned, and therefore can be assigned to multiple
channels for multiple client types. As independent objects, any change that you make to an
object in one channel affects all other channels that include the same object assignment.
To add an object to a channel, click the New worklist or New sendlist button on the button bar.
Their respective dialog boxes appear.
Enter the objects name and then click OK. The new object appears as a channel member in the
left pane of the editor. A worklist object displays to the left of its name, while displays to the
left of a sendlist object.
Any new worklist or sendlist object that you create is automatically assigned to the channel
selected in the left pane of the editor. In addition, the new object is added to a master list of
existing worklists and sendlists in the Select objects dialog box.
Existing worklists and sendlists can also be copied to create new worklists and sendlists. Save
the duplicate with a new name, then modify its content using the Events view.

Assign a Worklist or Sendlist to your Channel


When you create a new worklist or sendlist, Session Manager automatically assigns it to your
channel, but you can also assign any other Session Manager worklist and sendlist to your
channel.
To assign an object from another channel to your channel, open the assignments view for your
channel and click the Assign link to open the Select objects dialog box.
The Select objects dialog box displays all existing worklist and sendlist objects (up to a
maximum of 5000) that are not currently assigned to your channel. You can assign any of these
objects to your channel.
The View drop-down allows you to control the objects that display in the list. Display items
from which you can choose include all worklist and sendlist objects, sendlists only, or
worklists only.
To include a worklist or sendlist object in a channel, click the object name and then click OK,
or double-click the object. To assign all objects at once, click the All objects link and then click
OK. To assign multiple objects simultaneously, click the first object, press and hold Ctrl or
Shift and then select the additional objects. The Select objects dialog box closes and the
objects are added to Assignments for object view.
To clear a selected object, click anywhere on the dialog box.

192 Afaria
Session Channel Reference

Unassign Objects from your Channel


To unassign an object from your channel, select it in the assignments view and then click the
Unassign link. Session Manager removes it from the view and returns it to the Select objects
dialog box where it remains available for future assignments.

Add Events to a Worklist or Sendlist


Worklist and sendlist objects use events to perform actions during communication between
the server and client. Afaria executes valid events and creates corresponding log entries.
Invalid events are ignored and not captured in resulting logs.
There are several types of events. Some are valid for worklist objects only, while others are
valid for both worklist and sendlist objects.
All events are categorized by the following function types:
File/disk operations events perform file-level data exchange, administration, and
information gathering on the server and client.
Variable events manipulate placeholders whose contents you control and perform
system registry tasks. You can use the predefined Session Manager variables or create your
own user-defined variables. User-defined variables can be used in all worklists and
sendlists contained within an individual channel.
Session control events govern how Session Manager structures and progresses through
an objects list of events. These events include conditional statements and events that stop
the worklist or sendlist, session, and connection.
Miscellaneous events display save file and message dialog boxes, execute programs,
send commands to other computers, and run events in an external file.
To add an event to a worklist or sendlist, select the object in the left pane of the editor. Any
event associated with that object displays in Events view. In the right pane, locate and then
double-click the event to add and open the details dialog box for you to specify instructions for
the event. The fields and options in the dialog box vary depending upon the event selected. You
can also use Copy and Paste commands to copy events from one object to another.
Note: The worklists and sendlists that you create and edit are objects that are independent
from the channel to which theyre assigned, and therefore can be assigned to multiple channels
for multiple client types. As independent objects, any change that you make to an object in one
channel affects all other channels that include the same object assignment.

Note: Afaria does not validate events that you add to an object by using a Paste command.
Adding invalid events to a sendlist object may have unpredictable results.
When the event is completely defined, click OK to close the Event details dialog box. The new
event appears in the specified location in Events view. Using visual cues on events
Session Manager Channel Editor includes visual cues that you can use to flag or color events.

Administration Reference 193


Session Channel Reference

Display or Hide Event Flags


Flags are used to indicate that a special behavior is associated with an event. You can choose to
display or hide event flags in Events view.
To display or hide event flags, open the events context menu and choose Show flags. The
event shifts to the right and any flag appears to the left of the event.

Set Event Colors


Session Manager allows you to define custom colors for different event types so that you can
quickly determine the types of events in a worklist or sendlist.
To set event colors, open the events context menu and choose Set colors. The Set colors
dialog box appears. Click the Category drop-down arrow and select the type of category to
which you want to assign a color; choices include: Client events, Comments, Control events,
Get File from Client, Send File to Client, and server events. Click New color to access the
standard Windows Color palette through which you select a predefined color or define a
custom color to assign to the selected event type. When you click OK your color selection
displays in the Sample box. Click OK to return to Events view. All events of the specified type
display in the selected color.

Define Event Properties


Almost every event that you add to a worklist or sendlist opens its respective Event details
dialog box. Use the fields and available options to set event parameters. Fields and options
vary depending upon the event you add.
The following areas are common to most Event details dialog boxes:
General event definition basic event statement that may use directory and file names,
variables, and wildcards.
File comparison and transfer options parameters for file handling.
Options parameters for additional file handling, conditional operation, and execution
requirements.
Execute indicates whether the target for the event is the Afaria Server or the Afaria
Client.
Status indicates whether the event is executed or ignored. You may want to disable events
until you have them completely defined.

Note: Simple events, like the IF event, will not open the Event details dialog box; however,
once the event is added to your worklist or sendlist, you can access the dialog box by double-
clicking the event in Events view.

194 Afaria
Session Channel Reference

Using Directory and File Names in Events


Many Session Manager events use path or file names as properties. However, filing systems
and naming conventions vary on the clients, based upon operating system design of the client
type. The sample text provided for most events represent DOS conventions.
Consider the following additional items when you use events that require directory or file
names:
Default paths events that require a drive or path for a file name use the following default
values:
Server the predefined variable <ServerInstallDir> is the default installation
path for Afaria Server, C:\Program Files\Afaria.
Client the predefined variable <ClientInstallDir> is the default directory for
Afaria Client, C:\Program Files\AClient.
UNC clients or servers on platforms using operating systems that support using Uniform
Naming Conventions (UNC) paths may do so for directory and file names. Source files on
a drive other than the local computer (server) must include UNC paths.

Note: Refer to your client types operating system reference documentation to gain
understanding about its file and storage conventions.

Using Variables in Events


Variables in events are placeholders for different event parameters. Session Manager replaces
the variable placeholders with the appropriate information when the event executes. Variables
are always enclosed in <> characters and arent case sensitive. In other words, <time> is the
same as <Time>.
To add a variable to an event specific field, place your cursor in the appropriate filed and the
click the Show variables link on the Event details dialog box. In the Session variables box,
double-clicking the variable adds it to the event, but you can also enter the variable in the
appropriate fields.
The following table presents the four types of variables, as well as their respective format,
description, and example.
Note: When running an individual channel or a channel set in an Afaria session, if you create
more than 256 variables in that session you will see the following error message:

Note: Not enough storage is available to process this command

Note: You may find it helpful to break up channels that create several variables into separate
sessions.

Administration Reference 195


Session Channel Reference

Event Variable Types


Type Format Example Description
Predefined varia- <variable> <time> Variables that are defined by Ses-
bles sion Manager and display in the
Session variables box.
User-defined ses- <%variable> <%MyVar> Variables created using the Set
sion variables Variable event. These are availa-
ble to every worklist or sendlist in
the channel in which they were
created, but not across sessions.
Environment vari- <$variable> <$TMP> Variables that are system-defined
ables values defined on the Environ-
ment property page in Control
Panel.
Variable modifi- <!modifier< variable <!Drive<%My- Modifiers that extract informa-
ers >> Var>> tion from variables and parse a
path.

Using Wildcards in Events


Wildcards are reserved characters that perform a task on multiple files with similar names or
extensions. Instead of individually selecting many files and directories, a wildcard can
reference these files or directories as a group. Afaria wildcards have the same behavior as
those in the DOS and Windows operating systems.
The question mark (?) and asterisk (*) are two reserved characters used as wildcards for
directory and file names.
Use the question mark to represent a single character that a group of files or directories has
in common.
The asterisk represents one or more characters that files or directories have in common.

Event File Comparison and Transfer Properties


The File comparison and transfer options and Options group boxes in the Event details dialog
box let you define the circumstances under which events execute.
Not all options are valid for all events. Valid options appear in solid or black text; inactive
options appear dimmed. The following table lists most options and descriptions that appear on
the Event details dialog box.

196 Afaria
Session Channel Reference

Event File Comparison and Transfer Properties


Property Description
Check: If destination does Checks to determine if the target destination exists
not exist
Check: If source is newer Checks a file to determine if the source file date stamp is newer than
the destination file date stamp
Check: If source is different Checks a file to determine if the source file date stamp is different than
the destination file date stamp
Transfer: Always Transfers a file regardless of source and destination date stamp
Transfer: If destination does Transfers a file even if the target destination does not exist
not exist
Transfer: If source is newer Transfers a file if the source file date stamp is newer than the desti-
nation file date stamp
Transfer: If source is differ- Transfers a file if the source file date stamp is different than the des-
ent tination file date stamp
Use version information Instructs the server to use file version differences to transfer files
Check/Send Used with the Send File to Client event, compares a file at the client to
a file on the server and then sends the file to the target
(This option is used when you want to send the file to the staging area
on the client, but also check the file in another location.)
Use safe transfer Creates a destination file only when the file has been successfully
transferred
(This option instructs the server to use a temporary file until the file
transfer completes, and once complete, the server renames the tem-
porary file to the destination file name. In unsuccessful transfers the
temporary file remains hidden so that the transfer can continue if a
retry is executed. Safe transfer ensures that no file corruption occurs
because of an incomplete file transfer.)
Turn compression off Instructs the server to not compress files during transfer to the client.
Compression is not supported for BlackBerry clients.

Administration Reference 197


Session Channel Reference

Event File Comparison and Transfer Properties


Property Description
Use file differencing Instructs the server on how to use the differencing cache for sending
files to the client.
If a delta for a file exists in the Afaria Server's differencing cache for
the file specified in the SENDFILE event, the file is sent from the
differencing cache regardless of the use file differencing attribute
setting.
Use file differencing, enabled Enabling this attribute will cause new
file differencing deltas to be created and added to the differencing
cache as part of the SENDFILE event execution.
Use file differencing, disabled Disabling this attribute does not cre-
ate and add new file differencing deltas to the differencing cache as
part of the SENDFILE event execution. Any existing file differencing
delta files in the file differencing cache are used by the SENDFILE
event.
See Afaria Reference Manual | Platform > Server Configuration >
Properties > Differencing.
Apply to directory only Used with the Set File Attributes event to modifies directory attributes
instead of file attributes

Event Options Properties


The File comparison and transfer options and Options group boxes in the Event details dialog
box let you define the circumstances under which events execute.
Not all options are valid for all events. Valid options appear in solid or black text; inactive
options appear dimmed. The following table lists most options and descriptions that appear on
the Event details dialog box.
Options Description
Delete after [-] Deletes the source file after the file has been transferred
Make target path Establishes a target path for the event and creates directories when nec-
essary
Ignore hidden files Instructs the server to ignore hidden files
Include subdirectories/ Includes subdirectories/registry key with the event
subkeys
Conditional True (&) Executes the event only if the previously executed event was successful
Conditional False (|) Executes the event only if the previous event failed or was a no execute
Execution: Normal Executes the event without special instructions

198 Afaria
Session Channel Reference

Options Description
Execution: Not required Indicates that this event does not have to execute successfully for the
for successful session [x] server to log the session as successful
Execution: Channel criti- Terminates the Session Manager channel if this event fails
cal event [+]
Execution: Session criti- Ends the session if this event fails
cal event [*]

Note: The condition status thats returned is based on the last event that executes. If an event is
skipped, then no status is returned. A failure is an event that executes but does not finish
successfully. Events that do not execute because of conditional options arent considered
failures and do not terminate the session.

Import or Export Events


Session Manager allows you to import events that have been saved to a file into an existing
worklist or sendlist, as well as export an event from a worklist of sendlist to a file in another
location.

Import an Event
Select the object into which you want to import an event, then click Import events on the button
bar.
The Open dialog box appears. (You can also right-click the event and choose Import events on
the shortcut menu.) Navigate to the directory that contains the file that you want to import; the
file will have an .evf extension. Select the file and then click Open. Session Manager adds the
events from the imported file to the list of events in Events view.
Note: Afaria does not validate events that you import into an object. Adding invalid events to a
sendlist object may have unpredictable results.

Export an Event
To export an event from a worklist or sendlist to a file in another location, select the object that
contains the event you want to export to file. In Events view, select the event to export then
click Export events. The Save As dialog box appears. (You can also right-click the event and
choose Export events on the shortcut menu.) Navigate to the directory in which you want to
export the selected event. In the File Name field, enter the name for the file and then click Save.
Session Manager exports the file to the specified directory. You can choose to import this file
to the same worklist or sendlist or another worklist or sendlist at a future time.

Optimize Channel Sessions


Although your channels sessions may be functional, you may want to fine-tune them to
increase resource efficiency and decrease session completion time. You may find that the

Administration Reference 199


Session Channel Reference

following methods optimize your channels worklist and sendlist performance, and reduce
connection time between the server and client.
Use the following strategies to optimize your channels:
Use pre-processing tasks when possible
Streamline remaining tasks
Create worklist efficiencies

Pre-Processing Tasks
The single most important step that you can take to ensure that Session Manager processes
events quickly and efficiently is to preprocess as much data as possible.
Preprocessing means that any task that can be performed on the client by the client should be
completed before a session begins. Preprocessing should be used any time an event can be
eliminated in this manner.

Streamline Remaining Tasks


The second class of session optimization is through optimization of the events that cannot be
preprocessed.
Use sendlists when possible. The best way to optimize events is to use sendlists whenever
possible. The client checks an entire sendlist at one time. A worklist that includes a Send
File to Client event typically has other events before or after the event, which forces
Session Manager to perform multiple checks.
Wildcards increase efficiency. Another way to ensure that processing occurs once, instead
of many times, is through the use of wildcards. While an event with wildcards is expanded
into several events at runtime, its still faster than explicitly naming each file. With a
wildcard, file status of the affected files can be checked at once in a manner similar to that
for sendlists.
File Status. Dont use the File Status event to check a file thats being transferred. Instead,
use File Status to check for the existence of a flagged file.
Conditional checks. Use the Set Variable event to avoid multiple File Status events and
other conditional checks at the client. The first time a condition is checked, create a
variable using the Set Variable event and reference that variable in subsequent worklists
and sendlists. The Set Variable event does not send a command to the client and it can be
used throughout the entire session.

Create Worklist Efficiencies


An efficient worklist has as few events as possible. In general, a worklist that has fewer events
runs faster than a worklist that has more. Smaller worklists also use less memory and disk
space.
Comments. Each Comment event can include up to 251 characters, which may be several
lines of text. Instead of creating five one-line Comment events, its much more efficient to
create one Comment event that contains five lines of text.

200 Afaria
Session Channel Reference

Conditional attributes with event. Worklist events provide a Conditional True (&) and
Conditional False ( | ) attribute. When enabled, the event executes based on the result of the
last event, for example, an If true statement (containing a single event) can be replaced by
the use of the Conditional true attribute, reducing the number of events required to
complete the tasks.
Delete after (-). Worklist events also provide a Delete after (-) attribute, which deletes the
source file on the server or client after the file has been processed, for example, instead of
using two events to get and delete a file at the client, you can accomplish the same task by
using the Delete after (-) attribute.

Session Manager Events


Use events to perform actions during communication between the server and the device.
Afaria includes the following event types:
File/disk operations file-level data exchange, administration, and information gathering
on the server and client.
Variable use manipulate placeholders for content you control and perform system
registry tasks. You can use the predefined Session Manager variables or create your own
user-defined variables All worklists and sendlists contained within an individual channel
can use user-defined variables.
Session control govern how Session Manager structures and progresses through an
object's list of events. Includes conditional statements and events that stop the worklist or
sendlist, session, and connection.
Miscellaneous actions such as using a message dialog box, inserting events from other
work objects, and executing programs.

Note: Not all events are viable for all types of devices even though the Session Manager
Channel Editor allows you to add any event to any worklist.

Note: All Afaria session event parameters are subject to a 256-character maximum length
requirement.

Windows Clients and Afaria Events


Afaria Windows devices are supported for many of the Afaria features. As is the nature of
device management in general, and Afaria components in particular, successful operations
depend in part on your understanding of how the Windows device is designed to operate in the
Afaria environment.
See topic Windows OS Variations and Afaria Operations.

Administration Reference 201


Session Channel Reference

Session Event Summary


Events run on the server or a device. Some events may not support all device types.
The summary tables compare each Afaria event and its attributes to the Afaria server and each
of the Afaria session devices to indicate whether the event is supported.
Key:
Server Afaria server
WIN Windows
BB BlackBerry
WM Std Windows Mobile Standard
WM Pro Windows Mobile Professional
Android Android

File/Disk Operations Events Summary


Session manager events let you build worklists and sendlists.
Events Server WIN BB WM Std WM Pro An-
droid
Append File Yes Yes No Yes Yes Yes
Delete after (-) Yes Yes - Yes Yes Yes
Make target path Yes Yes - Yes Yes Yes
Include subdirectories Yes Yes - Yes Yes Yes
Conditional Yes Yes - Yes Yes Yes
Execution: Normal Yes Yes - Yes Yes Yes
Execution: Not required for Yes Yes - Yes Yes Yes
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes Yes
event [+]
Execution: Session critical Yes Yes - Yes Yes Yes
event [*]
Check File Yes Yes Yes Yes Yes No
Check: If destination does not Yes Yes Yes Yes Yes No
exist
Check: If source is newer Yes Yes Yes Yes Yes No

202 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Check: If source is different Yes Yes Yes Yes Yes No
Use version information Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
Check Volume Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Copy File Yes Yes Yes Yes Yes No
Make target path Yes Yes No Yes Yes No
Ignore hidden files Yes Yes No Yes Yes No
Include subdirectories Yes Yes No Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]

Administration Reference 203


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Delete File Yes Yes Yes Yes Yes Yes
Ignore hidden files Yes Yes No Yes Yes Yes
Include subdirectories Yes Yes No Yes Yes Yes
Conditional Yes Yes Yes Yes Yes Yes
Execution: Normal Yes Yes Yes Yes Yes Yes
Execution: Not required for Yes Yes Yes Yes Yes Yes
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes Yes
event [+]
Execution: Session critical Yes Yes Yes Yes Yes Yes
event [*]
Directory Listing Yes Yes Yes Yes Yes No
Make target path Yes Yes Yes Yes Yes No
Ignore hidden files Yes Yes No Yes Yes No
Include subdirectories Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
File Status Yes Yes Yes Yes Yes Yes
Ignore hidden files Yes Yes No Yes Yes Yes
Conditional Yes Yes Yes Yes Yes Yes
Execution: Normal Yes Yes Yes Yes Yes Yes
Execution: Not required for Yes Yes Yes Yes Yes Yes
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes Yes
event [+]

204 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Session critical Yes Yes Yes Yes Yes Yes
event [*]
Find File Yes Yes No Yes Yes No
Ignore hidden files Yes Yes - Yes Yes No
Include subdirectories Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Get File from Client Yes Yes Yes Yes Yes Yes
Transfer: Always Yes Yes Yes Yes Yes Yes
Transfer: If destination does Yes Yes Yes Yes Yes Yes
not exist
Transfer: If source is newer Yes Yes Yes Yes Yes Yes
Transfer: If source is different Yes Yes Yes Yes Yes Yes
Use version information Yes Yes Yes No No No
Use safe transfer Yes Yes Yes Yes Yes Yes
Turn compression off Yes Yes No Yes Yes Yes
Use file differencing Yes Yes Yes Yes Yes Yes
Delete after [-] Yes Yes Yes Yes Yes Yes
Make target path Yes Yes Yes Yes Yes Yes
Ignore hidden files Yes Yes Yes Yes Yes Yes
Conditional Yes Yes Yes Yes Yes Yes
Execution: Normal Yes Yes Yes Yes Yes Yes
Execution: Not required for Yes Yes Yes Yes Yes Yes
successful session [x]

Administration Reference 205


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Channel critical Yes Yes Yes Yes Yes Yes
event [+]
Execution: Session critical Yes Yes Yes Yes Yes Yes
event [*]
Make Directory Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
Remove Directory Yes Yes Yes Yes Yes No
Include subdirectories Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
Rename File Yes Yes No Yes Yes Yes
Make target path Yes Yes - Yes Yes Yes
Ignore hidden files Yes Yes - Yes Yes Yes
Include subdirectories Yes Yes - Yes Yes Yes
Conditional Yes Yes - Yes Yes Yes
Execution: Normal Yes Yes - Yes Yes Yes
Execution: Not required for Yes Yes - Yes Yes Yes
successful session [x]

206 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Channel critical Yes Yes - Yes Yes Yes
event [+]
Execution: Session critical Yes Yes - Yes Yes Yes
event [*]
Send File to Client Yes Yes Yes Yes Yes Yes
Transfer: Always Yes Yes Yes Yes Yes Yes
Transfer: If destination does Yes Yes Yes Yes Yes Yes
not exist
Transfer: If source is newer Yes Yes Yes Yes Yes Yes
Transfer: If source is different Yes Yes Yes Yes Yes Yes
Use version information Yes Yes Yes No No No
Check/Send Yes Yes Yes Yes Yes Yes
Use safe transfer Yes Yes Yes Yes Yes Yes
Turn compression off Yes Yes No Yes Yes Yes
Use file differencing Yes Yes Yes Yes Yes Yes
Delete after [-] Yes Yes Yes Yes Yes Yes
Make target path Yes Yes No Yes Yes Yes
Ignore hidden files Yes Yes No Yes Yes Yes
Include subdirectories Yes Yes No Yes Yes Yes
Conditional Yes Yes Yes Yes Yes Yes
Execution: Normal Yes Yes Yes Yes Yes Yes
Execution: Not required for Yes Yes Yes Yes Yes Yes
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes Yes
event [+]
Execution: Session critical Yes Yes Yes Yes Yes Yes
event [*]
Set Client Time No Yes No No No No
Conditional - Yes - - - No
Execution: Normal - Yes - - - No

Administration Reference 207


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Not required for - Yes - - - No
successful session [x]
Execution: Channel critical - Yes - - - No
event [+]
Execution: Session critical - Yes - - - No
event [*]
Set File Attributes Yes Yes No Yes Yes No
Read Only Yes Yes - Yes Yes No
System Yes Yes - Yes Yes No
Hidden Yes Yes - Yes Yes No
Archive Yes Yes - Yes Yes No
Normal Yes Yes - Yes Yes No
Apply to directory only Yes Yes - No No No
Ignore hidden files Yes Yes - Yes Yes No
Include subdirectories Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Wait for File to Exist Yes Yes Yes Yes Yes No
Delete after (-) Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]

208 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]

Variable Events Summary


Session manager events let you build worklists and sendlists.
Events Server WIN BB WM Std WM Pro An-
droid
Create Registry Key Yes Yes No Yes Yes No
Make target path Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Delete Registry Key Yes Yes No Yes Yes No
Include subkeys Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Delete Registry Value Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]

Administration Reference 209


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Delete Variable File Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Get Database Field Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Get Registry Value Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Get Script Variable Yes Yes No Yes Yes No

210 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Increment Variable Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Read Variable File Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Release Script Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]

Administration Reference 211


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Run Script Function Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Search Registry Yes Yes No Yes Yes No
Include subkeys Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Set Database Field Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]

212 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Set Registry Value Yes Yes No Yes Yes No
Make target path Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Set Script Variable Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Set Variable Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Test Variable Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No

Administration Reference 213


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Update Variable File Yes Yes No Yes Yes No
Make target path Yes Yes - Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]

Session Control Events Summary


Session manager events let you build worklists and sendlists.
Events Server WIN BB WM Std WM Pro An-
droid
Comment Yes Yes Yes Yes Yes No
Disconnect Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Else Yes Yes Yes Yes Yes No

214 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
End If Yes Yes Yes Yes Yes No
End Quota Yes Yes Yes Yes Yes No
End Repeat Yes Yes Yes Yes Yes No
End Session Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
End Work Object Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
If Yes Yes Yes Yes Yes No
Quota Yes Yes Yes Yes Yes No
Repeat Yes Yes Yes Yes Yes No

Miscellaneous Events Summary


Session manager events let you build worklists and sendlists.
Events Server WIN BB WM Std WM Pro An-
droid
Append Channel Yes No No No No No
Delete after (-) No - - - - No

Administration Reference 215


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Make target path No - - - - No
Include subdirectories No - - - - No
Conditional No - - - - No
Execution: Normal Yes - - - - No
Execution: Not required for Yes - - - - No
successful session [x]
Execution: Channel critical Yes - - - - No
event [+]
Execution: Session critical Yes - - - - No
event [*]
Check Memory No Yes Yes Yes Yes No
Conditional - Yes Yes Yes Yes No
Execution: Normal - Yes Yes Yes Yes No
Execution: Not required for - Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical - Yes Yes Yes Yes No
event [+]
Execution: Session critical - Yes Yes Yes Yes No
event [*]
Check Speed Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
End Impersonation No Yes No No No No
Execute Program Yes Yes Yes Yes Yes No
Queued Yes No No No No No

216 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Do not wait Yes Yes Yes Yes Yes No
Wait until completed Yes Yes Yes Yes Yes No
Wait for < > mm:ss Yes Yes Yes Yes Yes No
Conditional Yes Yes Yes Yes Yes No
Execution: Normal Yes Yes Yes Yes Yes No
Execution: Not required for Yes Yes Yes Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes No
event [+]
Execution: Session critical Yes Yes Yes Yes Yes No
event [*]
Impersonate User No Yes No No No No
Conditional - Yes - - - No
Execution: Normal - Yes - - - No
Execution: Not required for - Yes - - - No
successful session [x]
Execution: Channel critical - Yes - - - No
event [+]
Execution: Session critical - Yes - - - No
event [*]
Insert Channel Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Insert Worklist Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No

Administration Reference 217


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Load Script Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Message Yes Yes Yes Yes Yes Yes
Conditional Yes Yes Yes Yes Yes Yes
Execution: Normal Yes Yes Yes Yes Yes Yes
Execution: Not required for Yes Yes Yes Yes Yes Yes
successful session [x]
Execution: Channel critical Yes Yes Yes Yes Yes Yes
event [+]
Execution: Session critical Yes Yes Yes Yes Yes Yes
event [*]
Notify Program Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]

218 Afaria
Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Raise Event Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Reboot Client No Yes No Yes Yes No
Conditional - Yes - Yes Yes No
Execution: Normal - Yes - Yes Yes No
Execution: Not required for - Yes - Yes Yes No
successful session [x]
Execution: Channel critical - Yes - Yes Yes No
event [+]
Execution: Session critical - Yes - Yes Yes No
event [*]
Set Bandwidth Throttling Con- Yes Yes No Yes Yes No
fig
Conditional Yes Yes - Yes Yes No
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]
Test Group Membership Yes Yes No Yes Yes No
Conditional Yes Yes - Yes Yes No

Administration Reference 219


Session Channel Reference

Events Server WIN BB WM Std WM Pro An-


droid
Execution: Normal Yes Yes - Yes Yes No
Execution: Not required for Yes Yes - Yes Yes No
successful session [x]
Execution: Channel critical Yes Yes - Yes Yes No
event [+]
Execution: Session critical Yes Yes - Yes Yes No
event [*]

Session Manager Event Detail


Afaria events including their syntax and supported options.

Append Channel Event


The Append Channel event appends a channel or channel set to the end of a clients channel
queue.
The channel runs during the current session if the session does not have cause to terminate
before execution. If the session terminates before executing the channel, the channel remains
in the queue for future execution.
Item Description
Event Specific Fields Channel or variable name Channel or channel set name, or variable
for the channel or set name to append.

Syntax [Param 1] Channel or variable name. Example:Inventory\MyInvChan-


nel or <%VarName>

Options Execution: Normal


Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks A channels name, in this context, is evaluated as its folder path plus the
channel name. For example, a channel named Hardware stored in
nested folders Inventory\Windows is evaluated as Inventory\Win-
dows\Hardware.

Returned Value N/A

220 Afaria
Session Channel Reference

Append File Event


The Append File event appends the contents of one or more files to the end of another file.
Item Description
Event Specific Fields Source file name or wildcard. The path name, file name, or wildcard
parameter for one or more files to be appended to the destination file.
Click the Browse link to choose a server file, or enter the path name and
file name in this field.
Target file name. Specifies the name of the file to which the source file
is being added. Click the Browse link to choose a file, or enter the path
and file name in this field.
Syntax [Param 1] Source file name. Example: C:\Docs\*.*
[Param 2] Target file name. Example: C:\DailyDocs\Daily.txt
Options Delete after (-)
Make target path
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Administration Reference 221


Session Channel Reference

Item Description
Remarks The Append event requires two parameters, source and destination file
names.
The event copies the entire contents of the source file to the end of the
destination file. The destination file may or may not exist. The event
fails if the source and destination are the same.
For Windows clients and the server, the Append event allows both:
- Append test.txt TO *.*
- Append *.* TO test.txt
Supports the Make target path option, which establishes a target path
for the event and creates directories when necessary.
The Append event adds disk I/O time, which is needed to process the
command at the client. You may be able to save several minutes per
session by letting the application do most of the heavy work and having
all the data at the client ready before the session runs.
When using wildcards, the include subdirectories option is used for
the first parameter. Many source files in multiple subdirectories can be
appended to a single destination file, but, a source file that is appended
to a wildcard destination will not include subdirectories.
Returned Value N/A

Check File Event


The Check File event compares the time, date, and file size of a server and client file, and is
often used to test the state of a file before a transfer event.
Item Worklist and Sendlist Objects
Event Specific Fields Server file name. The drive, path, and file name of the server file to be
compared with the client file. Click the Browse link to choose the
server file, or enter the path and file name in this field.
Client file name. Specifies the drive, path, and file name for the client
file.
Syntax [Param 1] Server file name. Example: C:\Doc\Daily.doc
[Param 2] Client file name. Example: D:\Docs\ClientDaily.doc
File comparison and transfer Check: If destination does not exist
options
Check: If source is newer
Check: If source is different
Use version information

222 Afaria
Session Channel Reference

Item Worklist and Sendlist Objects


Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value N/A

Check Memory Event


Use the Check Memory event to check available memory on a device.
Item Description
Event Specific Fields Memory device to check. The value returned (true or false) represents
that the device has or does not have the specified location.
Space needed. (Optional) Represents the value needed on the client
device. The value that returns is true or false, representing that the
device has or does not have the space needed.
Syntax [Param 1] Type. For use only with BlackBerry client type. Type values:
0 Flash, default
1 RAM
2 Persistent storage
3 Object code
4 Transient
5 Code stats

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value Value returned in the <CheckMemorySize> variable.

Administration Reference 223


Session Channel Reference

Check Speed Event


The Check Speed event checks the speed of the session connection.
Item Description
Event Specific Fields N/A
Syntax N/A
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks The <ConnectionSpeed> return value maintains accuracy for dial-up


connections, but becomes distorted for LAN connections.
Returned Value Value returned in the <ConnectionSpeed> variable, bits per second.

Check Volume Event


Use the Check Volume event to check a devices disk size.
Item Description
Event Specific Fields Volume to check. Used with the variable, the value returned (true or
false) represents that the device has or does not have the specified
location.
Space needed. (Optional) Represents the value needed on the client
device. The value that returns is true or false, representing that the
device has or does not have the space needed.
Syntax The syntax for the Windows Mobile client main storage is: \ (back-
slash). The syntax for the Windows Mobile client external storage card
is: \SD Card or \Storage Card. (The exact syntax depends upon the
name of the external storage on the specific device.)
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

224 Afaria
Session Channel Reference

Item Description
Remarks This event supports disk sizes > 4 GB.
Any valid path on the desired drive may be used as the volume pa-
rameter:
On NTFS drives, if the path is the name of a directory on a junction
(mount) point, the returned data will be for the mounted volume, not
the volume indicated by the drive letter.
Returned Value Value returned in the <CheckDiskSize> or <VolumeSize> variable

Comment Event
The Comment event is a non-executable event used to add comments to a worklist or sendlist
or to separate event blocks with a blank line.
Comment events are ignored at session execution time, but the comment text is displayed in
Session Manager.
Item Worklist and Sendlist Objects
Event Specific Fields Text box. Enter the comment text (up to 251 characters, including line
breaks) that you want inserted into the worklist or sendlist. The com-
ment text may span several lines and may be longer than the display
area in Events view.

Syntax N/A

Options N/A

Remarks N/A

Returned Value N/A

Copy File Event


The Copy File event duplicates one or more files to another file name or directory.
Note: File attributes are not retained with this event.
For BlackBerry devices, to use this event on files stored on the device's media card, run the
channel when the device is untethered from the companion PC.

Administration Reference 225


Session Channel Reference

Item Description
Event Specific Fields (Source) File name or wildcard. Specifies the path, file name, or wild-
card parameters for one or more files to copy. Click the Browse link to
choose a file if the event occurs on the server, or enter the path and file
name in this field. This event is unsuccessful if the source file does not
exist or if the wildcard parameter does not locate any files.
(Target) File name. The path, file name, or directory for the file or
directory that will receive the copied files. This value should be a file if
the source field is a file, or a directory if the source field is a wildcard
parameter.
Syntax [Param 1] Source file name. Example: C:\Docs\*.doc
[Param 2] Target file name. Example: C:\DailyDocs\*.sav
Options Make target path
Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Supports the Ignore hidden files option, which instructs the server to
ignore hidden files in events using wildcards.
Supports a file exclusion mask, which appends a vertical bar, followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to copy all files except .xls files from the C:\Re-
ports directory, enter this command: COPY C:\Reports\*.*|*.xls
TO D:\Backup\Reports\*.* Define multiple exclusions with multi-
ple instances of the mask, such as C:\Reports\*.*|*.xls |*.txt.
The Copy File event adds disk I/O time, which is needed to process the
command at the client. You may be able to save several minutes per
session by letting the application do most of the heavy work and having
all the data at the client ready before the session runs.
Wildcard is not supported on BlackBerry devices.
The Include subdirectories option is not supported on BlackBerry
devices.
Returned Value N/A

226 Afaria
Session Channel Reference

Create Registry Key Event


The Create Registry Key event creates a new key in the registry.
Item Description
Event Specific Fields Root key\key1\keyN. The complete path and name of the key to be
added.
Syntax [Param 1] Registry path and key name.
Example: HKLM\Software\Key
Options Make target path
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
This event will fail if the parameter isnt a valid registry path or if the
specified key already exists.
Windows CE does not ship with a registry editor but third party ap-
plications are available.
Returned Value N/A

Delete File Event


The Delete File event permanently removes one or more files from the server or client.
BlackBerry client type Delete File event acts only on .COD files.
Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.

Item Description
Event Specific Fields File name or wildcard. The path, file name, or wildcard parameter for
one or more files to delete. Click the Browse link to set this field if the
event occurs on the server, or enter the path and file name in this field.

Syntax [Param 1]File name or wildcard. Example: D:\Docs\*.doc


BlackBerry client type syntax example: [Filename.COD]

Administration Reference 227


Session Channel Reference

Item Description
Options Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks Supports the Ignore hidden files option, which instructs the server to
ignore hidden files in events using wildcards.
Supports a file exclusion mask, which appends a vertical bar, followed
by a file specification to indicate the files to exclude from that oper-
ation. For example, to delete all files except .xls files from the C:
\Reports directory, enter this command: DELETE C:\Reports\*.*|
*.xls. Define multiple exclusions with multiple instances of the
mask, such as C:\Reports\*.*|*.xls |*.txt.
Dont include a drive letter on Windows CE clients.
The Delete File event adds disk I/O time, which is needed to process
the command at the client. You may be able to save several minutes per
session by letting the application do most of the heavy work and
having all the data at the client ready before the session runs.
A BlackBerry client device must be restarted after deleting a file or
application before the item is removed from the device completely.
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.
The Include subdirectories option is not supported on BlackBerry
devices.

Returned Value N/A

Delete Registry Key Event


The Delete Registry Key event removes a key from the registry.
Item Description
Event Specific Fields Root key\key1\keyN. The complete path and name of the registry key
to be deleted.

228 Afaria
Session Channel Reference

Item Description
Syntax [Param 1] Registry path. Example: HKLM\Software\Key
Options Include subkeys
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value N/A

Delete Registry Value Event


The Delete Registry Value event removes a value from the registry.
Item Description
Event Specific Fields Root key\key1\keyN. The path for the registry value.
[value name]. The name for the registry value.
Syntax [Param 1] Registry path. Example: HKLM\Software\Key\Value
[Param 2] Value name. Example: ValueName
Leave [Param 2] blank to use the default value.
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks This event fails if the parameter isnt a valid registry path or if the key
from which the value would have been deleted does not exist.
Returned Value N/A

Administration Reference 229


Session Channel Reference

Delete Variable File Event


The Delete Variable File event removes a value entry from a variable file (*.ini) on the server
or client.
Item Description
Event Specific Fields File name. The path and file name of the file from which an entry is to
be removed. Click the Browse link to choose a file, or enter the path and
file name in this field.
User variable name. The name of the user-defined variable for which
the value entry is being removed.
Syntax [Param 1] File name.
Example: C:\Variables.ini
[Param 2] User variable name.
Example: <%[Section].VarName>
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value N/A

Directory Listing Event


The Directory Listing event copies the list of files in a directory into an output file on the
server. The output text file has a similar format as a DOS DIR command.
Item Description
Event Specific Fields Server file name for output. Instructs the event to create a file at this
location on the server. Enter the directory, path, and file name that will
contain the directory listing. The event replaces the file if it already
exists.
Directory wildcard. Specifies the path or wildcard to use to get the
directory listing. End the path with a backslash ( \ ) to list the contents
of a directory; otherwise, the event only lists the directory name.

230 Afaria
Session Channel Reference

Item Description
Syntax [Param 1] Server file name for output.
Example: C:\Listings\Dirlist.txt
[Param 2] Directory wildcard.
Example: C:\DailyDocs\*.sav
BlackBerry client type examples:
*
*.*
Filename*
Filename*.*
PartialFilename*
PartialFilename*.*

Options Make target path


Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports the Ignore hidden files option, which instructs the server to
ignore hidden files in events using wildcards.
Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Supports a file exclusion mask, which appends a vertical bar followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to perform a directory listing on all files except .xls
files from the C:\Reports directory, enter this command:DIR LIST-
ING D:\Backup\Reports\List.txt FROM C:\Reports\*.*|*.xls. De-
fine multiple exclusions with multiple instances of the mask, such as
C:\Reports\*.*|*.xls |*.txt.
BlackBerry clients listing includes only .COD files.
Returned Value N/A

Administration Reference 231


Session Channel Reference

Disconnect Event
The Disconnect event terminates the connection between the client and server, but all
remaining server events will execute as defined.
Remaining client events do not execute and are marked with a special status to indicate that the
session was disconnected.
Item Description
Event Specific Fields N/A

Syntax N/A

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session
[x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A

Returned Value N/A

Else Event
The Else conditional event is used in combination with an If event to control the execution of a
block of events.
Item Description
Event Specific Fields N/A
Syntax If <events> Else <alternate events>
Options N/A
Remarks N/A
Returned Value N/A

232 Afaria
Session Channel Reference

End If Event
The End If conditional event is used in combination with other If events to control the
execution of a block of events. Place the End If event at the very end of each If block to end the
If clause.
Item Description
Event Specific Fields N/A
Syntax If <events> EndIf
or
If<events> Else <alternate events>Endif
Options N/A
Remarks N/A
Returned Value N/A

End Impersonation Event


The End Impersonation event is used in combination with the a-all1329145200258.xml to
control the execution of a block of events.
Place the End Impersonation event at the very end of each Impersonate User block to define
the end. Afaria releases the user security token that was in use for the block and reverts to the
last-used token.
Item Description
Event Specific Fields N/A

Syntax Impersonate User <events> End Impersonation

Options N/A

Remarks N/A

Returned Value N/A

End Quota Event


One of two Quota events that wrap a block of file transfer events together by a specified time or
byte limit in an individual session.
Using the Quota events, the server counts the time or bytes spent on the events that are
wrapped by the Quota event, then stops processing the events when the defined time or byte
limit is met, even if the limit is met during the middle of an individual file transmission. The

Administration Reference 233


Session Channel Reference

next time that the client connects to the server, the server continues processing the wrapped
events starting at the exact place in the events, or file, where it stopped in the previous session.
Item Description
Server/client availability

Event Specific Fields N/A

Syntax Quota <send events> End Quota

Options N/A

Remarks Worklist execution below the End Quota event resumes on two con-
ditions:

The nested SEND events have completed. The flag file specified in
the Quota event is created.
The quota is met or exceeded. Execution is passed to subsequent
events once the last block is transferred. All necessary parameters
for resuming uncompleted SEND events are set at this time.

Returned Value N/A

End Repeat Event


The End Repeat conditional event is used with the Repeat event to mark the end of a Repeat
block of events.
Place End Repeat events at the end of each Repeat event.
Item Description
Event Specific Fields N/A

Syntax Repeat <events> End Repeat

Options N/A

Remarks N/A

Returned Value N/A

End Session Event


The End Session event terminates the connection between the client and the server.
All remaining session events are marked Not executed. This event is useful for stopping
execution in a specific condition, rather than continuing the operation.

234 Afaria
Session Channel Reference

Item Description
Event Specific Fields N/A

Syntax N/A

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A

Returned Value N/A

End Work Object Event


The End Work Object event ends the currently executing worklist or sendlist.
This event terminates the connection between the client and the server when there are no more
worklists and sendlists in the session. If there are more worklists and sendlists to be executed
for the session, the next object in the list will be executed.
Item Description
Event Specific Fields N/A

Syntax N/A

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A

Returned Value N/A

Administration Reference 235


Session Channel Reference

Execute Program Event


The Execute Program event provides similar capability as the DOS command line for running
programs. This event launches the program via the information in the Command Line field.
Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.

Item Description
Event Specific Fields Command line. Enter the path and name of the applications execut-
able file. Include command line options after the file name.
Syntax [Param 1] Command line.
Example: C:\WINNT\SYSTEM32\NOTEPAD.EXE
Execute options Queued
Do not wait
Wait until completed
Wait for < > mm:ss

Note: The Queued option queues the program for background pro-
cessing, rather than executing the program directly. Using this option
allows the Afaria Server to manage resources within the context of the
current Afaria operations.

Note: The result of the Execute Program event with the Queued option
is always successful because its success is determined when it is added
to the queue for processing, rather than determined by the program
running successfully.

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

236 Afaria
Session Channel Reference

Item Description
Remarks To execute .bat files on the server, access the Services dialog box
through and then stop the Server. Set the LogOn properties to allow the
service to interact with desktop, then re-start the Server.
To execute programs on a Windows Mobile client, you must enclose
the executable within double quotation marks in the path to the pa-
rameter file that is the parameter, as in the example below
iexplore.exe\windows\test.jpg
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.
Returned Value N/A

File Status Event


The File Status event determines whether a file exists at the specified location.
It also sets the <FileStatCount>, <FileStatVersion>, and <FileStatSize> variables. Use this
event to set the conditional value to true or false, based on a files presence. This event most
often precedes a conditional event or an event with the Conditional option enabled.
Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.

Item Description

Note: To retrieve the total size of the contents of a directory using the
path to the directory, such as File Status C:\temp, you must append
wildcards to the end of the path, as in File Status C:\temp\*.* If no
wildcards are appended, then the <FileStatSize> variable returns zero.

Event Specific Fields File name or wildcard. The Server attempts to locate a file at the
specified path and file name. If the event occurs on the server, click the
Browse link to choose the file.

Syntax [Param 1]File name or wildcard. Example: D:\Docs\*.doc

Options Ignore hidden files


Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Administration Reference 237


Session Channel Reference

Item Description
Remarks On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.
Wildcard is not supported on BlackBerry devices.

Returned Value N/A


No value returned on BlackBerry system files .cod as they are protec-
ted by the OS.

Find File Event


The Find File event locates the specified file or directory on the client or Server and sets the
specified user variable to the full path for the specified file.
Item Description
Event Specific Fields User variable name. The user-defined variable for which the file path is
being set.
Starting path\file name or directory or wildcard. Enter the path and file
name of the file or directory that marks the starting point for the search.
Syntax [Param 1] User variable name.
Example: <%MyVar>
[Param 2] Starting path\file name or directory or wildcard.
Example: C:\Winnt\Notepad.exe
Options Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

238 Afaria
Session Channel Reference

Item Description
Remarks Supports the Ignore hidden files option, which instructs the Server to
ignore hidden files in events using wildcards.
Supports the Include subdirectories option so that subdirectories of
the [Param2] filespec will be searched.
Supports a file exclusion mask, which appends a vertical bar followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to find all files except .doc files with names that start
with the letter A from the D drive, enter this command:FIND FILE
<%FullPath> D:\*.doc|a*.doc
Returned Value N/A

Get Database Field Event


The Get Database Field event retrieves the value of a specified field in a specified table in the
database.
Item Description
Event Specific Fields User variable name. The variable to receive the value of the database
field.
Variable or database field name. The variable or literal name of the
field from which to retrieve the value.
Table name. (Optional) The name of the database table if other than the
User Defined Fields table (default).
WHERE parameter. (Optional) The statement by which the system
queries the table field if other than DeviceGuid = <ClientId> (de-
fault). (DeviceGuid represents the unique identifier for a client.)
Syntax [Param 1] User variable name.
Example: <%MyVar>
[Param 2] Variable or database field name.
Example: BATTLEVEL
[Param 3] Table name.
Example: A_INV_DEVICE
[Param 4] WHERE parameter.
Example: DeviceGuid = <ClientId>

Administration Reference 239


Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Handheld inventory tables may contain multiple rows for the same
DeviceGuid. Only the first row in the result set based on [Param 4] will
be used to read the field value.
If an error occurs when attempting to read a field value in a database
table, the system will retry once. If the retry fails, then the event fails
and an error message is logged to Data views, Logs in Messages view.
The Include subdirectories option is not supported on BlackBerry
devices.
Returned Value N/A

Get File from Client Event


The Get File from Client event locates one or more files on the client and transfers them to the
specified location on the server.
Wildcards used with this event retrieves a group of files whose names have something in
common, or that are in the same directory.
Note: File attributes are not retained with this event.
For BlackBerry devices, to use this event on files stored on the device's media card, run the
channel when the device is untethered from the companion PC.
Item Description
Event Specific Fields (Target) Server file name or wildcard. The path, file name, directory, or
wildcard parameters for the file or directory that will receive the trans-
ferred file. Click the Browse link to choose a file or directory, or enter
the path, file name, or directory in this field.

240 Afaria
Session Channel Reference

Item Description
A trailing backslash \ will be accepted as an indication that the target
is a subdirectory of the given path, as in C:\Program Files\Sample\Data
\. If the target path does not include the trailing backslash, then an
attempt will be made to treat the target as a directory, as if an implicit
backslash. If such a target directory already exists or is created using
the Make target path option, then transfer of one or more files to this
directory should be successful. In the event that no such directory
exists or is created, transfer of more than one file to the target path will
fail; however, transfer of a single file to the target path will be suc-
cessful, with the file assuming the name specified in the target. For
example, sending C:\Daily.doc to the path C:\Program Files\Sample
\Data (where Data is not the name of a directory and is not created) will
result in the creation or overwriting of C:\Program Files\Sample\Data
with the contents of Daily.doc.
In all instances where multiple source files are targeted to a single
destination file, the event is logged as an error. Selecting the Make
target path option (explained on the next page), or the pre-existence of
a designated directory will not prevent this error from occurring.

(Source) Client file name or wildcard. Specifies the path, file name or
wildcard parameters for the files to transfer.

Syntax [Param 1] Server file name or wildcard. Example: C:\ServerDocs\Dai-


ly.doc
[Param 2] File name or wildcard. Example: D:\Docs\*.doc

File comparison and transfer Transfer: Always


options
Transfer: If destination does not exist
Transfer: If source is newer
Transfer: If source is different
Use version information
Use safe transfer
Turn compression off
Use file differencing

Administration Reference 241


Session Channel Reference

Item Description
Options Delete after [-]
Make target path
Ignore hidden files
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks Supports the Use safe transfer option so that the Server does not
create a destination file until it has been successfully transferred.
Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Supports the Ignore hidden files option, which instructs the Server to
ignore hidden files in events using wildcards.
Supports a file exclusion mask, which appends a vertical bar followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to get all files except .xls files from the C:\Reports
directory, enter this command: GET D:\Backup\Reports FROM C:
\Reports\*.*|*.xls. Define multiple exclusions with multiple instan-
ces of the mask, such as C:\Reports\*.*|*.xls |*.txt.
Supports indirect files. Sets event-specific information in an ASCII file
that is referenced in the event, rather than included.
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.
The Include subdirectories option is not supported on BlackBerry
devices.

Returned Value N/A

242 Afaria
Session Channel Reference

Get Registry Value Event


The Get Registry Value event retrieves the value of a specified registry value on client or
Server and makes it available in a specified user-defined variable.
Item Description
Event Specific Fields User variable name. The user-defined variable for which the registry
value is being set.
Root key\key1\keyN. The path for the registry value.
[value name]. The name for the registry value.
Syntax [Param 1] User variable name.
Example: <%MyVar>
[Param 2] Root key value.
Example: HKEY_LOCAL_MACHINE\Software\Afaria\Name
[Param 3] Value name.
Example: ValueName
Leave [Param 3] blank to use the default value.
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks The system also accepts HKLM, HKCU, HKCR, and HKU as abbre-
viations, but it does not support binary values.
This event is designed to read a string value. It will read a DWORD
value, but it converts the DWORD value into a string value before
including it in the session variable.
Returned Value N/A

Get Script Variable Event


The Get Script Variable event retrieves the value of a global script variable.
To use this event, provide the name of the script variable, as well as the session variable name
that will store the retrieved value from the client or Server.

Administration Reference 243


Session Channel Reference

Item Description
Event Specific Fields Script file name. The path and name of the file that contains the script
variable. Click the Browse link to choose a file and directory, or enter
the path and file name in this field.
Script variable name. The name of the script variable.
User variable name. The name of the session variable that will store the
retrieved value.

Syntax [Param 1] Script file name.


Example: C:\Scripts\Myscript.vbs
[Param 2] Script variable name.
Example: MyVariable
[Param 3] User variable name.
Example: <%variable-name>

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks The difference between running a script on the client versus the Server
is that session variable support is limited to setting the variable. Client
scripts cannot get the session variable.
Accessing Afaria session variables through this event is not supported
on the client.

Returned Value N/A

If Event
The If conditional event controls the execution of a block of events in a session. A block of
events begins with an If event and ends with an End If event. If the condition specified is true,
then all events up to the next Else or End If event will execute.

Item Description
Event Specific Fields N/A

244 Afaria
Session Channel Reference

Item Description
Syntax N/A
Options N/A
Remarks Supports the following conditions:
If Previous Event FALSE
If Previous Event TRUE
If (LValue) <, <=, =, >=, > (RValue) where LValue and RValue can
be session variables, numbers, or strings
The <, >, <=, and >= operators in Session Manager events compare
only integers or strings. The first non-numeric character terminates
comparisons of integers. For example, the statement 128.46.22.8 >=
128.56.22.8 would return as True because the comparison stops at
the decimal point (non-numeric character) following 128.
Returned Value N/A

Impersonate User Event


This event uses the corresponding a-all1329145198524.xml#all1329145198524 to control
the user context for executing a block of events in a session.
The event uses the Win32 API LogonUser call with a specified Domain/Username and
password to obtain a security token. The event then uses the token when calling the Win32 API
ImpersonateLoggedOnUser and RevertToSelf calls to execute any of the following events:
Append event
Check File event
Check Volume event
Copy File event
Create Registry Key event
Delete File event
Delete Registry Key event
Delete Registry Value event
Delete Variable File event
Directory Listing event
Execute Program event
Files Status event
Find File event
Get File from Client event
Get Registry Value event
Load Script event

Administration Reference 245


Session Channel Reference

Make Directory event


Read Variable File event
Remove Directory event
Rename File event
Search Registry event
Set File Attributes event
Set Registry Value event
Update Variable File event
Wait for File to Exist event
This event has no effect on the a-all1329145134209.xml#all1329145134209, other than it
uses the security token to gain access to the script file. The user context for executing the script
file is not controlled by the Impersonate User event.
Afaria events that do not rely on user credentials to operate, operate as they normally would
inside the Impersonate User block.
Item Description
Event Specific Fields User Name. User to impersonate.
Password. Password associated with the user
name.
Confirm password. Password associated with the
user name.

Syntax [Param 1] User Name. Example: UserName or


Domain\UserName
[Param 2] Password: password
[Param 3] Confirm Password: password

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session
[x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

246 Afaria
Session Channel Reference

Item Description
Remarks Event nesting is valid.
Password characters display as *.
Event execution skips to the corresponding when
the End Impersonation Event Impersonate User
event fails.

Returned Value N/A

Increment Variable Event


The Increment Variable event modifies the value of the specified user variable by the specified
amount (positive or negative).
Item Description
Event Specific Fields User variable name. The user-defined variable to be incremented by
the specified amount.
Amount. The positive or negative amount by which the variable is to be
incremented.
Syntax [Param 1] User variable name. Example: <%MyVar>
[Param 2] Amount. Example: 100
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Increment amounts must be positive or negative whole numbers with
no separator characters, such as 5000, not 5,000. The lowest number to
which a variable can be incremented is -2147483648, while the highest
number is 2147483647.
Returned Value N/A

Administration Reference 247


Session Channel Reference

Insert Channel Event


The Insert Channel event allows you to insert an existing Session Manager channel into the
currently selected worklist.
Item Description
Event Specific Fields Click the Select Channel link to access the Session Manager Chan-
nels dialog box. Use this dialog box to choose the Session Manager
channel to insert into the worklist.
Syntax [Param 1] Session Manager channel name.
Example: \$root$\Locked Channel
Server/client availability
Remarks N/A
Returned Value N/A

Insert Worklist Event


The Insert Worklist event allows you to insert one or more events from an external worklist file
into a worklists list of events.
Item Description
Event Specific Fields Worklist file name or @indirect file. The name of the file that contains
the worklist file. Click the Browse link to choose the file, or enter the
file name in this field. Indirect files must use the @ symbol before the
file name.
Syntax [Param 1] Worklist file name or @indirect file.
Example: C:\Events\Insert.evf or @C:\Indirect\Insert.ind
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports indirect files. Sets event-specific information in an ASCII file
that is referenced in the event, rather than included.
Returned Value N/A

248 Afaria
Session Channel Reference

Load Script Event


The Load Script event initiates the script engine, reads the script file and parses the script text,
and then connects the script to the script engine in order that the script be available for other
session events.
To use this event, provide the name of the script file, as well as the script type (VBScript or
JScript) to be run at the client or Server.
Item Description
Event Specific Fields Script file name. The path and name of the script file. Click the Browse
link to choose a file and directory, or enter the path and file name in this
field.
Script language. The name of the script language (VBScript or
JScript).

Note: To use a script engine other than VBScript or JScript, enter the
name directly in the Script language field.

Syntax [Param 1] Script file name.


Example: C:\Scripts\Myscript.vbs
[Param 2] Script language.
Example: JScript

Note: We do not support using this event to display message box UI.

Remarks Accessing Afaria session variables through this event is not supported
on the client.

Returned Value N/A

Make Directory Event


The Make Directory event creates a new client or Server directory. As part of a sendlist object,
this event creates the directory only if necessary.
Item Description
Event Specific Fields Directory path. Specifies the path and directory name of the new di-
rectory.
Syntax [Param 1] Directory path. Example: C:\Dir1\Dir2\Dir3

Administration Reference 249


Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value N/A

Message Event
The Message event displays a message in the status dialog at the client, or logs a message to the
Messages and Session views in Data views, Logs.
Item Description
Event Specific Fields Message text or @indirect file. Specifies the text of the message to
display, or the name of the file that contains the message text.
Syntax [Param 1] Message text or @indirect file.
Example: This is a message or @C:\Messages\Message.txt
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports indirect files. Sets event-specific information in an ASCII file
thats referenced in the event, rather than included.
Returned Value N/A

Notify Program Event


The Notify Program event sends a message to the specified named pipe or mailslot on the
server.
Item Description
Event Specific Fields Server named pipe or mail slot. Specifies the pipe name or mailslot to
be notified on the server.
Notify text or @indirect file. Specifies the text of the message to send,
or the name of the file that contains the message text.

250 Afaria
Session Channel Reference

Item Description
Syntax [Param 1] Server named pipe or mail slot.
Example: pipe\name or mailslot\name
[Param 2] Notify text or @indirect file
Example: This is a notification or @C:\Notify\Notify.txt
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports indirect files. Sets event-specific information in an ASCII file
thats referenced in the event, rather than included.
The requirements for a named pipe server that can work with the Notify
event are as follows:
The named pipe must be created as bi-directional.
XComms.exe will open the pipe, write message data (not byte
data), and will close it for each Notify event.
XComms.exe is expecting a Win32 return code (DWORD) to
come back as a response. If everything was successful, this value
will be 0.
Pseudo-code for this event using the Win32 API function names is
CreateNamedPipe.
Loop the following as long as you want the pipe to accept infor-
mation:
ConnectNamedPipe
ReadFile (message)
WriteFile (return code)
DisconnectNamedPipe

Returned Value N/A

Quota Event
One of two Quota events that wrap a block of file transfer events together by a specified time or
byte limit in an individual session.
Using the Quota events, the Server counts the time or bytes spent on the events that are
wrapped by the Quota event, then stops processing the events when the defined time or byte
limit is met, even if the limit is met during the middle of an individual file transmission. The

Administration Reference 251


Session Channel Reference

next time that the client connects to the server, the Server continues processing the wrapped
events starting at the exact place in the events, or file, where it stopped in the previous session.
Note: This Quota event defines the beginning of the quota block and quota criteria, minutes
and/or bytes. At least one criteria type must be specified. If both criteria are specified, the limit
that is met or exceeded first will trigger the end of the block of file transfers. For example,
assume that the Quota block is set for 30 seconds or 1MB. If the events within the Quota event
and the End Quota event do not send 1MB in 30 seconds, then the next connection will send the
rest of the file or have a connection for 30 seconds, whichever comes first.

Item Description
Event Specific Fields Byte limit. Specifies the size limit (for example, 1024000 or 1000k or
1m) at which you want to stop the transmission of this quota block.
Time limit. Specifies the limit in minutes at which you want to stop the
transmission of this quota block. Click the Enter limit link to set a limit
in the Enter time limit dialog box.

Syntax Quota <send events> End Quota

Options N/A

Remarks The Quota event is based on the actual amount of data being transfer-
red, not the true file size. File compression shrinks file size depending
upon file type.

Returned Value N/A

Raise Event Event


The Raise Event event specifies that a particular event be visible in Home, Alerts.
Item Description
Event Specific Fields Event name. Specifies the event to display in the Home, Alerts.
Error message. Specifies the message to appear when the event defined
as the raised event displays in Home, Alerts.
Syntax N/A
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A

252 Afaria
Session Channel Reference

Item Description
Returned Value N/A

Read Variable File Event


The Read Variable File event sets variables by reading values from an .ini file.
Item Description
Event Specific Fields File name. Specifies the .ini file whose values are to be set as a user
variable.
User variable name. The user-defined variable whose value is to be
determined by the specified .ini file.
Syntax [Param 1] File name.
Example: C:\Variables.ini
[Param 2] User variable name.
Examples:
One variable in one section: <%[MySectionName].MySectionVar> to
read MySectionVar entry in MySectionName section of the .ini file.
All variables in one section: <%[MySectionName].*> to read all en-
tries in the MySectionName section of the .ini file. The variable name
format is <%[MySectionName].EntryName> where EntryName is
the name on the left side of the equal sign.
All variables in all sections: <%*> to read all entries in all sections of
the .ini file. The variable name format is <%[MySectionName].En-
tryName> where SectionName is the name of the .ini file section and
EntryName is the name on the left of the equal sign.
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Administration Reference 253


Session Channel Reference

Item Description
Remarks The format for the .ini file must be:
[section]
variable=value
for example,
[386Enh]
woafont=dosapp.fon
ega80woa.fon=ega80woa.fon
ega40woa.fon=ega40woa.fon
Returned Value N/A

Reboot Client at End of Session Event


Reboots the client after a session has ended.
Item Description
Event Specific Fields N/A
Syntax N/A
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks The reboot occurs after the session is complete. Therefore, it is not
known to the server if the reboot executes. The event is logged as
successful when the task is queued with the operating system. The
reboots successful execution is subject to the device manufacturers
implementation of the reboot API.
There are some circumstances in which an interactive user may be
given the opportunity to cancel the reboot.
For all client types and user contexts, you are advised to test the event
to observe results.
Returned Value N/A

254 Afaria
Session Channel Reference

Release Script Event


The Release Script event releases a specific instance of a script engine. To use this event,
provide the name of the script file run at the client or Server.
Item Description
Event Specific Fields Script file name. The path and name of the script file. Click the Browse
link to choose a file and directory, or enter the path and file name in this
field.
Syntax [Param 1] Script file name.
Example: C:\Scripts\Myscript.vbs
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Accessing Afaria session variables through this event is not supported
on the client.
If you do not use this event to release the script, the script engine will
automatically release when the session terminates.
Returned Value N/A

Remove Directory Event


The Remove Directory event deletes a client or server directory. The directory must be empty
of files before it can be removed.
Item Description
Event Specific Fields Directory path. The path and name of the directory to be removed.
Syntax [Param 1] Directory path. Example: C:\ServerDocs
Options Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Administration Reference 255


Session Channel Reference

Item Description
Remarks The "Include subdirectories option is available for Windows, Win-
dows Mobile, and Symbian clients. It removes the specified directory,
as well as subdirectories as long as no files reside in those subdirec-
tories.
Wildcard is not supported on BlackBerry devices.
The Include subdirectories option is not supported on BlackBerry
devices.
Returned Value N/A

Rename File Event


The Rename File event moves files or changes the name of one or more files on either the
Server or client.
Item Description
Event Specific Fields (Source) Old file name or wildcard. Specifies one or more source files
to move or rename. Click the Browse link to choose a path and file, or
enter the path, file name, or wildcard parameter in this field.
(Target) New file name or wildcard. Enter the path and new file name,
or the wildcard when more than one file is involved. Enter a directory to
move one or more files without changing their names. Click the
Browse link to choose a path and file name.
Syntax [Param 1] Old file name or wildcard.
Example: C:\Old\*.doc
[Param 2] New file name or wildcard.
Example: C:\New\*.doc
Options Make target path
Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

256 Afaria
Session Channel Reference

Item Description
Remarks Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Supports the Ignore hidden files option, which instructs the Server to
ignore hidden files in events using wildcards.
Supports a file exclusion mask, which appends a vertical bar followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to rename all files except .xls files in the C:\Re-
ports directory, enter this command: RENAME C:\Backup\Reports
\*.*|*.xls TO C:\Reports\*.*. Define multiple exclusions with mul-
tiple instances of the mask, such as C:\Backup\Reports\*.*|*.xls |
*.txt.
Wildcard is not supported on BlackBerry devices.
The Include subdirectories option is not supported on BlackBerry
devices.
Returned Value N/A

Repeat Event
The Repeat event conditionally repeats a block of events.
A Repeat block of events begins with the Repeat event and ends with an End Repeat event.
Repeat if previous event is false allows the events to execute if the previous event failed.
Repeat if previous event is true allows the events to repeat if the previous event was successful.
Item Description
Event Specific Fields Maximum Timeout. The maximum amount of time the Repeat event
may execute repeatedly. The value may range in minutes and seconds
from 00:00 to 59:59.
Inactivity Timeout. The maximum amount of time that execution of the
event continues when no file transfer occurs. The value may range in
minutes and seconds from 00:00 to 59:59.
Max Repeats. The maximum number of iterations of this Repeat event.
Select from 0 (no repeats) to 99 repetitions. Execution stops after the
event has been repeated the maximum number of times.

Syntax N/A

Administration Reference 257


Session Channel Reference

Item Description
Options Previous Event True
Previous Event False
Condition While (LValue) <, <=, =, >=, > (RValue) where LValue and
RValue can be session variables, numbers, or strings

Remarks Supports the following conditions:

If Previous Event FALSE


If Previous Event TRUE
If (LValue) <, <=, =, >=, > (RValue) where LValue and RValue can
be session variables, numbers, or strings

If no limit is set for timeouts or repeats, a session could become caught


in an endless loop.

Note: If the Repeat event is used with the Previous Event TRUE op-
tion, when the session runs the event verifies that the previous event
was true only one time, as if it was a Repeat If event. If the session re-
runs in a loop, the event does not re-verify the previous event.

If the Repeat event is used with the Previous Event FALSE option,
when the session runs the event verifies that the previous event was
false every time it runs, as if it was a Repeat While event
.

Returned Value N/A

Run Script Function Event


The Run Script Function event invokes specific scripting functions at the client or Server.
To use this event, provide the name of the script function, as well as any parameters that need to
be passed in to the function.

258 Afaria
Session Channel Reference

Item Description
Event Specific Fields Script file name. The path and name of the file that contains the script
variable. Click the Browse link to choose a file and directory, or enter
the path and file name in this field.
Function name. The name of the script function.
User variable name. The name of the session variable that will store the
retrieved value.
Return user variable name. If the script function returns a value, the
name of the user defined session variable on the server that will store
the value.

Syntax [Param 1] Script file name.


Example: C:\Scripts\Myscript.vbs
[Param 2] Function name.
Example: MyFunction
[Param 3] Input variables.
Example: <%value1>, <%value2> or 100,200
[Param 4] Return user variable name.
Example: <%MyVariable>

Note: We do not support using this event to display message box


(popup) UI.

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks The parameter list is a comma separated list that contains either text
values or session variables.
Accessing Afaria session variables through this event is not supported
on the client.

Returned Value N/A

Administration Reference 259


Session Channel Reference

Search Registry Event


The Search Registry event searches the registry on the client or Server for the specified key or
value and places the value found into the specified user-defined variable.
Item Description
Event Specific Fields User variable name. The user-defined variable for the registry search.
Root key\key1\keyN. The path for the registry value.
[value name]. The name for the registry value.
Syntax [Param 1] User variable name.
Example: <%MyVar>
[Param 2] Root key value.
Example: HKEY_LOCAL_MACHINE\Software\Afaria\Name
[Param 3] Value name.
Example: ValueName
Leave [Param 3] blank to use the default value.
Options Include subkeys
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports Include subkeys so that the registry is searched for any keys
matching the Source filespec.
Returned Value N/A

Send File to Client Event


The Send File to Client event transfers one or more Server files to a file or directory on the
client.
Using wildcards with this event transfers a group of Server files whose names have something
in common, or that are in the same directory.
BlackBerry clients This event operates on dataobjects within a COD file, rather than COD
files. Typically, dataobject names are known only by the publishing party. Therefore, this
event is likely to be of use only when you want to work with in-house applications.

260 Afaria
Session Channel Reference

Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.
File attributes arent retained with this event.

Item Worklist and Sendlist Objects


Event Specific Fields (Source) Server file name or wildcard. Indicates which directory or
files to send to the client. Enter the file name, path name, or directory
on the server. Click the Browse link to choose a file, or use wildcards to
send files of the same enter or that exist in one directory.
(Target) Client file name or wildcard. Places one or more Server files in
this location at the client. Specify the file name, wildcard parameter, or
directory for the client files.

Note: A trailing backslash \ will be accepted as an indication that the


target is a subdirectory of the given path, as in C:\Program Files\Sam-
ple\Data\. If the target path does not include the trailing backslash, then
an attempt will be made to treat the target as a directory, as if an implicit
backslash. If such a target directory already exists or is created using
the Make target path option, then transfer of one or more files to this
directory should be successful. In the event that no such directory
exists or is created, transfer of more than one file to the target path will
fail. However transfer of a single file to the target path will be suc-
cessful, with the file assuming the name specified in the target. For
example, sending C:\Daily.doc to the path C:\Program Files\Sample
\Data (where Data isnt the name of a directory and isnt created) will
result in the creation or overwriting of C:\Program Files\Sample\Data
with the contents of Daily.doc.
In all instances where multiple source files are targeted to a single
destination file, the event is logged as an error. Selecting the Make
target path option (explained on the next page), or the pre-existence of
a designated directory will not prevent this error from occurring.

Syntax [Param 1] Server file name or wildcard. Example: C:\ServerDocs\Dai-


ly.doc
[Param 2] File name or wildcard. Example: D:\Docs\*.doc
[Param 2] BlackBerry client type syntax example: [File-
name.COD\objectID]
BlackBerry format complies with RIMs RuntimeStore API require-
ments. Refer to RIMs developer documentation for additional infor-
mation.

Administration Reference 261


Session Channel Reference

Item Worklist and Sendlist Objects


File comparison and transfer Transfer: Always
options
Transfer: If destination does not exist
Transfer: If source is newer
Transfer: If source is different
Use version information
Check/Send
Use safe transfer
Turn compression off
Use file differencing

Options Delete after [-]


Make target path
Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

262 Afaria
Session Channel Reference

Item Worklist and Sendlist Objects


Remarks Maximum file size 4 GB; to send a file send a file over 4 GB, you must
divide the file into segments, each 4 GB or less in size.
Supports the Use safe transfer option so that the Server does not
create a destination file until it has been successfully transferred.
Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Supports the Ignore hidden files option, which instructs the Server to
ignore hidden files in events using wildcards.
Supports a file exclusion mask, which appends a vertical bar followed
by a file specification to indicate the files to exclude from that opera-
tion. For example, to get all files except .xls files from the C:\Reports
directory, enter this command: SEND D:\Backup\Reports FROM
C:\Reports\*.*|*.xls. Define multiple exclusions with multiple in-
stances of the mask, such as C:\Reports\*.*|*.xls |*.txt.
Supports indirect files. Sets event-specific information in an ASCII file
thats referenced in the event, rather than included.
A BlackBerry client device must be restarted before a .COD file can be
successfully referenced by another Afaria Session Manager event.
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.

Returned Value N/A

Set Bandwidth Throttling Config Event


The Set Bandwidth Throttling Config event allows you to assign a predefined bandwidth
throttling configuration to a session.
Item Description
Event Specific Fields Configuration name. The name of the predefined bandwidth throttling
configuration set on the Bandwidth throttling view in Server config-
uration, Properties, or a variable created using the Set Variable event.
If the configuration name that you enter in this field does not exist, the
software uses the Current Default Configuration defined on the Band-
width throttling view.
Syntax N/A

Administration Reference 263


Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks N/A
Returned Value N/A

Set Client Time Event


The Set Client Time event allows you to synchronize a clients time and date with the servers
time and date.
This feature is valuable for customers with clients that reside in a restricted network and
cannot perform their own date and time synchronization.
Item Description
Event Specific Fields N/A

Syntax N/A

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A

Returned Value N/A

Set Database Field Event


The Set Database Field event associates a value or variable to a specific user-defined field (as
defined in Server configuration, Properties, User defined fields link) and then stores it in the
User Defined Fields (A_USER_DEFINED) table in the database.

264 Afaria
Session Channel Reference

Item Description
Event Specific Fields Variable or database field name. The user-defined field name as set via
Server configuration, Properties, User defined fields.
Variable or value to store. The value to associate with the user-defined
field name and then store in the User Defined Fields table in the da-
tabase.
Syntax [Param 1] Variable or Database field Name.
Example: TotalConnections
[Param 2] Variable or value to store.
Example: 5

Note: The SQL statement must be syntactically correct or the database


engine (SQL server, Oracle, etc...) will reject it and the event will fail.
The following examples provide the correct syntax for each user de-
fined field type available to the A_USER_DEFINED field table. The
examples assume that the Float (decimal numbers) field name is
MyFloat; Varchar (text strings, 255 character limit) field name is
MyVarchar; Integer (whole numbers) field name is MyInteger;
and Date field name is MyDate.
Example Float field type:
[Param 1] MyFloat
[Param 2] 1234.5
Example Varchar field type:
[Param 1] MyVarchar
[Param 2] Hello World!
or
[Param 2] Dont forget to escape single quotation marks occurring
within a string.
(Varchar field type values must be enclosed in single quotation marks.
A single quotation mark within the text must also be preceded by a
single quotation mark, as in Dont...)
Example Integer field type:
[Param 1] MyInteger
[Param 2] 1234

Administration Reference 265


Session Channel Reference

Item Description
Example Date field type:
[Param 1] MyDate
[Param 2] SYSDATE (Oracle)
or
[Param 2] TO_DATE('98-DEC-25:17:30','YY-MON-DD:HH24:MI')
(Oracle)
or
[Param 2] GetDate() (Oracle)
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks When a client connects to the server, the system updates the database
field (specified in [Param 1] in the User Defined Fields table) with the
current value of the variable/value specified in [Param 2]. If an error
occurs when attempting to write a field value to the table, the system
will retry once. If the retry fails, then the event fails and an error
message is logged to Data views, Logs in Messages view.
If you assign a value to a field and that field is deleted via User defined
fields (in Server configuration, Properties), then both the field and its
value are deleted from the User Defined Fields table. Before using a
field in this event, ensure that it exists in the table.
Returned Value N/A

Set File Attributes Event


The Set File Attributes event sets or clears a file or a wildcards attributes.
Note: File attributes arent retained in the a-all1329145058503.xml#all1329145058503, a-
all1329145062785.xml#all1329145062785, and a-
all1329145065176.xml#all1329145065176. Instead, you must use this event to define file
attributes.

Item Description
Event Specific Fields File name or wildcard. Indicates the file or wildcard on which to set or
clear the attributes.

266 Afaria
Session Channel Reference

Item Description
Syntax [Param 1] File name or wildcard.
Example: C:\WINNT\system.ini
Options Read only
System
Hidden (see Remarks)
Archive
Normal
Apply to directory only
Ignore hidden files
Include subdirectories
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Returned Value N/A

Set Registry Value Event


The Set Registry Value event sets a specified registry value to the string specified.
Item Description
Event Specific Fields Root key\key1\keyN. The path of the value to be set.
Variable or value. The user-defined variable to set with the specified
registry key, or the value to use.
Value type. Key data type.
[value name]. The name for the registry value.
Syntax [Param 1] Root key.
Example: HKEY_LOCAL_MACHINE\SoftWare\Afaria\Dir
[Param 2] Variable or value.
Example: C:\Temp or <%MyVar>
[Param 4] Value name.
Example: ValueName

Administration Reference 267


Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Converts non-string values to string values.
Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
Returned Value N/A

Set Script Variable Event


The Set Script Variable event allows the session to set a global script variable that can be used
by the script in subsequent calls to script functions at the client or Server.
To use this event, provide the name of the script variable, as well as a value. The value can
contain a session variable.
Item Description
Event Specific Fields Script file name. The path and name of the file that contains the script
variable. Click the Browse link to choose a file and directory, or enter
the path and file name in this field.
Script variable name. The name of the script variable.
Variable or value. The name of the variable or value.

Syntax [Param 1] Script file name.


Example: C:\Scripts\Myscript.vbs
[Param 2] Script variable name.
Example: MyVariable
[Param 3] Variable or value.
Example: C:\Temp

268 Afaria
Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks The difference between running a script on the client versus the Server
is that session variable support is limited to setting the variable. Client
scripts cannot get the session variable.
Accessing Afaria session variables through this event is not supported
on the client.

Returned Value N/A

Set Variable Event


The Set Variable event creates user-defined variables.
After a user variable is defined, it may be used anywhere in a session, including other worklist
objects. A user-defined variable does not preserve its data across sessions, except during a
restart.
Item Description
Event Specific Fields User variable name. Specifies the name for this user-defined variable.
The default value is <%VariableName>.
Value or @indirect file. Sets the variables value or specifies the name
of the file that contains the value. Click Browse to choose a Server text
file, or enter the path and file name of a text file. When using a file,
remember to precede the path and file name with an @.

Syntax [Param 1] User variable name.


Example: <%MyVar>
[Param 2] Value or @indirect file.
Example: NewValue or @C:\NewVlue.txt

Note: To access variables from a variable file, use the following syn-
tax:

Note: <%[MySectionName].MySectionVar>

Administration Reference 269


Session Channel Reference

Item Description
Options Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks The variable names should be unique throughout all worklists in a


session. Using the Set Variable event on a previously defined variable
will change the value. Although this may be needed for some appli-
cations, it can lead to unexpected results and side effects across work-
lists.
This event works only with text (*.txt) files when referencing indirect
files.
Supports indirect files. Sets event-specific information in an ASCII file
thats referenced in the event, rather than included.

Returned Value N/A

Test Group Membership Event


The Test Group Membership event allows you to test predefined LDAP/NT or user-defined
client groups by comparing the group to a known value.
The session evaluates the group and the result is compared to the specified value.
Item Description
Event Specific Fields Group to test. The group to evaluate. Click the Browse link to access
the Assignment group browse dialog box through which you can select
the group.

Syntax [Param 1] Group to test. (Selection occurs through the Browse link.)
Example: NTDGWID:development\Domain Admins\512

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A

270 Afaria
Session Channel Reference

Item Description
Returned Value N/A

Test Variable Event


The Test Variable event allows you to test predefined variables by comparing the variable to a
known value.
The session evaluates the variable and the result is compared to the specified value.
Item Description
Event Specific Fields Variables and/or text. The variable or text string to evaluate and com-
pare with the field below. This field may contain up to 260 characters.
Variables and/or text. The variable or text string to compare with the
value in the first field. This field may contain up to 260 characters.

Syntax [Param 1] Variables and/or text.


Example: <%MyVar>
[Param 2] Variables and/or text.
Example: <%MyTestVar> or TestText

Options Conditional (True/False)


Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks N/A.

Returned Value N/A

Update Variable File Event


The Update Variable File event allows user-defined variables to be saved to a Windows .ini file
on the client and Server.
Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.

Administration Reference 271


Session Channel Reference

Item Description
Event Specific Fields File name. The path and directory of the .ini file.
User variable name. The user-defined variable to be saved to the
specified .ini file.
Syntax [Param 1] File name.
Example: C:\Variables.ini
[Param 2] User variable name.
Example: <%[MySectionName].MySectionVar>

Note: To update a variable from a variable file, use any of the following
examples:
One variable in one section: <%[MySectionName].MySectionVar> to
read MySectionVar entry in MySectionName section of the .ini file.
All variables in one section: <%[MySectionName].*> to read all en-
tries in the MySectionName section of the .ini file. The variable name
format is <%[MySectionName].EntryName> where EntryName is the
name on the left side of the equal sign.
All variables in all sections: <%*> to read all entries in all sections of
the .ini file. The variable name format is <%[MySectionName].En-
tryName> where SectionName is the name of the .ini file section and
EntryName is the name on the left of the equal sign.
Options Make target path
Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]
Remarks Supports the Make target path option. Target files, including any
subdirectories, in the file spec that do not exist will be created.
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.
Returned Value N/A

Wait for File to Exist Event


The Wait for File to Exist event instructs the session to pause until a client or server file exists,
or until a specified amount of time elapses, whichever comes first.
Session Manager checks the Server every half-second and the client every second.

272 Afaria
Session Channel Reference

Note: For BlackBerry devices, to use this event on files stored on the device's media card, run
the channel when the device is untethered from the companion PC.

Item Description
Event Specific Fields File name. Identifies the client or Server file to locate. Click the Browse
link to select a file, or enter the path and file name in this field.
Wait time. Specify the time, in minutes and seconds, to wait for the file
to exist. Use the keyboard and spin controls to set the delta time. Times
may range from 00:00 to 59:59.

Syntax [Param 1] File name or wildcard. Example: C:\Docs\Daily.doc


[Param 2] Wait time. Example: 45:00

Options Delete after (-)


Conditional (True/False)
Execution: Normal
Execution: Not required for successful session [x]
Execution: Channel critical event [+]
Execution: Session critical event [*]

Remarks You should consider using the File Status event if your wait time is
close to 00:00.
On BlackBerry devices, location is attempted first on the media card if
mounted, then on the home/users path.

Returned Value N/A

Session Manager Variables


When an event executes, Session Manager replaces variable placeholders with the appropriate
information. Variables are always enclosed in <> characters and arent case sensitive.
To add a variable to an event specific field, click the Show variables link on the Event details
dialog box. In the Session Variables box, double-clicking the variable adds it to the event. You
can also enter the variable in the appropriate fields.
Session Manager supports the following variable types:
Predefined Session Variables
User-Defined Session Variables
Environment Variables

Administration Reference 273


Session Channel Reference

Variable Modifiers

Warning! When running an individual channel or a channel set in an Afaria connection, if you
create more than 256 variables in that session you will see the following error message: Not
enough storage is available to process this command

Note: All Afaria session variables are subject to a 256-character maximum length
requirement.
Not all variables are supported for all types of clients, for instance <ClientWindowsDir> is not
an appropriate variable to use on an Android device; however, the Session Manager Channel
Editor allows you to add any variable to any worklist.
The use of Session Manager variables is reserved for Session Manager channels. Except
where noted otherwise, Afaria does not support using variables as values for other
components dialog boxes and input parameters.

Predefined Session Variables


Session Manager includes a set of predefined session variables that you can use to insert the
current time or date, client information, or Server information in an event list.
The following table lists each predefined variable, describes its function, and provides an
example of its usage and a value of the variable.
Variable Description Sample use or sample value
<%UserDefined> Contains or holds the value Value of Variable: Value (varies)
of the specified user-defined
variable
<AuthenticatedUser> Indicates whether or not Au- Value of Variable: 1
thentication is turned on, re-
turning either 0 or 1
where 1 indicates Authen-
tication is turned on
<ChannelName> Indicates the name of the Set Variable: <%CurrentChan-
channel nel><ChannelName>
Value of Variable: Channel name
<ChannelViewer> Indicates whether the Chan- If <ChannelViewer> = 1
nel Viewer UI initiated the
Value of Variable: 1
session, returning either 1
or 0 where 1 indicates
that Channel Viewer initi-
ated the session

274 Afaria
Session Channel Reference

Variable Description Sample use or sample value


<CheckDiskSize> The disk free space available If <CheckDiskSize> <= 1000000
value, in bytes, as deter-
Value of Variable: 900900
mined by running the Check
Volume event, handled as
unsigned 64-bit integers
<CheckMemorySize> Used with the Check Mem- If <ClientMemorySize> <= 1200000
ory event, returns a value, in
Value of Variable: 10017792
bytes, that represents the
available amount of memory
on the handheld client; han-
dled as unsigned 64-bit inte-
gers
<ClientAllUsersDesktop- Returns the desktop folder Client File Status: <ClientAllUsers-
Dir> for all users in operating DesktopDir>
systems that use the conven-
Value of Variable: C:\Documents and
tion
Settings\All Users Desktop
<ClientBuild> The version of the client Set Variable: <ClientBuild>
build
Value of Variable: 5240
<ClientChannelDir> The directory of the client Client File Status: <ClientChannelDir>
computer where channel
Value of Variable: C:\Program Files
files are located
\AClient\data\VB\49\
<ClientCommonFilesDir> The Windows Common Client File Status: <ClientCommonFi-
Files directory on the client lesDir>
computer
Value of Variable: C:\Program Files
\Common Files
<ClientDataDir> The directory of the client Client File location: <ClientDataDir>
where the client data files are
Value of Variable: C:\Program Files
located
\AClient\Data
<ClientDomainName> The name of the domain to Server Message: <ClientDomain-
which the user is logged on, Name>finished session
or if the user isnt logged on
Value of Variable: Domain name
to a domain this variable will
contain the users computer
name

Administration Reference 275


Session Channel Reference

Variable Description Sample use or sample value


<ClientID> The 32-bit GUID string as- Server Message: Clients ID is <Clien-
sociated with the client. tID>
Value of Variable:
{267D64EC-90B1-420b-AE49-
BA7221FBFAF1}
<ClientInstallDir> The name of the install di- Client File Status: <ClientInstallDir>
rectory on the client \1.txt
Value of Variable: C:\Program Files
\AClient
<ClientIPAddress> The clients IP address dis- Server Message: Could not complete
played in dotted decimal no- session with <ClientIPAddress>
tation
Value of Variable: 192.49.5.104
<ClientMachineName> The computer name of the Test Variable: <ClientMachineName>
client computer <ServerMachineName>
Value of Variable: Machine2
<ClientMemorySize> Used with the Check Mem- If <ClientMemorySize> <= 1400000
ory event, returns a value, in
Value of Variable: 1290342
bytes, that represents the to-
tal amount of memory on the
handheld client; handled as
unsigned 64-bit integers
<ClientOS> The operating system on the Server Message: Clients operating
client computer system is <ClientOS>
Value of Variable: Windows 2003
<ClientOSServicePack> If the client computer runs an <ClientOSServicePack>
operating system service
Value of Variable: 6
pack, returns the level; oth-
erwise returns nothing
<ClientOSShell> Used to return the device <ClientOSShell>
type for the client; returns
Windows Mobile 6 Professional
nothing for Windows CE cli-
ents
<ClientOSVersion> The version of the operating Set Variable: <%ClientSpec><Clien-
system on the client comput- tOS> <ClientOSVersion>
er
Value of Variable: 6.0.1381
<ClientProcessor> Used to determine the pro- <ClientProcessor>
cessor for the specific client
Example value of Variable: StrongArm

276 Afaria
Session Channel Reference

Variable Description Sample use or sample value


<ClientProgramFilesDir> The Program Files directory Client Check Volume <ClientProgram-
on the client computer FilesDir> var.ini
Value of Variable: C:\Program Files
<ClientRasUserName> If the handheld client con- <ClientRasUserName>
nects to the server via a mo-
Value of Variable: Name
dem, returns the users User
Name, otherwise returns
nothing
<ClientTempFilesDir> The temporary files directo- Client File Status: <ClientTempFi-
ry on the client computer lesDir>\*.x00
Value of Variable: C:\Temp
<ClientTypeCategory> The number assigned to a <ClientTypeCategory> Sample value:
category type, as defined in 7 Value of variable:
table A_CLIENT_CATE-
-1 Windows
GORY_NAME_MAP
-2 Windows Mobile Professional
-3 Palm
-4 Java
-5 BlackBerry
-6 Symbian
-7 Windows Mobile Standard
-8 iOS
-9 OMA DM
-10 Android
<ClientTypeCategory- The name of the type of de- <ClientTypeCategoryName> Sample
Name> vice as defined in table value: Windows Mobile Standard Val-
A_CLIENT_CATEGO- ue of variable:
RY_NAME_MAP
1 Windows
2 Windows Mobile Professional
5 BlackBerry
7 Windows Mobile Standard
8 iOS
10 Android

Administration Reference 277


Session Channel Reference

Variable Description Sample use or sample value


<ClientUserName> If the user launches the.xec Value of Variable: User name currently
file directly to initiate a ses- logged in
sion and the client service
isnt running, then
if the service is running, Value of Variable: Afaria Client Service
then Account
If the session is initiated Value of Variable: Account under
through the Scheduler and which XCScheduler.exe runs
the client service isnt run-
ning, then
if the service is running, Value of Variable: Afaria Client Service
then Account
if the service is running, Value of Variable: Afaria Client Service
then Account
<ClientVersion> The version of the Afaria If <ClientVersion> = 6.00
Client application on the cli-
Value of Variable: 6.00
ent computer
<ClientWindowsDir> The Windows directory on Send <ServerWindowsDir>\*.* TO
the client computer <ClientWindowsDir>\*.*
Value of Variable: C:\Winnt
<ClientWindowsSystem- The Windows System direc- Client Check File \example.dll <Cli-
Dir> tory on the client computer entWindowsSystemDir> \example.dll
Value of Variable: C:\Winnt\System32
<ConnectionId> The unique numeric ID Client Message: Your connection is
(GUID) for the connection <ConnectionId>
Value of Variable:
88819910-61AC-11D5-
B23C-0008C7592863
<ConnectionSpeed> Used with the Check Speed Value of Variable: Bits per second
event, determines the speed
of a session connection in
seconds; see remarks in
Check Speed Event for
limitations.
<ConnectionType> Determines whether the ses- Value of Variable: LAN
sion connection is via LAN
or dial-up

278 Afaria
Session Channel Reference

Variable Description Sample use or sample value


<d> Indicates the day of the If <d> <= <%MiddleOfMonth> Value
month from 01 to 31 of Variable: 06
<date> The numeric month, day, and Set Variable: <%LongDate> Hello. It is
year in the form specified by <Date>
the Servers Regional Set-
Value of Variable: 060800
tings Control Panel
<dw> Indicates the day of the week Server Remove Dir f:\week<dw>
from 1 to 7
Value of Variable: 4
<dy> Indicates the day of the year Server Execute c:\bin\dateset -d <dy>
from 001 to 365
Value of Variable: 089
<FileStatCount> The number of files as deter- If <FileStatCount> <=10
mined by running the File
Value of Variable: 10
Status event
<FileStatSize> The file size value, in bytes, If <FileStatSize> <= 1000000
determined by running the
Value of Variable: 1000000
File Status event; handled as
unsigned 64-bit integers
<FileStatVersion> The file version value deter- If <FileStatVersion> <= 5.0.0.0
mined by running the File
Value of Variable: 4.10.412.0
Status event
<GetFilesAttempted> The number of files the Serv- Value of Variable: 6
er attempts to get from the
client, setting the counter to
0 at the beginning of each
channel and never resetting
<GetFilesFailed> The number of times the Value of Variable: 3
Server is unable to get a file
from the client, setting the
counter to 0 at the begin-
ning of each channel and
never resetting
<GetFilesNoUpdate> The number of files the Get Value of Variable: 5
File from Client event
checks that do not require an
update, setting the counter to
0 at the beginning of each
channel and never resetting

Administration Reference 279


Session Channel Reference

Variable Description Sample use or sample value


<GetFilesSuccessful> The number of times the Value of Variable: 3
Server is successful in get-
ting a file from the client,
setting the counter to 0 at
the beginning of each chan-
nel and never resetting
<hh> Indicates the current 24-hour Server Message: Schedule complete at
value on the server from 00 <hh>:<mm>:<ss>
to 23
Value of Variable: 17
<InteractiveUserName> If the user launches the.xec Value of Variable: User name currently
file directly to initiate a ses- logged in
sion, then
If the session is initiated Value of Variable: Account under
through the Scheduler, which XCScheduler.exe runs
then
If the user initiates a session Value of Variable: User name currently
through Channel Viewer, logged in
then
<m> Indicates the month in nu- Client Delete C:\prices\prices<m>.dat
meric format from 01 to 12
Value of Variable: 03
<mm> Indicates the current minute Client Message: <UserName> connec-
value on the server from 00 ted at <mm> after the hour
to 59
Value of Variable: 58
<ms> Indicates the value of milli- Client Message: <UserName> connec-
seconds from 000-999, reset- ted at <ms> after the minute
ting every second
Value of Variable: 187
<SendFilesAttempted> The number of files the Serv- Value of Variable: 6
er attempts to send to the cli-
ent, setting the counter to 0
at the beginning of each
channel and never resetting
<SendFilesFailed> The number of times the Value of Variable: 3
Server is unable to send a file
to the client, setting the
counter to 0 at the begin-
ning of each channel and
never resetting

280 Afaria
Session Channel Reference

Variable Description Sample use or sample value


<SendFilesNoUpdate> The number of files the Send Value of Variable: 11
File to Client event checks
that do not require an update,
setting the counter to 0 at
the beginning of each chan-
nel and never resetting
<SendFilesSuccessful> The number of times the Value of Variable: 3
Server is successful in send-
ing a file to the client, setting
the counter to 0 at the be-
ginning of each channel and
never resetting
<ServerCommonFilesDir> The Windows Common Server File Status: <ServerCom-
Files directory on the server monFilesDir>\mtx0392.dir
computer
Value of Variable: C:\ProgramFiles
\Common Files
<ServerFarmMasterServer- In multiserver environments, Server ID: <ServerFarmMasterServer-
ID> the id of the master server ID>\mtx0392.dir
Value of Variable: AfariaOne
<ServerID> Indicates the unique identifi- Value of Variable: Name of server
er for the Server computer
<ServerInstallDir> The name of the install di- Server File Status: <ServerInstallDir>
rectory on the server com-
Value of Variable: C:\Program Files
puter
\Afaria
<ServerIPAddress> The Servers IP address dis- Client Message: You are proudly
played in dotted decimal no- served by <ServerIPAddress>
tation
Value of Variable: 192.4.109.52
<ServerMachineName> The computer name of the Client Message: You are being served
Server computer by <ServerMachineName>
Value of Variable: Machine1
<ServerMemorySize> Used with the Check Mem- If <ServerMemorySize> <= 4GB
ory event, returns a value that
Value of Variable: 3GB
represents the total amount
of client memory; handled as
unsigned 64-bit integers
<ServerName> Indicates the name of the Value of Variable: Server1
Server

Administration Reference 281


Session Channel Reference

Variable Description Sample use or sample value


<ServerOS> The Servers operating sys- Server Search Registry <%SvrOSVal-
tem ue> <ServerOS>
Value of Variable: Windows NT
<ServerOSVersion> The version of the Servers If <ServerOSVersion> = <ClientOS-
operating system Version>
Value of Variable: 3.0.1381
<ServerProgramFilesDir> The Program Files directory Server Delete <ServerProgramFiles-
on the server computer Dir>\*.tmp
Value of Variable: C:\Program Files
<ServerTempFilesDir> The temporary files directo- Server Rename <ServerTempFilesDir>
ry on the server computer \*.mm0 <ServerTempFilesDir>\*.m0
Value of Variable: C:\Temp
<ServerVersion> The version of Afaria appli- Value of Variable: 6.00
cation installed on the server
computer
<ServerWindowsDir> The Windows directory on Send <ServerWindowsDir>\*.bmp TO
the server computer <ClientWindowsDir>\*.bmp
Value of Variable: C:\Winnt
<ServerWindowsSystem- The Windows System direc- Server Copy <ServerWindowsSystem-
Dir> tory on the server computer Dir>\*.drv TO \archive\drv\*.dr_
Value of Variable: C:\Winnt\System32
<SessionDuration> The number of minutes If <SessionDuration> > <%CutoffTi-
elapsed during this session meLimit>
Value of Variable: 3
<SessionStartTime> The time (in hhmmss format) Server Message: User <UserName>
when this session started starts at <SessionStartTime>
Value of Variable: 010634
<ss> Indicates the current second Server Copy D:\begin.flg TO D:\be-
value on the server from 00 gin<ss>.flg
to 59
Value of Variable: 56
<SystemTime> The current GMT date and Server Message: User <UserName>
time of the server or client in starts at <SystemTime>
format YYYYMMDD
Value of Variable: 20100912 13:34
HH:MM

282 Afaria
Session Channel Reference

Variable Description Sample use or sample value


<TenantID> ID of the tenant, as defined in Server Message: Clients tenant id is
table A_TENANT <TenantID>
Value of Variable: 10134
<TenantName> Name of the tenant, as de- Server Message: Clients tenant name
fined in table A_TENANT is <TenantName>
Value of Variable: Tedco
<time> Inserts the current 24-hour Client Rename C:\done.flg TO
time at the Server in format \<time>.flg
hhmmss
Value of Variable: 010634
<VolumeSize> After executing Check Vol- If <VolumeSize> <= 4GB
ume event, returns the total
Value of Variable: 3GB
size of the checked volume;
handled as unsigned 64-bit
integers
<y> Indicates the exact two-digit Client Rename C:\daily.log TO C:\ar-
numeric value of the year chive\year<y>.log
from 00 to 99
Value of Variable: 00
<y1> Indicates the exact one-digit Server Rename C:\date.fil TO C:
numeric value of the year \date<y1>.fil
from 0 to 9
Value of Variable: 9
<y4> Indicates the exact four-digit Server Rename C:\date.fil TO C:
numeric value of the year \date<y4>.fil
Value of Variable: 2006

User-Defined Session Variables


User-defined session variables use the Set Variable event to create custom placeholders for
any event that can use a variable.
Every worklist or sendlist in the session channel will have access to the new variable after its
defined. As a result, user-defined variables can be used as parameters in another worklist in the
same Session Manager channel, but not across channels.
Worklists can reference another worklist's user-defined session variable as long as the variable
has already been defined in the session. Sendlists execute before worklists in a session. This
order of execution prevents sendlists from being able to use a worklist's variable. Exceptions
may occur if you manipulate priorities in a channel or are running queued outbound
notification channels.

Administration Reference 283


Session Channel Reference

User-defined session variables use the % (percent) symbol preceding the variable name, such
as <%myvariable>=value. Examples of user-defined variables include:
<%current>=<m>/<d>/<y> (Includes a combination of literal text and system
variable.)

<%report>=@\report.txt (Includes an indirect reference @ to the con-


tents of a file.)

<%path>=\\server1\data (Includes a combination of literal text and system


variable)

Environment Variables
Use environment variables as placeholders in event text for system defined values.
To be recognized by the Server, these environment variables must be defined on the
Environment property page of the System Properties window, which you can access from
Control Panel.
If variables have been changed or new variables have been defined, these values will not be
recognized unless the service is stopped and restarted.
Environment variables in event text must take the form <$variablename>. For example,
if a line in the System Environment Variables box defines the variable HTMLHome=Z:
\SessionManagerChannelEditor\HTML\ActiveX\
then the event to copy a file to this directory would be
COPY C:\Temp\File1.htm TO <$HTMLHome>\File1.htm

Variable Modifiers
Variable modifiers modify, then return values, from other variables. The following table lists
the available variable modifiers.
Variable modifier Description Example
<!Drive<VarName>> Extracts the drive letter from Set Variable: <%MyVar>=C:
a session variable or user \Dir1\FileName.doc
variable
Message: <!Drive<%MyVar>>
Value of Variable: C:
<!File<VarName>> Extracts the file name from a Set Variable: <%MyVar>=C:\Dir
session variable or user vari- \FileName.doc
able
Message: <!File<%MyVar>>
Value of Variable: FileName.doc

284 Afaria
Session Channel Reference

Variable modifier Description Example


<!NormalizeFileVer- Returns a normalized ver- If v<!NormalizeFileVer-
sion<VarName>> sion of a version number as a sion<File1StatVersion>> < v<!Nor-
4-node version statement, malizeFileVersion<File2StatVer-
with each node containing 5 sion>>
characters, for the benefit of
a text string comparison.
Each node is padded with
leading zeros, as necessary.
For example, comparing
3.2.2. to 3.2.10 becomes a
comparison between
00003.00002.00002.00000
and
00003.00002.00010.00000.
<!Path<VarName>> Extracts the path from a ses- Set Variable: <%MyVar>=C:\Dir
sion variable or user variable \FileName.doc
Message: <!Path<%MyVar>>
Value of Variable: \Dir1\

Work Object Execution Problems and Solutions


There are several common reasons why a worklist or sendlist object may not execute.
Reason Explanation and Solution
A worklist or sendlist is Explanation: Worklist and sendlist objects must be enabled before they
disabled can be executed.
Solution: Verify that all worklist and sendlist objects assigned to the
Session Manager channel are enabled.
In Members view, verify that Enabled displays in the Status column for
each event. If a worklist or sendlist is disabled, select the object and click
A worklist or sendlist has Explanation: A worklist or sendlist may have been inadvertently deleted
been deleted from the Session Manager channel.
Solution: Verify that all necessary worklist and sendlist objects still exist.
Use the Members view to display all worklist and sendlist objects asso-
ciated with a selected Session Manager channel. If a worklist or sendlist
is no longer a member of the channel and is unavailable in the Select
objects dialog box (see following item), you must re-create the object.

Administration Reference 285


Session Channel Reference

Reason Explanation and Solution


A worklist or sendlist has Explanation: A worklist or sendlist may exist but may not be assigned to
not been assigned to the the proper Session Manager channel. When you initially create a new
proper Session Manager worklist or sendlist, its automatically added to the selected Session
channel Manager channel. If youve copied or imported worklists and sendlists or
have assigned and unassigned objects during your Session Manager
channel editing, an object may have been assigned to the wrong channel
or to no channel at all.
Solution: Verify that all necessary worklist and sendlist objects are as-
signed to the proper Session Manager channels.
Use the Members view to display all worklists and sendlists associated
with a selected Session Manager channel. If a worklist or sendlist isnt
assigned to the Session Manager channel, click Assign to display the
Select objects dialog box. Select the necessary worklist or sendlist from
the list of existing objects and then click OK.
A worklist or sendlist pri- Explanation: A worklist or sendlist objects priority setting determines
ority is not properly set the order in which its executed during a session. For example, a worklist
or sendlist with a priority setting of 100 will execute before a worklist or
sendlist with a priority setting of 5.
Solution: Verify that the proper priority setting has been assigned to the
object. (If no priority is set, the object runs in the assigned order. The
Select objects dialog box displays the objects in alphabetical order, but it
does not have any impact on the execution order.)
In Members view, verify that the object has been assigned the proper
priority setting. To change an objects priority setting, right-click the
object in the left pane of the editor and then choose Set Priority on the
shortcut menu. In the Set <object> priority dialog box, enter the correct
priority for the object and then click OK.
A sendlist failed due to an Explanation: A sendlist transfers files based on the source and target
invalid disk drive, directo- drives, directories, and paths specified on the Event details dialog box. If
ry, or path youve specified an invalid drive, directory, or path, the event fails.
Solution: Verify that the source and target drives, directories, and paths
are correct.
Use the Item Details dialog box to review the event details.If necessary,
use the Event details dialog box to make the necessary changes, or create
the necessary directory structure.

286 Afaria
Session Channel Reference

Reason Explanation and Solution


An event in a worklist or Explanation: Each event in a worklist or sendlist must be enabled before
sendlist is disabled it can be executed as part of the worklist or sendlist, even if the worklist or
sendlist to which it belongs has been enabled. If you havent enabled an
event in a worklist or sendlist, that event will not execute.
Solution: Verify that all events in a worklist or sendlist have been ena-
bled.
Use the Events view to display the objects events. If an event is disabled,
it appears dimmed in Events view.
To enable an event, right-click the event in the left pane of the editor and
on the shortcut menu choose Enable, or access the Event details page for
the event and select the Enabled option in the Status group box.
A worklist or sendlist ob- Explanation: The order of events in the Events list is critical, as in the
jects events arent ar- absence of a priority setting the arrangement of events determines the
ranged in the proper order order in which the events execute. For example, if you insert the End
Work Object event in the middle of the list of events, the object will end
before all the events have executed.
Solution: Verify that the events in a worklist or sendlist are arranged in
the proper order. Use the Events view to see the order of events.
To change the order of events, use the copy and paste commands in
conjunction with the Insert Before and Insert After buttons to rearrange
the events.
A critical event failed Explanation: A critical event causes the session to terminate automati-
cally if the event fails to successfully complete. If other events follow the
failed critical event, they will not execute.
Solution: Check the event details to determine which critical event failed.
If this event is not critical, clear the Critical Event option on the Event
details dialog box.
Insufficient disk space at Explanation: In order for certain events such as file transfers to execute
the client properly, there must be sufficient disk space at the client. If there isnt
sufficient disk space, the event will not execute.
Solution: Verify that sufficient disk space exists on the client. Use the
Check Volume event to verify disk space.
Invalid disk drive Explanation: If the disk drive specified for the Source or Target does not
exist, the event cannot be completed.
Solution: Verify the correct disk is specified on the Events details dialog
box. If necessary, make changes to the disk drive specified, or create the
appropriate directory structure.

Administration Reference 287


Session Channel Reference

Reason Explanation and Solution


Variables not properly de- Explanation: You must use the proper syntax when creating user-defined
fined variables. For example, all user-defined variables must be enclosed in <
> symbols and must be preceded with the % symbol, for example, <
%variable>.
Solution: Verify that youve used the proper syntax for all user-defined
variables. Use the Event details dialog box to check variables. Make
changes as necessary.
Conditional statements Explanation: Many conditional events, such as Else statements, are used
not properly resolved in conjunction with other events, such and End If events. Events may fail
if conditional events arent properly resolved, for example an If event
must be used with an Else event.
Solution: Verify that all conditional events are resolved.Use the Events
dialog box to display all of the events.
Add additional conditional events as necessary.
Repeat event not properly Explanation: Repeat events repeat actions based on the iterations and
defined loop times that you specify. If you do not specify a loop time or do not use
an End Repeat event in conjunction with the Repeat event, the event may
not execute properly.
Solution: Verify that all Repeat events are used in conjunction with an
End Repeat event and that youve specified the proper number of itera-
tions and loop times.
Use the Event details dialog box to review the information.If necessary,
add an End Repeat event to the list of events or modify the detail infor-
mation on the Event Details dialog box.

Note: Source files can't be specified along paths that are mapped drives. If the source is on a
drive other than the local computer (Server), then UNC paths are required.

Note: The condition status that is returned is based on the last event that executes. If an event is
skipped, then no status is returned.

288 Afaria
Glossary

Glossary
Afaria helps manage desktop and mobile computing devices in your enterprise.
The following Afaria terms are used throughout the documentation:
Afaria Administrator Afaria Administrator the Afaria server interface, a Web
console that you can access with any supported Web browser. Afaria uses role-based
access policies to control user rights. Rights are associated with functions in the user
interface and with individual tenants.
Afaria Administrator, the console the Web console that provides an interface for the
Afaria server. Use Afaria Administrator to define the server configuration; define roles
for Afaria Administrator users; manage Afaria devices, groups, and policies; and
monitor system activity.
Afaria administrator, the individual the person that installs and operates the Afaria
product.
Afaria application Afaria software installed on a device that interacts with the hosting
device.
Afaria devices user devices, such as handheld devices, smartphones, and laptops that
Afaria manages. Devices have an Afaria application installed and may have a native
capability or third-party application that Afaria features use to interact with the hosting
device.
Afaria server the Afaria server can operate as a single, standalone server or as multiple
servers in a server farm. The Afaria server communicates with the Afaria database and
additional components or devices as necessary.
Standalone Afaria server a single Afaria server operating as the only Afaria server in
an Afaria installation. The server has a one-to-one relationship with the Afaria
database.
Afaria server farm multiple Afaria servers operating together in an Afaria
installation. The servers have a many-to-one relationship with the Afaria database. A
server farm includes one master Afaria server and one or more farm servers.
Application onboarding for commercial or enterprise applications for iOS, Android,
and BlackBerry devices, Afaria can provision data and certificates to facilitate
onboarding.
Data provisioning Afaria delivers application configuration data as needed, such as
for connectivity or operations.
Certificate provisioning Afaria delivers a certificate to a device as needed, such as for
user authentication.

Administration Reference 289


Glossary

Email server for Afaria Access Control for Email, an optional feature, the email server
hosts the access control PowerShell service, which polls the Afaria server for current
access control policies and delivers that information to the email proxy in the DMZ.
Enrollment server required for handheld device enrollment and iOS operations. The
enrollment server retrieves enrollment policies and starts the enrollment process for
devices requesting enrollment. For iOS, the enrollment server also delivers management
payloads.
Groups collection of one or more devices. Manage devices by their group membership,
both by their direct membership in a group and by their inherited membership as a device
that belongs to a user in a user group. Devices can have membership in more than one
group. Link a group to a policy to manage all devices in that group.
Static includes devices that you manually select. Membership changes only when
you add a device to the group, or delete a device from the group or from Afaria.
Dynamic includes devices that are included in a device view, as defined in the Device
page, when you click Select View on the left toolbar. Membership changes
automatically based on changes to the results of the view.
User includes devices that are associated with users that are included in a user group,
as defined by the Afaria servers Windows users groups, LDAP groups, or NT domain
groups. Device members may change as user group membership changes.
Membership changes automatically based on changes to the selected groups.
Composite includes one or more Afaria groups.
iOS Certificate Authority for iOS operations, as defined by Apple to support iOS
mobile device management (MDM), Afaria requires a Microsoft certificate authority
(CA). The CA uses native Simple Certificate Enrollment Protocol (SCEP) to issue
certificates to devices for all inbound MDM communication. The CA also hosts the
optional Afaria SCEP plug-in that further increases security by verifying that devices are
in the Afaria database before allowing payload delivery.
Mobile Device Management (MDM) Afaria management that uses policies to manage
configuration, applications, and security. Afaria MDM for iOS devices uses Apple MDM
architecture for communicating with iOS devices, with Afaria as the MDM server.
Policies focused collections of settings that enroll and manage devices:
Application manage applications for iOS and Android devices.
Configuration define device settings and options, and collect device inventory and
device activity data.
Enrollment enroll and provision devices that are assigned configuration policies so
you can enforce security parameters and deploy and manage enterprise applications.
Session select channels for devices to run. Channels include scripted events and logic
to perform tasks on the devices, such as file transfers and registry updates.
Portal Package server for application policies, serves Afaria enterprise application
packages to devices. For application onboarding, serves certificates and device

290 Afaria
Glossary

provisioning data to calling third-party applications. The portal package server does not
server commerical applications to devices.
Relay server proxy for HTTP and HTTPS connections from the Internet to an Afaria
component server, such as the Afaria server or the enrollment server. The relay server is
optional, but recommended for increased enterprise network security.
Self-Service Portal server Web server to let end users enroll their device in Afaria
management, and let users view their device information and issue commands, such as
reset a password. The portal is optional for enrollment.
Tenant an entity defined within the Afaria environment that is associated with a subset of
the device base and its related operations.

Administration Reference 291


Glossary

292 Afaria
Additional Copyright Information

Additional Copyright Information


Portions copyright 1998-1999, Xceed Software Inc.

Administration Reference 293


Additional Copyright Information

294 Afaria
Index

Index
A Apple configuration policies 101
Apple push notification 51
access control for email 165
application onboarding 9, 147
Android 165
certificate provisioning
iOS 165
Android 149
polling interval 167
BlackBerry 149
unknown devices 167
iOS 150
Windows Mobile 166
data provisioning
Afaria Access Control for Email policy
Android 147
editing for iOS 45
BlackBerry 148, 149
Afaria device management overview
iOS 147
"link" and "unlink" usage 7
application onboarding, see Administration
explicit and implicit linking 7
Reference 67
overview of management 7
application policy 68
policy-group-device relationship 7
for Android 75, 77
Afaria Server
for application onboarding, see Administration
configuration properties: install and admin
Reference 67
153
for iOS 68, 70
alert 181
acknowledging an alert 181
alert response 183 B
contact 183
defined event 183 BlackBerry
deleting an alert 181 device enrollment and reenrollment 22
new alert 182 enrollment policies and codes 22
pending alert 182 introduction 22
user-defined event 184 BlackBerry client
Android life cycle 22
device enrollment and reenrollment 17 BlackBerry devices
enrollment policies and codes 17 certificate provisioning 150
introduction 16 compiling applications 149
password policy 81
Android Applications
provisioning data 148
C
Android client C2DM 158, 159
actions during enrollment 17 Certificate Provisioning
Afaria Access Control for Email 17 Android devices 149, 150
life cycle 16 BlackBerry devices 149, 150
removing the agent 18 channel
Android devices selecting for devices to run 141
certificate provisioning 150 Check File event 222
compiling applications 149 Check Memory event 223
compiling applications 147 Check Speed event 224
data provisioning 147 Check Volume event 224
Append Channel event 220 Comment event 225
Append event 221

Administration Reference 295


Index

composite group iOS security actions 51


creating 62 linked to a policy 144
defined 59 linking to a static group 54
configuration policy 67, 80 modifying the device owner 49, 55, 56
Android 81 moving a device to a tenant 48
Blackberry 97 run a channel 53
iOS MDM payloads 98 searching for 40
using the user interface controls 80 summary 41
Windows 102 viewing policy links 55
Windows Mobile Professional 103 Windows Mobile security actions 52
Windows Mobile Standard 103 See also Afaria device management
connecting devices overview
to apply policies 63 Device Activity
to run session policies 63 data collection frequency by device 171
to run sessions 63 overview 8, 32
Create Registry Key event 227 Device Activity Collection
cleanup schedule 180
D configuring 170
configuring data view settings 179
dashboard 60
configuring general settings 178
policy 68
configuring international roaming 178
data provisioning
custom device activity views 34
BlackBerry
data cleanup schedule 180
output requirements 148
data collection overview 171
Delete File event 227
data connection detail definitions 37, 176
Delete Registry Key event 228
data customization 34
Delete Registry Value event 229
data removal 180
Delete Variable File event 230
data views 33
deleting a device
displaying device list 33
See device
displaying device location on map
deleting a group 62
map display 40
deleting a policy 142
map of device location 40
device 50
enabling 172
Android security actions 50
enabling cleanup 180
Apple push notification 51
latitude definintion 40, 180
apply policies 52
longitude definition 40, 180
approving or unapproving a device 30, 49
message data detail definitions 39, 177
BlackBerry security actions 51
preparing the devices for 170
creating device views 32
removing individual subscriber data 39, 175
deleting a device from the server 50
reprompting users 172
deleting a device's data from the server 50
starting data collection 172
Device page in console 31
stopping data collection 172
editing a device, Android 44
subscriber data definitions 35, 173
editing a device, BlackBerry 45
voice call detail definitions 37, 175
editing a device, general 44
device activity list
editing a device, iOS 45
data views 33
editing a device, Windows 47
default view 33
editing a device, Windows Mobile 47
Device Activity Views
Google C2DM notification 50
data views 33
inspecting 41

296 Afaria
Index

device enrollment Self-Service Portal 12, 13


application source summary 15 enrollment policies and codes
custom installations 14 for Android 17
defined 11 for BlackBerry 22
enrollment codes 11, 12 for iOS 19
enrollment policies 11 for Windows 27
enrollment summary 15 for Windows CE 25
Self-Service Portal 12, 13 for Windows Mobile 25
device ownership enrollment policy 67, 123
importing a corporate device list 55, 56 Android 123
modifying or resetting ownership status 49, 55, BlackBerry 125
56 iOS 127
Device page in Afaria Administrator 31 Windows 2003 138
device settings Windows 2008 136
configuring 80 Windows 7 136
devices Windows CE 128
connecting 63 Windows Mobile Professional 130
connecting to a group to apply policies 63 Windows Mobile Standard 133
data views 33 Windows Vista 136
displaying device activity list 33 Windows XP 138
viewing all devices with summary information events 232
31 Session Manager 283
viewing devices in a group 64 Append 221
viewing some devices in filtered system or Append Channel 220
custom views 31 Check File 222
viewing the dashboard 31 Check Memory 223
Directory Listing event 230 Check Speed 224
Disconnect event 232 Check Volume 224
dynamic group Comment 225
creating 61 Create Registry Key 227
defined 59 Delete File 227
Delete Registry Key 228
E Delete Registry Value 229
Delete Variable File 230
editing a group 62
details 194
editing a policy 142
Directory Listing 230
Else event 232
Else 232
End If event 233
End If 233
End Impersonation event 233
End Impersonation 233
End Quota event 233
End Quota 233
End Repeat event 234
End Repeat 234
End Session event 234
End Session 234
End Work Object event 235
End Work Object 235
enrollment
Execute Program 236
application source summary 15
execution options 198
custom installations 14
export 199
defined 11
File Status 237
enrollment codes 11, 12
Find File 238
enrollment policies 11
Get Database Field 239
enrollment summary 15

Administration Reference 297


Index

Get File from Client 240 Find File event 238


Get Registry Value 243
Get Script Variable 243
If 244
G
import 199 Get Database Field event 239
Insert Channel 248 Get File from Client event 240
Insert Worklist 248 Get Registry Value event 243
Load Script 249 Get Script Variable event 243
Make Directory 249 Google C2DM 158, 159
Message 250 Google C2DM notification 50
Notify Program 250 group
optimization 199 assignment 53
Quota 251 composite 59, 62
Raise Event 252 dashboard 60
Read Variable File 253 deleting 62
reference dynamic 59, 61
directories and file names 195 editing 62
Release Script 255 exporting views 65
Remove Directory 255 inspecting 62
Rename File 256 linking devices 60
Repeat 257 linking policies 64
Run Script Function 258 list 59
Search Directory 260 size 59
Send File to Client 260 static 5961
Set Bandwidth Throttling Config 263 unlinking a policy 65
Set Client Time 254, 264 unlinking devices 61
Set Database Field 264 user 59, 61
Set File Attributes 266 viewing devices in a group 64
Set Registry Value 267 viewing policy links 63
Set Script Variable 268 See also Afaria device management
Set Variable 269 overview
Test Variable 270, 271 Group
Update Variable File 271 Group page in console 59
variables group links 143
session Group page in Afaria Administrator 59
predefined 274
Wait for File to Exist 272
Session Manager event types 201 I
Execute Program event 236
If event 244
export events 199
import
exporting
events 199
group view 65
import/export 101
policy view 145
importing
F corporate device list 55, 56
Favorites importing policies 101
Configuration Manager 113 Insert Channel event 248
File Status event 237 Insert Worklist event 248
file/disk operations inspecting a device 41
event 201 inspecting a policy 142

298 Afaria
Index

inspecting the contents of a group 62


inspector 41, 62, 142
iOS
P
custom branding 160163 policy
device enrollment and reenrollment 19 application 67
enabling iOS schedules 156, 160 applications for Android 75, 77
enrollment actions 19 applications for iOS 68, 70
enrollment policies and codes 19 applications for iOS and Android 68
introduction 18 applying to a group 63
language localization 163 configuration 67, 80
life cycle 18 connect a device to apply policies 52
iOS administration 101 dashboard 68
iOS Applications deleting 142
provisioning data 148 editing 142
iOS device configuration policies 101 enrollment 67, 123
iOS devices exporting a policy view 145
certificate provisioning for application onboarding, see Administration
compiling applications 150 Reference 67
iOS devices 150 inspecting 142
output requirements 151 linking a group to a policy 144
compiling applications 147 linking to a group 64
data provisioning 147 Policy page in console 67
hardware inventory 42 publishing 143
iOS variables for policies 20 session 67, 141
unlinking a group from a policy 145
L unlinking a policy from a group 65
unpublishing 143
Licenses viewing devices linked to a policy 144
viewing 9 viewing groups linked to a policy 143
linking viewing policy links for a device 55
devices to static groups 60 viewing policy links for a group 63
groups to policies 144 viewing the policy list 67
policies to groups 64 See also Afaria Access Control for Email
links policy
viewing a policy's group links 143 Policy page in Afaria Administrator 67
Load Script event 249 publishing policies 143
logging
configuring 157
logs Q
configuration 157
Quota event 251

M
R
Make Directory event 249
Message event 250 Raise Event event 252
miscellaneous events 201 Read Variable File event 253
reenrollment 16
Release Script event 255
N Remove Directory event 255
Notify Program event 250 Rename File event 256

Administration Reference 299


Index

Repeat event 257 event


Run Script Function event 258 details 194
run session 63 execution options 198
export 199
S import 199
optimization 199
Search Directory event 260
reference
security actions
directories and file names 195
performing security actions on devices 50
event types 201
Send File to Client event 260
Events view 191
sendlists 191
Execute Program event 236
adding events 193
file comparison 196
assigning 192
Find File event 238
server configuration
Get Database Field event 239
log cleanup 157
Get File from Client event 240
logging policies 157
Get Registry Value event 243
session 63
Get Script Variable event 243
session channels 141
hiding event flags 194
session control
If event 244
event 201
Insert Channel event 248
Session Manager
Insert Worklist event 248
Append Channel event 220
Load Script event 249
Append event 221
Make Directory event 249
Channel Editor
Message event 250
control object display 191
Notify Program event 250
Channels view 191
Pre-processing tasks 200
Check File event 222
Quota event 251
Check Memory event 223
Raise Event event 252
Check Speed event 224
Read Variable File event 253
Check Volume event 224
Release Script event 255
Comment event 225
Remove Directory event 255
create a channel 189
Rename File event 256
Create Registry Key event 227
Repeat event 257
custom event colors 194
Run Script Function event 258
default view 190
Search Directory event 260
Delete File event 227
Send File to Client event 260
Delete Registry Key event 228
sendlists 191
Delete Registry Value event 229
adding events 193
Delete Variable File event 230
assigning 192
Directory Listing event 230
Set Bandwidth Throttling Config event 263
Disconnect 232
Set Client Time event 254, 264
Disconnect event 232
Set Database Field event 264
displaying event flags 194
Set File Attributes event 266
Else event 232
Set Registry Value event 267
End If event 233
Set Script Variable event 268
End Impersonation event 233
Set Variable event 269
End Quota event 233
streamlining remaining tasks 200
End Repeat event 234
supported device types 189
End Session event 234
Test Variable event 270, 271
End Work Object event 235

300 Afaria
Index

transfer options 196 Update Variable File event 271


unassigning objects 193 user defined fields 187
Update Variable File event 271 user group
using variables 195 creating 61
using wildcards 196 defined 59
variables
session
predefined 274 V
Wait for File to Exist event 272 variable use
worklists 191 event 201
adding events 193 variables
assigning 192 for iOS 20
creating efficiencies 200 session
Session Manager Channel Editor 190 predefined 274
session policy 67, 141 user defined 283
connect a device to run a channel 53 viewing
session channels 141 devices linked to a policy 144
Set Bandwidth Throttling Config event 263 groups linked to a policy 143
Set Client Time event 254, 264 policy list 67
Set Database Field event 264
Set File Attributes event 266
Set Registry Value event 267 W
Set Script Variable event 268
Set Variable event 269 Wait for File to Exist event 272
static group 61 Windows
creating 60 device enrollment and reenrollment 27
defined 59 enrollment policies and codes 27
linking devices 60 introduction 26
unlinking devices 60 Windows CE
device enrollment and reenrollment 25
enrollment policies and codes 25
T Windows device
life cycle 26
tenant
Windows Mobile
moving a device to a tenant 48
device enrollment and reenrollment 25
Test Variable event 270, 271
enrollment policies and codes 25
introduction 24
U Windows Mobile device
life cycle 24
unlinking
worklists 191
a policy from a group 65
adding events 193
devices from static groups 61
assigning 192
unlinking a group from a policy 145
creating efficiencies 200
unpublishing a policy 143

Administration Reference 301


Index

302 Afaria