Technical Whitepaper

Good for Enterprise: The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices

YourDeviceHere.Good supports hundreds of devices.

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 2

Contents

Introduction 3

Android Enterprise Application Distribution 4

iOS Enterprise Application Distribution 5

Conclusion 6

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 3

IntroductionAs of Q2 2011, Good for Enterprise introduced support for Enterprise Application Distribution on both iOS- and Android-enabled devices. Enterprise applications differ from consumer-facing applications—hosted on application marketplaces—in that they are often developed in-house by corporations, and are deployed to a limited number of employees’ devices. This whitepaper provides a technical overview of the Enterprise Application Distribution function, including how Good for Enterprise secures enterprise applications.

The Need for Secure Enterprise Application Distribution

The penetration of smart devices into consumer markets has made connectivity relatively easy and inexpensive, espe-cially outside of the workplace. Connectivity, accompanied by the right apps and tools, also increases collaboration and productivity in nearly any organization. While access to corporate email, calendar and contacts is often the starting point, industry-leading companies recognize that employees need more than email to fully participate in business processes.

With the rapid emergence of tablets based on the iOS and Android platforms, the ability to securely manage and distribute enterprise apps is more important than ever. A number of enterprises have deployed new tablets like the iPad, iPad2, Motorola Xoom and Samsung Galaxy Tab. In many cases, these tablets are being purchased by the company with the explicit purpose of deploying enterprise applications—such as salesforce automation applications, point-of-sale applications, and applications in support of “paperless office” green initiatives.

A unique challenge of enterprise applications is that, unlike consumer applications, these applications are designed to support internal business processes or specific groups of users. As such, corporate IT organizations cannot rely on application marketplaces (e.g. Apple App Store or Android Market) to distribute these applications. Rather, they require a secure mechanism to distribute, update and manage these custom applications for specific users or groups of users.

Good’s Enterprise Application Distribution: An Overview

Good’s solution streamlines enterprise application distribution by allowing management of applications from the Good Mobile Control (GMC) console. Using the GMC, enterprise apps can be uploaded to the Good Network Op-erations Center (NOC) and then made available to specific devices or groups of devices via GMC policy. If enabled by policies via GMC, end users are notified of the availability of specific enterprise applications.

The diagram below illustrates the Good for Enterprise architecture:

Figure 1: The Good for Enterprise Architecture

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 4

Android Enterprise Application DistributionUsage Flow

An IT administrator uses the Good Mobile Control console to upload their Android application (.apk file) to the Good NOC. Using GMC policies, the IT admin may specify the delivery of the application to individual devices or groups of devices. Metadata concerning the application is sent via Good’s secure transport layer to the device. An “Apps” tab automatically appears within the Good for Enterprise client when one or more applications are available, and upon selecting this tab the employee will see a catalog of approved applications to which they have been granted access. These enterprise applications are installed outside the Good container.

Technical Details

The diagram below illustrates the Good for Enterprise architecture relevant to Android-enabled devices (explanations of numerically designated flows to follow):

Figure 2: Good for Enterprise architecture: Android devices

The end-user needs to agree to install the application

The application is now installed on the device

A notification about a new available application

The end-user can get to the new application through the Applications Catalog screen

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 5

1) The Android application (in .apk format) is encrypted by GMC and uploaded to the Good NOC via HTTPS. The payload is stored within the Good NOC’s Oracle databases, and data integrity is preserved via Oracle Streams among database instances. Access to the application payload is only permitted via https connection from authenti-cated Good clients to the Good NOC’s web gateways.

2) GMC communicates metadata relevant to the new software to affected devices via Good’s standard secure com-munication method (through the Good Mobile Messaging server—GMM—and the Good NOC) to the device.

3) The Good for Enterprise application on a user’s device receives the software information. The Good client may request further application metadata and the application itself, via HTTPS calls to the Good NOC.After downloading the .apk file from the NOC, the Good client unencrypts it using the key specified by its GMC. The .apk is presented to the Android OS for standard third-party application installation, and the user is prompted accord-ingly by the OS. When the user agrees to app installation, the application is installed outside the Good container.

The first Good for Enterprise – Android client version to include Android Enterprise Applications functionality is v1.7.3. In this release, application names are shown on the Apps screen in text form, along with version numbers for the applications.

iOS Enterprise Application DistributionUsage Flow

In the Good Mobile Control (GMC) console, uploading iOS enterprise apps in ‘.ipa’ format is similar to the process for uploading ‘.apk’ files on Android. During upload, certain details such as the version number and iOS Bundle Identifier (e.g., com.mycompany.enterpriseapp01) are detected automatically. The IT administrator may also enter an extended description for applications.

From the end user’s perspective, Good’s iOS Enterprise Application Distribution experience is quite similar to that provided on Android. An “Applications” launcher bar icon automatically appears within the Good for Enterprise cli-ent when one or more applications are available. Upon selecting the launcher bar icon the user will see a catalog of approved applications to which they have been granted access. The enterprise applications are installed outside the Good container.

The end-user needs to agree to install the application

The new application is now installed on the device

Push notification about a new available application

The end-user can get to the new application through the Applications Catalog screen

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 6

Technical Details

Good’s iOS Enterprise Application Distribution framework is an implementation of the iOS4 Enterprise Application Installation paradigm. For background as to how iOS Enterprise Apps are prepared for deployment, and the mecha-nisms iOS 4 provides for over-the-air install of .ipa files, see the Apple document Distributing Enterprise Apps for iOS 4 Devices.

The diagram below illustrates the Good for Enterprise architecture relevant to iOS (explanations of numerically desig-nated flows to follow):

1) The iOS application (in .ipa format) is uploaded to the Good NOC via HTTPS.The payload is stored within the Good NOC’s Oracle databases, and data integrity is preserved via Oracle Streams among database instances. Access to the application payload is only permitted via https connections from clients to the Good NOC’s web gateways.

Unlike Android, the iOS application is not encrypted. Per the iOS Enterprise Applications requirement, the iOS ap-plication (e.g. .ipa file) needs to be made available to the iOS device in an unencrypted form because iOS handles the download (vs. Good).

2) The GMC communicates metadata - relevant to the new software - to affected devices via Good’s standard secure communication method (through the Good Mobile Messaging server—GMM—and the Good NOC), to the device.

3) The Good for Enterprise application on a user’s device receives the software information. The Good client may request further application metadata and the application itself via HTTPS calls to the Good NOC.

4) If the user opts to install the iOS application, control passes to the iOS system which automatically downloads fur-ther installation metadata and the .ipa file itself from the Good NOC, using HTTPS. The application appears on the iOS Home Screen and a progress bar indicates download status until the installation process is completed. Once installed, the enterprise applications will be managed outside the Good container.

The first Good for Enterprise – iOS client version to include iOS Enterprise Applications functionality is v1.9.0.

Figure 3: Good for Enterprise architecture: iOS devices

Good Technology www.good.com The Enterprise Application Distribution Function on Android-and iOS-enabled Mobile Devices 7

ConclusionWith the Good for Enterprise application distribution function, enterprises have a secure means of easily distribut-ing and managing custom enterprise applications to specific users or groups of users. In today’s dynamic business environment enterprises must keep pace with technological innovations while maintaining corporate security. With the proven record of Good’s infrastructure, managing and distributing enterprise applications can now smoothly inte-grate into the existing workflows of IT teams responsible for enabling and securing mobile employee collaboration.

©2011 VISTO Corporation and Good Technology, Inc. All rights reserved. Good, Good Technology, the Good logo, Good for Enterprise, Good for Government, Good for You, Good Mobile Intranet, and Powered by Good are trademarks of Good Technology, Inc. ConstantSync, Constant Synchronization, Good Mobile Client, Good Mobile Portal, Good Mobile Exchange Access, Good Mobile Platform, Good Easy Setup, Good Social Networking and Good Smarticon are either trademarks or registered trademarks of VISTO Corporation. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good and Visto technology are protected by U.S. patents and various other foreign patents. Other patents pending.

Watch a demo of Good for Enterprise: iOS by visiting http://www.good.com/demos/index.php or call 1-866-7BE-GOOD for more information.