设计自定义android DPC应用程序与Android管理API有何关系? [英] How does designing custom android DPC app relate to Android management API?

问题描述

我是android企业开发领域的新手，对于android企业生态系统中的各个部分之间如何相互联系，我有些误解.让我解释.

I'm new to android enterprise development world, and I have some misconception of how different pieces in the android enterprise ecosystem relate to one another. Let me explain.

我要实现的解决方案是能够远程将设备锁定为信息亭模式，并且即使用户处于脱机状态，也可以基于某些业务逻辑将其锁定.我开始调查EMM，尤其是 Android Management API 来解决此问题.我可以使用API​​将设备远程锁定为信息亭模式.我正在采取的步骤

The solution that I'm trying to achieve is being able to lock the device into kiosk mode both remotely, and also based on some business logic do it even when the user is offline. I started investigating EMM and particularly Android Management API to solve the problem. I was able to lock the device remotely into kiosk mode using the API. The steps that I take is following

1. 恢复出厂设置为Android设备
2. 到达用户需要输入凭据的屏幕
3. 我输入afw#setup而不是真实的凭据
4. 设备进入工作资料模式，并且正在安装android设备策略
5. 我在管理API中创建了一个注册令牌(快速开始中介绍了相关步骤指南
6. 我会生成QR码，并在收到提示后立即使用恢复出厂设置的设备对其进行扫描
7. 该设备将链接到企业，通过创建特殊的信息亭模式策略并使用补丁政策(以创建政策)和修补设备 API.

1. Factory reset the android device
2. Reach the screen where user needs to enter their credentials
3. Instead of real credentials I enter afw#setup
4. Device enters into work profile mode and android device policy is being installed
5. I create an enrollment token in the management API (the steps for that are described in the quick start guide
6. I generate a QR code and scan it using the factory reset device as soon as I'm prompted
7. The device will be linked to the enterprise, and I'm successfully being able to control it and put the device into kiosk mode by creating special kiosk mode policy and patching the device to comply to that policy using a combination of patch policy (to create a policy) and patch device APIs.

下一步是找到一种即使用户处于离线状态也可以将设备锁定为信息亭模式的方法.我认为这将通过创建一个android企业自定义DPC(设备策略控制器)应用程序来实现.我以为通过阅读以下文档，其中是以下三种方法之一供应单一用途"设备的过程正在创建自定义DPC应用程序.这是来自不同 url

The next step was finding out a way to lock the device into kiosk mode even when user is offline. I assume that it's going to happen by creating an android enterprise custom DPC (device policy controller) application. I assumed that by reading the following documentation, where one of the 3 ways of provisioning "single purpose" devices is creating a custom DPC application. Here's another quote from different url

作为EMM，您将开发一个DPC应用程序，供客户与EMM控制台和服务器一起使用.您的客户将DPC部署到他们管理的用户设备上. DPC充当EMM控制台(和服务器)与设备之间的桥梁.管理员使用EMM控制台执行一系列任务，包括配置设备设置和应用.

As an EMM, you develop a DPC app that can be used by your customers in conjunction with your EMM console and server. Your customer deploys the DPC to the user devices that they manage. The DPC acts as the bridge between your EMM console (and server) and the device. An admin uses the EMM console to perform a range of tasks, including configuring device settings and apps.

这是我所有困惑出现的地方. 自然而然产生的第一个问题-在谈论EMM控制台和服务器时，先前引用的作者是否提到EMM管理API?

And here's where all of my confusions arise. First question that naturally arises - was the author of the previous quote referring to EMM management API when talking about EMM console and server?

此外，还有更多我找不到答案的问题

Further, there are more questions that I couldn't find an answer to

指南中没有提及创建自定义DPC关于EMM API在自定义DPC中将扮演什么角色，因此我找不到地方描述自定义DPC是EMM控制台(大概是EMM API)和设备之间的桥梁吗?

In the guide for creating a custom DPC there are no mentions about what role EMM API will play in custom DPC, and consequently there's no place I could find that describes how exactly the custom DPC is a bridge between the EMM console (presumably EMM API) and the device?

然后，假设我已经开发了一个自定义DPC应用程序，并将其上传到了Google Play Alpha频道. 文档指出，在设置过程中，而不是输入afw #setup我应该输入afw#DPC_NAME，但不知道如何生成该名称?是DPC应用程序的捆绑包ID吗?还是可能是在Google设置中的某处设置了?例如，谷歌开发了 TestDPC 应用程序来测试企业解决方案，按照上述步骤，输入afw#testdpc并成功扫描了git自述文件中的QR码，我看到已安装TestDPC并将设备启动到工作配置文件模式.因此，我认为我需要以某种方式注册自己的"testdpc"并输入afw#my_dpc.

Then, let's assume I've developed a custom DPC application and uploaded it to google play alpha channel. The documentation states that during the setup process instead of entering afw#setup I should enter afw#DPC_NAME, and I have no idea how to generate that name? Is it the bundle ID of the DPC app? Or perhaps it's being set somewhere in google settings? For instance, google has developed the TestDPC application to test enterprise solutions, and I was able to go through the steps I described above and enter afw#testdpc and successfully scanned the QR code in the git readme file and I saw that TestDPC was installed and device was launched into work profile mode. So, I assume somehow I need to register my own "testdpc" and enter afw#my_dpc instead.

基本上，我有不同的作品单独工作，我想在我的脑海中形成一张更广阔的图画，以了解如何将这些作品缝合在一起.

Basically I have different pieces working stand alone and I want to form a broader picture in my mind to understand how to stitch those pieces together.

感谢您的回答

更新1:

今天，我找到了一种无需通过NFC或其他设置流程即可将自定义DPC转变为设备所有者的方法.这对于开发目的特别有用.按照此链接获取说明这既节省时间，又以我为例，我们仍在等待Google的批准，但最终我们可以开始测试某些东西，而无需自定义设置过程.

Today I found a way of turning custom DPC into device owner without going through NFC or other provisioning process. This is particularly useful for development purposes. Follow this link for instructions.This is both huge time saver, and also, in my case, we still are waiting for google's approval, but finally we can start testing some stuff without the need of custom provisioning process.

推荐答案

管理Android设备有两种不同的方法:

There are two distinct ways of managing Android devices:

新方法: Android管理API .这是Google推荐的方法，它比以前的方法要简单得多，您无需调用其他API或创建自定义DPC.如果此API无法解决您的用例，您可以发送反馈给Google，以便他们可以添加缺少的功能.

The new way: the Android Management API. It is the way recommended by Google and it's significantly simpler than the old way, you don't need to call other APIs or to create a custom DPC. If your use case is not addressed by this API you can send feedback to Google so they can add the missing features.

旧方法(自2019年12月20日起不再适用于新部署):使用自定义DPC.为此，您需要:

The old way (no longer available for new deployments as of 2019-12-20): using custom DPC. For that you need to:

• 创建自定义DPC ，
通过加入EMM社区在Google
• 中注册您的自定义DPC (方法是这样的您会获得afw#DPC_NAME)，
• 使用 Google Play EMM API 安装应用.

• create a custom DPC,
• register your custom DPC with Google by joining the EMM Community (this is how you get the afw#DPC_NAME),
• use the Google Play EMM API to install apps.

在文档中，您-使用这些API的开发人员-被称为"EMM". "EMM服务器"是指您拥有并调用这些API的服务器，"EMM控制台"是指您向IT管理员公开的UI控制台.

In the documentation you - the developer using these APIs - are referred as "the EMM". "EMM server" refers to the server that you own and that calls these API, and "EMM console" refers to the UI console that you expose to your IT admins, if any.

这篇关于设计自定义android DPC应用程序与Android管理API有何关系?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！