enterprise app development for windows phone
Post on 21-Jun-2015
161 Views
Preview:
DESCRIPTION
TRANSCRIPT
Enterprise App Developmentfor Windows Phone (finally!)Kelly WhitePresident – Silvertail Software IncMicrosoft MVP – Windows Phone Development
http://about.me/kelly.white/
Developing software since 1999Windows Phone Development since 2010Silvertail Software Inc.Microsoft MVP – Windows Phone Development
What does that even mean?
http://about.me/kelly.white
Click icon to add picture
About Me
Goals and overviewAccount creation and cert acqApp enrollment and deploymentApp launch and phone home
Agenda
Enterprise applications
Goals and overview
Companies control which phones may run their appsEnterprise apps may install and run only on phones that are enrolled with the associated enterprise
Companies control the lifecycle of their appsNo ongoing interaction from Microsoft
Companies control the deployment and distributionIt’s highly recommended to authenticate users prior to app enrollment and app deployment
Enable companies to deploy business applications to their employees privately and securely.
App enrollments and installs require user confirmationUpdates of existing apps can be done silently
Consumer and enterprise data are kept separateCompanies can inventory their own apps, but not marketplace apps
Enable end users to feel in control while preserving a company’s right to protect their data.
Overview
Company
MicrosoftSymantec
12
3 5
4 6
7
8
Enterprise applications
Account creation and cert acquisition
Must be a Company accountPublisher name displayed on phone
Company approval requiredPrivate key, CSR, cert are local to PC
Account creation and cert acquisition
Enterprise certificate
Issuer
Validity period
Publisher name
Publisher ID
Enterprise apps EKU
Enterprise applications
App enrollment and deployment
App enrollment and deploymentManaged vs. unmanaged enrollment
Feature Managed Unmanaged
Enrollment method Settings applet + MDM Email/browser
Policy management Yes No
Number of enrollments Limited to 1 Unlimited
App install method MDM/company hub Email/browser/company hub
App inventory MDM No
Silent app updates MDM No
Unenroll Remote and local No
Managed enrollment
App enrollment token (AET) is generated once per year
Delivered to the phone over an authenticated channel via email, browser, or MDM
Validated for signature and expiration
App enrollment
Enterprise Service
2
1AET
PublisherID
Windows Phone 8
Email/Browser/MDM
2
3
App ingestion and certificationApp ingestion is owned exclusively by the enterpriseApps are not submitted to Windows Phone StoreThe company is responsible for the quality of their apps and the impact to the user
The Windows Phone Marketplace Test Kit is useful to evaluate appsImages, capabilities, error handling, memory usage, API checks, startup perf, etc.
Capabilities are limited to the same as standard marketplace appsEnforced on the phone at app install time
Apps must specially handle ID_CAP_LOCATION usagePrompt for user approval and give the user an option to disable
App is NGEN’ed, signed, and published to the company’s store
Delivered to the phone over an authenticated channel via email, browser, MDM, or company hub
Validated for signature, an associated AET, and allowed capabilities
App deployment
Enterprise Service
2
1
Windows Phone 8
Email/Browser/MDM/
Company Hub2
3
XAP
Enterprise applications
App launch and phone home
User launches an enterprise app via the shell or an API
Publisher ID is extracted and used to find the associated AET
AET must be present and valid (not expired, revoked or disabled)
App launch
Enterprise Service
Windows Phone 8
Execution Manager
2
3
1
Phone sends device ID, publisher IDs, and enterprise app IDs
Phone receives status for each enterprise
Apps of invalid enterprises are blocked from being installed or launched
Scheduled daily, plus each enrollment and app install
After 7 consecutive failed attempts, install of enterprise apps is blocked, but launch of installed apps still works
Phone homeWindows
Phone Services
1 2
Response
Request
Phone home – sample protocol
Signing appsGenerating tokensInstalling and querying appsLaunching apps
Building a Company Hub
Generating tokens
Generating tokens
Start with the .pfx file
Use AETGenerator%programfiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\AETGenerator\Aetgenerator.exe <<cert file name>> <<password>>
Generate an .aetx file
An AET needs to be generated once per year, when a new cert is acquired from Symantec
Signing apps
Signing apps
Everything with a PE header must be signedAs well as the .xap itself
XapSignToolLocated in the Windows Phone SDK directory %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool
Wraps signtool.exe - so it must also be in the path, too %ProgramFiles(x86)%\Windows Kits\8.0\bin\x86
Protip: use BuildMDILXap.ps1 in a post-build step
Installing and querying apps
Installing apps
Installed apps can be enumerated with InstallationManager.AddPackageAsync()Returns an IAsyncOperationWithProgressAttach to the Completed and Progress handlersSix progress notifications• 0 Started• 5 Confirmation dialog is displayed• 10 User accepts install confirmation, download begins• 50 App is finished downloading• 55 App has begun installation• 100 App installation complete
Querying apps
Installed apps can be enumerated with InstallationManager.FindPackagersForCurrentPublisher()Retrieves all apps from the same publisher or signed with the same certificateIncluding the app making the query
Installing apps can be enumerated with InstallationManager.GetPendingPackageInstalls()
Protip: In the app manifest set your PublisherID to the certificates UID, e.g. {EE6B2808-0000-0000-0000-000000000000}
Launching apps
Launching apps
Apps can be launched with Package.Launch()
Find the package you want with FindPackagersForCurrentPublisher()Only apps from the same publisher, or signed with the same certificate can be launched
Enterprise applications
Wrap up
Wrap upCompanies with a Dev Center Company account may acquire enterprise certs from Symantec
Companies choose which phones are allowed to receive its apps via distribution of its AET
Companies own the quality and lifecycle of their apps
Apps can be distributed via email/browser/company hub/MDM
MDM servers can push both policy and applications
top related