Using Mobile Device Management systems and DPS

Many of my Enterprise customers ask how to use DPS with their Mobile Device Management (MDM) Solution. An MDM Solution is a set of tools that allows an Enterprise to deploy software to employees on managed devices. For instance, if the company has a sales enablement app that they want all of the sales force to use but they do not want to require all of the sales force to bring their iPads in to have the app installed, then they could use an MDM system.

There are many MDM systems available, and this post is not intended to be a tutorial on how to implement DPS in a specific offering. It is intended to explain the current state of affairs and offer some guidance on how to get your DPS app deployed with any MDM solution.

What is a Mobile Device Management Solution?

Mobile Device Management (MDM) Solutions provide Enterprise customers with a means of managing deployment of apps to mobile devices such as phones and tablets.

How is MDM different from DPS with Restricted Distribution?

An MDM solution allows IT to manage the deployment of the Viewer App, while the DPS service allows business users to deploy content to that managed app. These systems work together, based on the business requirements. For example, an Enterprise customer would use an MDM system to deploy the Viewer App and use a Restricted Distribution server to deliver specific content to an authorized user who uses that app.

What is the difference between a Viewer App and a folio?

Viewer apps are the apps that a user taps to view content on their tablet. Folios are the content that those Viewer Apps display. DPS users make Viewer Apps with the Viewer Builder, and they make folios with InDesign or as HTML.

How can DPS and MDM solutions co-exist?

If a company makes a single-issue Viewer App that has the folio content “baked” into the app, then an MDM solution can push the app (with content embedded) to the managed devices. If a company makes a multi-issue app, then the MDM solution will push the app to managed devices, but the DPS service will deliver the content to those managed apps.

How can DPS folios be integrated with Mobile Device Management solutions (e.g. AirWatch, Mobile Iron, etc.)?

MDM solution can manage deployment of Viewer Apps to mobile devices. At this time, the Viewer Builder requires that the administrator who makes the Viewer supply a wildcard Enterprise mobileprovision file at build time. Most MDM systems rely on app-specific Enterprise mobileprovision files to enable or disable an app on a device. It is necessary to re-sign the app with an app-specific Enterprise mobile provision file after building the Viewer. Google’s iResign is a common utility to help with this process.

Update: The DPS App Builder now supports app signing with mobileprovision files that are tied to a specific AppID, so wildcard in-house mobileprovision files are no longer required to build an Enterprise DPS app. As a result of this change, it is no longer necessary to re-sign an app for use in an MDM solution if the app was built with the proper mobileprovision file. In the case where an agency creates an app using their own Enterprise iOS Developer Account and hands it to an enterprise for deployment via MDM, then re-signing may be necessary. iResign is now a GitHub project and is not Google Code project.

 

Can an MDM provider manage the app but allow DPS to update the folio files?

Yes, this is the only way that a multi-issue app can work today. Single-issue apps can be managed in their entirety by MDM systems.

Could an MDM provider distribute an app without DPS involvement?

MDM providers can distribute single-issue folios without DPS involvement, aside from the necessity to build the Viewer itself using the Viewer Builder and an Apple Enterprise certificate.

Does DPS provide analytics on privately distributed apps?

Yes. DPS will provide analytics for single issue and multi-issue apps. Applications can also bind to Adobe Site Catalyst.

Can MDM solutions distribute apps made with a DPS Pro license?

No. MDM solutions require Enterprise Signed Apps in order to circumvent the Apple App Store. Only Adobe Enterprise DPS licenses allow customers to create Enterprise Signed apps.

What is an Enterprise Signed App?

Apple Enterprise Developer Accounts are special agreements with Apple, and an Enterprise Signed App (.ipa file) is one made under this special agreement. Apple allows the Enterprise to make and distribute apps within the Enterprise, and the Enterprise agrees not to allow these apps to be acquired outside of the Enterprise. Customers need Apple Enterprise Developer Accounts in order to make and distribute any app, DPS or otherwise, for internal consumption.

Is there a list of MDM systems that work with DPS?

Any MDM solutions that can distribute Enterprise Signed Apps can distribute applications created by DPS Enterprise Edition. However, some additional steps may be needed to properly sign the app for use in the MDM system. Google’s iResign is a common utility to help with this process.

Below are two diagrams that illustrate the DPS to MDM workflow, with and without Restricted Distribution. 

 

  

 

Additional Info

Learn more about the Apple iOS Enterprise Workflow:
http://developer.apple.com/library/ios/#featuredarticles/FA_Wireless_Enterprise_App_Distribution/Introduction/Introduction.html
https://developer.apple.com/programs/ios/enterprise/
http://www.apple.com/iphone/business/integration/mdm/

Learn more about building Enterprise Signed Viewer Applications with DPS:
http://www.adobe.com/devnet/digitalpublishingsuite/articles/distributing-enterprise-ios-viewer-apps.html

Share on Facebook

7 Responses to Using Mobile Device Management systems and DPS

  1. Well-written and very informative, James.

  2. Jess Ferko says:

    This is very informative and directly applicable to a new project we are doing. Do you know if there has been any change to requiring an Enterprise-Signed App? It would be nice to use a Professional DPS license for some of our smaller clients who are already using AirWatch.

    • James Lockman says:

      iOS Enterprise apps (made with DPS) require an Enterprise DPS account. There is no plan to change this requirement.

  3. Mauricio Morales says:

    Hi James, I am a user of Creative Cloud and am currently working on a project to develop apps for Ipad. I’m doing it in InDesign and my client takes Airwatch for pushing apps to the devices of their employees.
    My question is if I can create a file with extension .Ipa, which is the file that holds the console to push apps.

    Thanks regards

    • James Lockman says:

      You need an Apple developer account in order to create an .ipa, since you need a pair of mobileprovision files in order to complete the app building process with DPS. For AirWatch deployment, you will need an Apple Enterprise iOS developer account and an Enterprise DPS account. Creative Cloud will not provide you the DPS license you need to be able to make apps for AirWatch deployment.

  4. Got all the way to the bottom of the blog, quite excited by the info; only to find I need an enterprise adobe account. Why Why Why, as the others comments, there is a huge demand for clients that only need limited distribution ie hundreds, not ten’s of thousands as per large publications, hope you are hearing this from lots of us :-)

    • James Lockman says:

      I state in the first sentence that “Many of my Enterprise customers ask how to use DPS with their Mobile Device Management (MDM) Solution.” I am am sorry you didn’t catch that. Enterprise customers have varied use cases, Alistair. I have customers who are large publishers many titles under their umbrella, and I have customers with just one title. Enterprise doesn’t mean that you are huge; it means that you need certain functionality that the Enterprise DPS package offers. For my corporate customers (pharmaceutical companies, manufacturers, retail companies, financial services firms, etc.), they often need DPS for one or two internal applications. Recall, too, that your scenario would imply that ad-hoc distribution to 100 devices on an Apple iOS Developer (non-Enterprise) Account is not enough for you. In that case, you need to use Apple’s Enterprise iOS developer program and adhere to its terms and restrictions. And, in order to build for Apple Enterprise, you need DPS Enterprise. We definitely have not heard a “huge demand” from our customers that they need MDM with Pro DPS accounts, as they are designed for different use cases and different kinds of businesses.