EMM Windows Components

This section explains how to install EMM Windows Components using Kony EMM Windows Components installer. Go to the next section if you manually installed EMM Windows components.

For Kony Management Suite to work on the Windows platform, you must install the following:

• Kony Exchange Service
• Windows Mobile 6.x Group Policy
• CA Role
• NDES (SCEP)
• Windows App Wrapping

The EMM Windows Components installer installs all the above components except the Windows App Wrapping.

Prerequisites

• Kony Exchange Service – Powershell 3.0 and above, .Net 3.5 and above.
• Group Policy Service – Windows 7 and above, .Net version 4.0
• CA Role and NDES – Windows Server 2012 (enterprise edition recommended).
• EMM Windows Components executable file.

Installing EMM Windows Components

To install the required components for the Windows Server for the Kony Management Suite, follow these steps:

1. Click the downloaded EMMWindowsComponents.exe. The InstallAnywhere page appears.

   

2. Click Next. The License Agreement appears.

   

3. Scroll down through the license agreement page. The I accept the terms of the License Agreement option is enabled.
4. Select the I accept the terms of the License Agreement option, and then click Next. The Install Folder appears.

   

5. If you want to install EMM components in any specific folder, click Choose, and select the folder. Otherwise, leave the default options, and click Next. The Select Feature page appears.

   

6. Select all features, and then click Next. The Exchange Service Details page appears.

   Note: To allow communication between the Windows Server 2008/2012 and your corporate email exchange server (to enable block and unblock email access on enrolled devices), Kony Exchange service should be configured. Using this service, you can also restrict email clients that can be used on enrolled devices. 

   

7. Enter the following details:

   1. Service Name: Enter the exchange service name.

   2. Service Key: Enter the exchange service key.
   3. Service Secret: Enter the exchange service secret.
   4. Session Failure Retry Count (0-20): Enter the number of times the session should retry after session failure.
   5. Service Port: Enter service port details.

   6. Time Period (in hours) for GUID Generation (1-24): Enter the time period for the GUID generation.

   7. Maximum No. of PowerShell Sessions (0-30): Enter the maximum number of poweshell sessions allowed.

   8. Service Queue Size: Enter the size of allowed queue service.

   9. Logging: Select Yes if logging is required.

   10. Is Service Secure: Select Yes, if the service is secure.

8. Click Next. The Group Policy Page appears.

   Note: As mentioned in http://technet.microsoft.com/en-us/library/dd261866.aspx, a machine that supports GPMC must be in the domain in which SCMDM 2008 server is installed.
   To support Windows Mobile 6.x devices on EMM, the Group Policy service must be installed on the machine that supports group policy management. This machine should be accessible to the SCMDM 2008 machine. It need not have a public IP and can remain within the corporate domain.

   

9. Complete these fields:

   1. Group Policy Service Name: Enter the group policy service name.

   2. MDM Instance: Enter details of the MDM instance.

   3. Group Policy Service Port: Enter the group policy service port details.

   4. Windows 6.x Service URL: Enter the Windows 6.x service URL details.

   5. Policy Server Callback URL: Enter the policy server callback URL details.

   6. Group Policy Service Hostname: Enter the group policy service hostname details.

   7. Service Queue Size: Enter the size of allowed queue service.

   8. Is This Service Secure: Select Yes if the service is secure.

      Note: If the service is secure (https), select Yes. Select No if the service is not secure (http).

   9. Logging: Select Yes if logging is required.

10. After entering all the details in the Group Policy page, click Next. The SCEP CA Role Details Page appears.

    Note: To enable EMM to support iOS devices, certificate distribution through, Simple Certificate Enrollment Protocol (SCEP) Server is mandatory.This must be done before the EMM installation begins. A certificate authority (CA) must also be set to sign certificates distributed by the SCEP Server.

    

11. Enter the following details:

    1. Allow Administrator Interaction: Select Yes to allow administrator interaction.

    2. Ignore Unicode: Select Yes to ignore unicode.

    3. Overwrite Existing CA in DS: Select Yes to overwrite existing CA in DS.

    4. Overwrite Existing Database: Select Yes to overwrite the existing database.

    5. Overwrite Existing Key: Select Yes to overwrite the existing key.

    6. CA Type: Details of the CA type appear.

    7. CA Common Name: Enter the CA common name.

    8. CA Distinguished Name Suffix: Enter the distinguished name suffix of the CA.

    9. Crypto Provider Name: Enter the name of the crypto provider.

    10. Database Directory: Select the database directory.
        Ensure that the database directory you provide is not used by any other service. Once the CA role is installed, the directory will be locked by the Active Directory Certificate Services.

    11. Hash Algorithm Name: Enter the hash algorithm function name.

    12. Key Length: Enter the length of the hash algorithm key.

    13. Log Directory: Select the location for the log directory.
        Ensure that the database log directory you provide is not used by any other service. Once the CA role is installed, the directory will be locked by the Active Directory Certificate Services.

    14. Validity Period Units: Select the validity period unit of the CA. Options are Years, Months, Weeks, and Days.

    15. Validity Period: Enter the validity period of the CA.

    16. Username: Enter your username for your CA type provider account.

    17. Password: Enter your password for your CA type provider account.

12. Once you have entered all the details in the SCEP CA Role Details Page, click Next. The NDES Details page appears.

    

13. Enter the following details:

    1. NDES Service Account Group Name: Enter the NDES service account group name.

    2. Service Account Name (domain/account): Enter the service account name.

       Note: In case the server is a standalone computer, enter the computer name.

    3. Service Account Password: Enter your NDES service account password.

    4. Encryption Provider Name: Enter your NDES encryption provider name.

    5. City: Enter your city.

    6. Country (ISO 3166-1 alpha-2-code): Enter your country.

    7. Department: Enter your department details.

    8. Email: Enter your email address.

    9. Name: Enter your name.

    10. State: Enter the state name.

    11. Signing Provider Name: Enter the signing provider name.

    12. Maximum Numbr of Passwords to Cache: Enter the maximum number of issued passwords to be stored in the password cache.

    13. Log in Username: Enter your log in username.

    14. Log in User Password: Enter your log in password.

    15. Encryption Key Length: Enter the length of the encryption key.

    16. Signing Key Length: Enter the length of the signing key.

14. After entering all the details in the NDES Details page, click Next. The Pre-Installation Summary page appears.
15. Click Install. The Install Complete page appears.

    Note: All components are installed one by one. You might see several notifications before the final install complete page.

    Note: If a Status confirmation page appears, click Yes to open the SCEP URL in a browser.

16. Click Done.

Windows App Wrapping

Software Requirements

Component	Version
Visual Studio	Visual studio 2013 express edition with update 3 (Prerequisite for Windows app wrapping)
Microsoft Silverlight Runtime	Microsoft Silverlight Runtime 5.0 (Prerequisite for Windows app wrapping)
Microsoft Silverlight	Microsoft Silverlight SDK 5.0 (Prerequisite for Windows app wrapping)
Cygwin	Latest Cygwin (32 bit) version. (Prerequisite for Windows app wrapping)

How to Install Visual Studio

Windows Phone Enterprise apps must be signed for app management and app wrapping. You must install Visual Studio to manage Windows phone app wrapping.

See the Visual Studio website for more information on how to install and configure Visual Studio.

How to Install Microsoft Silverlight Runtime

To manage enterprise apps, you need the Windows phone app wrapping feature to function. You must install Microsoft Silverlight Runtime to manage Windows phone app wrapping.

See the Microsoft Silverlight Runtime website for more information on how to install Microsoft Silverlight Runtime.

How to Install Microsoft Silverlight SDK

To manage enterprise apps, you need Windows phone app wrapping feature to function. You must install Microsoft Silverlight SDK to manage Windows phone app wrapping.

See the Microsoft Silverlight SDK website for more information on how to install and configure Microsoft Silverlight SDK.

How to Install Cygwin

Cygwin is a large collection of GNU and Open Source tools that provide features similar to a Linux distribution on Windows. To manage Windows phone app wrapping, install Cygwin. With Cygwin, user binaries are copied to the Windows machine. To manage enterprise apps, you need Windows phone app wrapping feature to function.

Important: You should be familiar with Linux commands to work with Cygwin.

See the Cygwin website for more information on how to install and setup Cygwin.

Important: You must install Cygwin along with openSSH, openSSL, Dos2Unix, Winzip, Unzip, and Curl components.

How to Configure Cygwin Properties

To configure Cygwin for enterprise application wrapping based on your system settings, follow these steps:

1. Right click on Computer, and select Properties. The system window appears.
2. Select the Advanced System Settings link from the Control Panel Home pane. The System Properties window appears.
3. Select Environment Variables.
4. In the Environment Variables window, go to User Variables and select New.
   1. Enter CYGWIN_HOME in the Variable Name field.
   2. Enter C:\cygwin64\bin in the Variable Value field.
   3. Click OK.
5. Select Path from User Variables and click Edit.
   1. Add C:\cygwin64\bin in the Variable Value field.
   2. Click OK.

   Important: For Windows wrapping, directory path should be less than 260 characters. If the path is more than 260 characters, the signing process will fail during application wrapping

How to Configure SSH Server

To configure the SSH server, follow these steps:

1. Navigate to your Cygwin installation folder (for example, c/cygwin).

2. Select Cygwin.bat, right click, and select Run as administrator. The Command prompt appears.
3. In the command prompt, type ssh-host-config, and press enter. An alert Should StrictModes be used? (yes/no) appears.
4. Type Yes and press enter. An alert Should privilege separation be used? (yes/no) appears.
5. Type Yes and press enter. An alert you want to install sshd as a service. (yes/no) appears.
6. Type Yes and press enter. The system prompt Enter the value of CYGWIN for the daemon: [] appears.
7. Type ntsec tty and press enter. An alert Do you want to use a different name? (yes/no) appears.
8. Type No and press enter. The system prompt Please enter the password for user <username>) appears.
9. Type the password and press enter.The Reenter: prompt appears.
10. Type the password again and press enter. A confirmation message on SSHD configuration appears.
11. Execute the following commands:

    • chmod +r /etc/passwd: Provides read permissions to password file.

    • chmod u+w /etc/passwd: Provides write permissions to user.

    • chmod +r /etc/group: Provides read permissions to a group file.

    • chmod u+w /etc/group: Provides write permissions to user.

    • chmod 755 /var: Provides all permissions to var folder.

    • touch /var/log/sshd.log: Creates a new empty file sshd.log.

    • chmod 644 /var/log/sshd.log: Owner can write and other users can only read the log file.

    • chown system /etc/ssh*: Changes owner for ssh* files to system.

    • chown system /var/empty: Changes owner for /car/empty folder to system.

    • mkgroup -l > ..\etc\empty: This will print /etc/group file to /etc/empty file.

    • mkpasswd -l > ..\etc\passwd: This will print /etc/passwd file to /etc/passwd.

    • chmod a+x /etc/sshd_config: This will provide read and write permission to the sshd_config file.

    Important: If the openssh you are using is version 6.7, perform the following steps:
    
    Open /etc/sshd_config
    Add the following line towards the end of the file:
    KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    

12. To start SSHD, open command prompt and enter net start sshd. The SSHD service will start successfully.
13. To change passwords, in the command prompt, enter passwd <username>.
14. To verify test connection, open an ssh client tool, enter localhost in connection type text box, and click open. The SSH terminal opens, and a success message appears.

Copyright © 2018 Kony, Inc. All rights reserved.