Here is info from our Good rep on how their Good Dynamics product works. Please be aware that this isn’t an endorsement of Good Dynamics, as we have not implemented it. The applications can be distributed either through a web site, or of course through the
Apple App Store – but the Apple store is not required.
.5 Enterprise Application Distribution Configuration and VPP
Applications can be defined in the Good Mobile Control Applications Catalog by using the Custom Software section of the Settings tab. Custom DoD built applications can be added and distributed via policies. You can also add third-party applications
by their installer package or by URL. Adding packages by URL allows easy distribution to users via direct links to applications hosted on external web sites or the Apple App Store.
Click on Custom Software in the Settings tab. Click Add, choose the iOS handheld platform from the dropdown and enter the application path and file name or choose the radio button to specify
a URL. Populate the Values and click Finish.
<image001.png>
Figure 3.5-1. Adding Applications to the Good Mobile Control Applications Catalog
The Good Mobile Control Console also provides support for Apple’s Volume Purchase Program. For details on downloading and deploying Apple VPP applications please refer to the Good Admin Guide - http://http://media.www1.good.com/documents/GoodAdminGuide_exchange.pdf.
<image002.png>
Figure 3.5-2. Apple Volume Purchased Program Applications
Continued…
Good Technology’s recent introduction of the Good Dynamics platform brings the necessary tools, infrastructure, and APIs to developers, enabling them to meet the highest standards
of security in applications across devices and operating systems to meet DoD Standards. Byproviding proven security functionality—such as encryption (encrypted data at rest and encrypted transport), app-level controls, and web-based monitoring—the Good Dynamics
platform dramatically speeds up the delivery of 3rd Party application development projects to include Government levels of protection and compliance.
The Good Dynamics platform offers unique security. By providing protection beyond device-level, developers can rapidly incorporate technology that “containerizes” data at the app
level—wrapping a layer of protection around approved, enterprise-deployed apps, which separates Government data from the rest of the native device and especially consumer applications. By establishing a secure application environment, data loss is reduced,
if not eliminated. When Good for Enterprise and Good Dynamics applications reside on the same device they leverage Single Sign On based on Good For Enterprise policies set in this Hardening Guide. This is includes Device Level Threat Detection, Hardware Version,
OS Version and Connectivity Verification as defined by policy.
Trusted/Secure applications can be defined under the Third-Party Applications section of the Settings tab. Those applications can then be white-listed or black-listed from importing/exporting
into/from the Good For Enterprise applications and those defined Third-Party applications in the File Handling section of the Policies.
For example, this allows attachments to be edited in a secure application and transferred back to the Good for Enterprise File Repository for redistribution as an attachment or stored
for later retrieval.
1. On the Settings tab click on Third-Party Applications on
the left column under Settings. On the right under Third-Party Applications click on Add.
<image003.png>
Figure 3.8-1. Third-Party Applications section
2. Choose the iOS handheld platform from
the dropdown and enter the Application I.D.,Application Name, and Description.
(The Application I.D. is the internal identifier that the device OS knows the application by. For iOS devices, the Application I.D. can be found by using IPCU or it can be seen from a specific device in the Installed Applications App ID column of Handheld
Info once the device has been queried when provisioned.) Click Save. The below are an example of GD Wrapped ISV Applications. For a complete list go tohttp://www1.good.com/partners/integration/good-dynamics-solutions.
<image004.png><image005.png>
<image006.png><image007.png>
<image008.png><image009.png>
Figure 3.8-2. Adding Third-Party Applications
Continued…..
1. In
the File Handling section of the Policy Set, enable the following and click Save.
File Repository allows the user to save email attachments within the secure Good for Enterprise application. With defined approved secure applications users are also allowed to save files securely from
those trusted-third party applications built on Good Dynamics. (Please note: The file repository is currently a flat structure and does not support folders. The data in the file repository is not synced and the files in the Good for Enterprise application
repository represent data unique to the device. The user has the option of self-mailing the files as attachments from within Good for Enterprise and receiving them on the desktop. There is no size limit on the repository. The repository is not backed up.
The files will be retained when the application is upgraded. However, these files will be deleted if the application is reinstalled or if you disable the file-repository policy setting. Camera and Device Photo Gallery settings allow the user of Good’s Secure
camera feature. This enables users to take photos and save them into their Secured Good File Repository or straight into Good Secured email for direct transmission without saving the photo in the native Photo library.
<image010.png>
Figure 3.11-6. File Handling Section
In the Software Deployment section of the Policy Set you chose the applications to deploy. Please note that in this section Enterprise Applications is the location to enablesending
out. Applications from the Enterprise Application Catalog as defined in Custom Software in the Settings tab of the GMC. The applications defined in this section of the policy will be made available to the iOS device via the Applications section of the Good
client.
<image011.png>
Figure 3.11-18. Software Deployment
Custom DoD built applications can be managed using the MDM certificate. If the MDM certificate is removed by the user, the application will be Auto-unistalled and can also be set to not Allow the application to sync to iTunes or iCloud. If
the application is secured by Good Dynamics there is no need to Auto-uninstall when the MDM certificate is removed since we will not allow the user access to the application until the MDM certificate is reinstalled. The console will also be notified if the
user has removed the MDM certificate so that the administrator can take appropriate actions.
<image012.png><image013.png>
Figure 3.11-19. MDM Managed Enterprise Applications
Kathy Loftin, PMP
DOE OCIO Tech. Integration and Engineering
301 903 3654
Contractor to the Dept. of Energy
ActioNet, Inc.
-----Original Message-----
From: Mike Pike [
mailto:mpike@me.com]
Sent: Tuesday, October 02, 2012 12:09 PM
To: Loftin, Kathy (CONTR)
Cc: Villano, Paul Mr CIV USA TRADOC; William Cerniuk; Sullivan, Matthew R CIV (US);
email@hidden
Subject: Re: [Fed-Talk] Good App & Organization App Stores
If that is an option that would be great... I cannot see apple giving up control of an entire app store platform, but if so that's great!
The new apple developer agreement states we can no longer advertise other apps in our apps that are not our own apps... this will basically kill Admob and other competitors to iAd (and in my opinion AdMob is much better for the little people)... while not relevant
to Federal at this point, who's to say someday those draconian policies won't start affecting what we can develop in house?
I'm waiting for some enterprising state or the DOJ to file a complaint with the FTC on a monopoly on apps stores with apple, following the same precedence as Internet Explorer did with Microsoft.
We should have the option to choose app stores (apple App store, Cydia, other third parties). The app store itself is nothing more than a web browser, and I think that with the IE/Microsoft and Windows Version N it could be viable legal challenge.
As iOS grows (if it continues to grow under its current leadership) it will become more and more of a monopoly. The terms of the developer agreement get more and more restrictive, and as you move into a space that Apple wants to dominate, they will not allow
your app on the phone (look at new Google Search with Voice).
the enterprise App store solution bypasses Apple's review process, but at the same time limits who you can share apps with... but keep in mind Apple can change the terms of that at any time.
So lets say an agency has an app store, and another agency wants to use their app, they cannot unless they are on that agency's private app store, or you build an ADHOC app, which is limited to 100 devices per year.
Google Android allows multiple App stores... but again, unless someone from the DOJ or one of the states challenges the App Store monopoly and makes the comparison of splitting browsers to operating systems it won't change... Microsoft's WP7 and WP8 would also
be a target, as they are locking that OS down to a single store as well. Google would have to be the one to push for this.
Mike
On Oct 2, 2012, at 9:58 AM, Loftin, Kathy (CONTR) wrote:
> I'm pretty sure that is now an option with Good; I just pinged our rep to confirm and, if I am correct, to ask for more details.
>
> Kathy Loftin, PMP
> DOE OCIO Tech. Integration and Engineering
> 301 903 3654
> Contractor to the Dept. of Energy
> ActioNet, Inc.
>
>
> -----Original Message-----
> Sent: Tuesday, October 02, 2012 11:49 AM
> To: Villano, Paul Mr CIV USA TRADOC
> Cc: Loftin, Kathy (CONTR); William Cerniuk; Sullivan, Matthew R CIV
> Subject: Re: [Fed-Talk] Good App & Organization App Stores
>
> I believe the app store is an enterprise app store via apple. I do not think it's possible to have an app store that is not sponsored by Apple...
>
> If there is I would like to know as well :)
>
> mike
>
> On Oct 2, 2012, at 9:47 AM, Villano, Paul Mr CIV USA TRADOC wrote:
>
>> Kathy We're developing apps and have distributed some Ipads but I
>> didn't know it was possible to set up our own "store." Can you give
>> me a detailed walkthrough of how you do that using the Good software??
>> (Either by responding to the list if there's interest or to me
>> personally?)
>>
>> -----Original Message-----
>> Behalf Of Loftin, Kathy (CONTR)
>> Sent: Monday, October 01, 2012 9:07 AM
>> To: William Cerniuk
>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into iPhone/iOS Chat
>> Box
>>
>> We're using the Apple Volume Purchasing Program for now (on GFEs).
>> If/when we allow BYOD, I imagine we'll probably do the same. The
>> Service Desk has an Apple ID they use to load and manage the software.
>> With BYOD, we will need to make sure we can delete any
>> government-purchased apps (thus freeing up the license for a different user) while not wiping the entire device.
>>
>> We're using Good as our MDM. It lets us set up our own app store,
>> but since we don't have any internally developed apps at this time,
>> we aren't using that feature. The Good MDM does let us see all the
>> installed apps (even outside of the Good sandbox) and I believe we'll
>> be able to use it for the above-mentioned BYOD issue at some point,
>> to actually manage them; for now we haven't really explored that.
>>
>> Just as an FYI, we don't have GFE Androids as yet. Again, if we start
>> allowing BYOD, I think we'll end up with quite a few of those.
>>
>> Kathy Loftin, PMP
>> DOE OCIO Tech. Integration and Engineering
>> 301 903 3654
>> Contractor to the Dept. of Energy
>> ActioNet, Inc.
>>
>>
>> -----Original Message-----
>> Sent: Monday, October 01, 2012 8:35 AM
>> To: Loftin, Kathy (CONTR)
>> Cc: Mike Pike; Joel Esler; Sullivan, Matthew R CIV (US);
>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into iPhone/iOS Chat
>> Box
>>
>> Great info, thank you.
>>
>> How are you handling software? Has the organization figured out an
>> efficient way to provide software that the organization needs users
>> to have on their BYODs?
>>
>> --
>> R/Wm.
>>
>>
>> On Oct 1, 2012, at 8:32 AM, "Loftin, Kathy (CONTR)"
>>
>>> We have about 400 GFE iPads - out of an 8000 customer base in my
>> organization. Lots of people are starting to use them instead of
>> Blackberries. If we ever start allowing BYOD, I imagine this number will
>> grow quite a bit.
>>>
>>> Kathy Loftin, PMP
>>> DOE OCIO Tech. Integration and Engineering
>>> 301 903 3654
>>> Contractor to the Dept. of Energy
>>> ActioNet, Inc.
>>>
>>> -----Original Message-----
>>> Behalf Of Mike Pike
>>> Sent: Friday, September 28, 2012 12:03 PM
>>> To: Joel Esler
>>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into iPhone/iOS Chat
>>> Box
>>>
>>> If you keep it to just federal equipment iOS will be almost
>>> eliminated
>> from discussion and the number of macs shrink exponentially by the month.
>>>
>>> The list will die.
>>>
>>> Here is a federal related question:
>>>
>>> How many people have a government provided iOS device? I have an
>>> iOS
>> device on government networks but its personally owned.
>>>
>>> Sent from my iPhone 5
>>>
>>> On Sep 28, 2012, at 9:15 AM, Joel Esler <
email@hidden> wrote:
>>>
>>>> If it's outside the charter, then it should stop.
>>>>
>>>> I know I've been participating in some of it lately, and I'll stop.
>> Hopefully people will follow.
>>>>
>>>>
>>>> On Sep 28, 2012, at 10:28 AM, Taylor Armstrong
>>>>
>>>>> For what it is worth, I'm 100% in agreement with Matthew.
>>>>>
>>>>> I'm on multiple mailing lists, forums, etc. This is where I go to
>>>>> look for things that apply to the Federal workspace, but at leas
>>>>> 1/2 the traffic in recent months seems to be little different from
>>>>> the traffic on any number of Apple user forums.
>>>>>
>>>>> Sure, we all need to see/discuss things, but if we're talking
>>>>> about our personal equipment, etc., then let's talk about it somewhere else.
>>>>> The signal/noise ration in the FedTalk forum has gotten worse
>>>>> recently - there are TONS of great resources for general OS X
>>>>> and/or iOS discussion, but this is one of, if not the ONLY one
>>>>> that should be dealing specifically with Federal .gov implications
>>>>> - FISMA, encryption, policies, CIS Benchmarks, etc etc. Wading
>>>>> through discussions of personal experiences on non-govermnent
>>>>> owned equipment makes it harder to find the relevant topics.
>>>>>
>>>>> Just my 1/50th of $1...
>>>>>
>>>>> And yes, I CAN hit delete... but should I have to? Those topics
>>>>> are outside of the charter of this list.
>>>>>
>>>>> Taylor
>>>>>
>>>>> On Thu, Sep 27, 2012 at 10:40 AM, Villano, Paul Mr CIV USA TRADOC
>>>>>> Exactly, Mr Sullivan. And that is exactly why we need to be
>>>>>> discussing these things on the list NOW, before a General Officer
>>>>>> sees the shiny new iThingy and says he wants one for official
>>>>>> business. These devices and the software they use are
>>>>>> "disruptive innovation." It's not enough to wait until they hit
>>>>>> the supply chain. We must know BEFORE then. And the only way to
>>>>>> tell for ourselves whether the various reports are true or not
>>>>>> are to use them ourselves before the General gets one. And the
>>>>>> only way we can do that is to use our own personal experiences
>>>>>> since the DoD is on the verge of Bring Your Own Device. (Which is best? Why or why not?
>>>>>> Which provider has provisos we can't use in DoD? Which is a
>>>>>> better vendor? What are the limitations of the software, device,
>>>>>> network?)
>>>>>>
>>>>>> The discussions are important not for the moment for official use
>>>>>> but in the very near future as we advise the command and protect
>> Soldiers.
>>>>>>
>>>>>> -----Original Message-----
>>>>>> ] On Behalf Of Sullivan, Matthew R CIV (US)
>>>>>> Sent: Thursday, September 27, 2012 8:40 AM
>>>>>> Subject: [Fed-Talk] When did Fed-Talk turn into iPhone/iOS Chat
>>>>>> Box
>>>>>>
>>>>>> Isn't Fed-Talk for actual important information like how to make
>>>>>> things work and support each other with Mac, iOS issues where
>>>>>> actual FED work is involved. There are hundreds of other more
>>>>>> appropriate venues to banter about how awesome or useless the new
>>>>>> iPhone is or how awesome or useless the new iOS Maps are.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Matthew Sullivan
>>>>>>
>>>>>> _______________________________________________
>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>> %
>>>>>> 4
>>>>>> 0
>>>>>>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be ignored.
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>> o
>>>>> m
>>>>>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Help/Unsubscribe/Update your Subscription:
>>> o
>>> e
>>> .gov
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Help/Unsubscribe/Update your Subscription:
>> m
>> y.mil
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Help/Unsubscribe/Update your Subscription: