Re: [Fed-Talk] Good App & Organization App Stores
Re: [Fed-Talk] Good App & Organization App Stores
- Subject: Re: [Fed-Talk] Good App & Organization App Stores
- From: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>
- Date: Wed, 03 Oct 2012 16:28:50 -0400
I'm fairly sure Mocana wouldn't and more importantly couldn't technically do
this without Apple's approval and assistance.
-----Original Message-----
From: fed-talk-bounces+paul.villano=email@hidden
[mailto:fed-talk-bounces+paul.villano=email@hidden] On Behalf
Of William Cerniuk
Sent: Wednesday, October 03, 2012 4:17 PM
To: Marcus, Allan B
Cc: Sullivan, Matthew R CIV (US); email@hidden
Subject: Re: [Fed-Talk] Good App & Organization App Stores
May vs Is, very important differentiation. Any precedence set or any
language in the Apple licensing that prohibits?
On Oct 3, 2012, at 3:58 PM, "Marcus, Allan B" <email@hidden> wrote:
The only problem with Mocana's wrapping of AppStore apps is that it
may not be legal. It's OK to wrap in-house developed apps, but commercial
apps that you buy from the App store have to be delivered in such a way the
the licensing can be controlled by Apple. I've yet to see a wrapping vendor
figure out a way around that.
--
Thanks,
Allan Marcus
505-667-5666
email@hidden
From: William Cerniuk <email@hidden>
Date: Tuesday, October 2, 2012 12:49 PM
To: "Loftin, Kathy (CONTR)" <email@hidden>
Cc: "email@hidden" <email@hidden>,
"Sullivan, Matthew R CIV (US)" <email@hidden>
Subject: Re: [Fed-Talk] Good App & Organization App Stores
Understand that Good's underlying technology is implemented by
Mocana.
Mocana does something more compelling to mobile. Instead of managing
(controlling) devices, they manage (control) applications and the related
data. Perfect for the new BYOD world.
Can easily secure any App Store app or enterprise app store app
without any effort what-so-ever on the developer's side. It is the security
shrink wrap for apps.
--
Best Regards,
Wm. Cerniuk
Technology Director / GS-15
VHA Office of Health Information
Dept. of Veterans Affairs
Ph: 703.594.7616
Time is Short, and the Water Rises
On Oct 2, 2012, at 1:02 PM, "Loftin, Kathy (CONTR)"
<email@hidden> wrote:
Here is info from our Good rep on how their Good Dynamics
product works. Please be aware that this isn't an endorsement of Good
Dynamics, as we have not implemented it. The applications can be
distributed either through a web site, or of course through the Apple App
Store - but the Apple store is not required.
.5 Enterprise Application Distribution Configuration and VPP
Applications can be defined in the Good Mobile Control
Applications Catalog by using the Custom Software section of the Settings
tab. Custom DoD built applications can be added and distributed via
policies. You can also add third-party applications by their installer
package or by URL. Adding packages by URL allows easy distribution to users
via direct links to applications hosted on external web sites or the Apple
App Store.
Click on Custom Software in the Settings tab. Click Add,
choose the iOS handheld platform from the dropdown and enter the application
path and file name or choose the radio button to specify a URL. Populate
the Values and click Finish.
<image001.png>
Figure 3.5-1. Adding Applications to the Good Mobile Control
Applications Catalog
For details on Adding or Deleting Applications from the Good
Mobile Control Applications Catalog please refer to the Good Admin Guide -
http://http://media.www1.good.com/documents/GoodAdminGuide_exchange.pdf
<blockedhttp://media.www1.good.com/documents/GoodAdminGuide_exchange.pdf> .
The Good Mobile Control Console also provides support for
Apple's Volume Purchase Program. For details on downloading and deploying
Apple VPP applications please refer to the Good Admin Guide -
http://http://media.www1.good.com/documents/GoodAdminGuide_exchange.pdf
<blockedhttp://media.www1.good.com/documents/GoodAdminGuide_exchange.pdf> .
<image002.png>
Figure 3.5-2. Apple Volume
Purchased Program Applications
Continued.
3.8 Third-Party Applications
Good Technology's recent introduction of the Good Dynamics
platform brings the necessary tools, infrastructure, and APIs to developers,
enabling them to meet the highest standards of security in applications
across devices and operating systems to meet DoD Standards. Byproviding
proven security functionality-such as encryption (encrypted data at rest and
encrypted transport), app-level controls, and web-based monitoring-the Good
Dynamics platform dramatically speeds up the delivery of 3rd Party
application development projects to include Government levels of protection
and compliance.
The Good Dynamics platform offers unique security. By
providing protection beyond device-level, developers can rapidly incorporate
technology that "containerizes" data at the app level-wrapping a layer of
protection around approved, enterprise-deployed apps, which separates
Government data from the rest of the native device and especially consumer
applications. By establishing a secure application environment, data loss is
reduced, if not eliminated. When Good for Enterprise and Good Dynamics
applications reside on the same device they leverage Single Sign On based on
Good For Enterprise policies set in this Hardening Guide. This is includes
Device Level Threat Detection, Hardware Version, OS Version and Connectivity
Verification as defined by policy.
Trusted/Secure applications can be defined under the
Third-Party Applications section of the Settings tab. Those applications
can then be white-listed or black-listed from importing/exporting into/from
the Good For Enterprise applications and those defined Third-Party
applications in the File Handling section of the Policies.
For example, this allows attachments to be edited in a
secure application and transferred back to the Good for Enterprise File
Repository for redistribution as an attachment or stored for later
retrieval.
1. On the Settings tab click on Third-Party Applications on
the left column under Settings. On the right under Third-Party Applications
click on Add.
<image003.png>
Figure 3.8-1. Third-Party Applications section
2. Choose the iOS handheld platform from the dropdown and
enter the Application I.D.,Application Name, and Description. (The
Application I.D. is the internal identifier that the device OS knows the
application by. For iOS devices, the Application I.D. can be found by
using IPCU or it can be seen from a specific device in the Installed
Applications App ID column of Handheld Info once the device has been queried
when provisioned.) Click Save. The below are an example of GD Wrapped ISV
Applications. For a complete list go
tohttp://www1.good.com/partners/integration/good-dynamics-solutions
<blockedhttp://www1.good.com/partners/integration/good-dynamics-solutions> .
<image004.png><image005.png>
<image006.png><image007.png>
<image008.png><image009.png>
Figure 3.8-2. Adding Third-Party Applications
Continued...
1. In the File Handling section of the Policy Set,
enable the following and click Save.
File Repository allows the user to save email attachments
within the secure Good for Enterprise application. With defined approved
secure applications users are also allowed to save files securely from those
trusted-third party applications built on Good Dynamics. (Please note: The
file repository is currently a flat structure and does not support folders.
The data in the file repository is not synced and the files in the Good for
Enterprise application repository represent data unique to the device. The
user has the option of self-mailing the files as attachments from within
Good for Enterprise and receiving them on the desktop. There is no size
limit on the repository. The repository is not backed up. The files will be
retained when the application is upgraded. However, these files will be
deleted if the application is reinstalled or if you disable the
file-repository policy setting. Camera and Device Photo Gallery settings
allow the user of Good's Secure camera feature. This enables users to take
photos and save them into their Secured Good File Repository or straight
into Good Secured email for direct transmission without saving the photo in
the native Photo library.
<image010.png>
Figure 3.11-6. File Handling Section
In the Software Deployment section of the Policy Set you
chose the applications to deploy. Please note that in this section
Enterprise Applications is the location to enablesending out. Applications
from the Enterprise Application Catalog as defined in Custom Software in the
Settings tab of the GMC. The applications defined in this section of the
policy will be made available to the iOS device via the Applications section
of the Good client.
<image011.png>
Figure 3.11-18. Software Deployment
Custom DoD built applications can be managed using the MDM
certificate. If the MDM certificate is removed by the user, the application
will be Auto-unistalled and can also be set to not Allow the application to
sync to iTunes or iCloud. If the application is secured by Good Dynamics
there is no need to Auto-uninstall when the MDM certificate is removed since
we will not allow the user access to the application until the MDM
certificate is reinstalled. The console will also be notified if the user
has removed the MDM certificate so that the administrator can take
appropriate actions.
<image012.png><image013.png>
Figure 3.11-19. MDM Managed Enterprise Applications
Kathy Loftin, PMP
DOE OCIO Tech. Integration and Engineering
301 903 3654
Contractor to the Dept. of Energy
ActioNet, Inc.
-----Original Message-----
From: Mike Pike [mailto:mpike@ <blockedmailto:mpike@> me.com
<blockedhttp://me.com/> ]
Sent: Tuesday, October 02, 2012 12:09 PM
To: Loftin, Kathy (CONTR)
Cc: Villano, Paul Mr CIV USA TRADOC; William Cerniuk;
Sullivan, Matthew R CIV (US); email@hidden
Subject: Re: [Fed-Talk] Good App & Organization App Stores
If that is an option that would be great... I cannot see
apple giving up control of an entire app store platform, but if so that's
great!
The new apple developer agreement states we can no longer
advertise other apps in our apps that are not our own apps... this will
basically kill Admob and other competitors to iAd (and in my opinion AdMob
is much better for the little people)... while not relevant to Federal at
this point, who's to say someday those draconian policies won't start
affecting what we can develop in house?
I'm waiting for some enterprising state or the DOJ to file a
complaint with the FTC on a monopoly on apps stores with apple, following
the same precedence as Internet Explorer did with Microsoft.
We should have the option to choose app stores (apple App
store, Cydia, other third parties). The app store itself is nothing more
than a web browser, and I think that with the IE/Microsoft and Windows
Version N it could be viable legal challenge.
As iOS grows (if it continues to grow under its current
leadership) it will become more and more of a monopoly. The terms of the
developer agreement get more and more restrictive, and as you move into a
space that Apple wants to dominate, they will not allow your app on the
phone (look at new Google Search with Voice).
the enterprise App store solution bypasses Apple's review
process, but at the same time limits who you can share apps with... but keep
in mind Apple can change the terms of that at any time.
So lets say an agency has an app store, and another agency
wants to use their app, they cannot unless they are on that agency's private
app store, or you build an ADHOC app, which is limited to 100 devices per
year.
Google Android allows multiple App stores... but again,
unless someone from the DOJ or one of the states challenges the App Store
monopoly and makes the comparison of splitting browsers to operating systems
it won't change... Microsoft's WP7 and WP8 would also be a target, as they
are locking that OS down to a single store as well. Google would have to be
the one to push for this.
Mike
On Oct 2, 2012, at 9:58 AM, Loftin, Kathy (CONTR) wrote:
> I'm pretty sure that is now an option with Good; I just
pinged our rep to confirm and, if I am correct, to ask for more details.
>
> Kathy Loftin, PMP
> DOE OCIO Tech. Integration and Engineering
> 301 903 3654
> Contractor to the Dept. of Energy
> ActioNet, Inc.
>
>
> -----Original Message-----
> From: Mike Pike [mailto:email@hidden]
<blockedmailto:[mailto:email@hidden]>
> Sent: Tuesday, October 02, 2012 11:49 AM
> To: Villano, Paul Mr CIV USA TRADOC
> Cc: Loftin, Kathy (CONTR); William Cerniuk; Sullivan,
Matthew R CIV
> (US); email@hidden
<blockedmailto:email@hidden>
> Subject: Re: [Fed-Talk] Good App & Organization App Stores
>
> I believe the app store is an enterprise app store via
apple. I do not think it's possible to have an app store that is not
sponsored by Apple...
>
> If there is I would like to know as well :)
>
> mike
>
> On Oct 2, 2012, at 9:47 AM, Villano, Paul Mr CIV USA
TRADOC wrote:
>
>> Kathy We're developing apps and have distributed some
Ipads but I
>> didn't know it was possible to set up our own "store."
Can you give
>> me a detailed walkthrough of how you do that using the
Good software??
>> (Either by responding to the list if there's interest or
to me
>> personally?)
>>
>> -----Original Message-----
>> From:
fed-talk-bounces+paul.villano=email@hidden
<blockedmailto:fed-talk-bounces+paul.villano=email@hidden>
>>
[mailto:fed-talk-bounces+paul.villano=email@hidden]
<blockedmailto:[mailto:fed-talk-bounces+paul.villano=email@hidden
.com]> On
>> Behalf Of Loftin, Kathy (CONTR)
>> Sent: Monday, October 01, 2012 9:07 AM
>> To: William Cerniuk
>> Cc: email@hidden
<blockedmailto:email@hidden> ; Sullivan, Matthew R CIV (US)
>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into
iPhone/iOS Chat
>> Box
>>
>> We're using the Apple Volume Purchasing Program for now
(on GFEs).
>> If/when we allow BYOD, I imagine we'll probably do the
same. The
>> Service Desk has an Apple ID they use to load and manage
the software.
>> With BYOD, we will need to make sure we can delete any
>> government-purchased apps (thus freeing up the license
for a different user) while not wiping the entire device.
>>
>> We're using Good as our MDM. It lets us set up our own
app store,
>> but since we don't have any internally developed apps at
this time,
>> we aren't using that feature. The Good MDM does let us
see all the
>> installed apps (even outside of the Good sandbox) and I
believe we'll
>> be able to use it for the above-mentioned BYOD issue at
some point,
>> to actually manage them; for now we haven't really
explored that.
>>
>> Just as an FYI, we don't have GFE Androids as yet.
Again, if we start
>> allowing BYOD, I think we'll end up with quite a few of
those.
>>
>> Kathy Loftin, PMP
>> DOE OCIO Tech. Integration and Engineering
>> 301 903 3654
>> Contractor to the Dept. of Energy
>> ActioNet, Inc.
>>
>>
>> -----Original Message-----
>> From: William Cerniuk [mailto:email@hidden]
<blockedmailto:[mailto:email@hidden]>
>> Sent: Monday, October 01, 2012 8:35 AM
>> To: Loftin, Kathy (CONTR)
>> Cc: Mike Pike; Joel Esler; Sullivan, Matthew R CIV (US);
>> email@hidden
<blockedmailto:email@hidden>
>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into
iPhone/iOS Chat
>> Box
>>
>> Great info, thank you.
>>
>> How are you handling software? Has the organization
figured out an
>> efficient way to provide software that the organization
needs users
>> to have on their BYODs?
>>
>> --
>> R/Wm.
>>
>>
>> On Oct 1, 2012, at 8:32 AM, "Loftin, Kathy (CONTR)"
>> <email@hidden
<blockedmailto:email@hidden> > wrote:
>>
>>> We have about 400 GFE iPads - out of an 8000 customer
base in my
>> organization. Lots of people are starting to use them
instead of
>> Blackberries. If we ever start allowing BYOD, I imagine
this number will
>> grow quite a bit.
>>>
>>> Kathy Loftin, PMP
>>> DOE OCIO Tech. Integration and Engineering
>>> 301 903 3654
>>> Contractor to the Dept. of Energy
>>> ActioNet, Inc.
>>>
>>> -----Original Message-----
>>> From:
fed-talk-bounces+kathy.loftin=email@hidden
<blockedmailto:fed-talk-bounces+kathy.loftin=email@hidden>
>>>
[mailto:fed-talk-bounces+kathy.loftin=email@hidden]
<blockedmailto:[mailto:fed-talk-bounces+kathy.loftin=email@hidden.
com]> On
>>> Behalf Of Mike Pike
>>> Sent: Friday, September 28, 2012 12:03 PM
>>> To: Joel Esler
>>> Cc: email@hidden
<blockedmailto:email@hidden> ; Sullivan, Matthew R CIV (US)
>>> Subject: Re: [Fed-Talk] When did Fed-Talk turn into
iPhone/iOS Chat
>>> Box
>>>
>>> If you keep it to just federal equipment iOS will be
almost
>>> eliminated
>> from discussion and the number of macs shrink
exponentially by the month.
>>>
>>> The list will die.
>>>
>>> Here is a federal related question:
>>>
>>> How many people have a government provided iOS device?
I have an
>>> iOS
>> device on government networks but its personally owned.
>>>
>>> Sent from my iPhone 5
>>>
>>> On Sep 28, 2012, at 9:15 AM, Joel Esler
<email@hidden <blockedmailto:email@hidden> > wrote:
>>>
>>>> If it's outside the charter, then it should stop.
>>>>
>>>> I know I've been participating in some of it lately,
and I'll stop.
>> Hopefully people will follow.
>>>>
>>>>
>>>> On Sep 28, 2012, at 10:28 AM, Taylor Armstrong
>> <email@hidden
<blockedmailto:email@hidden> > wrote:
>>>>
>>>>> For what it is worth, I'm 100% in agreement with
Matthew.
>>>>>
>>>>> I'm on multiple mailing lists, forums, etc. This is
where I go to
>>>>> look for things that apply to the Federal workspace,
but at leas
>>>>> 1/2 the traffic in recent months seems to be little
different from
>>>>> the traffic on any number of Apple user forums.
>>>>>
>>>>> Sure, we all need to see/discuss things, but if we're
talking
>>>>> about our personal equipment, etc., then let's talk
about it somewhere else.
>>>>> The signal/noise ration in the FedTalk forum has
gotten worse
>>>>> recently - there are TONS of great resources for
general OS X
>>>>> and/or iOS discussion, but this is one of, if not the
ONLY one
>>>>> that should be dealing specifically with Federal .gov
implications
>>>>> - FISMA, encryption, policies, CIS Benchmarks, etc
etc. Wading
>>>>> through discussions of personal experiences on
non-govermnent
>>>>> owned equipment makes it harder to find the relevant
topics.
>>>>>
>>>>> Just my 1/50th of $1...
>>>>>
>>>>> And yes, I CAN hit delete... but should I have to?
Those topics
>>>>> are outside of the charter of this list.
>>>>>
>>>>> Taylor
>>>>>
>>>>> On Thu, Sep 27, 2012 at 10:40 AM, Villano, Paul Mr CIV
USA TRADOC
>>>>> <email@hidden
<blockedmailto:email@hidden> > wrote:
>>>>>> Exactly, Mr Sullivan. And that is exactly why we need
to be
>>>>>> discussing these things on the list NOW, before a
General Officer
>>>>>> sees the shiny new iThingy and says he wants one for
official
>>>>>> business. These devices and the software they use
are
>>>>>> "disruptive innovation." It's not enough to wait
until they hit
>>>>>> the supply chain. We must know BEFORE then. And the
only way to
>>>>>> tell for ourselves whether the various reports are
true or not
>>>>>> are to use them ourselves before the General gets
one. And the
>>>>>> only way we can do that is to use our own personal
experiences
>>>>>> since the DoD is on the verge of Bring Your Own
Device. (Which is best? Why or why not?
>>>>>> Which provider has provisos we can't use in DoD?
Which is a
>>>>>> better vendor? What are the limitations of the
software, device,
>>>>>> network?)
>>>>>>
>>>>>> The discussions are important not for the moment for
official use
>>>>>> but in the very near future as we advise the command
and protect
>> Soldiers.
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From:
fed-talk-bounces+paul.villano=email@hidden
<blockedmailto:fed-talk-bounces+paul.villano=email@hidden>
>>>>>> [mailto:fed- <blockedmailto:fed->
talk-bounces+paul.villano=email@hidden
>>>>>> ] On Behalf Of Sullivan, Matthew R CIV (US)
>>>>>> Sent: Thursday, September 27, 2012 8:40 AM
>>>>>> To: email@hidden
<blockedmailto:email@hidden>
>>>>>> Subject: [Fed-Talk] When did Fed-Talk turn into
iPhone/iOS Chat
>>>>>> Box
>>>>>>
>>>>>> Isn't Fed-Talk for actual important information like
how to make
>>>>>> things work and support each other with Mac, iOS
issues where
>>>>>> actual FED work is involved. There are hundreds of
other more
>>>>>> appropriate venues to banter about how awesome or
useless the new
>>>>>> iPhone is or how awesome or useless the new iOS Maps
are.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Matthew Sullivan
>>>>>>
>>>>>> _______________________________________________
>>>>>> Do not post admin requests to the list. They will be
ignored.
>>>>>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>>
>>>>>> %
>>>>>> 4
>>>>>> 0
>>>>>> noaa.gov <blockedhttp://noaa.gov/>
>>>>>>
>>>>>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be
ignored.
>>>>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>
>>>>> o
>>>>> m
>>>>>
>>>>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be
ignored.
>>>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>>
>>>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be
ignored.
>>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>>> Help/Unsubscribe/Update your Subscription:
>>>
>
>>> o
>>> e
>>> .gov
>>>
>>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be
ignored.
>>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>>
>>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be
ignored.
>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>> Help/Unsubscribe/Update your Subscription:
>>
r>
>> m
>> y.mil
>>
>> This email sent to email@hidden
<blockedmailto:email@hidden>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be
ignored.
>> Fed-talk mailing list (email@hidden
<blockedmailto:email@hidden> )
>> Help/Unsubscribe/Update your Subscription:
>>
>>
>> This email sent to email@hidden
<blockedmailto:email@hidden>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden