Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Frequently Asked Questions (FAQs) about Safe Mobile Workforce (TMSMW)

    • Updated:
    • 16 Feb 2015
    • Product/Version:
    • Safe Mobile Workforce 1.0
    • Platform:
    • Android 2.3 Gingerbread
    • Android 3.x Honeycomb
    • Android 4.0 Ice Cream Sandwich
    • Android 4.1 Jellybean
    • Android 4.2 Jellybean
    • Android 4.3 Jellybean
    • Android 4.4 KitKat
    • Citrix XenServer 6.0
    • Macintosh iOS 5.x
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 5.1
Summary
This article answers the common questions about TMSMW.
Details
Public

TMSMW hosts mobile operating systems on centralized servers. It makes operating systems accessible over a network through a remote display protocol and a rendering technology.

It clearly separates corporate and personal data in the workspace. The users can access the same mobile environment, including the applications and data, from any location without being tied to a single device. Whereas, the administrators can have a more centralized and efficient workspace, which is easier to manage and maintain.

  • Using a web-based management console

    Administrators can create and facilitate a secured mobile workspace with applications, data, and customized mobile system to their end users. They can remove a user’s entire workspace including all corporate applications and data.

  • Using an Android or iOS device

    A user can remotely access the virtual mobile workspace.

One user can use multiple Android or iOS devices to log on his unique user account. However, Safe Mobile Workforce only hosts one session for one user. Thus, user cannot log on using two (2) or more devices at the same time.

TMSMW client

TMSMW client supports iOS version 4.3 or later and Android version 2.3 or later both on phone and tablet devices.

TMSMW Secure Access

Secure Access is delivered as a Linux-based appliance and is packaged as an ISO file with the following property details:

Processor: 64-bit x86 four-core
Memory: 4GB
Hard disk: 30GB available for installation
Network Interface Card (NIC): One (1) 1GB NIC

TMSMW server

The TMSMW server is delivered as a Linux-based appliance and is packaged as an ISO file with the following property details:

Processor: 64-bit x86 four-core
Memory: 4GB
Hard disk: 30GB available for installation
NIC: Two (2) 1GB NICs

The TMSMW server supports Intel SSSE3 processors for the CPU type, and can be installed on the following platforms:

Bare metal machines:

  • Dell R510
  • Dell R520
  • Dell R710
  • Dell R720
  • Dell R810
  • IBM X3550
  • HP DL380G6

Virtual machines:

  • VMware ESX 4.1
  • VMware ESXi 4.1/5.1/5.5
  • VMware Workstation 9/10
  • VMware Fusion 5/6
  • Windows 2012 Hyper-V
  • Citrix XenServer 6

All other platform versions earlier than the mentioned ones may work in conjunction with TMSMW. However, these versions are not officially tested by TMSMW.

Secure Access load balance

Administrators can put multiple Secure Accesses in intranet and export them through L4 switch device. The client uses a Fully Qualified Domain Name (FQDN) (smw.company.com) and L4 switch device relays the request to one of the Secure Accesses. Thus, the request is transmitted to the server.

Server load balance

Administrators can also deploy multiple TMSMW servers. One of which is the master server and the others are slaver servers.

The TMSMW allocates new user to the server that has the largest available seat number.

Here is the formula to get the available seat number:

Available Seat Number = (Server Capacity) – (Active User number)

Secure Access provides Internet access on mobile clients.

Internet mobile clients use HTTPS to connect to the Secure Access. It receives mobile client enrollment requests and relays them to the TMSMW server. Administrators can open only one (1) IP address and one (1) port number for mobile client access.

To ensure security, both Secure Access and TMSMW server use iptables in controlling their export ports.

Configuring network card for Secure Access

Secure Access can be deployed in Demilitarized Zone (DMZ) or intranet. You only need to configure one (1) NIC if there is a separation between Internet mobile devices and Secure Access. Use L4 switch or other network device to relay the internet traffic to Secure Access.

However, if it is deployed in Bridge Mode, it needs two (2) NICs. One (1) is for the mobile clients to access the Internet and the other is used to connect to the internal TMSMW servers.

Secure Access should be able to connect to the TMSMW server’s eth1 for mobile client access.

Configuring eth1 network card for Secure Access

You can configure eth0 network card during Secure Access installation. If you want to configure eth1 network card, do the following:

  1. Log in to the command console with your Administrator account.
  2. Type the “enable” command to enable the Privileged mode.
  3. Type the “configure network interface ipv4 eth1” command to configure eth1 IP address.

    For example:

    configure network interface ipv4 eth1

You can use System Recovery to rescue your operating system such as change password, repair grub, install or repair system software, fix Linux kernel, and export data when system crashes.

Managing your system

  1. Modify the Basic Input/Output System (BIOS) to let system boot from CD-ROM drives, then insert installation disc and restart the server.
  2. Select System Recovery on the installation UI.
  3. Select the language and keyboard type.
  4. Select the local CD or DVD containing the rescue image.
  5. In the Setup Networking page, select No if you don’t want to change the network card IP.
  6. In the Rescue page, select Continue to mount CD under /mnt/sysimage.
  7. Click OK to mount CD as /mnt/sysimage.
  8. Select Shell Start shell to open command line.

You can use bash command line now depending on what actions to do. You can rescue your system on the mode.

Changing root password

  1. Type the “chroot /mnt/sysimage” command.
  2. Under the shell, input “passwd root” to set new password for root.
  3. Enter the “exit” command to quit the current shell.

Repairing grub

  1. Type the “chroot /mnt/sysimage” command.
  2. Use “fdisk -l” to check the current device.
    In our system, it is “/dev/sda”.
  3. Use the “grub-install /dev/sda” command to repair grub.
  4. Enter the “exit” command to quit the current shell.

Installing/repairing software

  1. Input the “chroot /mnt/sysimage” command.
  2. Create mkdir /mnt/source folder.
  3. Input “mount /dev/dvd /mnt/source” in the created folder.
  4. Use “rpm –ivh /mnt/source/TMSMW/****.rpm” to install rpm package.
  5. Reboot the system to check if the rpm is successfully installed.

Fixing linux kernel

  1. Input the command “mount /dev/dvd mnt/source”.
  2. Use “rpm -ivh /mnt/source/TMSMW/kernel-3.4.0+-1.x86_64.rpm --root=/mnt/sysimage/ -- force”.
    Your kernel will be installed.

Exporting data when the system crashes

  1. Input the “chroot /mnt/sysimage” command.
  2. Configure the IP address for the network card.
  3. To export data, use “scp [options] source dest”.

    For example: “scp –r /home/account/ root@10.64.90.125:/home/”

  1. On the TMSMW server, upload certificate file and private key using winscp tool or other scp tool.

    The location for the certificate file is /etc/pki/tls/certs/ and for the private key is /etc/pki/tls/private/.

  2. Change the /etc/httpd/conf.d/wsgi-vmi.conf configuration file. Replace the corresponding file name with your real file name:

    Certificate file: SSLCertificateFile /etc/pki/tls/certs/xxxx.crt
    Private key: SSLCertificateKeyFile /etc/pki/tls/private/xxxx.key

  3. Restart Apache service using the “service httpd restart” command.

    The new certificate now takes effect.

  1. On the TMSMW server, upload certificate file (p12 format) for Secure Access in /vmi/gateway/ using winscp tool or other scp tool.
  2. Change the /vmi/gateway/configuration.json configuration file. Replace the corresponding file name with your real file name:

    Certificate file: “ssl_cert_file”: “xxxx.p12”

  3. Restart Secure Access using the “service vmigatewayrestart” command.

    The new certificate now takes effect.

Exporting user data from the TMSMW server

  1. Stop the TMSMW server from the web console’s Servers tab.
  2. Log in to the TMSMW server command line console.
  3. Use scp tools to copy the /gluster folder to your computer.
  4. Start the TMSMW server from the web console’s Servers tab.

Importing user data to the TMSMW server

  1. Stop the TMSMW server from the web console’s Servers tab.
  2. Log in to the TMSMW server command line console.
  3. Copy the previously exported /gluster folder to the TMSMW server’s /gluster folder.
  4. Start the TMSMW server from the web console’s Servers tab.

Exporting user data from external storage

  1. Keep external storage connected with the server.
  2. Stop the TMSMW server from the web console’s Servers tab.
  3. Log in to the TMSMW server command line console.
  4. Use scp tool to copy the /gluster folder to your computer.
  5. Start the TMSMW server from the web console’s Servers tab.

Importing user data to external storage

  1. From the web console, click Administration > System Settings.
  2. Enable external storage.
  3. Stop the TMSMW server from the web console’s Servers tab.
  4. Log in to the TMSMW server command line console.
  5. Copy the previously exported /gluster folder to external storage’s /gluster folder.
  6. Start the TMSMW server from the web console’s Servers tab.

UNIA can share server’s storage in all instances with no limitation. Memory is also shared, but 1GB at most for each instance. For CPU, it is shared two (2) cores at most for each instance.

By default, TMSMW uses NAT for workspace network settings. If you change to IP range network settings, you may always see a black screen of workspace. It may be caused by the network card configuration. You need to set it in Promiscuous Mode.

The Promiscuous Mode is already set in bare metal machine. If you use VMware ESX virtual machine, you need to accept Promiscuous Mode and forged transmits your network label.

If you are not sure which network label you should set, right-click TMSMW server and click Edit Setting tab. Look for the network label name on the Network adapter.

You can download mobile applications from Google Play and Apple App Store. If your device does not have Google Play, you can download from the server side and Secure Access:

For the server side, use the http://IP address.

For Secure Access, do the following:

  1. Enable http from the configuration.
    1. Log in to the Secure Access command console.
    2. Change the “http_port” line to “http_port:80” in the /vmi/gateway/configuration.json file.
    3. Save the file.
    4. Restart the service with the “service vmigateway restart” command.
  2. Use this IP address: http://<secureAccess>.

TMSMW only supports online mode. All the data and applications should run on hosted servers not on local devices.

When mobile client encountered network disconnection, TMSMW will try to reconnect once. If it fails to reconnect, “Do you want to reconnect?” alert will appear. Click OK to reconnect and click Cancel to log off.

You can connect back to the TMSMW server in the office by:

  • Using Virtual Private Network (VPN) to connect to the server
  • Directly connecting to Secure Access of TMSMW

All the connections between the mobile clients and Secure Access are using Secure Socket Layer (SSL).

Users cannot install or remove applications by themselves in a workspace. The applications can only be distributed to users by an administrator through profile.

Workspace supports the following kinds of input method:

  • Sample Soft Keyboard – This inside input method is the default method used.
  • My Soft Keyboard – This uses a device input method to input inside workspace. This can sync your device language and locale.

You can switch between My Soft Keyboard and Sample Soft Keyboard.

The administrator can turn off all users’ My Soft Keyboard by doing the following:

  1. Change “VIME_ENABLE = False” in /vmi/manager/web_console/settings.py and save the changes.
  2. Remove setting.pyc and setting.pyo in same folder.
  3. Run the following commands:

    service vmiengine restartservice httpd restart

  4. Change all the profiles which have been deployed to users (e.g., change wallpaper).

Optimize the remote access protocol. For both iOS and Android devices, adjust Remote Mobile eXperience (RMX) protocol. RMX can switch different encoding algorithms according to network conditions and hardware profile of client device.

Each user must set a lock screen Pattern/PIN/Password for his workspace.

The administrator can do the following when a user forgets the password:

  1. Log on to the TMSMW web console.
  2. Open the Users tab and select the user.
  3. Find Clear workspace screen lock and then click Clear.

The following features are supported in TMSMW:

  • Bluetooth (Support for bluetooth depends on wireless module and wireless connections, which are hosted on the enterprise servers and not included in the workspace.)
  • Global Positioning System (GPS)

Audio, Video, and Camera features are to be supported in the next major version.

TMSMW workspace has no phone module imbedded in it. Thus, call and SMS are not supported. User can trigger a phone call from workspace, but through the real device’s call functional module.

To call from workspace:

  1. Click the contact number in the workspace.
  2. Call it using the real device.

In version 1.0, copy/paste of data between real device and virtual workspace is restricted. For the future versions, copy/paste from real device to virtual workspace configuration will be included. However, copy/paste from virtual workspace to real device will always be disallowed to assure security.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1102758
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.