Versions Compared

Old Version 4

changes.mady.by.user Rick Kingslan

Saved on

compared with

New Version 5

changes.mady.by.user Rick Kingslan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

User's Guide
EZ Unified Device Manager Pro
Provided by Event Zero






The information contained in this document represents the current view of Event Zero on the software discussed as of the date of publication and is subject to change at any time without notice to you. This document and its contents are provided AS IS without warranty of any kind, and should not be interpreted as an offer or commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented. EVENT ZERO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
The descriptions of other companies' products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Event Zero. Event Zero cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers.
All trademarks are the property of their respective companies.
©2017 Event Zero. All rights reserved.
Event Zero is either registered trademarks or trademarks of Event Zero Pty Ltd. in Australia and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

...

EZ UDM Pro is the visual configuration and management component of the infrastructure. The provisioning bridge resides locally on your network, close to the phone devices that EZ UDM Pro manages. Provisioning bridges put the software images and resource files on your local network instead of at the application's local storage, dramatically speeding up the provisioning of your phone devices.
EZ UDM Pro is cloud-based or on-premises, and provisioning bridges will always be on-premises. Load balancers – hardware or software-based – are used to ensure end-to-end encryption of the communications path, high availability, and to distribute the content consistently to all bridges.
The following sections of this guide provides information provide information and detail on how to use the application. Installation information is contained in the Installation Guide.Need link and location for the Installation Guide.

...

Unapproved Devices is the opposite of Approved Devices. The number represents phone devices that not yet approved. Clicking the number takes you to the Unapproved Devices sub-menu, described later under Unapproved Devices. This panel is only visible when you have devices that are not yet approved.

  • Provisioning Bridges

The number of Provisioning Bridges requesting association with EZ UDM Pro. Clicking the number takes you to the Bridges sub-menu, described later under Bridges.

...

In applications and in computing in general, everything is comprised of data. Data could be described as attributes with values applied. It might seem simplistic, but at a high level, you could describe a column or row in a database this way. And, you could describe the operation of a processor using assembly language, machine language (the binary, not the technology), or any language much the same way. Remember, this is high level and probably doesn't hold up well once you get into the implementation details. Regardless, it will work for this discussion of tag concepts.

Tags Modify Behavior

If you have a background in Microsoft's Group Policy for Active Directory, this may seem too simple to believe. It's like the way that Group Policy is applied and what a resultant set of policy is.
For those that don't have a background or familiarity with Group Policy, or if you just need a refresher, Group Policy operates like this.

Group Policy Refresher

In an Active Directory domain environment, there is a policy called the Default Domain Policy that applies to most (we'll discuss just User and Computer objects for the sake of clarity) objects. The Default Domain Policy sets attributes and values (settings) for those attributes. The policy is then applied to all objects. For example, let's assume that your domain is called contoso.com. In Group Policy Management (the management tool in Windows Server for Group Policy configuration) opening the domain contoso.com shows one policy by default – the Default Domain Policy.
Right-clicking on the Default Domain Policy and selecting Edit opens the Group Policy Management Editor. Using this tool, one can view and modify the Default Domain Policy.

Note! Just for clarity – Microsoft strongly recommends NEVER editing or changing the values of the Default Domain Policy. If you need to change a setting or behavior enforced by the Default Domain Policy, create a new policy that will override the setting in the Default Domain Policy. We're getting ahead of ourselves. Just don't modify the Default Domain Policy if you can avoid it.

In the Group Policy Management Editor note that there are two main nodes – Computer and User. These are the primary object classes that the Group Policy Management Editor can edit. If you were to expand User Configuration > Policies > Administrative Templates, there are a number of sub-nodes. Of these sub-nodes is Desktop, then Desktop. We are going to look at attributes that correlate directly to phone devices and computers – Wallpaper (for the Windows desktop), or a background image (for the phone device.)

By default, the Default Domain Policy contains the attribute "Desktop Wallpaper", and the purpose of the attribute and associated setting is to apply a desktop wallpaper file to each user, and by inference, the computer the user logs onto. The distinction is important; the attribute - because it applies to the user – will apply to any computer that the user logs onto. If the attribute was at the Computer level, it would apply to all Computers that are a part of the domain that this policy applies to. (As a side note, there is no companion attribute at the Computer level. A wallpaper can be applied at the computer level, but it's a less efficient and more complex task and does not gain any additional benefit for the required task.)

The default setting for most attributes in the Default Domain Policy is "Not Configured." Essentially, this setting is ignored because until there is a setting, it's just additional processing by the Group Policy engine that would need to take place. The other options are "Enabled", meaning read and apply the settings in the policy, or "Disabled" meaning that even if there is a setting, do not apply it. This will become important shortly.

Let's assume that we Enable the attribute "Desktop Wallpaper" and set a path to the file \\nas01.contoso.com\assets\company_logo.jpg. We commit this setting. The next time a user logs in, the policy is read, and this attribute changes the desktop wallpaper to the company_logo.jpg. We've set a baseline configuration for all users across the company to use a standard logo for their desktop wallpaper.

Because Contoso is an international company, each country has the permission to personalize the logo in accordance with their country's affinity. Changes are made to the company_logo.jpg by other country branches. Germany, for example, changes the wallpaper to put the logo over the German flag. The German Active Directory (AD) administrator creates a new Group Policy Object (GPO) and places the new GPO into the DE Organizational Unit (OU). The subtle change – setting the same attribute Desktop Wallpaper to \\nas01.de.contoso.com\assets\company_logo_DE.jpg - applies the German-specific company logo desktop wallpaper for users only in the DE OU.

One further change is made. The Sales group petitions for and receives special permission to modify the logo to add their main customer, Tail Spin Toys, logo to the German logo. The new Wallpaper needs to apply to just the Users in the Sales OU in the DE OU. The AD Administrator creates a new GPO and links it to the Sales OU in the DE OU, modifying the attribute Desktop Wallpaper \\nas01.de.contoso.com\assets\company_logo_DE_Sales.jpg. When the users in the Sales OU log in, the desktop wallpaper with the German flag and the company logo, plus the Tail Spin Toys logo, is displayed.

For some who have a passing knowledge of AD and GPO, you might think that creating a Site linked GPO for Germany (assuming, as would be good practice, Germany is defined as a Site) would work. Precedence of GPO policy application potentially works against you here. GPO is applied in the following order: Local System, Site, Domain, then OU, where the policy on the Local System policy is applied first, and then over-written by policy settings that conflict at the Site GPO, then the Domain GPO and finally the OU GPO. If the German logo was applied at the Site level, it would be over-written by the contoso.com Domain-level policy for the "All Company" logo wallpaper.

(There are mitigations and ways to get around the issue outlined with the Site vs. Domain setting. But, it's unimportant to our overall theme on Tags.)

That's it for the Group Policy 101 refresher. Let's look at how tags work in a similar manner to apply settings to your devices.(I'll fill this in with some example that doesn't offend AD and GPO critics or noobs... It was met with such a warm reception.  Something that tends to introduce how tags do what they do. Maybe I'll use legos, or cars, or perhaps Russian stacking dolls.)

Tag Application and Precedence

...

(Lots more on Tags to come… Adding Tags looks to be misbehaving at the moment. New note: Nope - I'm just not in tune with the fact that we just now create a tag for nearly anything and everything, making tags an automatic, and not really controllable, enforcement.)

Device Profiles

In Device Profiles, you create new device profiles, and profiles and manage existing ones. Device profiles are a collection of attributes that will apply to the devices that this profile is a member of. Assigning a tag to the device profile associates the device profile with a defined set of devices.
For example, you have a location in France that requires that the French flag is displayed. A resource file for an image of the French flag is available in Resources. You configure the device profile to use the image file and apply it to all phones that meet the criteria. The criteria, in this case, is that the devices are part of a tag group France Office. Adding the XML attributes to use the image file and apply it to the device, plus using the tag France Office applies the French flag as the image displayed on the devices in the France Office.
Note! For assigning a device profile to a tag, see the section Tags. The device profile must exist prior to assigning it to a given tag.

...

  1. On the sidebar, click Software
  2. On the right side of the Software page, click Add
  3. On the Upload Software dialog, you have a couple options to upload the software package to EZ UDM Pro
    1. From your computer in a file browser, select the software package to upload, drag and drop it into the dropzone
    2. Click in the dropzone area, and from the resulting file explorer, select the package that you want to upload, then click Open
  4. Note that there is a progress bar indicating that the file is uploading. When the file is uploaded, a notification is displayed at the bottom of the page indicating All files uploaded. Click Dismiss on the notification
  5. If you have more software to upload, repeat Steps 3 and 4. If you are done adding software, click Software in the sidebar and confirm that the software is either in the Processing or Processed state.

Note! If there was a problem in processing, the status of the software will be Error. See the Appendix for information and steps to resolve the Error statusAdd FAQ or TS steps/article for Error status in Processing/Processed.

  1. The software is ready to use when the status is Processed

...

A function of good management is to delete items that you no longer need. When the last device that is using a given software and is upgraded to a newer or different software the software can be safely deleted.
Note! Deleting software that is in use by devices deletes all references and the source files for the software from EZ UDM Pro. Devices will continue to operate normally. However, you cannot deploy the deleted version of software to other devices without uploading the package into EZ UDM Pro. Due to all references to the software being removed, the software deployed to devices that was deleted
To delete a software package, do the following:

...