CN106031128A - Providing mobile device management functionalities - Google Patents
Providing mobile device management functionalities Download PDFInfo
- Publication number
- CN106031128A CN106031128A CN201380082058.9A CN201380082058A CN106031128A CN 106031128 A CN106031128 A CN 106031128A CN 201380082058 A CN201380082058 A CN 201380082058A CN 106031128 A CN106031128 A CN 106031128A
- Authority
- CN
- China
- Prior art keywords
- pseudo
- service provider
- mdm service
- subscriber equipment
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/54—Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/59—Providing operational support to end devices by off-loading in the network or by emulation, e.g. when they are unavailable
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/50—Service provisioning or reconfiguring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0866—Checking the configuration
- H04L41/0869—Validating the configuration within one network element
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Human Computer Interaction (AREA)
- Telephonic Communication Services (AREA)
Abstract
Methods, systems, computer-readable media, and apparatuses for providing mobile device management (MDM) functionalities are presented. In some embodiments, a pseudo device representative of a physical end user device may be established within a cloud computing environment. The pseudo device may be provisioned for use with MDM service providers and configured to receive commands from the MDM service providers on behalf of the physical end user device. In some embodiments, multiple pseudo devices each representative of a physical end user device may be established within a cloud computing environment. A first pseudo device may be provisioned for use with a first MDM service provider and configured to receive commands from the first MDM service provider on behalf of the physical end user device. A second pseudo device may be provisioned for use with a second MDM service provider and configured to receive commands from the second MDM service provider.
Description
Background
The each side of the disclosure relates to computer hardware and software.Specifically, or many of the disclosure
Individual aspect relates generally to computer hardware and software for providing mobile device management function.
Company and other tissue are supplied to their employee and other mobile device of working together more and more
And/or otherwise make their employee and other colleague enable mobile device, such as smart phone,
Tablet PC and other mobile computing device.Owing to these equipment persistently become increasingly popular and provide more
Carrying out the most functions, therefore many tissues may want to how can using these equipment, these set
For being able to access that how what resource and the application run on devices can be with other resources
Interact and carry out some and control.
General introduction
Various aspects of the disclosure provides more effective, actual, functionalization and convenient mode to come permissible
Mobile device, mobile device how is used to be able to access that what resource and run on devices
How application and other software can be controlled with other resource alternately.Specifically, the most detailed
In the thin one or more embodiments discussed, mobile device management function in several different ways by
Dispose, realize and/or use providing these and/or one or more advantages of further advantage.
In some embodiments, pseudo-device can be set up in cloud computing environment.Pseudo-device can generation
Table physical terminal subscriber equipment.Pseudo-device can be supplied for one or more mobile device managements
(MDM) service provider is used together.Pseudo-device can be configured to represent physical terminal user
Equipment receives the one or more orders from one or more MDM service providers.
In some embodiments, multiple pseudo-device can be set up in cloud computing environment.Each puppet sets
For representing physical terminal subscriber equipment.First pseudo-device can be supplied for a MDM
Service provider is used together.Second pseudo-device can be supplied for providing with the 2nd MDM service
Business is used together.First pseudo-device can be configured to represent physical terminal subscriber equipment and receive from the
The order of one MDM service provider.Second pseudo-device can be configured to represent physical terminal user
Equipment receives the order from the 2nd MDM service provider.
These features are discussed in greater detail below together with many further features.
Accompanying drawing is sketched
The disclosure illustrates in an illustrative manner and is not limited to accompanying drawing, in the accompanying drawings, and similar ginseng
Examine and number the element that instruction is similar, and wherein:
Fig. 1 depict can according to one or more illustrative aspects described herein use illustrative
Computer system architecture.
Fig. 2 depict can according to one or more illustrative aspects described herein use illustrative
Remote access system framework.
Fig. 3 depict can according to one or more illustrative aspects described herein use illustrative
Virtualization (Hypervisor) system architecture.
Fig. 4 depict can according to one or more illustrative aspects described herein use illustrative
System architecture based on cloud.
Fig. 5 depicts illustrative enterprise mobility management system.
Fig. 6 depicts another illustrative enterprise mobility management system.
Fig. 7 depict can according to one or more illustrative aspects described herein use another
Illustrative Enterprise Mobile management system.
Fig. 8 depicts another that can use according to one or more illustrative aspects described herein
Individual illustrative Enterprise Mobile management system.
Fig. 9 depicts and illustrates via pseudo-device according to one or more illustrative aspects discussed in this article
One or more mobile device management strategies are applied to the flow process of the method for physical terminal subscriber equipment
Figure.
Figure 10 depicts and illustrates according to one or more illustrative aspects discussed in this article and supplied use
Stream in the method for the pseudo-device being used together with one or more mobile device management service providers
Cheng Tu.
Figure 11 depict according to one or more illustrative aspect discussed herein illustrate in response to from
The flow chart of the method for the order of mobile device management service provider.
Figure 12 depicts and illustrates number of resources according to one or more illustrative aspects discussed in this article
Flow chart according to the method being pushed to physical terminal subscriber equipment.
Figure 13 depicts and illustrates that amendment puppet sets according to one or more illustrative aspects discussed in this article
The flow chart of the method for the order at standby place.
Figure 14 depicts and illustrates that application selects according to one or more illustrative aspects discussed in this article
Property erasing order the flow chart of method.
Figure 15 depicts and illustrates information portion according to one or more illustrative aspects discussed in this article
Be deployed to physical terminal subscriber equipment and from physical terminal subscriber equipment the flow process of the method for revocation information
Figure.
Figure 16 depicts and illustrates that solution is not according to one or more illustrative aspects discussed in this article
The flow chart of the method for the conflict between the strategy of same mobile device management service provider.
Describe in detail
In the following description of each embodiment, with reference to identified above and its form herein
The accompanying drawing of part, and wherein by the way of explanation, show each embodiment, retouch the most herein
The each side stated can be put into practice.It should be appreciated that other embodiment can be used, and can
To make structural and functional amendment without departing from scope described herein.Various aspects can
It is other embodiment and can be practiced or carried out in a variety of ways.
As the general introduction to the theme described in greater detail below, aspects described herein for
Managed Mobile solution is used to control the resource at enterprise computing system at mobile computing device
Remote access.Access manager can perform to determine the Mobile solution asking the access to ERM
Self whether it is accurately identified and the most not follow-up after being arranged on mobile computing device
The proof procedure being changed.By this way, access manager may insure that ERM is visited by request
The Mobile solution asked can be trusted and be not intended to the safety evaded for protecting those ERMs
Mechanism.Therefore, the individuality being associated with enterprise can advantageously make at their individual mobile device
Use ERM.
It should be appreciated that phraseology and terminology employed herein is for purposes of description, and should not
When being viewed as a limitation.On the contrary, the explanation that phrase used herein and term are broadest by being presented them
And implication." include (including) " and " comprising (comprising) " and modification thereof make purpose
Comprising the item listed thereafter and its equivalent and its additional item and equivalent.Term " is installed
", " connection ", " coupling ", " location ", " joint " and similar terms make purpose
Including installation directly or indirectly, connecting, couple, position and engage both.
Computing architecture
Computer software, hardware and network can be used, wherein in various different system environmentss
Various different system environmentss include that independent, networking, remote access (is named again inter alia
Do remote desktop), virtualized and/or based on cloud environment.Fig. 1 shows and may be used in independence
And/or the environment of networking realizes the system architecture of one or more illustrative aspect described herein
An example with data handling equipment.Each network node 103,105,107 and 109 can be through
Interconnected by wide area network (WAN) 101 (such as the Internet).It is also possible to use or optionally use it
Its network, including privately owned Intranet, corporate networks, LAN (LAN), Metropolitan Area Network (MAN) (MAN),
Wireless network, personal network (PAN) etc..Purpose that network 101 illustrates that and can using
Less or additional computer network replaces.LAN can have in any of LAN topology
One or more, and can use in multiple different agreement one or more, such as Ethernet.
Equipment 103,105,107,109 and miscellaneous equipment (not shown) can be via twisted-pair feeders, coaxial
It is one or more that cable, optical fiber, radio wave or other communication media are connected in network.
The term " network " described as used herein and in the accompanying drawings refers not only to its medium-long range
The system that storage device is coupled together via one or more communication paths, but also refer to can
To be frequently coupled to the independent equipment with such system of storage capacity.Therefore, term " net
Network " not only include " physical network ", also include " content network ", it is by being positioned at whole physical network
On belong to single entity data composition.
Assembly can include data server 103, the webserver 105 and client computer 107,
109.Data server 103 provides always the accessing, control and manage and for performing basis of data base
The control software of the one or more illustrative aspect that literary composition describes.Data server 103 may be coupled to
The webserver 105, user is as desired by the webserver 105 and data interaction and acquisition number
According to.Alternatively, data server 103 can serve as the webserver itself and can be directly connected to
To the Internet.Data server 103 can by network 101 (such as the Internet) via directly or
It is indirectly connected with or is connected to the webserver 105 via some other networks.User can use remotely
Computer 107,109 is mutual, such as via by the webserver 105 with data server 103
The website of one or more exposures of trustship is connected to the web browser of data server 103.Client
End computer 107,109 can be with data server 103 with the use of the number wherein stored with access
According to or may be used for other purpose.Such as, can be as known in the art from client device 107 user
Use Internet-browser or upper with network clothes by performing at computer network (such as the Internet)
The software application that business device 105 and/or data server 103 communicate is to access the webserver 105.
Server and application can be combined on identical physical machine and keep independent virtual
Or logical address, or may reside within independent physical machine.Fig. 1 illustrate only and can use
An example of the network architecture, and it will be appreciated by those skilled in the art that used spy
The fixed network architecture and data handling equipment can change, and the function provided for them is secondary
, as further described herein.Such as, the webserver 105 and data server 103 carry
The service of confession can be combined on a single server.
Each assembly 103,105,107,109 can be any kind of known computer, clothes
Business device or data handling equipment.Data server 103 such as can include speed control server 103
The processor 111 of integrated operation.Data server 103 can also include RAM 113, ROM 115,
Network interface 117, input/output interface 119 (such as, keyboard, mouse, display, printer
Deng) and memorizer 121.I/O 119 can include for reading, write, show and/or printing number
According to or the various interface units of file and equipment.Memorizer 121 also can store for controlling data process
The operating system software 123 of the integrated operation of equipment 103, it is used for indicating data server 103 to perform
The control logic 125 of aspects described herein and auxiliary is provided, supports and/or other can be used for
Maybe can be not used in other application software 127 of the function being used in combination with aspects described herein.Control
Logic is also referred to as data server software 125 herein.The function of data server software can
That the rule controlling logic is carried out automatically, by providing input in system to refer to based on being encoded into
The operation that manually carries out of user and decision and/or input (such as inquiry, data renewal etc.) based on user
The combination automatically processed.
Memorizer 121 can also be stored in the number used when performing one or more aspect described herein
According to, including the first data base 129 and the second data base 131.In some embodiments, the first number
The second data base (such as, as single form, report etc.) can be included according to storehouse.It is to say,
Designing according to system, information can be stored in individual data storehouse, or be separated into different logic,
Virtual or physical database.Equipment 105,107,109 can have and describes with about equipment 103
The similar or different framework of framework.It will be appreciated by those skilled in the art that as described herein
The function of data handling equipment 103 (or equipment 105,107,109) can spread all at multiple data
Reason equipment, such as to cross over multiple computer distribution process load, with based on geographical position, Yong Hufang
Ask that rank, service quality (QoS) etc. carry out separating work.
One or more aspects can be embodied in by one or more computers as described herein or its
The such as computer in one or more program modules that its equipment performs can with or readable data and/
Or in computer executable instructions.Generally, program module includes when by computer or miscellaneous equipment
Processor perform time perform specific task or realize the routine of specific abstract data type, program,
Object, assembly, data structure etc..This module useful source code programming language is write, and it is compiled subsequently
Translate for execution, or Available scripts language write, such as (but not limited to) Javascript or
ActionScript.Computer executable instructions can be stored in computer-readable medium (the most non-easily
The property lost storage device) on.Any suitable computer-readable recording medium can be used, including hard disk,
CD-ROM, optical storage apparatus, magnetic storage apparatus and/or its any combination.Additionally, represent such as
Various transmission (non-memory) medium of data described herein or event can be to be situated between by signal conduction
Matter (such as, metal wire, optical fiber) and/or wireless transmission medium (such as, air and/or space)
The form of the electromagnetic wave propagated is transmitted between a source and a destination.Various aspects described herein can be with body
It is now method, data handling system or computer program.Therefore, each function can all or
Partly it is embodied in software, firmware and/or hardware or hardware equivalents, such as, integrated circuit, existing
Field programmable gate array (FPGA) etc..Specific data structure may be used for more effectively realizing this
One or more aspects that literary composition describes, and such data structure is expected at calculating described herein
Within the scope of machine executable instruction and computer data available.
With further reference to Fig. 2, one or more aspects described herein can be in remote access environment
Realize.Fig. 2 depicts showing of the universal computing device 201 that is included in illustrative computing environment 200
Example system architecture, it can use according to one or more illustrative aspects described herein.General
Calculating equipment 201 can serve as being configured to supply the list clothes of the virtual machine for client access device
Server in business device or multiserver desktop virtual system (such as, remote access or cloud system)
206a.Universal computing device 201 can have the processor 203 of the integrated operation for controlling server
And associated component, including random access storage device (RAM) 205, read only memory (ROM)
207, input/output (I/O) module 209 and memorizer 215.
I/O module 209 can include mouse, keyboard, touch screen, scanner, optical reader and/
Or contact pilotage (or other input equipment), the user of universal computing device 201 can provide defeated by it
Enter, and could be included for provide audio frequency output speaker and for provide text, audiovisual and
/ or the video display apparatus of images outputting in one or more.Software can be stored in memorizer
215 and/or other bin in to processor 203 provide instruction for by universal computing device
201 are configured to dedicated computing equipment to perform various function as described herein.Such as, memorizer
215 can store the software used by calculating equipment 201, such as, operating system 217, application journey
Sequence 219 and the data base 221 being associated.
Calculating equipment 201 can support such as terminal 240 (also referred to as client device)
The networked environment of the connection of one or more remote computers operates.Terminal 240 can be individual's meter
Calculation machine, mobile device, laptop computer, panel computer or include setting above with respect to general-purpose computations
A lot of or whole server in standby 103 or 201 elements described.The network described in fig. 2
Connect and include LAN (LAN) 225 and wide area network (WAN) 229, it is also possible to include it
His network.When using in lan network environment, calculating equipment 201 can pass through network interface
Or adapter 223 is connected to LAN 225.When using in WAN network environment, calculate equipment
201 can include modem 227 or in such as computer network 230 (such as, interconnection
Net) WAN 229 on set up other Wide Area Network interface of communication.It will be appreciated that shown
It is illustrative that network connects, and can use other dress setting up communication link between the computers
Put.Calculating equipment 201 and/or terminal 240 can also is that mobile terminal (such as, mobile phone, intelligence
Can phone, PDA, notebook computer etc.), it includes other assembly various, such as battery, raises
Sound device and antenna (not shown).
Aspects described herein can also utilize other universal or special computing system environment numerous or join
Put and operate.Other calculating system of may be adapted to be used together with aspects described herein, environment and
/ or configuration example include but not limited to personal computer, server computer, handheld device or above-knee
Type equipment, multicomputer system, system based on microprocessor, Set Top Box, programmable-consumer electricity
Sub-product, network PC, minicomputer, mainframe computer, include in system above or equipment appoint
Distributed computing environment of one etc..
As shown in Figure 2, one or more client devices 240 can be with one or more servers
206a-206n (being commonly referred to " server 206 " in this article) communicates.An embodiment party
In case, computing environment 200 can include being arranged between server 206 and client machine 240
The network equipment.The network equipment can connect with managing customer end/server, and the most permissible
Between multiple back-end servers 206, client is connected and carry out load balancing.
In some embodiments, client machine 240 can be referred to as single client machine 240
Or single group of client machine 240, server 206 can be referred to as individual server 206 simultaneously
Or single group of server 206.In one embodiment, single client machine 240 be more than
One server 206 communicates, but in another embodiment, individual server 206 with
More than one client machine 240 communicates.In still another embodiment, single client machines
Device 240 communicates with individual server 206.
In some embodiments, client machine 240 can be by appointing in following non exhaustive term
What quote for one: (multiple) client machine;(multiple) client;(multiple) client meter
Calculation machine;(multiple) client device;(multiple) client computing device;Local machine;Remote machine
Device;(multiple) client node;(multiple) end points;Or (multiple) endpoint node.Real at some
Executing in scheme, server 206 can be quoted by any one in following non exhaustive term: (many
Individual) server;Local machine;Remote machine;(multiple) server zone or (multiple) host computer
Equipment.
In one embodiment, client machine 240 can be virtual machine.Virtual machine can be to appoint
What virtual machine, and in some embodiments, virtual machine can be by 1 type or 2 type Hypervisors
(such as, by thinking outstanding system, the Hypervisor of IBM, VMware exploitation) or any other surpass
Any virtual machine of level overseer's management.In certain aspects, virtual machine can be managed by Hypervisor
Reason, and in certain aspects, virtual machine can by the Hypervisor performed on server 206 or
The Hypervisor performed in client 240 manages.
Some embodiments include showing by long-range on the machine of server 206 or other long range positioning
Perform the client device 240 of the application output that ground application is generated.In these enforcement cases, client
End equipment 240 can perform virtual-machine client Agent or application, with application window, browser,
Or other output window shows output.In one example, application is desktop, and in other example
In, application is the application generating or presenting desktop.Desktop can be included as the example of operating system to be provided
The figure shell of user interface, the most locally and/or remotely application can be integrated.As used herein should
With being to have performed after the example of operating system (and, alternatively, also have desktop) has been loaded
Program.
In some embodiments, server 206 uses long-range presentation protocol or other program to send
Data to thin-client or the remotely display application that performs on the client to present by server 206
The display output that the application of upper execution generates.Thin-client or remote display protocol can be agreement with
Any one in lower non-exhaustive listing: by the Si Jie system house of the Fort Lauderdale of Florida State
Independent computing architecture (ICA) agreement of exploitation;Or the Microsoft by the Redmond of the State of Washington
The RDP (RDP) manufactured.
Remote computing environment can comprise more than a server 206a-206n so that server
206a-206n is such as logically grouped together in cloud computing environment becomes bundle of services 206.Clothes
Business device group 206 can be included in and be geographically spread out but and the server that is logically grouped together
The server 206 that 206 or close to each other location are logically grouped together simultaneously.Implement at some
In scheme, the server 206a-206n being geographically spread out in server zone 206 can use
WAN (wide area), MAN (metropolitan area) or LAN (local) communicate, the most different geography
Region can be characterized as being: different continents;The zones of different in continent;Different countries;Different states;
Different cities;Different gardens;Different rooms;Or any combination in aforementioned geographical position.?
In some embodiments, server zone 206 can manage as single entity, and implements at other
In scheme, server zone 206 can include multiple server zone.
In some embodiments, server zone can include performing the operation system substantially like type
System platform (such as, WINDOWS, UNIX, LINUX, iOS, ANDROID, SYMBIAN
Etc.) server 206.In other embodiments, server zone 206 can include performing
One or more servers of first group of the operating system platform of one type and execution Second Type
One or more servers of second group of operating system platform.
Server 206 can be configured to any kind of server (such as, file clothes as required
Business device, application server, the webserver, proxy server, equipment, the network equipment, gateway,
Application gateway, gateway server, virtualized server, deployment server, SSL vpn server,
Fire wall, the webserver, application server) or it is configured to master application server, execution activity
The server of catalogue or execution provide the application of firewall functionality, application function or load-balancing function to add
The server of speed program.Other type of server can also be used.
Some embodiments include first server 206a, and it receives asking from client machine 240
Ask, forward request to second server 206b and ring with the response from second server 206b
The request that Ying Yu is generated by client machine 240.First server 206a can obtain and can be used for client
Enumerating and the application service of the application enumerating interior identification with hosts applications of the application of terminal device 240
The address information that device 206 is associated.It is right that then first server 206a can use network interface to present
The response of the request of client, and directly communicate to carry to client 240 with client 240
For the access to the application identified.One or more clients 240 and/or one or more server
206 can transmit data by network 230 (such as, network 101).
Fig. 2 illustrates the high level architecture of illustrative desktop virtual system.As shown, desktop is empty
Planization system can be Single-Server or multi-server system or cloud system, and it includes being configured to void
Plan desktop and/or virtual application provide at least one of one or more client access device 240
Virtualized server 206.As used herein, to refer to wherein one or more application permissible for desktop
In trust and/or perform graphics environment or space.Desktop can be included as the example of operating system to be provided
The figure shell of user interface, the most locally and/or remotely application can be integrated.Application can be included in
The program that the example of operating system (and, alternatively, also have desktop) has performed after being loaded.
Each example of operating system can be physics (such as, one operating system of each equipment) or void
(such as, the many examples of operation OS on a single device) intended.Each application can be in this locality
Perform on equipment or perform (such as, long-range) on the equipment of long range positioning.
With further reference to Fig. 3, at virtualized environment (such as, computer equipment 301 can be configured to
Single-Server, multiserver or cloud computing environment) in virtualized server.Figure 3 illustrates
Virtualized server 301 can be deployed as one or more realities of the server 206 shown in Fig. 2
Execute scheme or calculating equipment known to other and/or by one or many of the server 206 shown in Fig. 2
Individual embodiment or the equipment that calculates known to other realize.It is included in virtualized server 301
Be hardware layer, this hardware layer can include one or more physical disk 304, one or more thing
Reason equipment 306, one or more concurrent physical processor 308 and one or more physical storage 316.
In some embodiments, the memory element during firmware 312 can be stored in physical storage 316
Within and can be performed by one or more in concurrent physical processor 308.Virtualized server 301
Can also include operating system 314, it can be stored in the memory element in physical storage 316
In and performed by one or more in concurrent physical processor 308.Further, Hypervisor
302 can be stored in the memory element in physical storage 316 and can be by concurrent physical processor
One or more in 308 perform.
Performing on one or more in concurrent physical processor 308 can be one or more virtual machine
332A-C (usually 332).Each virtual machine 332 can have virtual disk 326A-C and virtual
Processor 328A-C.In some embodiments, the first virtual machine 332A can use virtual process
Device 328A performs to include the control program 320 of instrument storehouse 324.Control program 320 can be claimed
For controlling virtual machine, Dom0, Domain 0 or being used for system administration and/or other virtual machine of control.
In some embodiments, one or more virtual machine 332B-C can use virtual processor
328B-C performs client operating system 330A-B.
Virtualized server 301 can include having communicated with virtualized server 301 or many
The hardware layer 310 of the hardware of individual block.In some embodiments, hardware layer 310 can include one
Or multiple physical disk 304, one or more physical equipment 306, one or more concurrent physical processor
308 and one or more memorizer 216.Physical assemblies 304,306,308 and 316 can include
Such as in assembly described above any one.Physical equipment 306 can include such as network interface
Card, video card, keyboard, mouse, input equipment, watch-dog, display device, speaker, CD-ROM drive,
The connection of storage facilities, USB (universal serial bus), printer, scanner, network element (such as, route
Device, fire wall, network address translater, load equalizer, VPN (virtual private network) (VPN) gateway,
DHCP (DHCP) router etc.) or be connected to virtualized server 301 or
Any equipment communicated with virtualized server 301.Physical storage in hardware layer 310
316 can include any kind of memorizer.Physical storage 316 can store data, and
In some embodiments, one or more program or one group of executable instruction can be stored.Fig. 3 illustrates
Enforcement within wherein firmware 312 is stored in the physical storage 316 of virtualized server 301
Scheme.It is stored in the program in physical storage 316 or executable instruction can be by virtualization services
One or more processors 308 of device 301 perform.
Virtualized server 301 can also include Hypervisor 302.In some embodiments,
Hypervisor 302 can be to be performed to create by the processor 308 on virtualized server 301
With the program managing any amount of virtual machine 332.Hypervisor 302 can be referred to as virtual machine
Watch-dog or platform virtualization software.In some embodiments, Hypervisor 302 can be can
Perform instruction and monitoring any combination of the hardware of the virtual machine of execution on computing machine.Super supervision
Person 302 can be 2 type Hypervisors, the Hypervisor wherein performed in operating system 314
Virtualized server 301 performs.Then virtual machine performs in the level higher than Hypervisor.
In some embodiments, 2 type Hypervisors perform in the environment of the operating system of user, make
The operating system of 2 type Hypervisors and user interacts.In other embodiments, in void
One or more virtualized servers 201 in planization environment can include 1 type Hypervisor on the contrary
(not shown).1 type Hypervisor can be by directly accessing the hardware in hardware layer 310 and resource
Perform on virtualized server 301.Although it is to say, 2 type Hypervisors 302 pass through
Master operating system 314 (as shown) access system resources, but 1 type Hypervisor can be direct
Access all system resource and without master operating system 314.1 type Hypervisor can be directly in void
Perform on one or more concurrent physical processors 308 of planization server 301, and storage can be included
Routine data in physical storage 316.
In some embodiments, Hypervisor 302 can be with simulated operating system 330 or control
Any mode of the direct access system resources of program 320 is to performing the operating system on virtual machine 332
330 or control program 320 virtual resource is provided.System resource can include but not limited to physical equipment
306, physical disk 304, concurrent physical processor 308, physical storage 316 and be included in virtualization clothes
Other assembly any in the hardware layer 310 of business device 301.Hypervisor 302 may be used for emulation
Virtual hardware, physical hardware is carried out subregion, virtualization physical hardware and/or perform provide to calculate ring
The virtual machine of the access in border.In other other embodiment, Hypervisor 302 is for execution
Virtual machine 332 on virtualized server 301 controls processor scheduling and memory partition.Super
Overseer 302 can include by the VMWare company manufacture of the Ma Luoaertuo of California
Those;XEN Hypervisor, its exploitation is increased income product by the one of Xen.org group supervision of increasing income;
HyperV, VirtualServer of being thered is provided by Microsoft or Virtual PC Hypervisor or other super prison
The person of superintending and directing.In some embodiments, virtualized server 301 performs Hypervisor 302, its wound
Build virtual machine platform, client operating system can be performed thereon.In these embodiments, virtual
Change server 301 and can be referred to as host server.One example of such virtualized server is
The XEN SERVER provided by the Si Jie system house of the Fort Lauderdale of Florida State.
Hypervisor 302 can create one or more virtual machine 332B-C (usually 332),
Client operating system 330 performs wherein.In some embodiments, Hypervisor 302 is permissible
Loaded virtual machine is videoed to create virtual machine 332.In other embodiments, Hypervisor 302
Client operating system 330 can be performed in virtual machine 332.In other other embodiment,
Virtual machine 332 can perform client operating system 330.
In addition to creating virtual machine 332, Hypervisor 302 can control at least one virtual machine
The execution of 332.In other embodiments, Hypervisor 302 can be at least one virtual machine
332 present the abstract of at least one hardware resource provided by virtualized server 301 (such as, exists
Any hardware resource available in hardware layer 310).In other embodiments, Hypervisor 302
Virtual machine 332 can be controlled and access the side of concurrent physical processor 308 available in virtualized server 301
Formula.Control the access of concurrent physical processor 308 being can include determining that, whether virtual machine 332 should access
How processor 308 and concurrent physical processor ability present to virtual machine 332.
As shown in Figure 3, virtualized server 301 can be with trustship or perform one or more virtual machine
332.Virtual machine 332 is one group of executable instruction, and it is when being performed by processor 308, analogies
Reason computer operation so that virtual machine 332 equally can perform like physical computing devices program and
Process.Although Fig. 3 is shown in which the enforcement of virtualized server 301 three virtual machines 332 of trustship
Scheme, but in other embodiments, virtualized server 301 can be with any amount of void of trustship
Plan machine 332.In some embodiments, Hypervisor 302 provides thing to each virtual machine 332
Reason hardware, memorizer, processor and to this virtual machine 332 can other system resource unique
Virtual view.In some embodiments, during unique virtual view can be permitted based on virtual machine
One or more, to one or more virtual machine identifier policy engine application, access virtual machine
User, the application performed on a virtual machine, the virtual machine network accessed or any other is desired
Criterion.Such as, Hypervisor 302 can create one or more unsafe virtual machine 332 He
One or more safe virtual machines 332.Unsafe virtual machine 332 can be prevented from accessing safety
Resource, hardware, memory location and the program that virtual machine 332 can be licensed for access to.Real at other
Execute in scheme, Hypervisor 302 can to each virtual machine 332 provide physical hardware, memorizer,
Processor and to virtual machine 332 can other system resource substantially like virtual view.
Each virtual machine 332 can include virtual disk 326A-C (usually 326) and virtual process
Device 328A-C (usually 328).In some embodiments, virtual disk 326 is virtualization clothes
The virtualized view of one or more physical disks 304 of business device 301 or virtualized server 301
A part for one or more physical disks 304.The virtualized view of physical disk 304 can be by surpassing
Level overseer 302 generate, provide and manage.In some embodiments, Hypervisor 302 to
Each virtual machine 332 provides the unique views of physical disk 304.Therefore, in these embodiments,
The specific virtual disk 326 being included in each virtual machine 332 is comparing with other virtual disks 326
Time can be unique.
Virtual processor 328 can be one or more concurrent physical processors of virtualized server 301
The virtualized view of 308.In some embodiments, the virtualized view of concurrent physical processor 308 can
To be generated by Hypervisor 302, provide and to be managed.In some embodiments, virtual process
Device 328 has the essentially all of identical characteristics of at least one concurrent physical processor 308.Real at other
Executing in scheme, virtual processor 308 provides the amendment view of concurrent physical processor 308 so that virtual place
At least some characteristic in the characteristic of reason device 328 is different from the characteristic of the concurrent physical processor 308 of correspondence.
With further reference to Fig. 4, aspects more described herein can realize in environment based on cloud.
Fig. 4 shows the example of cloud computing environment (or cloud system) 400.As shown in Figure 4, client
Computer 411-414 can communicate to access the calculating money of cloud system with cloud management server 410
Source (such as, host server 403, storage resources 404 and Internet resources 405).
Management server 410 can realize on one or more physical servers.Management server 410
Can run such as by the Si Jie system house of the Fort Lauderdale of Florida State
CLOUDSTACK or OPENSTACK, inter alia.Management server 410 can be managed
Managing various calculating resource, it includes cloud hardware and software resource, such as, host computer 403, number
According to storage facilities 404 and the network equipment 405.Cloud hardware and software resource can include private or public
Assembly.Such as, cloud can be configured to by one or more specific clients or client computer
411-414 and/or the privately owned cloud used on the private network.In other embodiments, public cloud or
Mix public-privately owned cloud opening or to be used by other clients on hybrid network.
Management server 410 can be configured to supply user interface, is turned round and look at by its cloud operator and cloud
Visitor can be mutual with cloud system.Such as, management server 410 can provide and have the one of user interface
Group API and/or the application of one or more cloud operator's control station are (such as, network or independent
Application), with allow cloud operator manage cloud resource, configuration virtualization layer, management clients account, with
And perform other cloud management tasks.Management server 410 can also include a group with user interface
API and/or the application of one or more customer console, this user interface is configured to via client meter
The cloud computing that calculation machine 411-414 receives from terminal use is asked, and such as, creates, revises or destroys
The request of the virtual machine in cloud.Client computer 411-414 can via the Internet or other lead to
Communication network is connected to manage server 410, and can ask by managing what server 410 managed
Calculate the one or more access in resource.Asking in response to client, management server 410 can
To include being configured to select based on client request and provide the thing in the hardware layer of cloud system
The explorer of reason resource.Such as, the add-on assemble of management server 410 and cloud system can be by
Being configured to upper at network (such as, the Internet) is that the client at client computer 411-414 carries
For, create and manage virtual machine and their operating environment (such as, Hypervisor, storage resources,
Service provided by network element etc.), provide calculating resource, data store-service, net to client
Network ability and computer platform and application are supported.Cloud system can be additionally configured to provide various specific
Service, it includes security system, development environment, user interface etc..
Specific client 411-414 can be relevant, such as, creates the different visitor of virtual machine
Family end computer, represents identical terminal use or is attached to the different use of identical company or tissue
Family.In other example, specific client 411-414 can be incoherent, is such as attached to
Different companies or the user of tissue.For incoherent client, about the void of any one user
The information of plan machine or bin can be hiding to other user.
With reference now to the physical hardware layer of cloud computing environment, Free Region 401-402 (or region) can
To refer to one group of physical computing resources arranged side by side.Region can with calculate resource whole clouds in its
Its region separates geographically.Such as, region 401 can be in first cloud in Jia Lifoniya state
Data center, and region 402 can be in the second cloud data center of Florida State.Management clothes
Business device 410 may be located at in Free Region or single position.Each region can be wrapped
Include by gateway interior with what the equipment of the outside in this region (such as, management server 410) connected
Portion's network.Terminal use's (such as, client 411-414) of cloud may or may not know region
Between difference.Such as, terminal use can ask have amount of storage, disposal ability and the net specified
The establishment of the virtual machine of network ability.Management server 410 can be in response to the request of user and permissible
Without user, Resources allocation knows whether that use is from region 401 or region 402 to create virtual machine
Resource create virtual machine.In other example, cloud system can allow end-user request virtual
Allocated specific resources 403-405 in a particular area or in region of machine (or other cloud resource)
On.
In this example, each region 401-402 can include various physical hardware components (or calculate
Resource) 403-405 (such as, physics trustship resource (or processing resource), physical network resource, thing
Manage storage resources, switch and may be used for providing to client the additional hardware resource of cloud computing service)
Layout.Physics trustship resource in the 401-402 of territory, cloud sector can include one or more computer
Server 403, all virtualized servers 301 as described above, its can be configured to create and
Hosts virtual machine example.Physical network resource in territory, cloud sector 401 or 402 can include one or many
Individual network element 405 (such as, Internet Service Provider), it includes being configured to provide to cloud client
The hardware of network service and/or software, such as fire wall, network address translater, load equalizer,
VPN (virtual private network) (VPN) gateway, DHCP (DHCP) router etc..
Storage resources in the 401-402 of territory, cloud sector can include stored disk (such as, solid-state drive
(SSD), magnetic hard-disk etc.) and other storage facilities.
The example cloud computing environment that figure 4 illustrates can also include having additional hardware and/or soft
The virtualization layer (such as, as shown in fig. 1-3) of part resource, additional hardware and/or software
Resource is configured to create and manage virtual machine and use the physical resource in cloud to provide it to client
Its service.Virtualization layer can include that the Hypervisor as described in the most in figure 3 is together with other assembly
To provide network virtualization, Storage Virtualization etc..Virtualization layer can separate as with physical resource layer
Layer, or some in identical hardware and/or software resource or complete can be shared with physical resource layer
Portion.Such as, virtualization layer can include being arranged on the virtualized server 403 with physical computing resources
Each in Hypervisor.Known cloud system can be used alternatively, such as,
WINDOWS AZURE (Microsoft of Redmond, Washington), AMAZON EC2 (China
Contain the Amazon.com company of time Seattle, state), IBM BLUE CLOUD (Armonk, New
The IBM Corporation of York) or other.
Enterprise Mobile management framework
Fig. 5 represents the Enterprise Mobile Technical Architecture 500 for using in BYOD environment.Framework makes
The user obtaining mobile device 502 can access enterprise or individual's resource and use from mobile device 502
Mobile device 502 is for personal use.User can use mobile device 502 that user bought or
Person enterprise is supplied to the mobile device 502 of user to access this type of ERM 504 or enterprises service
508.User can utilize mobile device 502 to be only used for commercial use or to use for business and individual
On the way.Mobile device can run iOS operating system, Android operation system and/or similar.Enterprise
Implementation strategy can be selected to manage mobile device 504.Strategy can pass through fire wall or gateway to move
Dynamic equipment can be identified, protect or safety verification and provide the selectivity to ERM or completely
The mode accessed is implanted.Strategy can be mobile device management strategy, Mobile solution management strategy,
Some combinations in mobile data management strategy or mobile device, application and data management policies.Logical
The mobile device 504 of the application management crossing mobile device management strategy is referred to alternatively as registering apparatus or managed
Equipment.
In some embodiments, the operating system of mobile device is divided into managed subregion 510 and non-is subject to
Pipe subregion 512.Managed subregion 510 can have be applied to its with protection on managed subregion run
Apply and the strategy of the data of storage in managed subregion.In other embodiments, all of should
With performing according to the one or more strategy files separating a group received with application, and when this application
On equipment perform time, its define one or more security parameters, feature, resource limit and/or its
The access that it is performed by mobile device management system controls.Entered by the strategy file according to each of which
Row operation, each application can be allowed to or limit and one or more other application and/or communications of resource,
Thus create virtual partition.Therefore, as used herein, subregion can refer to the Physical Extents part of memorizer
The logical partition part (logical partition) of (Physical Extents), memorizer and/or conduct are as the most described herein
The one or more strategies across multiple application and/or strategy file perform result created virtual
Subregion (virtual partition).In other words, by implementation strategy in managed application, those application can
It is only limited to other managed application and trustworthy ERM communication, thus to create unmanaged
Application and the inaccessiable virtual partition of equipment.
The application run on managed subregion can be safety applications.Safety applications can be Email
Application, network browsing are applied, software i.e. services (SaaS) access application, Windows applies access
Application etc..Safety applications can be safe the machine application 514, be held by safety applications trigger 518
The virtualization applications 526 etc. that the safety long-distance of row is applied 522, performed by safety applications trigger 518
Deng.Safe the machine application 514 can be encapsulated by safety applications wrapper 520.Safety applications encapsulates
Device 520 can include performing on the device when safe the machine is applied and performed in mobile device 502
Integrated Strategy.Safety applications wrapper 520 can include the peace will run in mobile device 502
Complete edition machine application 514 sensing metadata of the resource of trustship at enterprise, safe the machine application 514 can
To have needed being asked when performing safe the machine and applying 514 of task.By safety applications trigger
The safety long-distance application 522 that 518 perform can be performed in safety applications launcher application 518.
The virtualization applications 526 performed by safety applications trigger 518 can utilize in mobile device 502,
Resource at ERM 504 etc..By the virtualization performed by safety applications trigger 518
The resource that application 526 uses in mobile device 502 can include user's mutual resource, process resource
Etc..User's mutual resource may be used for collecting and transmit input through keyboard, mouse inputs, video camera is defeated
Enter, sense of touch input, audio frequency input, vision input, gesture input etc..Process resource may be used for
Present user interface, process from data of ERM 504 reception etc..By being opened by safety applications
The resource that the virtualization applications 526 that dynamic device 518 performs uses at ERM 504 can include using
Interface, family generates resource, processes resource etc..User interface generates resource and may be used for assembling user circle
Face, amendment user interface, refreshes user interface etc..Process resource and may be used for establishment information, reading
Win the confidence breath, more fresh information, deletion information etc..Such as, virtualization applications can record and GUI phase
The user of association is mutual and transmits them to server application, and wherein use is used by server application
Family interaction data is as the input to the application run on the server.In this arrangement, enterprise is permissible
Select to keep application and the data being associated with this application, file etc. on the server side.Although
Enterprise can select according to herein principle by protect some should for " transfer " they for
Dispose on the mobile apparatus, but this layout could be selected for application-specific.Such as, although
Some application can be safe for use on the mobile apparatus, but other application may be not ready to
Or it is unsuitable for disposing on the mobile apparatus, therefore enterprise is optional is provided inaccurate by Intel Virtualization Technology
The mobile subscriber of the application got ready accesses.As another example, enterprise can have with answering greatly
The large complicated application (such as, material resources planning application) of miscellaneous data set, wherein for movement
Device customizing application will be extremely difficult or the most less desirable, and therefore enterprise can select by void
Planization technology provides the access to application.As another example, enterprise can have holding high safety
The application of data (such as, human resource data, customer data, project data), high safety
Data can be considered as being excessively sensitive even for the mobile environment of safety by enterprise, therefore, enterprise
Industry can select to use Intel Virtualization Technology to allow such application and the mobile access of data.Enterprise
Can select to provide on the mobile apparatus the application of overall safety and the application of consummating function with
And virtualization applications is to allow being considered to be more suitable for the access of application that runs on the server side.?
In embodiment, virtualization applications can be deposited on the mobile phone in secure memory location
Store up some data, file etc..Such as, enterprise can select to allow specific information to be stored in
Do not allow out of Memory to be stored on phone on phone simultaneously.
In conjunction with virtualization applications as described herein, mobile device can have and is designed to present GUI
And the then mutual virtualization applications of record user and GUI.User can be passed on by application alternately
To server side, for server side application coming alternately as user and application.As response,
Application on server side can pass new GUI back to mobile device.Such as, new GUI can be
Static page, dynamic page, animation etc..
Safety applications can access the secure data container in the managed subregion 510 being stored in mobile device
Data in 528.In secure data container, protected data can be by the application of secure package
514, the application that performed by safety applications trigger 518, performed by safety applications trigger 518
Virtualization applications 526 etc. accesses.It is stored in the data in secure data container 528 can include
File, data base etc..It is stored in the data in secure data container 528 and can include being limited to specific
Safety applications 530, the data etc. shared between safety applications 532.It is limited to safety applications
Data can include safety general data 534 and high safety data 538.Safety general data are permissible
Use strong encryption form (such as AES 128 bit encryption etc.), and high safety data 538 are permissible
Use the strongest encrypted form (such as AES 256 bit encryption).Receiving from equipment control
After the order of device 524, being stored in the data in secure data container 528 can be deleted from equipment.
Safety applications can have double mode option 540.Double mode option 540 can present to user with non-
The option of Safe Mode Operation safety applications.In non-security mode, safety applications can access storage
The data in non-secure data container 542 on the unmanaged subregion 512 of mobile device 502.Storage
There are the data in non-secure data container can be personal data 544.It is stored in non-secure data to hold
Data in device 542 can also be by the non-peace run on the unmanaged subregion 512 of mobile device 502
Full application 548 accesses.When the data being stored in secure data container 528 are from mobile device 502
In be deleted time, the data being stored in non-secure data container 542 may remain in mobile device 502
On.Enterprise may wish to delete that select from mobile device or all of had by enterprise, specially permit or control
System data, file and/or application (business data), stay simultaneously or otherwise retain by with
Personal data, file and/or the application (personal data) that family has, speciallys permit or controls.This operation can
To be referred to as selective erasing.For the business data arranged according to aspects described herein and individual
Data, enterprise can perform selective erasing.
Mobile device may be coupled to the ERM 504 at enterprise and enterprises service 508, connects
To public internet 548 etc..Mobile device can be connected by VPN (virtual private network) and be connected to enterprise
Resource 504 and enterprises service 508.Virtual private networks connects (the most micro-VPN or application specific
VPN) application-specific 550 that can be specific in mobile device, particular device, particular safety district
Territory, etc. (such as, 552).Such as, each in the application of the encapsulation in the safety zone of phone
ERM can be accessed by applying specific VPN to the access of VPN will based on should
Authorize with the attribute (may be in conjunction with user or device attribute information) being associated.VPN (virtual private network)
Connection can deliver microsoft exchange (Microsoft Exchange) flow, Microsoft Active Directory
(Microsoft Active Directory) flow, HTTP flow, HTTPS flow, application management
Flow etc..VPN (virtual private network) connects can support and realize single sign-on authentication process 554.Single
Point login process can allow user to provide the single set of Service Ticket, and it is then by authentication service
558 verify.Authentication service 558 can then authorized user's visit to multiple ERMs 504
Ask, provide the Service Ticket to each single ERM 504 without user.
VPN (virtual private network) connects can be set up by accessing gateway 560 and manage.Access gateway 560
Management can be included, accelerate and improve the ERM 504 performance increasing to the transmission of mobile device 502
Strong feature.Access gateway can also re-route from mobile device 502 to the stream of public internet 548
Amount so that mobile device 502 is able to access that on public internet 548 the publicly available and non-of operation
The application of safety.Mobile device can be connected to access gateway via transmission network 562.Transmission network
562 can be cable network, wireless network, cloud network, LAN, MAN, wide area network
Network, public network, dedicated network etc..
ERM 504 can include e-mail server, file-sharing server, SaaS application,
Network application server, Windows application server etc..E-mail server can include handing over
Change server, Lotus Notes server etc..File-sharing server can include ShareFile
Server etc..SaaS application can include Salesforce etc..Windows application server can
To include being constructed to provide any of application being intended in local Windows operating system run to answer
With server etc..ERM 504 can be in-building type resource, resource based on cloud etc..Enterprise
Industry resource 504 can directly be accessed by mobile device 502 or access by accessing gateway 560.Enterprise
Industry resource 504 can be accessed via transmission network 562 by mobile device 502.Transmission network 562
Can be cable network, wireless network, cloud network, LAN, MAN, Wide Area Network,
Public network, dedicated network etc..
Enterprises service 508 can include authentication service 558, threat detection service 564, equipment control
Device service 524, file-sharing service 568, policy manager service 570, social integrated service 572,
Application controller service 574 etc..Authentication service 558 can include that user authentication service, equipment are recognized
Card service, application authorization service, data authentication service etc..Authentication service 558 can use certificate.
Certificate can be stored in mobile device 502 by ERM 504 etc..It is stored in mobile device 502
On certificate can be stored in the encrypted location in mobile device, certificate can be temporarily stored in
For use etc. when certification in mobile device 502.Threat detection service 564 can include into
Invade detection service, unwarranted access attempts detection service etc..Unwarranted access attempts inspection
Survey service can include attempting access equipment, application, data etc. without permission.Equipment control services
524 can include configuration, offer, safety, service of supporting, monitor, report and decommission.Literary composition
Part shares service 568 can include file-management services, file storage service, file collaboration services etc.
Deng.Policy manager service 570 can include the service of equipment strategy manager, application strategy manager
Service, data policy manager service etc..Social integrated service 572 can include that contact person integrates
Service, collaboration services and social networks (such as, Facebook, Twitter and LinkedIn)
Integrate etc..Application controller service 574 can include management service, provide service, deployment services,
Distribution services, cancels service, packing service etc..
Enterprise Mobile Technical Architecture 500 can include applying shop 578.Application shop 578 can be wrapped
Include unencapsulated application 580, pre-packaged application 582 etc..Application can be by application controller 574
It is filled in application shop 578.Application shop 578 can be by mobile device 502 by accessing net
Close 560, accessed by public internet 548 etc..Application shop can be provided with the most also
Wieldy user interface.Application shop 578 can provide the visit to SDK 584
Ask.SDK 584 can by encapsulation as previous the most in this description described in should be for giving
User provides the ability protecting the application selected by user.Use SDK 584 envelope
The application of dress can be then by using application controller 574 to be filled with in application shop 578
Can be used for mobile device 502.
Enterprise mobility Technical Architecture 500 can include management and analysis ability.Management and analysis ability can
There is provided and how to use resource, how long use the inferior relevant information of resource one.Resource can include setting
Standby, application, data etc..How to use resource can include which device downloads which application, which
A little application access which data etc..How long use resource once can include how long downloading once application,
Specific set of data has also been employed that access how many times etc..
Fig. 6 is that another illustrative Enterprise Mobile manages system 600.For simplicity, above
It is omitted about some assemblies in the assembly of the mobile management system 500 of Fig. 5 description.At figure
The framework of the system 600 described in 6 is similar to the system 500 described above with respect to Fig. 5 at a lot of aspects
Framework and the above additional feature do not mentioned can be included.
In this case, left-hand side represents the registration with Client Agent 604/managed mobile device
602, it is mutual to visit with gateway server 606 (it includes accessing gateway and application controller function)
Ask various ERM 608 and service 609, such as, Exchange as shown in above right-hand side,
Sharepoint, PKI resource, Kerberos resource and certificate issuing service.Although the most specifically showing
Go out, but mobile device 602 also can select for application alternately with application shop and download.
Client Agent 604 serves as UI (user interface) medium, for holding in the palm in enterprise data center
Windows application/the desktop of pipe, it uses display remote protocol to access, such as, but not limited to ICA
Agreement.Client Agent 604 also supports installation and the management that the machine in mobile device 602 applies,
Such as the machine iOS or Android are applied.Such as, the managed application 610 shown in the figures above
(Email, browser, package application) is entirely the machine application locally executed on equipment.
The application management framework (AMF) of Client Agent 604 and this framework is used for providing policy-driven pipe
Reason ability and feature, such as connectivity and the SSO (single-sign-on) to ERM/service 608.
Client Agent 604 processes the primary user's certification to enterprise, generally to having to other gateway server
The certification of the access gateway (AG) of the SSO of assembly.Client Agent 604 is from gateway server 606
Acquisition strategy, to control the behavior of the managed application of AMF 610 in mobile device 602.
Safe IPC link 612 expression management between the machine application 610 and Client Agent 604 is logical
Road, it allows Client Agent supply will be held by application management framework 614 " encapsulation " each application
The strategy of row.IPC channel 612 also allows for Client Agent 604 supply and is capable of ERM
The connection of 608 and the voucher of SSO and authentication information.Finally, IPC channel 612 allows application management
Framework 614 calls the user interface capabilities implemented by Client Agent 604, such as on-line authentication and
Offline authentication.
Communication between Client Agent 604 and gateway server 606 is substantially each from encapsulation
The extension of the management passage of the application management framework 614 of the managed application of the machine 610.Application management framework
614 transfer from gateway server from Client Agent 604 request strategy information, Client Agent 604
606 ask this policy information.Application management framework 614 asks certification, and Client Agent 604
Log into the gateway service part (also referred to as NetScaler accesses gateway) of gateway server 606.
Client Agent 604 may call upon the support service on gateway server 606, and it can produce
Obtain the input material of encryption key for local data warehouse 616, or provide to KPI
Locked resource can the client certificate of direct certification, will be explained more fully as following.
In more detail, each managed application 610 of application management framework 614 " encapsulation ".This can be through
It is incorporated to by clear and definite construction step or via building post-processing step.Application management framework 614 can be
Start when applying 610 first and Client Agent 604 " pairing ", to initialize safe IPC channel also
Obtain the strategy for this application.Application management framework 614 can perform the phase of locally applied strategy
Closing part, how dependence and restriction that such as Client Agent logs in can use local OS service
Or local OS service can be the most mutual with application 610 contain in strategies some.
Application management framework 614 can use Client Agent 604 institute on safe IPC channel 612
The service provided is to promote that certification and internal network access.Private and shared data warehouse 616 (is held
Device) key management also can be by the suitable friendship between managed application 610 and Client Agent 604
It is managed mutually.Warehouse 616 can be only available after on-line authentication, or can be at off-line
It is available (if strategy allows) after certification.The use first in warehouse 616 may require that
On-line authentication, and offline access can be limited at most strategy before on-line authentication is again required
Refresh cycle.
Network access to internal resource can be by accessing gateway 606 from independent managed application 610
Directly occur.Application management framework 614 is responsible for the elaborately planned network representing each application 610
Access.By providing the right times obtained after on-line authentication to limit secondary voucher, client generation
Reason 604 can promote that these networks connect.Multiple patterns that network connects can be used, the most instead
Connect and end-to-end VPN formula tunnel 618 to different web agent.
Mail and the managed application of browser 610 have special state and can use typically may need not
Facility in any package application.Such as, mail applications can use special background network access mechanism,
It allows it to access Exchange within the time period extended and log in without complete AD.Browser should
With multiple exclusive data warehouse can be used to separate different types of data.
This framework supports being incorporated to of other security features various.Such as, in some cases, gateway clothes
Business device 606 (including its gateway service) will need not verify AD password.Enterprise can be given sentence
Determine whether to be used as AD password about the authentication factor of some users under certain situation.If user is
Online or (that is, be connected to network or be not attached to network) of off-line, then can use different recognizing
Card method.
Adding strong authentication is feature, and wherein gateway server 606 can identify through allowing to have needs
Managed the machine application 610 of the access right of the height confidential data (classified data) of strong authentication, and
And guarantee these access applied only are allowed to, even if this means after performing suitable certification
After previous more weak rank logs in, user needs certification again.
Another security feature of this solution is that the data warehouse 616 in mobile device 602 (holds
Device) encryption.Warehouse 616 can be encrypted so that and include all of file, data base and configuration
On equipment, data are protected.For online warehouse, key is storable in server (gateway server 606)
On, and for off-line warehouse, the local replica of key can be protected by user cipher.When data are in this locality
When being stored on the equipment 602 in safety container 616, it is preferred to use minimum AES's 256
AES.
Other safety container feature can also be implemented.Such as, log feature can be included, wherein,
The all security incidents occurred in application 610 are recorded and report to rear end.Data erasing is permissible
Be supported, if such as application 610 detects distort, then the encryption key being associated can be with random
Data cover, and do not leave the clue that user data is destroyed in file system.Screenshot capture is protected
Being another feature, wherein application can stop any data to be stored in screenshot capture.Such as,
The hiding attribute of key window can be configured so that YES.This is so that whatsoever content currently quilt
Display, on the screen that will be hidden, all can produce any of which content by the blank screen of normal presence
Curtain sectional drawing.
Local data transfer can be prevented from, such as by preventing any data by local transmission to application
Outside container, such as, by replicated or send out send them to applications.Keyboard cache feature is permissible
Run with the zero offset capability of the sensitive the text field of disabling.SSL certificate checking can be operable to,
Therefore apply especially authentication server SSL certificate to replace it to be stored in key chain.Encrypt close
Key generates feature and can be used so that use customer-furnished password (if needing offline access)
Generate the key for encryption data on equipment.If need not offline access, then it can be with
Stochastic generation and storage another key on the server side carry out XOR.Key export function can be grasped
Make so that the key generated by user cipher uses KDF (key export function, especially PBKDF2)
Rather than create its cryptographic hash (cryptographic hash).Cryptographic hash makes key easily by violence
Crack or the impact of dictionary attack.
Additionally, one or more initialization vectors can be used in encryption method.Initialization vector will
The multiple copies making the data of identical encryption produce different ciphertext output, prevent Replay Attack and password
Both analytical attacks.If the specific initialization vector for encryption data is unknown, then this goes back
Any data are deciphered even with stolen encryption key by stoping assailant.In addition it is possible to use
Certification is followed by deciphered, and wherein application data are only decrypted after user is certified in application.
Another feature can relate to the sensitive data in memorizer, only can be protected when it is required Shi Qicai
Hold (and not in disk) in memory.Such as, logging on authentication can be after the login from depositing
Reservoir is wiped free of, and other data in encryption key and objective-C instance variable are not deposited
Storage, this is owing to they can easily be quoted.On the contrary, memorizer can by manual allocation with
In these functions.
Idle time-out can be performed, wherein after the idle period of policy definition, and user conversation quilt
Terminate.
Can otherwise stop the leaking data of application management framework 614.Such as, when application 610
When being placed in the background, memorizer can be removed after predetermined (configurable) time period.When
By during as backstage, the snapshot of the screen that can take the last display of application enters to accelerate foregrounding
Journey.Screenshot capture can comprise confidential data and therefore should be eliminated.
Another security feature is directed to use with OTP (disposal password) 620, and does not use access one
Individual or AD (Active Directory) 622 password of multiple application.In some cases, some users do not know
Their AD password of road (or be not permitted know), therefore these users can use OTP 620
Being authenticated, (OTP can also be by be such as similar to the hardware OTP system of SecurID by use
Different suppliers provides, such as Entrust or Gemalto).In some cases, user
After using ID to be authenticated, text is sent to the user with OTP 620.At some
In the case of, this can be only for making for performing online, and wherein prompting is single field.
Offline cryptogram can be implemented to these application 610 offline authentication, for application 610 from
Line uses and can be allowed to via business strategy.Such as, enterprise may want to enterprise's application shop with this
Mode is accessed.In the case, Client Agent 604 may require that user setup self-defining from
Line password, and do not use AD password.Gateway server 606 can provide strategy to control and to hold
Row is about minimum length, character type composition and the password standard of service life of password, such as by mark
Described by quasi-Windows server password complexity requires, but these requirements can be modified.
Another feature relates to the client-side certificates as the second voucher of some application 610
Enable (for accessing the purpose of the shielded Internet resources of PKI via micro-VPN feature).Such as,
E-mail applications may utilize this certificate.In this case, can support to use ActiveSync association
The certification based on certificate of view, wherein the certificate from Client Agent 604 can be by gateway server 606
Retrieval, and use in key chain.Each managed application can have a client certificate being associated,
By identifying at the label defined in gateway server 606.
Gateway server 606 can interact with enterprise private service, to support that client is demonstrate,proved
The issue of book, to allow relevant managed application to be authenticated internal PKI locked resource.
Client Agent 604 and application management framework 614 can be enhanced to support to obtain and use visitor
Family end certificate, is authenticated for internal PKI protected network resource.Can support more than one
Individual certificate, such as to mate safety and/or the separation requirement of various grades.This certificate can be by mail
Application managed with browser uses, and the application finally arbitrarily encapsulated uses and (assumes that those application make
With the communication pattern of Cyber-service Patterns, wherein for reconciling the application management framework of HTTPS request
It is rational).
Client certificate support on iOS can rely on PKCS 12BLOB (binary large object)
Import in the iOS key chain in each managed application, for the use in each cycle.Client
Certificate support can use the HTTPS embodiment with key storage in privately owned memorizer.Client
Certificate will occur in iOS key chain and never except may be " the most online " protected by force
To be not preserved beyond in data value.
Mutually SSL can also be performed with by requiring that enterprise is authenticated carrying by mobile device 602
For additional safety, and vice versa.Can also implement for gateway server 606 certification
Virtual smart card.
Limited He complete Kerberos supports that both can be additional feature.Complete supported feature
It is directed to use with AD password or trust client certificate and AD 622 is performed complete Kerberos login
And obtain Kerberos service ticket and consult the ability of authentication challenge to respond HTTP.Limited props up
Holding the constrained delegation that feature relates in AGEE, wherein AFEE supports that calling Kerberos agreement turns
Change, therefore its may be in response to HTTP consult authentication challenge obtain and use Kerberos service ticket
(being directed to constrained delegation).This mechanism under reverse network agent (also known as CVPN) pattern, with
And work time proxied under HTTP (rather than HTTPS) is connected to VPN and micro-VPN pattern.
Another feature relates to application container locking and erasing, and it can be escaped from prison detecting or obtain pipe
Automatically occur during reason person's authority, and occur as the propelling movement order carrying out Self management control station, and
Even can also include remote wipe function when application 610 does not runs.
Can support enterprise application shop and the multi-site framework of application controller or configuration, its permission is going out
In the case of existing fault, user is serviced by several diverse locations.
In some cases, managed application 610 can be allowed to via API (example OpenSSL)
Access certificate and private cipher key.The managed application 610 of the trust of enterprise can be allowed to utilize application
Client certificate and private cipher key perform specific public-key cryptography operation.Such as when application behavior class
Like browser and when need not certificate access, when the certificate for " Who Am I " is read in application,
When application use certificate build secured session token time, and when application use private cipher key for
The digital signature of significant data (such as, transaction journal) or when ephemeral data is encrypted, various makes
Can be identified and correspondingly process by situation.
Enterprise mobility equipment control feature
Fig. 7 is that another illustrative enterprise mobility manages system 700.For simplicity, with
On about Fig. 5 and Fig. 6 describe mobility management systems 500 and the group of mobility management systems 600
Some assemblies in part have been omitted.In Fig. 7 describe system 700 framework in many aspects with
The system 500 described above with reference to Fig. 5 with Fig. 6 is similar with the framework of system 600, and can include
The further feature that face is not mentioned.
In this example, enterprise mobility management system 700 can include cloud computing environment 702, its
By the physical mobile device 724 of communication network 710 with end subscriber 726, (such as, physical terminal is used
Family equipment) and mobile device management (MDM) service provider 712,718 in one or more
Interact.Communication network 710 can enable two or more multiple stage calculate equipment and use WLAN
(WLAN) interface and/or signal, handset port and/or signal, blue tooth interface and/or signal, and/
Or any other communication interface and/or signal communicate.
Cloud computing environment 702 can include that one or more mobile device management service based on cloud provides
Business's server 704.Server 704 can be computer, thin-client, cutter server and/or
Other calculating equipment.In mobile device management service provider server 704 based on cloud at least
The pseudo-device 706 of one physical mobile device 724 that can include GC group connector user 726.Cloud meter
Calculate environment can also include fire wall 708 or gateway, with promote by MDM service provider 712,
Any one in one or more and physical mobile device 724 in 718 and pseudo-device 706
Secure communication and the selective access to pseudo-device 706.In some embodiments, cloud computing environment
702 can be the part of in MDM service provider 712,718.Some embodiment party
In case, in MDM service provider 712,718 can provide enterprise's premise to dispose to control
The physical mobile device 726 conversion between one or more MDM service providers 712,718.
Such as, registration can be transferred to home server by MDM service provider 712,718, and it is then
Can work together with they existing providers and the new supplier with preference, configuration file exists
In new supplier be while activity strategy be transferred (or in advance do so with isolation supply in future
Business changes).
According to one or more aspects, pseudo-device 706 can move with the physics of GC group connector user 726
Equipment 724.Specifically, pseudo-device 706 can serve as about physical mobile device 724 (the most also
Be referred to as physical terminal subscriber equipment) agency.Additionally or alternatively, pseudo-device 706 can be thing
The logical expressions of reason mobile device 724.Just because of this, pseudo-device can utilize server 704
Processor and memorizer are to perform task and storage information respectively.In some embodiments, pseudo-device
706 can include computer program, and its execution interacts with MDM service provider 712,718
Required agreement.Additionally or alternatively, in some embodiments, pseudo-device 706 can show
It is similar to physical mobile device 724, except pseudo-device can be carried out to multiple MDM service providers
Registration.Additionally or alternatively, in some embodiments, pseudo-device 706 can emulate and/or simulate
Physical mobile device 724 so that pseudo-device 706 can be to MDM service provider 712,718 table
It it is now actual physical mobile device 724.Such as, in emulation and/or analog physical mobile device 724
In, the pseudo-device 706 representing physical mobile device 724 can be to MDM service provider 712 He
718 certifications, from MDM service provider 712 and 718 receive one or more orders and/or other
Communication and/or to MDM service provider 712 and 718 send one or more message and/or its
He communicates, just as pseudo-device 706 is physical mobile device 724.As result, MDM service carries
Pseudo-device 706 can be processed for business 712,718 or otherwise interact with pseudo-device 706,
They interact with actual physical mobile device 724 seemingly.Therefore, above with reference to Fig. 5 and Tu
6 features relevant with mobile device described and/or assembly can realize with pseudo-device 706.
Such as, pseudo-device 706 will can take to a MDM with wherein typical physical mobile device
The same way that business provider 712 carries out registering is registered to a MDM service provider 712
(such as, by MDM service provider 712 certification, by servicing from a MDM
Provider 712 asks one or more strategy and/or configuration file, etc.).By this way, pseudo-
Equipment 706 can be arranged for being used together (such as, with a MDM service provider 712
It is similar to how to provide traditional physical mobile device to make for together with MDM service provider
With).Such as, in registering to MDM service provider 712, pseudo-device 706 can be to first
MDM service provider 712 sends registration request.Subsequently, pseudo-device 706 can be from a MDM
Service provider 712 receives the strategy execution configuration file 716 of a MDM service provider 712
(such as, certificate).Pseudo-device 706 then can be by the plan of a MDM service provider 712
Slightly perform configuration file 716 to be stored in the memorizer being associated of server 704.
Strategy execution configuration file 716 can promote pseudo-device 706 and a MDM service provider
The identification of 712, and promote the peace between pseudo-device 706 and a MDM service provider 712
Full communication.Once pseudo-device 706 is arranged for together with a MDM service provider 712 making
With, pseudo-device 706 can access the various ERMs 714 of a MDM service provider 712
And/or otherwise various ERMs 714 with a MDM service provider 712 are handed over
Mutually.The pseudo-device 706 representing physical mobile device 724 can be configured to from one or more MDM
Service provider 712,718 receives one or more orders, so that MDM service provider 712,
718 can manage physical mobile device 724 via pseudo-device 706.
Similarly, pseudo-device 706 can be so that wherein typical physical mobile device will be to the 2nd MDM
The same way that service provider 718 carries out registering is stepped on to the 2nd MDM service provider 718
Note.Specifically, pseudo-device 706 can be arranged for and the 2nd MDM service provider 718 1
Rise and use.Step on more specifically, pseudo-device 706 can send to the 2nd MDM service provider 718
Note request.Subsequently, pseudo-device can receive the 2nd MDM from the 2nd MDM service provider 718
The strategy execution configuration file 722 (such as, certificate) of service provider 718.Pseudo-device 706 is permissible
The strategy execution configuration file 722 of the 2nd MDM service provider 718 is stored in server 704
The memorizer being associated in.The strategy execution configuration file 716 of the oneth MDM service provider 712
Clothes can be stored concurrently in the strategy execution configuration file 722 of the 2nd MDM service provider 718
At pseudo-device 706 in the memorizer being associated of business device 704.
Strategy execution configuration file 722 can promote pseudo-device 706 and the 2nd MDM service provider
The identification of 718, and promote the peace between pseudo-device 706 and the 2nd MDM service provider 718
Full communication.Once pseudo-device 706 is arranged for together with the 2nd MDM service provider 718 making
With, pseudo-device 706 can access the various ERMs 720 of the 2nd MDM service provider 718
And/or otherwise various ERMs 720 with the 2nd MDM service provider 718 are handed over
Mutually.The pseudo-device 706 representing physical mobile device 724 can be configured to from one or more MDM
Service provider 712,718 receives one or more order to manage physical mobile device 724.
As it has been described above, pseudo-device 706 can be carried out with the physical mobile device 724 of terminal use 726
Communication.Once pseudo-device 706 is arranged for being used together with a MDM service provider 712,
Strategy execution configuration file 716 can be disposed (such as, sending) from pseudo-device 706 by pseudo-device 706
To physical mobile device 724.Strategy execution configuration file 716 can promote that a MDM service carries
The execution at physical mobile device 724 of the strategy of confession business 712 (such as, is held by MDM strategy
Row agency, such as may operate on physical mobile device 724 and can be configured to receive and subsequently
Perform the MDM cloud agency of this strategy).
Because physical mobile device 724 is allowed to take via pseudo-device 706 and the first and second MDM
Business provider 712,718 work together, so when physical mobile device 724 such as from a MDM
Service provider 712 works when moving to work together with the 2nd MDM service provider 718 together,
Physical mobile device 724 need not release registration (un-enroll) and/or re-register.Such as, thing
Reason mobile device 724 need not to unload the configuration file of a MDM service provider 712 and again
Register the configuration file of the 2nd MDM service provider to access the 2nd MDM service provider 718
ERM.It addition, user be not required to have more than one physical mobile device with MDM
Each in service provider 712,718 is used together.
In communicating with physical mobile device 724, it is right that pseudo-device 706 can be disposed and/or enable
The access of ERM 714, this ERM 714 such as include enterprise application, application data and
/ or as can be allowed by the strategy execution configuration file 716 of a MDM service provider 712 its
His information.Pseudo-device 706 can also move to physics when communicating with physical mobile device 724
Equipment 724 sends order.In some instances, pseudo-device 706 can move to physics independently and set
Standby 724 send order, and without being pointed out by a MDM service provider 712 and/or without receiving
Any order from a MDM service provider 712.In other example, in response to reception
From one or more orders of a MDM service provider 712, pseudo-device 706 can be to thing
Reason mobile device 724 sends order.In some instances, send to physics from pseudo-device 706 and move
The order of equipment 724 can be different from pseudo-device 706 and connect from a MDM service provider 712
One or more orders of the order received.Such as, in some instances, pseudo-device 706 can be revised
Those orders received from MDM service provider, and send to physical mobile device 724 with rear
The order revised.Order that is one or more different and/or that revised can be based at least partially on
The order received from a MDM service provider 712 at pseudo-device 706.Pseudo-device 706 can
To generate the one or more different and/or order revised and can be to physical mobile device 724
Send those orders.Additionally or alternatively, pseudo-device 706 can receive from a MDM service
Provider 712 orders and sends the order received to physical mobile device 724.
Pseudo-device 706 can send order to perform and MDM clothes to physical mobile device 724
The strategy that business provider 712 is associated.Such as, this order can make one or more previous deployment
(such as, it can include the application of one or more enterprise, apply data, by plan ERM 714
Slightly perform data or other information that configuration file 716 allows) recall from physical mobile device 724.
This can be referred to as " recalling (retraction) " in the following discussion.Make one or more first front portion
During the ERM 714 of administration is recalled from physical mobile device 724, order can make by with first
The data of physical mobile device 724 generation that MDM service provider 712 is relevant move from physics and set
Remove in standby 724.In some instances, from pseudo-device 706, recall ERM and/or other letters
Breath can include that revocation policies performs configuration file 716.
Performing from the countermand that pseudo-device 706 receives, physical mobile device 724 can be to puppet
Equipment 706 sends ERM 714, the data generated at physical mobile device 724 and/or plan
Slightly perform in configuration file 716 is one or more.Subsequently, physical mobile device 724 can perform
Selective erasing with remove/delete ERM 714, at physical mobile device 724 generate data,
And/or one or more from the strategy execution configuration file 716 of physical mobile device 724.?
In these examples, individual application and personal data are (such as, with MDM service provider 712,718
Unconnected data) during the selective erasing of physical mobile device 724 by physical mobile device
724 maintain.In other words, it is stored in the individual application on physical mobile device 724 and personal data can
Can be removed recalling period and/or be deleted during selective erasing.
In some embodiments, pseudo-device 706 can to physical mobile device 724 send one or
Multiple orders, it can make physical mobile device 724 to ERM 714, at physical mobile device
The data generated at 724 and/or strategy execution configuration file 716 one or more carry out this locality
Subregion and/or otherwise divide and arrange so that (such as, terminal use 726 can not access
Be prevented from access) ERM 714, at physical mobile device 724 generate data and/or plan
Slightly perform in configuration file 716 is one or more.
In some embodiments, pseudo-device 706 can correspond directly to from a MDM service
The order of provider 712 and/or the 2nd MDM service provider 718 (such as, does not has physics to move
The participation of equipment 724).Specifically, pseudo-device 706 can receive and take from one or more MDM
One or more orders of business provider 712,718.Pseudo-device 706 may determine whether to set from puppet
Standby 706 send order to physical mobile device 724.Can make decision based on several factors, such as,
This factor include whether to need the unknown message from physical mobile device 724 with in response to from one or
The one or more orders sent in multiple MDM service providers 712,718;With from one or
The strategy that the one or more orders received in multiple MDM service providers 712,718 are associated
Whether work as in its MDM service provider 712,718 registered of forward direction with pseudo-device 706
Another individual or multiple policy conflict;And/or one or more other factors.In response to not to thing
Reason mobile device 724 sends the decision of one or more order, and pseudo-device 706 can be to one or many
Individual MDM service provider 712,718 send to from one or more MDM service providers 712,
The response of the 718 one or more orders received.Such as, if had been carried out from MDM clothes
Intended or the desired result of one or more orders that business provider 712 receives, and not to thing
Reason mobile device 724 sends any order, then this response can be sent to a MDM service
Provider 712.This response can include having been completed to be provided with from one or more MDM service
The instruction of the operation that one or more orders that business 712,718 receives are associated.In some instances,
This response can include instruction or some other instructions not completing operation.
In some embodiments, physical mobile device 724 will not may not represent that physics moves
In the case of the participation of the pseudo-device 706 of equipment 724 with in MDM service provider 712,718
One or more communicate.In other embodiments, physical mobile device 724 can have
Or do not represent physical mobile device 724 pseudo-device 706 participation in the case of with MDM service
One or more in provider 712,718 communicate.
In some embodiments, the user 726 of physical mobile device 724 can register and/or register
Participate in the cloud service being associated with cloud computing environment 702, and install about physical mobile device 724
On the configuration file certificate of cloud service.When user 726 is desirable for a MDM service provider
712 the oneth MDM service time, pseudo-device 706 can be established in cloud computing environment 702 and
It is arranged for as discussed herein being used together with a MDM service provider 712.Equally
Ground, when user 726 is desirable for the 2nd MDM service of the 2nd MDM service provider 718,
Pseudo-device 706 can be arranged for and the 2nd MDM service provider 718 as discussed herein
It is used together.Pseudo-device 706 can receive message from other MDM service provider and make this disappearing
Breath is ranked or replys this message potentially (such as, by response sends back respective MDM
Service provider).Thing is not had in response to a MDM service provider 712 at pseudo-device 706
In the example of the participation (such as, the message of prevention) of reason mobile device 724, pseudo-device 706 is permissible
The instruction of message is sent to physical mobile device 724, and as response, physical mobile device 724
The user 726 of the message of any prevention can be notified.Physical mobile device 724 can receive indicant
Reason mobile device 724 shows user's input of message.Then physical mobile device 724 can transmit and refer to
Order is to pseudo-device 706, and as response, can receive message for display.
In some embodiments, user 726 and the cloud service being associated with cloud computing environment 702 can
To sign a contract.User can regulation cloud service be allowed to move at physics at physical mobile device 724
Any action is performed on dynamic equipment 724.Physical mobile device 724 can transmit these regulations to cloud meter
Calculate environment 702.Such as, user 726 can specify that cloud service should not try to physical mobile device
The native bank of 724 performs any action.In cloud service (and/or pseudo-device 706) physics moved and set
Before standby 724 send any message such as representing a MDM service provider 712, cloud service
(and/or pseudo-device 706) can explain the contract provision of instruction in contract.Such as, pseudo-device can
To operate according to the contract.
Although the only the oneth MDM service provider 712 and the 2nd MDM service provider 718 exist
Shown in Fig. 7 and be discussed above, but more than two mobile device management service can be had to provide
Business.Pseudo-device 706 can interact with any additional MDM service provider and/or with other
Mode performs the identical function described above with respect to any additional MDM service provider.
Carry although example discussed above relates to being provided with several MDM service via pseudo-device 706
For the single physical mobile device 724 of business 712,718, but which provide another (such as,
Second) layout of physical mobile device (not shown) is intended.In these are arranged, second is pseudo-
Equipment can be established in cloud computing environment 702.Second pseudo-device can represent that the second physics moves
Equipment.Second pseudo-device can be arranged for one or more MDM service providers 712,
718 are used together.Second pseudo-device can perform the function similar to pseudo-device discussed above, removes
This operation is by relevant with the second physical mobile device rather than physical mobile device described above.
Additional physical mobile device and corresponding pseudo-device can be provided similarly in other is arranged.
Fig. 8 is that another illustrative enterprise mobility manages system 800.For simplicity, with
On about Fig. 5 and Fig. 6 describe mobility management systems 500 and the group of mobility management systems 600
Some assemblies in part have been omitted.The framework of the system 800 that Fig. 8 is described in many aspects with
The system 500 described above with reference to Fig. 5 with Fig. 6 is similar with the framework of system 600, and can include
The supplementary features that face is not mentioned.
It addition, the framework of system 800 is similar to the framework of system 700 at a lot of aspects, and can wrap
Include the supplementary features do not mentioned above.Specifically, in the layout shown in Fig. 8, enterprise mobility pipe
Reason system 800 can include cloud computing environment 802, and it passes through communication network 810 with one or more
The physical mobile device 824 of MDM service provider 812,818 and terminal use 826 is (such as,
Physical terminal subscriber equipment) interact.Communication network 810 can make two or more calculating set
For using WLAN interface and/or signal, handset port and/or signal, blue tooth interface and/or letter
Number and/or other communication interface any and/or signal communicate.
Cloud computing environment 802 can include that one or more mobile device management service based on cloud provides
Business's server 804.Server 804 can be computer, thin-client, cutter server and/or
Other calculates equipment.In mobile device management service provider server 804 based on cloud at least one
The individual multiple pseudo-devices 806,828 that can include representing the physical mobile device 824 of terminal use 826.
Cloud computing environment 802 can also include fire wall 808 or gateway with by MDM service provider 812,
Any one in one or more and physical mobile device 824 in 818 promotes and pseudo-device
806, the secure communication of 828 and selective access to pseudo-device 806,828.
As it has been described above, within server 804, multiple pseudo-devices 806,828 can be in cloud computing
It is established in environment 802.Each in pseudo-device 806,828 can represent physical mobile device
824.Represent that each in the pseudo-device 806,828 of physical mobile device 824 can be set use
It is used together in the MDM service provider with MDM service provider 812,818.Such as,
First pseudo-device 806 can be arranged for being used together with a MDM service provider 812.
Second pseudo-device 828 can be arranged for being used together with the 2nd MDM service provider 818.
First and second pseudo-devices 806,828 can include computer program with each of which, and its realization is wanted
Seek the agreement that the MDM service provider 812,818 with each of which interacts.
Specifically, the first pseudo-device 806 and a MDM service provider 812 can communicate with one another
To provide the first pseudo-device 806 for being used together with a MDM service provider 812.First
Pseudo-device 806 can be by sending to a MDM service provider 812 from the first pseudo-device 806
First registration request starts setting.As response, the first pseudo-device 806 can be from a MDM
Service provider 812 receives the first strategy execution configuration file 816, and can be at the first pseudo-device
At 806, first strategy execution configuration file 816 is stored in and depositing that the first pseudo-device 806 is associated
In reservoir.Second pseudo-device 828 for being used together with the 2nd MDM service provider 818
Setting may include that and sends second from the second pseudo-device 828 to the 2nd MDM service provider 818
Registration request;The second plan is received from the 2nd MDM service provider 818 at the second pseudo-device 828
Slightly perform configuration file 822.Second strategy execution configuration file 822 can be differently configured from the first strategy and holds
Row configuration file 816.Second strategy execution configuration file 822 can be stored by the second pseudo-device 828
In the memorizer being associated with the second pseudo-device 828.
Once the first pseudo-device 806 is set, and the first pseudo-device 806 can be configured to represent physics
Mobile device 824 receives one or more order from a MDM service provider 812.Similarly,
Once the second pseudo-device 828 is set, and the second pseudo-device 828 can be configured to represent physics and move
Equipment 824 receives one or more order from the 2nd MDM service provider 818.
Therefore, the first pseudo-device 806 can receive the first life from a MDM service provider 812
Order.As response, the first pseudo-device 806 can send the second order to physical mobile device 824.
Similarly, the second pseudo-device can connect in an identical manner about the 2nd MDM service provider 818
Receive order and send order.
Once the first pseudo-device 806 receives the first order from a MDM service provider 812, the
One pseudo-device 806 may determine whether to send the second order to physical mobile device 824.This decision can
With based on one or more factors.Such as, whether this decision can have based on the first pseudo-device 806
Enough information is with in response to the first order.The second order is sent in response to physical mobile device 824
Decision, the first pseudo-device 806 can send the second order to physical mobile device 824.In response to
Do not send the decision of the second order to physical mobile device 824, the first pseudo-device 806 can be to first
MDM service provider 812 sends the response of the first order.This response can be sent and not from
Any participation of physical mobile device 824.For example, it is possible to send this response and do not move to physics
Equipment 824 sends order and receives response from physical mobile device 824.Carry to a MDM service
The response sent for business 812 can include being complete and the first instruction ordering the operation being associated.
Such as, this instruction may indicate that execution selective erasing at physical mobile device 824.
First pseudo-device 806 can receive ERM (example from a MDM service provider 812
As, resource data 814).The strategy execution configuration literary composition of the 2nd MDM service provider 818 wherein
Part 822 is currently movable (in such as, the being used by) time period at physical mobile device 824
Period is maybe when not have strategy execution configuration file be currently movable at physical mobile device 824
(such as, in being used by), the first pseudo-device 806 can receive resource data 814.In this reality
In example, the first pseudo-device 806 can cache or otherwise store resource data 814, until the
The strategy execution configuration file 816 of one MDM service provider 812 is at physical mobile device 824
Become activity.When strategy execution configuration file 816 is currently movable on physical mobile device 824
Time, the first pseudo-device 806 then can from the first pseudo-device 806 to physical mobile device push money
Source data 814.Therefore, physical mobile device 824 has the access right to resource data 814 now
And/or can otherwise interact with resource data 814.Second pseudo-device 828 can be with class
Similarly perform like mode.Such as, current at physical mobile device when strategy execution configuration file 816
When being movable at 824, the second pseudo-device 828 can receive and cache from the 2nd MDM service
The resource data 820 of provider 818.Set when strategy execution configuration file 822 currently moves at physics
When being movable at standby 824, then the second pseudo-device 828 can push to physical mobile device 824
Resource data 820.
In some embodiments, the first pseudo-device 806 can be from a MDM service provider 812
Receive the first order.Then first pseudo-device 806 can send order to physical mobile device 824
Revise order before.First pseudo-device 806 can revise at the first pseudo-device 806 storage based on
The status information of equipment of order.First order can the 2nd MDM service provider 818 wherein
Received during the time period that strategy execution configuration file 822 is activity on physical mobile device 824.
In some embodiments, the first pseudo-device 806 can send choosing to physical mobile device 824
The erasing order of selecting property.Selective erasing order can be configured to make and a MDM service provider
Subset and the data being associated with the subset of application of 812 application being associated are deleted.Selectivity is wiped
Except order can be additionally configured to make individual application and the data being associated with individual application and with the
The strategy execution configuration file 816 that one MDM service provider 812 is associated is maintained.Such as,
Selective erasing order can make physical mobile device 824 delete at physical mobile device 824 and the
Any data that one MDM service provider 812 is associated, and do not delete any personal data and
/ or independent of the data of a MDM service provider 812.
In some embodiments, MDM cloud agency may be mounted on physical mobile device 824.
MDM agency can be configured to monitor the status information of equipment of physical mobile device and determine this
Change in status information of equipment.MDM agency can be configured to perform MDM service provider
812,818 strategy and/or respectively to first or second pseudo-device 806,828 report device states letter
Change in breath.
In some embodiments, the first pseudo-device 806 can receive from physical mobile device 824 and ask
Asking, this request is positioned at a MDM service provider based on user's input or physical mobile device 806
An initiation in instruction in first geography fence of 812.As response, the first pseudo-device 806
Can dispose from the first pseudo-device 806 and (such as, send ERM, such as resource data, application
Data, application and/or strategy execution configuration file 816) to physical mobile device 824.In response to
Receive and be no longer in the first geography fence based on another user input or physical mobile device 824
Another request of an initiation in instruction, the first pseudo-device 806 can be from physical mobile device 824
Recall the strategy execution configuration file 816 of a MDM service provider 812, and/or resource data
814, such as, such as, apply, apply its of data and/or a MDM service provider 812
Its data.
In response to receiving the new request from physical mobile device 824 at the second pseudo-device 828,
This request is positioned at the 2nd MDM service provider based on new user's input or physical mobile device 824
An initiation in instruction in second geography fence of 818, the second pseudo-device 828 can be to physics
Mobile device 824 dispose the 2nd MDM service provider 818 the second strategy execution configuration file 822,
Application, application data and/or other data of the 2nd MDM service provider 818.
In some embodiments, the first pseudo-device 806 can identify provides in a MDM service
Conflict between strategy and the strategy of the 2nd MDM service provider 818 of business 812.First puppet sets
Standby 806 solutions that can be determined from the KBS Knowledge Based System of cloud computing environment 802 by application
Solve conflict.First pseudo-device 806 can solve by sending warning to physical mobile device 824
Certainly conflict.Such as, warning can include the one or more at user option life for solving conflict
Order.Additionally or alternatively, the first pseudo-device 806 can be by sending to physical mobile device 824
Miniature erasing (mini-wipe) order solves conflict.Additionally or alternatively, miniature erasing order can
To be configured at least make to cause the subset of the data of conflict to be deleted.
Second pseudo-device 828 is about the 2nd MDM service provider 818 and physical mobile device 824
The function similar to the first pseudo-device 806 can be performed.Additionally, the first pseudo-device 806 and/or second
Pseudo-device 828 can perform any function being associated with other pseudo-device described herein.Therefore,
First pseudo-device 806 and/or the second pseudo-device 828 can perform to be discussed below in relation to Fig. 9-16
One or more in function.Although the function of Fig. 9-16 manages system 700 visual angle from enterprise mobility
Write, but this function is also applied to system 800.When the function of Fig. 9-16 is applied to system 800
Time, it is noted that, it not to have to be arranged for together with the first and second MDM service providers making
Pseudo-device, but the first pseudo-device is arranged for together with a MDM service provider making
With and the second pseudo-device be arranged for being used together with the 2nd MDM service provider.
In some embodiments, the 3rd pseudo-device and the 4th pseudo-device can be at cloud computing environments 802
In be established.3rd pseudo-device and the 4th pseudo-device can represent the second physical mobile device with each.
3rd pseudo-device can be arranged for being used together with a MDM service provider 812 and
Four pseudo-devices can be arranged for being used together with the 2nd MDM service provider 818.These are pseudo-
Equipment can perform any function being associated with other pseudo-device described herein.
Mobile device management feature
Computing architecture and the enterprise of the various aspects that can be used for providing and/or realizing the disclosure are discussed
Several examples of industry mobile management framework, will be discussed in many embodiments now.Specifically
Ground, and as described above, and some aspects of the disclosure relate generally to provide mobile device management
Function.In the following description, discussion is illustrated mobile device management function can how according to one or
The various examples that multiple embodiments are provided.
Fig. 9 depicts and illustrates via pseudo-device according to one or more illustrative aspects discussed in this article
One or more mobile device management strategies are applied to the flow process of the method for physical terminal subscriber equipment
Figure.In one or more embodiments, can be by calculating equipment (such as, universal computing device 201)
Perform method and/or the one or more step of Fig. 9.In other embodiments, Fig. 9 shows
The method and/or the one or more step that go out can be embodied as in computer executable instructions, this meter
Calculation machine executable instruction is stored in the computer-readable of such as non-transitory computer-readable memory and is situated between
In matter.
Such as finding in fig .9, method can be from the beginning of step 905, and wherein pseudo-device is at cloud computing environment
In be established.Such as, in step 905, cloud computing environment (such as, one or more servers,
Cutter point server, thin-client, computer, tablet PC, laptop computer or other type
Calculating equipment) can set up in the server of cloud expression physical terminal subscriber equipment (such as, move
Dynamic calculating equipment, such as, laptop computer, tablet PC, smart mobile phone or other type of
Physical mobile device) pseudo-device.
Represent that the pseudo-device of physical terminal subscriber equipment can be to the physical terminal subscriber equipment being associated
Send one will be mounted thereon MDM cloud agency.In one or more are arranged, MDM
Cloud agency can be application, service or process, and it is configured on physical terminal subscriber equipment run
And also be configured to collect and/or otherwise obtain the information about equipment, including about physics
The information of the current state of end user device.Such as, MDM cloud agency can be configured to collect and/
Or safeguard device level status information, such as, instruction stores on physical terminal subscriber equipment and/or runs
Operating system and/or the status information of application, instruction to physical terminal subscriber equipment can with and/or quilt
Physical terminal subscriber equipment use network connect status information, and/or instruction equipment be placed and/
Or used (such as, according to geographical coordinate;According to semantic label, such as " family ", " work ", " visitor
Family end station point ";Deng) the status information of current location.In some instances, although these types
Status information be listed as the type that can be collected by MDM cloud agency and/or be safeguarded herein
The example of device level status information, but in other example, additionally and/or the status information of optional type
By collecting as MDM cloud proxy class and/or can safeguard.
In addition to collecting and safeguarding various types of status information, physical terminal subscriber equipment runs
MDM cloud agency be also configured to assessment, analyze and/or otherwise monitoring collected by each
The status information of type.Such as, MDM cloud agency can be configured to periodically determine that physical terminal is used
The status information of family equipment is the most altered and/or performs based on the change of detection in status information
One or more actions.Such as, the status information of physical terminal subscriber equipment (is also referred to as herein
Device level status information) can include mounted about what application and/or operate in physical terminal user
On equipment, where physical terminal subscriber equipment is positioned in, what physical terminal subscriber equipment is connected to
The information of network, and/or the consideration of miscellaneous equipment level.In some instances, MDM cloud agency can be to one
Individual or multiple other is applied, is serviced and/or process offer status information.Such as, be discussed below
In a little examples, the MDM cloud on physical terminal subscriber equipment is acted on behalf of and/or one or more other is applied,
Service and/or process can be analyzed and/or otherwise reason MDM agency in place's is performing mobile device
Management strategy and/or combine in other action of mobile device management strategy execution collected status information.
Such as, based on the different set of circumstances that the status information of equipment collected by MDM agency can be used to assess,
Function that is that some mobile device management strategies can limit license and/or that forbid and/or application.At these
And/or in alternate manner, status information can be used for the behavior limit performing in various functions and/or application
System.
In some embodiments, physical terminal subscriber equipment and/or operate in physical terminal subscriber equipment
On MDM cloud agency can to set up at cloud computing environment, (such as, it can affect the shape of equipment
State) one or more policy management servers in pseudo-device information is provided, and/or can receive
From one or more orders of this pseudo-device.Such as, to the one or more strategies at cloud computing environment
Management server in carry out logical partition pseudo-device provide information time, physical terminal subscriber equipment and/
Or on physical terminal subscriber equipment run MDM cloud agency can send status information (such as, its
Various types of status information of equipment as discussed in this article can be included) to pseudo-device, such as, it is permissible
It is configured to analyze this information and order and/or out of Memory are provided back to physical terminal subscriber equipment
And/or the MDM cloud of operation is acted on behalf of on physical terminal subscriber equipment.It addition, receiving from cloud meter
When calculating the order of pseudo-device of environment, physical terminal subscriber equipment and/or on physical terminal subscriber equipment
The MDM cloud agency run can receive new and/or strategy that is that update and/or other policy information, remote
Journey analysis and/or the physical terminal user equipment status information that otherwise processes (such as, puppet sets
Standby can remote analysis and/or otherwise place's reason physical terminal subscriber equipment collect, from physics eventually
That end user device obtains and/or relevant with physical terminal subscriber equipment status information, and then should
It is provided back to physical terminal subscriber equipment through that analyze and/or treated status information), and/or other
Information.
Represent that the pseudo-device of physical terminal subscriber equipment can be in one or more plans of cloud computing environment
Slightly it is established in management server.Pseudo-device can be for being used together with MDM service provider
Pseudo-device settling period between receive the MDM that is associated with this MDM service provider and act on behalf of.Cause
This, multiple MDM agency can be maintained in the memorizer being associated with pseudo-device by pseudo-device.Pseudo-
Equipment can communicate with the MDM cloud agency run on physical terminal subscriber equipment so that
MDM cloud agency can perform the one or more different MDM at physical terminal subscriber equipment
The function of agency.MDM cloud agency can perform the function of one or more MDM agency, simultaneously
Show as the single MDM cloud agency on physical terminal subscriber equipment.Such as, physical terminal is operated in
MDM cloud agency on subscriber equipment can hand over from the different MDM agency being stored at pseudo-device
Change data and/or receive order from the different MDM agency being stored at pseudo-device.Therefore, MDM
Cloud agency can realize the function of the one or more MDM agency at physical terminal subscriber equipment, and
Physical terminal subscriber equipment need not be revised to include each received from MDM service provider
MDM acts on behalf of.
In step 910, pseudo-device can be arranged for providing with one or more MDM service
Business is used together.Such as, in step 910, pseudo-device can be to each MDM service provider
Send or provide registration request, and as response, can receive from each MDM service provider
Strategy execution configuration file, it authorizes the access of the ERM to each of which.Such as, enterprise can
To require that in carrying device (BYOD) scheme its employee some or all of and/or other users exist
In their respective mobile device, mounting strategy execution configuration file is to reduce enterprise security risk, and
Such enterprise can be passed through in step 910 by the strategy execution configuration file that pseudo-device receives
Industry limits and/or to be otherwise associated with such enterprise.Additionally or alternatively, when not by physics
When end user device uses, strategy execution configuration file can be stored in depositing of being associated with pseudo-device
In reservoir.Additionally, the memorizer being associated with pseudo-device can also store from each MDM simultaneously
The strategy execution configuration file of service provider, arranges pseudo-device with this MDM service provider.Cause
It is established in one or more policy management servers of cloud computing environment for pseudo-device, so puppet sets
Standby not by physical terminal subscriber equipment about the parallel storage of multiple strategy execution configuration files and/or
Any physical constraint of out of Memory (such as, such as, apply, apply data etc.) limits.Example
As, except storage the 2nd MDM service provider strategy execution configuration file, its be associated should
With and/or application data outside, pseudo-device can store the strategy execution of a MDM service provider and join
Put file, its application being associated and/or application data.In such an example, except the 2nd MDM
Outside the strategy execution configuration file of service provider, its application being associated and/or application data, physics
End user device can have insufficient memory space and/or disposal ability to maintain and to store simultaneously
The strategy execution configuration file of the oneth MDM service provider, its application being associated and/or application number
According to.Additionally or alternatively, physical terminal subscriber equipment may not store two configuration files simultaneously,
This is because each configuration file be likely to be of require respective configuration file to be mounted in, be stored in,
Or otherwise maintain the rule of the most special configuration file on physical terminal subscriber equipment.
Additionally or alternatively, physical terminal subscriber equipment may not provide to two MDM services simultaneously
Business registers, this is because the operating system of physical terminal subscriber equipment may only support single configuration
File.
In step 915, once pseudo-device is arranged for providing with one or more MDM service
Business is used together, and the pseudo-device representing physical terminal subscriber equipment can be configured to from one or more
MDM service provider receives one or more order.Such as, in step 915, pseudo-device can
With from a MDM service provider and/or represent the entity of a MDM service provider and receive the
One order.Oneth MDM service provider and/or represent the entity of a MDM service provider can
To actively generate the first order (such as, be not based on the data-triggered event received from pseudo-device),
And the first order is pushed to pseudo-device.Additionally or alternatively, in response to from pseudo-device and/or from thing
The status information of equipment of (such as, extracting) the physics end user device received in reason end user device
In change, a MDM service provider or entity can generate the first order.Equipment state is believed
Change in breath such as can be included in the change in the application occurred at physical terminal subscriber equipment
Instruction, network connect in the instruction of change, physical terminal subscriber equipment position in change instruction
And/or other change any at physical terminal subscriber equipment.Such as, at physical terminal subscriber equipment
The instruction of the change in the application occurred can be included in the application occurred at physical terminal subscriber equipment
List and the status information being associated about each in the application listed can be included.Example
Whether be mounted in current system as, state can include applying, open, this application is the most local
Or be remotely performed, and/or out of Memory.
In some instances, the first order can be configured to as the first order will be sent to physics
End user device.Such as, when pseudo-device analog physical end user device, MDM service carries
May not realize that the first order will be sent to pseudo-device rather than be sent to physical terminal for business
Subscriber equipment.In such instances, the first order can be configured to carry according to a MDM service
Strategy for business manages physical terminal subscriber equipment.
First order can include management information, such as one or more by MDM cloud agent application
Policy update.First order can be configured to the specific user for physical terminal subscriber equipment and/
Or (such as, strategy can be applied to for anyone role using physical terminal subscriber equipment
There is specific role or the user of position of such as sale, accounting, consulting, law etc.).
In some embodiments, the first order can be the current shape of request physical terminal subscriber equipment
The inquiry of state information.In this case, MDM service provider can receive physics from pseudo-device
The status information of equipment of end user device.In some instances, pseudo-device can be by this inquiry
It is transferred to physical terminal subscriber equipment and receives status information of equipment from physical terminal subscriber equipment.Additionally
Or alternatively, pseudo-device may not send inquiry to physical terminal subscriber equipment, and on the contrary can be to
Oneth MDM service provider sends and is stored in the equipment state in the memorizer being associated with pseudo-device
Information.
In some embodiments, the first order can be configured to make MDM cloud agency and/or physics
End user device performs the one or more behaviors at physical terminal subscriber equipment and limits.Some strategies
And/or behavior limits and the first order can be caused to be configured to perform recalling and/or selectivity wiping of resource
Remove.Such as, first the strategy execution that could be for recalling a MDM service provider is ordered to be joined
Put file and number that application that a MDM service provider is associated is associated with this application
According to, the ERM of a MDM service provider, relevant to a MDM service provider
One or more and/or the life of out of Memory in the data generated at the physical terminal subscriber equipment of connection
Order.In some instances, the first order can be selective erasing order, and it is configured to delete the
Strategy execution configuration file and a MDM service provider of one MDM service provider are associated
Application be associated with this application data, the ERM of a MDM service provider,
In the data generated at the physical terminal subscriber equipment being associated with a MDM service provider
One or more and/or out of Memory.In some embodiments, (such as, selective erasing keeps
Do not delete) the strategy execution configuration file of a MDM service provider, individual application and individual
Personal data.
In some embodiments, according to one or more strategies, the first order can be configured to award
Power pseudo-device and/or physical terminal subscriber equipment are to some ERMs and/or the access of service, simultaneously
Limit and/or prevent the access to other ERM and/or service.In other embodiments,
One order can be configured to prevent physical terminal subscriber equipment from sending ERM to another equipment
Or other data being associated with the MDM service provider from physical terminal subscriber equipment.
Additionally or alternatively, the first order can be configured to allow physical terminal subscriber equipment to send out to pseudo-device
Send data ERM or other data of being associated with a MDM service provider for subsequently
Retrieval (such as, is positioned at the geographical position of a MDM service provider when physical terminal subscriber equipment
Time interior).
In some embodiments, according to some strategies, the first order can be configured to prevent by puppet
The amendment of the ERM of equipment and/or physical terminal user equipment access (such as, read-only).It addition,
First order can be configured at pseudo-device and/or physical terminal subscriber equipment reconfigure software
Or data.It addition, the first order can be configured to make MDM agency and/or physical terminal user set
For preventing application to be opened or be otherwise performed, and if it being currently physical terminal user
It is carrying out (such as, run) at equipment, then can close application.
In some embodiments, the first order can be by being configured to selective enabling and/or disabling
One or more functions (such as, one or more functions of operating system) of physical terminal subscriber equipment,
Application, to this locality at physical terminal subscriber equipment and/or on one or more networks remote accessible
Data or the access of resource performs some strategies and/or behavior limits.Limit physical terminal user
The access of one or more resources that equipment is local can include stoping, limit and/or otherwise
Control to the resource of physical terminal subscriber equipment (such as, such as, camera-enabled, SMS,
Other function any of Bluetooth function, locally applied function and/or physical terminal subscriber equipment) visit
Ask.Limit the access to one or more Internet resources can include stoping to some website, physics eventually
End user device is not authorized to the visit of the resource of ERM or other long range positioning any accessed
Ask.
Alternatively, or in addition, in some embodiments, a MDM service provider can know
Road pseudo-device.Therefore, the first order can be configured to instruct puppet to set by a MDM service provider
For how managing physical terminal subscriber equipment.In such embodiments, the first order can be joined
It is set to manage physical terminal subscriber equipment and/or the strategy according to a MDM service provider is managed
The management of the pseudo-device of reason physical terminal subscriber equipment.Specifically, the first order can be configured to lead
Cause via pseudo-device at physical terminal subscriber equipment strategy execution.Such as, the first order is permissible
It is designed to have the result identical from any different configurations of the first order discussed above.
In addition to receiving order from the enterprise servers of a MDM service provider, pseudo-device is permissible
Receive new and/or strategy that is that update and/or other policy information, remotely analysis and/or with other side
Formula processing device status information (such as, can remotely analyze and/or otherwise by enterprise servers
Place's reason physical terminal subscriber equipment is collected, is obtained and/or the shape relevant with physical terminal subscriber equipment
State information, and then status information that is this that analyzed and/or that process is provided back to physical terminal
Subscriber equipment), and/or out of Memory.In some embodiments, pseudo-device can be to a MDM
Service provider forwards the status information of equipment received from physical terminal subscriber equipment.This embodiment party
In case, a MDM service provider can be with analytical equipment status information and make this analysis and pseudo-device
It is associated.Pseudo-device then can by this that analyzed and/or process status information of equipment, other
Information and/or strategy are provided back to physical terminal subscriber equipment.Additionally or alternatively, to physical terminal
Subscriber equipment provides before this status information of equipment analyzed, pseudo-device can process further from
The status information of equipment analyzed that oneth MDM service provider receives.
In some embodiments, pseudo-device may determine that the first order or at physical terminal subscriber equipment
Place realize the first order after the state that predicts the outcome of physical terminal subscriber equipment whether will violate or
Otherwise create conflicting of any strategy of MDM service provider of being registered with pseudo-device.
If there is no violating or conflict, as described below, pseudo-device can send to physical terminal subscriber equipment
Order.If having violation or conflict, pseudo-device can be according to Figure 16 action discussed below.
In step 920, pseudo-device can send from the one of pseudo-device to physical terminal subscriber equipment
Individual or multiple orders.Such as, in step 920, pseudo-device can be sent out to physical terminal subscriber equipment
Send the second order from pseudo-device here.Pseudo-device can receive based on from a MDM service provider
The first order generate the second order and/or can be additionally relevant to a MDM service provider
Connection.Such as, in response to receiving the first order, pseudo-device can generate and send the second order to physics
End user device.Second order can be configured to perform to order, with first, the strategy being associated.The
Two orders can be different from the first order received from a MDM service provider.At some examples
In, the second order can be identical with the first order received from a MDM service provider.At this
In kind of embodiment, the second order need not to be generated at pseudo-device and can use and received
First order retransfers.
In some embodiments, pseudo-device can have independently produced the second order.Such as, pseudo-device
The second order can be generated and there is no the participation of a MDM service provider and do not receive the first life
Order.Therefore, pseudo-device can manage and perform the plan of a MDM service provider the most independently
Slightly.Such as, if lost with the connection of a MDM service provider, then pseudo-device may need
Management and the strategy of execution the oneth MDM service provider.
Second order can configure similar in appearance to any configuration of the first order discussed herein.Such as,
Second order can be configured to make MDM cloud act on behalf of and/or the execution of physical terminal subscriber equipment is recalled,
Deployment, selective erasing, restriction to the access of ERM, authorize the access to ERM, limit
Make the access of function, reconfigure function, prevent the amendment to ERM, prevent ERM
From transmission or other configuration any of order discussed herein of physical terminal subscriber equipment.
When receiving the first and/or second order from pseudo-device, MDM cloud agency and/or physical terminal are used
Family equipment can perform the first and/or second order so that the strategy being associated with this order is satisfied.
Such as, physical terminal subscriber equipment can perform to be stored in the choosing of the data at physical terminal subscriber equipment
Selecting property is wiped.Such as, physical terminal subscriber equipment can limit the access to function, prevent enterprise
The amendment of resource and/or otherwise realize any configuration special by the first and/or second order.
This order execution at physical terminal subscriber equipment can affect the equipment of physical terminal subscriber equipment
Status information.Therefore, it can provide status information of equipment to pseudo-device.
In some embodiments, the change in status information of equipment can make MDM cloud agency and/
Or physical terminal subscriber equipment performs management operation to perform one or more MDM service providers'
Strategy.Such as, change based on geographical position, MDM cloud agency can limit a MDM
The access of some ERM of service provider.
According to the strategy such as performed by MDM cloud agency and order, physical terminal subscriber equipment also may be used
To access the ERM of one or more MDM service providers.Such as, physical terminal user sets
The standby ERM being provided to pseudo-device that can access a MDM service provider.Additionally or
Alternatively, physical terminal subscriber equipment directly can access enterprise's money from a MDM service provider
Source and there is no the participation of pseudo-device.Physical terminal subscriber equipment can store, edit and/or other root
Interact with ERM according to the strategy of a MDM service provider.
In some embodiments, MDM cloud agency, physical terminal subscriber equipment and/or pseudo-device
Can determine whether to have violated one or more MDM service provider's based on status information of equipment
One or more strategies.In response to having violated tactful determination, physical terminal subscriber equipment can be adopted
Take correct action.Physical terminal subscriber equipment can also send, to pseudo-device, the report violated.Pseudo-device
Then may determine that correct action and send the order produced to physical terminal subscriber equipment.Real at some
Executing in scheme, pseudo-device can send the report of report or amendment and carry to the MDM service violating strategy
For business.In response to not violating tactful determination, continue to manage operation normally.
In step 925, pseudo-device can receive the second order from physical terminal subscriber equipment
Response.Such as, in step 925, pseudo-device may determine that whether this response is sufficient for from
The first order that one MDM service provider receives.It is to be insufficient for the first life in response to this response
(such as, after utility command, the expectation of physical terminal subscriber equipment produces for order and/or the second order
State not do not realize) determination, pseudo-device can send order to physical terminal subscriber equipment,
Its state being configured to correct physical terminal subscriber equipment so that from physical terminal subscriber equipment
Second response can be sufficient for the first order and/or second order (such as, after utility command,
Have been carried out the state that the expectation of physical terminal subscriber equipment produces).
In some embodiments, the change during pseudo-device may determine that the state of physical terminal subscriber equipment
Change other policy conflict any of any MDM service whether registered with pseudo-device.In response to this
Response and the determination of another policy conflict, pseudo-device can move according to Figure 16 discussed below
Make.
In step 930, it is sufficient for the first order and/or the determination of the second order in response to this response,
Pseudo-device can be to the one or more transmissions in MDM service provider from the response of pseudo-device.
Such as, in step 930, pseudo-device can send second received from physical terminal subscriber equipment
That orders is responsive to a MDM service provider.This response can include physical terminal subscriber equipment
Status information of equipment, so the such as the oneth MDM service provider can verify and the first order phase
The operation of association is properly completed by physical terminal subscriber equipment.Such as, response can include with
The finger that the data that oneth MDM service provider is associated have removed from physical terminal subscriber equipment
Show.
In some embodiments, pseudo-device can be based on to received from physical terminal subscriber equipment
The response of two orders generates new response.New response can be sufficient for from a MDM service
The first order that provider receives.In some instances, response can include being associated with the first order
The instruction that is done of operation or some other instruction of being associated with the first order.Such as, new sound
Should include that the data being associated with a MDM service provider are deployed to from pseudo-device
The instruction of physical terminal subscriber equipment, or alternatively, be associated with a MDM service provider
Data from physical terminal subscriber equipment, be retracted into the instruction of pseudo-device.
In some embodiments, such as, pseudo-device can provide information to one or more MDM
The enterprise servers of service provider.Such as, the enterprise of MDM service provider is being provided information to
In server, pseudo-device can send from the status information of physical terminal subscriber equipment reception to MDM
The enterprise servers of service provider, it such as can be configured to analyze such information and provide life
Order and/or out of Memory return to pseudo-device, and then it can relay or generate and will set to physical terminal user
The standby order provided.
In some embodiments, pseudo-device can receive the 3rd life from the 2nd MDM service provider
Order.3rd order can be configured to make the 2nd MDM service at physical terminal subscriber equipment carry
Execution for the strategy of business.3rd order can as above with respect to the first order configuration but about the
What two MDM service providers rather than a MDM service provider were discussed configures.Such as,
3rd order could be for recalling the 2nd MDM service provider strategy execution configuration file and
Data that the application that 2nd MDM service provider is associated is associated with this application, second
The ERM of MDM service provider, at the physics being associated with the 2nd MDM service provider
One or more and/or out of Memory in the data generated at end user device.In some instances,
3rd order can be selective erasing order, and it is configured to delete the 2nd MDM service provider
Strategy execution configuration file and the application that is associated of the 2nd MDM service provider and this should
With the data being associated, the ERM of the 2nd MDM service provider, taking with the 2nd MDM
One or more in the data generated at the physical terminal subscriber equipment that is associated of business provider and/or
Out of Memory.In some embodiments, selective erasing order keeps (such as, not deleting)
The strategy execution configuration file of the 2nd MDM service provider.
In some embodiments, pseudo-device may determine that the 3rd strategy ordered or realizing the 3rd life
Whether the result phase of the prediction of the physical terminal subscriber equipment after the strategy of order is violated or with other
Any policy conflict of the MDM service provider that mode and pseudo-device are registered.Without violation
Or conflict, as described below, pseudo-device can send order to physical terminal subscriber equipment.If against
Anti-or conflict, pseudo-device can be according to Figure 16 action discussed below.
In some embodiments, pseudo-device can send one or more orders to physics from pseudo-device
End user device.Such as, pseudo-device can send the 4th order to physical terminal user from pseudo-device
Equipment.Pseudo-device can generate the based on the 3rd order received from the 2nd MDM service provider
Four orders.In response to receiving the 3rd order, pseudo-device can generate and send the 4th order to physics eventually
End user device.4th order can with the 3rd order received from the 2nd MDM service provider not
With.In some instances, the 4th order can be with the 3rd received from the 2nd MDM service provider
Order identical.In such instances, the 4th order need not be generated at pseudo-device and can make
Retransfer with the 3rd order received.
4th order can be configured to the strategy performing to be associated with the 3rd order.4th order is permissible
If the configuration above with respect to the second order is still about the 2nd MDM service provider rather than first
What MDM service provider was discussed configures.Such as, the 4th order can be configured to make MDM
Cloud agency and/or physical terminal subscriber equipment perform to recall, dispose, selective erasing, restriction is to enterprise
The access of resource, authorize the access to ERM, limit the access to function, reconfigure function,
Prevent the amendment to ERM, prevent ERM from the transmission of physical terminal subscriber equipment or basis
Other configuration any of the order that literary composition is discussed.
In some embodiments, pseudo-device can generate the 4th order.Such as, pseudo-device can be only
On the spot generate the 4th order and there is no the participation of the 2nd MDM service provider.Specifically, pseudo-device
The 4th order can be generated and do not receive the 3rd order from the 2nd MDM service provider.
In some embodiments, pseudo-device can receive from the 4th of physical terminal subscriber equipment
The response of order.Such as, pseudo-device may determine that whether this response is sufficient for from the 2nd MDM clothes
The 3rd order that business provider receives.The determination of the 3rd order it is insufficient in response to this response, pseudo-
Equipment can send order to physical terminal subscriber equipment, and it is configured to correct physical terminal user and sets
Standby state so that the second response from physical terminal subscriber equipment can be sufficient for the 3rd order.
In some embodiments, it is sufficient for the determination of the 3rd and/or the 4th order in response to this response,
Pseudo-device can be to the one or more transmissions in MDM service provider from the response of pseudo-device.
Such as, pseudo-device can send and the 4th order received from physical terminal subscriber equipment is responsive to the
Two MDM service providers.In some instances, pseudo-device can be based on to from physical terminal user
The response of the 4th order that equipment receives generates new response.New response can be sufficient for from second
The 3rd order that MDM service provider receives.In some instances, response can include and the 3rd
Order the instruction that the operation being associated is done or some other instructions being associated with the 3rd order.
In some embodiments, cloud computing environment can be set up in the server of cloud and represent another
Physical terminal subscriber equipment (such as, is different from the second physical terminal of the first physical terminal subscriber equipment
Subscriber equipment) the second pseudo-device.Represent that the second pseudo-device of the second physical terminal subscriber equipment is permissible
It is arranged for being used together with one or more MDM service providers.Second pseudo-device can be
The first order is received from MDM service provider at pseudo-device.Second pseudo-device can set from the second puppet
Preparation send the second order or another is ordered to the second physical terminal subscriber equipment as discussed in this article.The
Two pseudo-devices can receive response from physical terminal subscriber equipment.Second pseudo-device can send this response
Or amendment be responsive to MDM service provider as discussed in this article.Although having discussed table respectively
Show only two pseudo-devices of two physical terminal subscriber equipmenies, but the pseudo-device of more than two and physics
End user device is expected.
Figure 10 depicts and illustrates that arranging puppet sets according to one or more illustrative aspects discussed in this article
It is ready for use on the flow chart of the method being used together with one or more mobile device management service providers.
In one or more embodiments, the method for Figure 10 and/or one or more step can be by meters
Calculation equipment (such as, universal computing device 201) performs.In other embodiments, Tu10Zhong
The method and/or the one or more step that illustrate can be embodied in computer executable instructions, this meter
Calculation machine executable instruction is stored in the computer-readable of such as non-transitory computer-readable memory and is situated between
In matter.
Such as finding in Fig. 10, method can be from the beginning of step 1005 place, and wherein pseudo-device can be set
Put for being used together with a MDM service provider.Such as, in step 1005, permissible
One or more set by such as perform in step 1010,1015 and 1020 discussed herein
Put pseudo-device to be used together for a MDM service provider.Pseudo-device can be to first
MDM service provider shows as the physical terminal subscriber equipment that pseudo-device represents.Such as, pseudo-device
Can emulate and/or simulate the physical terminal subscriber equipment that pseudo-device represents, and therefore, pseudo-device can
To show as the physical terminal subscriber equipment of reality to a MDM service provider.Such as, imitative
In true and/or analog physical end user device, the pseudo-device representing physical terminal subscriber equipment can be to
Oneth MDM service provider certification, receive from or many of a MDM service provider
Individual order and/or communication and/or to a MDM service provider send one or more message and/
Or other communication, just look like pseudo-device be physical terminal subscriber equipment.Pseudo-device can with typically
Physical mobile device by the identical mode that carries out registering to a MDM service provider to first
MDM service provider registers.In some instances, pseudo-device can be to MDM clothes
Business provider shows as being different from physical terminal subscriber equipment but is associated with physical terminal subscriber equipment
Equipment.
In step 1010, pseudo-device can send the first registration request and takes to one or more MDM
Oneth MDM service provider of business provider.Such as, in step 1010, can set from puppet
For sending the first registration request to a MDM service provider.In some instances, pseudo-device can
So that another equipment represents pseudo-device and sends the first registration request.Registration request can include for setting
Put any information including that such as security credence, identity documents etc. are necessary.
As response, in step 1015, pseudo-device can receive to be provided with a MDM service
The first strategy execution configuration file that business is associated.Such as, in step 1015, pseudo-device is permissible
The first strategy execution configuration file is received from a MDM service provider.In some instances, pseudo-
Equipment can receive the first strategy execution from another entity representing a MDM service provider and join
Put file.First strategy execution configuration file can be configured to promote pseudo-device and/or a MDM
The identification of service provider.First strategy execution configuration file can promote pseudo-device and a MDM
Secure communication between service provider.Strategy execution configuration file can be configured to identify first
One or more strategies of MDM service provider, it will be held at physical terminal subscriber equipment
The capable access as the ERM to a MDM service provider and/or the condition of registration.
In step 1020, pseudo-device can store and be associated with a MDM service provider
First strategy execution configuration file.Such as, in step 1020, pseudo-device can be by the first strategy
Perform the memorizer being associated that configuration file is stored in one or more servers of cloud computing environment
In.Once pseudo-device is arranged for being used together with a MDM service provider, and pseudo-device can
To access a MDM service provider's according to the strategy proposed by a MDM service provider
ERM.Pseudo-device can receive order from a MDM service provider and as above be begged for management
The physical terminal subscriber equipment of opinion.Such as, such order can include disposing as discussed in this article,
Recall and/or in selective erasing one.
In step 1025, execution step 1030 the most discussed herein, 1035 and can be passed through
One or more pseudo-devices that arrange in 1040 make for together with the 2nd MDM service provider
With.Pseudo-device can show as the physical terminal use that pseudo-device represents to the 2nd MDM service provider
Family equipment.Such as, pseudo-device can simulate the physical terminal subscriber equipment that pseudo-device represents.Pseudo-device
Can be with the identical side that will carry out registering to the 2nd MDM service provider with typical mobile device
Formula is registered to the 2nd MDM service provider.In some instances, pseudo-device can be to second
MDM service provider show as being different from physical terminal subscriber equipment but with physical terminal subscriber equipment
The equipment being associated.
In step 1030, pseudo-device can send the second registration request and take to one or more MDM
2nd MDM service provider of business provider.Such as, in step 1030, the second registration please
Ask and can send from pseudo-device.In some instances, pseudo-device can make another equipment represent puppet to set
Preparation send the second registration request.Registration request can include including such as security credence, body for setting
Necessary any information such as part voucher.
As response, in step 1035, pseudo-device can receive to be provided with the 2nd MDM service
The second strategy execution configuration file that business is associated.Such as, in step 1035, pseudo-device is permissible
The second strategy execution configuration file is received from the 2nd MDM service provider.In some instances, pseudo-
Equipment can receive the second strategy execution from another entity representing the 2nd MDM service provider and join
Put file.Second strategy execution configuration file can be configured to promote pseudo-device and/or the 2nd MDM
The identification of service provider.Second strategy execution configuration file can be configured to promote pseudo-device and the
Secure communication between two MDM service providers.Strategy execution configuration file can be configured to know
One or more strategies of other 2nd MDM service provider, it will be at physical terminal subscriber equipment
Place be implemented as the access of the ERM to the 2nd MDM service provider and/or registration article
Part.
In step 1040, pseudo-device can store and be associated with the 2nd MDM service provider
Second strategy execution configuration file.Such as, in step 1040, pseudo-device can be by the second strategy
Perform the memorizer being associated that configuration file is stored in one or more servers of cloud computing environment
In.Once pseudo-device is arranged for being used together with second service provider, and pseudo-device can access
The ERM of the 2nd MDM service provider.Pseudo-device can be from the 2nd MDM service provider
Receive order to manage physical terminal subscriber equipment.Such order can include portion as discussed in this article
Administration, recall and/or in selective erasing one.
In some embodiments, with the puppet being positioned at one or more servers of cloud computing environment
The memorizer that equipment is associated can store first be associated with a MDM service provider simultaneously
Strategy execution configuration file and the second strategy execution being associated with the 2nd MDM service provider are joined
Put file.In some embodiments, physical terminal subscriber equipment can not have enough resources with simultaneously
The first strategy execution configuration file that storage and/or realization are associated with a MDM service provider
And the second strategy execution configuration file being associated with the 2nd MDM service provider.
In some embodiments, represent that the second pseudo-device of the second physical terminal subscriber equipment can be by
It is provided for being used together with one or more MDM service providers.Such as, the second pseudo-device can
To send the first registration request to a MDM service provider from the second pseudo-device, and as ringing
Should, strategy execution configuration file can be received from a MDM service provider.Second pseudo-device can
So that strategy execution configuration file is stored in the memorizer being associated with the second pseudo-device.Once puppet sets
Standby being arranged for being used together with a MDM service provider, the second pseudo-device can access the
The ERM of one MDM service provider.Second pseudo-device can send second from the second pseudo-device
Registration request is to the 2nd MDM service provider, and as response, can take from the 2nd MDM
Business provider receives strategy execution configuration file.Strategy execution configuration file can be deposited by the second pseudo-device
Storage is in the memorizer being associated with the second pseudo-device.Once pseudo-device is arranged for and second
MDM service provider is used together, and the second pseudo-device can access the 2nd MDM service provider
ERM.
In some embodiments, multiple pseudo-devices can be associated with identical user.Pseudo-device can
To be established in cloud computing environment.Such as, the first pseudo-device can represent be associated with user
One physical terminal subscriber equipment.Second pseudo-device can represent the second physics being associated with same subscriber
End user device.Second physical terminal subscriber equipment can be differently configured from the first physical terminal subscriber equipment.
In this illustration, the first and second pseudo-devices can be arranged for carrying with identical MDM service
It is used together for business and/or different MDM service providers.
Figure 11 depicts and illustrates in response to coming according to one or more illustrative aspects discussed in this article
Flow chart from the method for the order of mobile device management service provider.One or more embodiment party
In case, the method for Figure 11 and/or one or more step can be (such as, general by calculating equipment
Calculating equipment 201) perform.In other embodiments, the method shown in Figure 11 and/or its
One or more steps can be embodied in computer executable instructions, and this computer executable instructions is deposited
Storage is in the computer-readable medium of such as non-transitory computer-readable memory.
Such as finding in fig. 11, method can be from the beginning of step 1105, and wherein pseudo-device can receive one
Individual or multiple orders.Such as, in step 1105, pseudo-device can provide from a MDM service
Business receives the first order.In some instances, the first order can provide from a MDM service
The separate entity of business or equipment receive, but can represent a MDM service provider and be issued.
First order can be such as configuring of being discussed above in association with Fig. 9.Such as, the first order is permissible
It is configured to make to operate in the MDM cloud agency of physical terminal subscriber equipment and/or physical terminal user
Equipment perform with the recalling of ERM, the deployment of ERM, the selective erasing of ERM,
Limit the access of ERM, authorize the access to ERM, limit the access to function, weight
Newly configured function, prevent the amendment to ERM, prevent ERM from physical terminal subscriber equipment
Transmission or any other of order discussed herein configure the operation that is associated.
In step 1110, pseudo-device may determine that and send order and/or message to whom.Such as,
In step 1110, pseudo-device may determine whether to physical terminal subscriber equipment and/or a MDM
Service provider sends the second order.This determines can be based on one or more factors.Such as, factor
May include whether to need from physical terminal subscriber equipment the information at pseudo-device of not appearing in
In response to the one or more orders received from one or more MDM service providers.Such as, because of
Element can include relevant to the one or more orders received from one or more MDM service providers
The strategy of connection whether with another policy conflict of one or more MDM service providers.
In some embodiments, pseudo-device can generate and send a query to physical terminal subscriber equipment.
This inquiry can ask the status information of physical terminal subscriber equipment.As response, physical terminal user
Equipment may determine that and send its status information to pseudo-device.Then pseudo-device may determine that and to be received
It is desired whether the status information of physical terminal subscriber equipment mates about physical terminal subscriber equipment
Status information.Pseudo-device may determine that desired status information is based at least partially on from a MDM
The first order that service provider receives.If the status information received does not mates desired state
Information, then pseudo-device may decide that transmission second orders physical terminal subscriber equipment to reach expectation
State.If the status information received mates desired status information, then pseudo-device can be determined
Determine not send the second order to physical terminal subscriber equipment.Because the status information coupling expectation received
Status information and because can based on the first order received from a MDM service provider really
Fixed desired status information, so pseudo-device may decide that does not sends the second order to physical terminal user
Equipment, this is owing to being physical terminal subscriber equipment with the first desired state of being associated of order
State.Additionally or alternatively, in some embodiments, inquiry need not be sent to physics eventually
End user device.Such as, physical terminal subscriber equipment can periodically and/or occur at thing when state changes
Time within reason end user device, send the status information updated to pseudo-device.Therefore, pseudo-device can
To keep the record of the status information of the current and past of physical terminal subscriber equipment.Because physical terminal
The current state information of subscriber equipment occurs at pseudo-device, so pseudo-device may determine that physical terminal
The status information of subscriber equipment whether mate desired status information and without sending a query to physics eventually
End user device.
In step 1115, in response to sending second order decision to physical terminal subscriber equipment, pseudo-
Equipment can send the second order to physical terminal subscriber equipment from pseudo-device.Second order can be joined
It is set to perform the strategy of one or more MDM service provider.Second order can as above in association with
What Fig. 9 was discussed configures.Such as, the second order can be configured to make to operate in physical terminal use
MDM cloud agency on the equipment of family and/or physical terminal subscriber equipment perform with the recalling of ERM,
The deployment of ERM, the selective erasing of ERM, limit the access of ERM, mandate
To the access of ERM, limit the access to function, reconfigure function, prevent ERM
Amendment, prevent the ERM transmission from physical terminal subscriber equipment or order discussed herein
Any other configures the operation being associated.
In step 1120, pseudo-device can receive response from physical terminal subscriber equipment.Such as, exist
In step 1120, pseudo-device can receive what the operation being associated with the second order sent was done
Instruction.This response can be included in before or after ordering the operation being associated to be done with second
The status information of equipment of physical terminal subscriber equipment.Such as, response can include with one or more
Application, application data and/or other data that MDM service provider is associated are from physics eventually
The instruction deleted in end user device.This response can include that individual application and personal data are by thing
Reason end user device keeps the instruction of (such as, not being deleted).Can be similar to discussed herein
Other response configure this response.
In some embodiments, pseudo-device may determine that the response from physical terminal subscriber equipment is
(such as, physical terminal user sets in no satisfied the first order from MDM service provider's reception
Standby state mates desired state).If pseudo-device determines response and is unsatisfactory for this response, then pseudo-
Equipment can send the 3rd order to physical terminal subscriber equipment.3rd order can be configured to behaviour
The expected result obtaining the first order is caused on work.Subsequently, pseudo-device can set from physical terminal user
Another response of standby reception.
In step 1125, pseudo-device can send a response to one or more MDM service provider.
Such as, in step 1125, pseudo-device can send and the first order is responsive to MDM clothes
Business provider.If pseudo-device determines that this response is sufficient for the first order, then can send this sound
Should.In some instances, pseudo-device can be based on the response next life received from physical terminal subscriber equipment
Become the response of amendment.Amendment response be also based on other factors, such as, such as, with add with
The instruction that the operation that first order is associated is done.What pseudo-device can send amendment is responsive to first
MDM service provider.This response can be similar to any response discussed herein configure and because of
This, such as can include the status information of equipment about a MDM service provider with analyze and
It may be responded.
In step 1130, pseudo-device may not send the second order to physical terminal subscriber equipment.Example
As, in step 1130, pseudo-device may be in response to determine and do not sends the second order to physical terminal user
Equipment is locally generated the response to the first order sent from a MDM service provider.One
In a little examples, pseudo-device can receive response from the equipment or entity that are different from physical terminal subscriber equipment
So that in being incorporated into the response to the first order.The sound to the first order that is that generate and/or that received
Such as should can include the information that stored by pseudo-device or any out of Memory.This response can include with
The instruction that the operation that first order is associated is done.Such as, this response can include selective erasing
The instruction completed at physical terminal subscriber equipment.
In step 1135, pseudo-device can send a response to one or more MDM clothes from pseudo-device
Business provider.Such as, in step 1135, pseudo-device can send the first order from pseudo-device
What this locality generated is responsive to a MDM service provider.This response can be sent to a MDM
Service provider and do not send any order (such as, the first order and/or the second order) to physics
End user device.Therefore, this response can represent physical terminal subscriber equipment and sent and do not have thing
Any participation of reason end user device.Such as, pseudo-device can be independent of physical terminal subscriber equipment
Any operation receive first order and send a response to a MDM service provider.
In some embodiments, represent that the second pseudo-device of the second physical terminal subscriber equipment can be from
MDM service provider receives the first order.Second pseudo-device can based on discussed herein any because of
Element determines whether that the second physical terminal subscriber equipment sends the second order.In response to determining to the second thing
Reason end user device sends the second order, and the second pseudo-device can send the second life from the second pseudo-device
Order is to the second physical terminal subscriber equipment.Then second pseudo-device can set from the second physical terminal user
Standby reception responds.Then second pseudo-device can send the MDM service that is responsive to of response or amendment and carry
For business.Any order, the second pseudo-device is not sent to the second physical terminal subscriber equipment in response to determining
Can generate the response to the first order, such as, this first order includes being associated with the first order
The instruction that operation is done.Pseudo-device can send a response to MDM service provider.
Figure 12 depicts and illustrates number of resources according to one or more illustrative aspects discussed in this article
Flow chart according to the method being pushed to physical terminal subscriber equipment.In one or more embodiments,
The method of Figure 12 and/or one or more step can (such as, general-purpose computations sets by calculating equipment
Standby 201) perform.In other embodiments, the method shown in Figure 12 and/or one or
Multiple steps can be embodied in computer executable instructions, and this computer executable instructions is stored in all
In the computer-readable medium of non-transitory computer-readable memory.
Such as finding in fig. 12, method can be from the beginning of step 1205 place, and wherein pseudo-device can receive
One or more ERMs (such as, resource data).Such as, in step 1205, pseudo-device
The resource data of a MDM service provider can be received from a MDM service provider.Money
Source data can include document, chart, software, apply, apply data or with the oneth MDM clothes
Other data any that business provider is associated.Can the second different MDM service provide wherein
The strategy execution configuration file of business is phase time period that is movable or that used by physical terminal subscriber equipment
Between receive resource data.Such as, pseudo-device can receive application from a MDM service provider,
Its strategy execution configuration file only working as a MDM service provider is movable or whole by physics
When end user device uses, can be used at physical terminal subscriber equipment.But, as a MDM
The strategy execution configuration file of service provider is inactive or not by physical terminal subscriber equipment
During use, this application can be received by pseudo-device.
Similarly, (the MDM service that is different from carries with the 2nd MDM service provider wherein
For business) the strategy execution configuration file that is associated or is movable on physical terminal subscriber equipment at which
Time period during, pseudo-device can receive the first order from a MDM service provider.Such as,
When the strategy execution configuration file of a MDM service provider is in inactive or by physical terminal
When subscriber equipment uses and/or when the strategy execution configuration file of the 2nd MDM service provider is alive
Dynamic or when being used by physical terminal subscriber equipment, pseudo-device can be from a MDM service provider
Receive the first order.
In some embodiments, there is no the strategy execution configuration literary composition of MDM service provider wherein
Part is on physical terminal subscriber equipment or during being the movable time period at which, and pseudo-device can be from the
One MDM service provider receives resource data and/or the first order.
In some embodiments, the reception of resource data can be in response to by physical terminal subscriber equipment
The request for resource data initiated.Such as, physical terminal subscriber equipment can be used from physical terminal
Request about resource data is sent directly to a MDM service provider by family equipment, and does not has
The participation of pseudo-device.In some instances, physical terminal subscriber equipment can be by for a MDM
The request of the resource data of service provider is sent to pseudo-device.Then pseudo-device can send this request
To a MDM service provider.In some instances, sending out to a MDM service provider
Before giving this request, pseudo-device can revise this request.In some embodiments, in response to by puppet
Equipment is initiated and is sent to the request of a MDM service provider, and physical terminal subscriber equipment can
To receive resource data.
In step 1210, pseudo-device may determine that what configuration file is currently movable on pseudo-device.
Such as, in step 1210, pseudo-device can be made the strategy of a MDM service provider and holds
Whether row configuration file is currently movable determination on physical terminal subscriber equipment.In some instances,
Pseudo-device can send order to physical terminal subscriber equipment, inquires about or ask, and it asks physical terminal
Subscriber equipment (and/or the MDM cloud agency being arranged on physical terminal subscriber equipment) is by physical terminal
The current status information of equipment of subscriber equipment is sent to pseudo-device.Current status information of equipment is such as
Can include which strategy execution configuration file currently on physical terminal subscriber equipment use instruction,
The instruction of current enterprise resource that used by physical terminal subscriber equipment, the ground of physical terminal subscriber equipment
Whether reason position, physical terminal subscriber equipment are positioned at by a setting in MDM service provider
Instruction in geography fence or any out of Memory.As response, physical terminal subscriber equipment (with/
Or the MDM cloud agency being arranged on physical terminal subscriber equipment) may determine that physical terminal user sets
Standby current status information of equipment and send current status information to pseudo-device.
In some embodiments, pseudo-device can be made the strategy of a MDM service provider and holds
Whether row configuration file is currently movable determination on physical terminal subscriber equipment, and not to physics
End user device sends request.Physical terminal subscriber equipment (and/or MDM cloud agency) can determine
Phase ground and/or the result as the change being sent to before in the current state information of pseudo-device send
Current status information.Such as, during the change in determining status information of equipment has been detected,
MDM cloud agency and/or physical terminal subscriber equipment can such as determine that new application is the most pacified
Being contained in and/or be added on physical terminal subscriber equipment, application the most sets from physical terminal user
Being deleted in Bei, the network that physical terminal subscriber equipment uses connects the most altered, physical terminal
The geographical position that subscriber equipment is being located therein is changed the most, and/or equipment shape discussed herein
Other change any in state information.Once the change in status information of equipment has been detected, MDM
(such as, the information being associated with this change can be sent by cloud agency and/or physical terminal subscriber equipment
Push) to pseudo-device so that pseudo-device can keep the current and past of physical terminal subscriber equipment
The record of status information of equipment.
In step 1215, resource data can be pushed to physical terminal subscriber equipment by pseudo-device.
Such as, in step 1215, join in response to the strategy execution determining a MDM service provider
Putting file is currently movable (such as, by physical terminal subscriber equipment at physical terminal subscriber equipment
Use), the resource data of a MDM service provider can be sent to by pseudo-device from pseudo-device
Physical terminal subscriber equipment.Therefore, use by physical terminal subscriber equipment when strategy execution configuration file
Time, physical terminal subscriber equipment can access and/or receive the number of resources of a MDM service provider
According to.
In some embodiments, physical terminal subscriber equipment can be initiated for a MDM service
Another request (such as, the second request) of the more resource data of provider.Physical terminal is used
Family equipment can send the second request to pseudo-device.Then pseudo-device can send for more resource
Second request of data is to a MDM service provider.As response, a MDM service carries
Then more resource data can be sent to pseudo-device for business.When a MDM service provider's
When strategy execution configuration file is used by physical terminal subscriber equipment, pseudo-device then can be by such
Resource data is sent to physical terminal subscriber equipment.
In some embodiments, once pseudo-device it has been determined that strategy execution configuration file at physics eventually
Using at end user device, the instruction that this determines can be sent to a MDM service and carry by pseudo-device
For business.Then resource data can be transmitted directly to physical terminal and use by the oneth MDM service provider
Family equipment (such as, does not has the further participation of pseudo-device).In some embodiments, permissible
Subsequent request for resource data is sent directly to MDM clothes from physical terminal subscriber equipment
Business provider (such as, not having the participation of pseudo-device).
In step 1220, pseudo-device can be by resource data store depositing of being associated with pseudo-device
In reservoir.Such as, in step 1220, in response to the plan determining a MDM service provider
Slightly performing configuration file is currently inactive (such as, not by thing at physical terminal subscriber equipment
Reason end user device uses), pseudo-device can cache or otherwise storage the oneth MDM takes
The resource data of business provider is until the strategy execution configuration file of a MDM service provider is at thing
Activity is become at reason end user device.Pseudo-device can be by sending the most as discussed herein
Request for the current state of physical terminal subscriber equipment determines that a MDM service carries again
The strategy execution configuration file supplying business is the most movable at physical terminal subscriber equipment.Once or when puppet set
For determining that the strategy execution configuration file of a MDM service provider currently sets physical terminal user
During standby place's activity, (such as, resource data can be pushed by pseudo-device from the caching being associated with pseudo-device
Automatically send) to physical terminal subscriber equipment.In some embodiments, once pseudo-device determines
The strategy execution configuration file of the oneth MDM service provider is movable at physical terminal subscriber equipment,
Pseudo-device can allow to extract treating (such as, in response to physics eventually from the caching being associated with pseudo-device
The request of end user device and send) resource data is to physical terminal subscriber equipment.
In some embodiments, represent that the second pseudo-device of the second physical terminal subscriber equipment can be from
Oneth MDM service provider receives the resource data and/or the of the such as the oneth MDM service provider
One order.2nd MDM service provider (being different from a MDM service provider) wherein
Strategy execution configuration file on the second physical terminal subscriber equipment, be the movable time period during, can
To receive resource data and/or the first order.When the strategy execution of a MDM service provider configures
File is currently on the second physical terminal subscriber equipment during inertia, and the second pseudo-device can be by first
The resource data of MDM service provider is buffered in the memorizer being associated with the second pseudo-device.When
The strategy execution configuration file of the oneth MDM service provider is currently at the second physical terminal subscriber equipment
During upper activity, the second pseudo-device can push the resource data of a MDM service provider.
Figure 13 depicts and illustrates that amendment puppet sets according to one or more illustrative aspects discussed in this article
The flow chart of the method for the order at standby place.In one or more embodiments, the method for Figure 13 and/
Or one or more step can perform by calculating equipment (such as, universal computing device 201).
In other embodiments, the method shown in Figure 13 and/or one or more step can embody
In computer executable instructions, this computer executable instructions is stored in such as non-transitory and calculates
In the computer-readable medium of machine readable memory.
Such as finding in fig. 13, method can be from the beginning of step 1305 place, and wherein pseudo-device can be from one
Individual or multiple MDM service providers receive one or more order.Such as, in step 1305,
Pseudo-device can receive the first order from a MDM service provider.This order can be to beg for herein
Any order of opinion, it includes such as selective erasing order, countermand and/or deployment order.
In step 1310 place, pseudo-device can revise one or more order.Such as, in step 1310
In, pseudo-device can revise the first received order to produce the order of amendment.This amendment can be with base
In one or more strategy execution configuration files, the strategy of one or more MDM service provider,
The current state of physical terminal subscriber equipment and/or any other factors.The order of amendment can be joined
It is set to, once order and received by physical terminal subscriber equipment, perform behaviour at physical terminal subscriber equipment
Make.Such as, the order of amendment can be configured to from pseudo-device, resource data is deployed to physical terminal
Subscriber equipment, from physical terminal subscriber equipment revoke resources data to pseudo-device, perform selective erasing,
The order being associated with solution conflict, and/or perform other operation any discussed herein.
In step 1315 place, pseudo-device can send one or more lives to physical terminal subscriber equipment
Order.Such as, in step 1315, pseudo-device can send the order of amendment to physics from pseudo-device
End user device.Therefore, physical terminal subscriber equipment can perform the operation of the order of amendment, its
Can include such as deleting the data being associated with one or more MDM service providers or begging for herein
Other operation any of opinion.Perform this operation can cause by operating on physical terminal subscriber equipment
Change in the status information of equipment that MDM cloud agency is monitored, can become the equipment state produced
Change and be sent to pseudo-device from physical terminal subscriber equipment so that pseudo-device can continue executing with MDM clothes
The strategy of business provider.
In some embodiments, represent that the second pseudo-device of the second physical terminal subscriber equipment can be from
MDM service provider receives order.Second pseudo-device can revise order to produce the order of amendment.
Then second pseudo-device can send the order of amendment to the second physical terminal user from the second pseudo-device
Equipment.Then second physical terminal subscriber equipment can perform operation and the transmission being associated with this order
Produce in status information of equipment changes to the second pseudo-device.
In some embodiments, sending to physical terminal subscriber equipment based on one or more factors
Before the order of amendment, pseudo-device can revise the order received from MDM service provider.Such as,
Pseudo-device can revise order so that physical terminal subscriber equipment can process (such as, understanding) amendment
Order.Specifically, the order received from MDM service provider can set with physical terminal user
Standby agreement or the standard that may not process and/or otherwise understand is associated.Pseudo-device can be repaiied
Change received order so that the order of amendment can be able to process with physical terminal subscriber equipment
And/or different agreement or the standard otherwise understood is associated.
Figure 14 depicts and illustrates that application selects according to one or more illustrative aspects discussed in this article
Property erasing order the flow chart of method.In one or more embodiments, the method for Figure 14 and/
Or one or more step can perform by calculating equipment (such as, universal computing device 201).
In other embodiments, the method shown in Figure 14 and/or one or more step can embody
In computer executable instructions, this computer executable instructions is stored in such as non-transitory computer
In the computer-readable medium of readable memory.
Such as finding in fig. 14, method can be from the beginning of step 1405 place, and wherein physical terminal user sets
Standby can erasing from pseudo-device receiver selectivity is ordered.Such as, in step 1405, in response to from
Oneth MDM service provider's receiver selectivity erasing order, pseudo-device can be to physical terminal user
Equipment sends selective erasing order.In some embodiments, pseudo-device can generate selectivity wiping
Except order.Selective erasing order can be configured to make ERM (such as, resource data) exist
It is deleted at physical terminal subscriber equipment.Such as, selective erasing order can be configured to make and the
The data that the subset of the application that one MDM service provider is associated and the subset with application are associated
It is deleted at physical terminal subscriber equipment.Selective erasing order can be configured to keep individual's letter
Breath.Such as, selective erasing order can keep (not deleting) individual application and answer with individual
By the data being associated, and the strategy execution configuration file of a MDM service provider alternatively.
In step 1410, in response to receiver selectivity erasing order, physical terminal subscriber equipment is deleted
Except resource data.Such as, in step 1410, physical terminal subscriber equipment can be deleted and first
The subset of the application that MDM service provider is associated with application subset be associated data, by
Physical terminal subscriber equipment use a MDM service provider resource data generate data,
And/or other data being associated with a MDM service provider.
In step 1415, physical terminal subscriber equipment can keep personal information.Such as, in step
In rapid 1415, physical terminal subscriber equipment can keep individual application to be associated with individual application
The strategy execution configuration that data, personal data are associated with one or more MDM service providers
File and/or independent of other data any associated with a MDM service provider.At this
In the example of sample, the information kept is deleted by physical terminal subscriber equipment, and therefore continues
Stored by physical terminal subscriber equipment.In some embodiments, MDM clothes are not deleted
The strategy execution configuration file of business provider.
In some example embodiments, act on behalf of to pseudo-device and/or first based on by MDM cloud
The status information of equipment that MDM service provider provides, the change in status information of equipment can be by
MDM cloud agency, pseudo-device and/or a MDM service provider detect.MDM cloud generation
One or more in reason, pseudo-device and/or a MDM service provider may decide that selectivity
Ground erasing physics end user device.Such as, a MDM service provider can send out to pseudo-device
Send selective erasing order.Then pseudo-device can send selective erasing to physical terminal subscriber equipment
Order.In some instances, pseudo-device can generate and send selectivity to physical terminal subscriber equipment
Erasing order.In response to receiver selectivity erasing order or on determining based on this locality, MDM cloud generation
Reason and/or physical terminal subscriber equipment can wipe the money being associated with a MDM service provider
Source, leaves personal data and/or with the incoherent data of MDM service provider (such as, simultaneously
The data being associated with another MDM service provider).
In some embodiments, selective erasing can only be wiped or delete and be set by physical terminal user
The subset of the standby ERM used.In some embodiments, selective erasing can only delete with
The data that a MDM service provider is associated it are accessed within some time period.
In some embodiments, the second physical terminal subscriber equipment can be from representing the second physical terminal
Second pseudo-device receiver selectivity erasing order of subscriber equipment.Second physical terminal subscriber equipment is permissible
Deleting the subset of resource data, it includes the son of the application being such as associated with MDM service provider
The data that are associated of subset of collection and application and/or be associated with MDM service provider other
Data.Second physical terminal subscriber equipment can keep personal information, it include such as individual application,
The data being associated with individual application and/or other personal data.Second physical terminal subscriber equipment is also
The strategy execution configuration file of MDM service provider can be kept.
Figure 15 depicts and illustrates information portion according to one or more illustrative aspects discussed in this article
Be deployed to physical terminal subscriber equipment and from physical terminal subscriber equipment the flow process of the method for revocation information
Figure.In one or more embodiments, method and/or the one or more step of Figure 15 can be led to
Cross calculating equipment (such as, universal computing device 201) to perform.In other embodiments, figure
Method shown in 15 and/or one or more step can be embodied in computer executable instructions,
This computer executable instructions is stored in the computer of such as non-transitory computer-readable memory can
Read in medium.
Such as finding in fig .15, method can be from the beginning of step 1505 place, and wherein physical terminal user sets
For initiating one for the resource data from one or more MDM service providers or many
Individual request.Such as, in step 1505, based on user's input or when physical terminal subscriber equipment position
Time in first geography fence of a MDM service provider, physical terminal subscriber equipment can be sent out
Play the first request.Specifically, user can initiate to take for one or more MDM at any time
The request of the resource data of business provider.Additionally or alternatively, thing is determined when physical terminal subscriber equipment
Reason end user device is positioned at the one or more geography pre-seted by a MDM service provider and encloses
Time in hurdle, such as, physical terminal subscriber equipment automatically (can not have the participation of user) initiate right
Request in the resource data of the such as the oneth MDM service provider.Such as, physical terminal user sets
For including by the global location of the MDM cloud agent monitors operated on physical terminal subscriber equipment
System (GPS).When MDM cloud agency determines that physical terminal subscriber equipment is positioned at and MDM clothes
Within the geography fence that one or more buildings of business provider or the geographical position in campus are associated
Time, MDM cloud agency can generate request.In some embodiments, geography fence can be with thing
The geographical position of the house of the user of reason end user device is associated.Additionally or alternatively, geography encloses
Hurdle can be associated with other region any limited by a MDM service provider.
In step 1510 place, pseudo-device can receive one or more asking from physical terminal subscriber equipment
Ask.Such as, in step 1510, pseudo-device can receive first from physical terminal subscriber equipment please
Ask.This request can include instruction or the physical terminal subscriber equipment initiating request based on user's input
It is positioned at the instruction of the request of first geography fence of a MDM service provider.
In step 1515, pseudo-device can be disposed (such as, sending) MDM service and carry
Data for business.Such as, in step 1515, pseudo-device can be disposed a MDM service and carry
For the strategy execution configuration file of business, the application data of a MDM service provider, as tied herein
What conjunction Figure 12 was discussed is stored in first in the caching or other memorizer being associated with pseudo-device
The resource data of MDM service provider and/or with being associated of a MDM service provider
Other data any.Therefore, physical terminal subscriber equipment can utilize provides with a MDM service
Resource data that business is associated and/or interact with this resource data.In some embodiments,
One MDM service provider can receive request from pseudo-device and can send number of resources to pseudo-device
According to this for the deployment to physical terminal subscriber equipment.
In step 1520, physical terminal subscriber equipment can initiate the second request to pseudo-device.Example
As, in step 1520, based on user's input or it is no longer at based on when physical terminal subscriber equipment
Time within first geography fence of the oneth MDM service provider, physical terminal subscriber equipment can be sent out
Play the second request.Specifically, user can initiate user at any time and is no longer necessary to one or more
The request of the resource data of MDM service provider.Additionally or alternatively, physical terminal subscriber equipment
Automatically (such as, there is no the participation of user) request can be initiated, when physical terminal subscriber equipment is true
Earnest reason end user device is no longer at or many pre-seted by a MDM service provider
Time within individual geography fence, physical terminal subscriber equipment can not recycle a MDM service and provide
The resource data of business.
In step 1525, pseudo-device can receive the second request from physical terminal subscriber equipment.The
Two requests can include that user is no longer necessary to the access of the resource data to a MDM service provider
Instruction.Second request can include that physical terminal subscriber equipment is no longer at a MDM service and carries
For business the first geography fence within instruction and/or physical terminal subscriber equipment can not in use by or
There is the instruction of the access of resource data to a MDM service provider.
In step 1530, in response to receiving the second request, pseudo-device can be recalled one or more
One or more strategy execution configuration files of MDM service provider and/or one or more MDM
The resource data of service provider.Such as, in step 1530, pseudo-device can be from physical terminal
Subscriber equipment recall the such as the oneth MDM service provider application, these application application data,
The document of the oneth MDM service provider, serviced based on a MDM by physical terminal subscriber equipment
The data of resource data generation of provider and/or appointing of being associated with a MDM service provider
What its data.Therefore, this above-mentioned resource is removed from physical terminal subscriber equipment and is sent out
Deliver to pseudo-device.In some embodiments, the strategy execution configuration of a MDM service provider
File and/or selection resource data can be kept (such as, not being deleted) and set physical terminal user
Standby place.
In step 1535, physical terminal subscriber equipment can initiate to take for one or more MDM
3rd request of the resource data of business provider.Such as, in step 1535, input based on user
Or when physical terminal subscriber equipment is positioned within second geography fence of the 2nd MDM service provider,
Physical terminal subscriber equipment can initiate the 3rd of the resource data for the 2nd MDM service provider
Request.Specifically, user can initiate to provide for one or more MDM service at any time
The request of the resource data of business.When physical terminal subscriber equipment determine physical terminal subscriber equipment be positioned at by
Time within one or more geography fence that 2nd MDM service provider pre-sets, physical terminal is used
Such as, family equipment automatically (can also not have the participation of user) initiates for the such as the 2nd MDM
The request of the resource data of service provider.Such as, geography fence can carry with the 2nd MDM service
It is associated for one or more buildings of business or the geographical position in campus.Geography fence can be with physics
The geographical position of the house of the user of end user device is associated.Geography fence can with by second
Other region any that MDM service provider limits is associated.
In step 1540, pseudo-device can receive one or more asking from physical terminal subscriber equipment
Ask.Such as, in step 1540, pseudo-device can receive the 3rd from physical terminal subscriber equipment please
Ask.This request can include instruction or the physical terminal subscriber equipment position inputting the request of initiation based on user
The instruction of the request within second geography fence of the 2nd MDM service provider.
In step 1545, pseudo-device can be disposed (such as, sending) the 2nd MDM service and carry
Data for business.Such as, in step 1545, pseudo-device can be disposed the 2nd MDM service and carry
For the strategy execution configuration file of business, the application data of the 2nd MDM service provider, as tied herein
What conjunction Figure 12 was discussed is stored in second in the caching or other memorizer being associated with pseudo-device
The resource data of MDM service provider and/or appointing of being associated with the 2nd MDM service provider
What its data.Therefore, physical terminal subscriber equipment can utilize and the 2nd MDM service provider
The resource data that is associated and/or interact with this resource data.
In some embodiments, based on user's input or when the second physical terminal subscriber equipment is positioned at the
Time within the geography fence of one MDM service provider, the second physical terminal subscriber equipment can be initiated
First request.Represent that the second pseudo-device of the second physical terminal subscriber equipment can be from the second physical terminal
Subscriber equipment receives the first request.As response, the second pseudo-device can dispose a MDM service
In the strategy execution configuration file of provider and the resource data of a MDM service provider one
Or multiple, this resource data include the such as the oneth MDM service provider application, these application
Application data and/or other data being associated with a MDM service provider.Defeated based on user
Enter or when the second physical terminal subscriber equipment is no longer at the geography fence of a MDM service provider
Time, the second physical terminal subscriber equipment can initiate the second request.Second pseudo-device can be from the second thing
Reason end user device receives request.As response, the second pseudo-device can be used from the second physical terminal
Family equipment is recalled in resource data and the strategy execution configuration file of a MDM service provider
One or more (such as, from the second physical terminal subscriber equipment, remove resource and send them to
Second pseudo-device).Based on user's input or when physical terminal subscriber equipment is positioned at the 2nd MDM service
Time within the geography fence of provider, the second physical terminal subscriber equipment can initiate the 3rd request.The
Two pseudo-devices can receive the second request from the second physical terminal subscriber equipment.Then second pseudo-device may be used
So that the strategy execution configuration file of the 2nd MDM service provider and/or the 2nd MDM service are provided
One or more in the resource data of business are deployed to the second physical terminal subscriber equipment, this resource data
Including the application of the such as the 2nd MDM service provider, application data of these application and/or with the
Other data any that two MDM service providers are associated.
Figure 16 depicts and illustrates solution difference according to one or more illustrative aspects discussed in this article
The flow chart of the method for the conflict between the strategy of MDM service provider.In one or more enforcements
In scheme, the method for Figure 16 and/or one or more step can be (such as, logical by calculating equipment
With calculating equipment 201) perform.In other embodiments, the method shown in Figure 16 and/or
One or more step can be embodied in computer executable instructions, this computer executable instructions
It is stored in the computer-readable medium of such as non-transitory computer-readable memory.
Such as finding in figure 16, method can wherein represent that physical terminal is used from the beginning of step 1605 place
The pseudo-device of family equipment can identify the conflict in the strategy of one or more MDM service provider.
Such as, in step 1605, pseudo-device can identify one of a MDM service provider or
Conflict between one or more strategies of multiple strategies and the 2nd MDM service provider.At some
In embodiment, pseudo-device can identify first strategy and first of a MDM service provider
Conflict between second strategy of MDM service provider.Similarly, pseudo-device can identify second
Between first strategy and second strategy of the 2nd MDM service provider of MDM service provider
Conflict.
When one be associated with the execution of the strategy execution configuration file of a MDM service provider
Or multiple operation and the execution with the strategy execution configuration file of the 2nd MDM service provider are associated
One or more operations when having conflict, when one or many received from a MDM service provider
When individual order and the one or more orders from the 2nd MDM service provider's reception have conflict, or its
Any combination, based on the inconsistent operation such as performed by strategy execution configuration file, from a MDM
Service provider receive inconsistent order, from the 2nd MDM service provider receive differ fatal
Order, pseudo-device can be with the conflict between recognition strategy.
In step 1610, pseudo-device can solve the one of one or more MDM service provider
The conflict identified between individual or multiple strategy.Such as, in step 1610, pseudo-device is permissible
By performing step 1615, one or more in 1620 and/or 1625 solve conflict.Work as punching
When dashing forward identified, pseudo-device can solve this conflict.In some instances, set as physical terminal user
For when attempting to obtain the ERM that can initiate conflict, pseudo-device can solve this conflict.
In step 1615, the solution that pseudo-device can be determined from KBS Knowledge Based System by application
Scheme solves this conflict.Such as, in step 1615, pseudo-device can be applied from cloud computing ring
The solution that the KBS Knowledge Based System in border determines.KBS Knowledge Based System can include rule, plan
Omiting and/or data base of other order, it can work as these rules, strategy and/or the bar of order
It is employed when part is satisfied.Data base can receive to the existing rule being stored in data base, strategy,
And/or the renewal of order.Data base can receive new rule, strategy and/or order to solve punching
Prominent.
Pseudo-device can apply rule that (such as, utilize) be stored in data base, strategy and/
Or order.Such as, once pseudo-device has identified conflict, and pseudo-device can be inquired about or search and institute
Rule, strategy and/or the order that the conflict identified is associated.As response, pseudo-device can receive
Rule, strategy and/or the order being associated with the conflict identified.Pseudo-device may then pass through example
Realize or perform such rule, plan as sent one or more orders to physical terminal subscriber equipment
Omit and/or order.This order can be configured to the rule performing such as to receive from data base.Additionally
Or alternatively, it is one or more that pseudo-device can be inquired about in MDM service provider.Pseudo-device can
To receive response from one or more MDM service providers, it includes to physical terminal subscriber equipment
The one or more orders sent.Then pseudo-device can send this order to physical terminal subscriber equipment.
In response to receiving order, physical terminal subscriber equipment can send and one or more orders to pseudo-device
The instruction that the operation being associated is done.
In step 1620, pseudo-device can be by being sent to physical terminal subscriber equipment by warning
Solve conflict.Such as, in step 1620, pseudo-device can transmit alerts to physical terminal user
Equipment.This warning can include that one or more at user option order is to solve conflict.Such as,
Physical terminal subscriber equipment can display to the user that warning.Physical terminal subscriber equipment can receive by showing
Show the selection in warning of the user to one or more orders of user.Physical terminal subscriber equipment is right
After can apply the order of one or more selection solve conflict.In some embodiments, based on
One or more selected orders, physical terminal subscriber equipment can send order or message sets to puppet
One or more in standby and/or MDM service provider.As response, physical terminal subscriber equipment
One or more order can be received from pseudo-device and/or one or more MDM service provider, its
In such order can be configured once with the operation that is associated of order by physical terminal subscriber equipment
Application then solves conflict.
In step 1625, pseudo-device can be by sending miniature erasing to physical terminal subscriber equipment
Order solves conflict.Such as, in step 1625, pseudo-device can set to physical terminal user
Preparation send miniature erasing order, and the most miniature erasing order can be configured to the data making to lead to a conflict
At least one subset be deleted.Such as, based on the miniature erasing order received, physical terminal is used
Family equipment can be deleted and apply the data being associated with application, one or more MDM to service offer
The resource data of business or cause other data any of conflict.
In some embodiments, deleted data can be sent to pseudo-device to back up
Or be stored in the memorizer being associated with pseudo-device.When data can be pushed or be sent to physics
End user device and when not re-creating conflict, pseudo-device can be sent out to physical terminal subscriber equipment
Send at least some in the Backup Data initially deleted by physical terminal subscriber equipment.
In some embodiments, once or beg for herein when physical terminal subscriber equipment performs to be used for solution
(such as, of the step of 1615,1620 and/or 1625 in the option of the conflict of opinion
Or multiple) time, pseudo-device can verify that identified conflict is solved.Such as, pseudo-device can be to
Physical terminal subscriber equipment sends request and receives about rushing of being identified from physical terminal subscriber equipment
The current device status information of prominent physical terminal subscriber equipment.Pseudo-device may then based on and currently sets
Standby status information determines whether conflict is solved.If conflict is not solved, then pseudo-device is permissible
Again performing to solve any method of conflict, it includes, such as, 1615,1620 and 1625
Step one or more.
In some embodiments, represent that the second pseudo-device of the second physical terminal subscriber equipment can be known
The not conflict between strategy.Such as, the second pseudo-device can identify a MDM service provider's
Conflict between strategy and the strategy of the 2nd MDM service provider.Second pseudo-device can identify
Conflict Strategies from identical MDM service provider.Second pseudo-device can be following dynamic by performing
One or more solution in work is conflicted: the second pseudo-device can be applied from KBS Knowledge Based System true
Fixed solution, the second pseudo-device can send the warning including at user option order to solve
Conflict, and/or the second pseudo-device can to second physical terminal subscriber equipment send miniature erasing order with
Just the second physical terminal subscriber equipment can delete the subset of the data causing this conflict.Second pseudo-device
Then can verify that this conflict has been solved.
In some embodiments, each only one of which configuration file is at physical terminal subscriber equipment
Movable.Additionally or alternatively, multiple configuration files can be at physical terminal subscriber equipment simultaneously
Movable.In such example, the method for Figure 16 may apply at physical terminal subscriber equipment
The conflict produced between multiple configuration files that place is the most movable.For example, it is possible to about simultaneously at physics
Two or more configuration files movable at end user device perform for identifying and solving punching
Any step of prominent 1605-1625.
In one or more embodiments, multiple pseudo-device can be set up in cloud computing environment.?
Each in the pseudo-device of first group of pseudo-device represents the first identical physical terminal subscriber equipment.Table
Show that each in the pseudo-device of the first physical terminal subscriber equipment can be arranged for each
MDM service provider is used together.Such as, the first puppet of the first physical terminal subscriber equipment is represented
Equipment can be arranged for being used together with a MDM service provider.Represent that the first physics is eventually
Second pseudo-device of end user device can be arranged for (different from the 2nd MDM service provider
In a MDM service provider) it is used together.First pseudo-device can be configured to represent first
Physical terminal subscriber equipment receives one or more order from a MDM service provider.Second is pseudo-
Equipment can be configured to represent the first physical terminal subscriber equipment and connect from the 2nd MDM service provider
Receive one or more order.
In some embodiments, the first pseudo-device can receive from a MDM service provider
One order.First pseudo-device can send the first order received to the first physical terminal subscriber equipment
Or the second different order based on the first order.First pseudo-device then can from the first physics eventually
End user device receives response.First pseudo-device can send response or amendment be responsive to first
MDM service provider.
Similarly, in some embodiments, the second pseudo-device can provide from the 2nd MDM service
Business receives the 3rd order.Second pseudo-device can be received to the first physical terminal subscriber equipment transmission
3rd order or the 4th different order based on the 3rd order.Second pseudo-device then can be from
One physical terminal subscriber equipment receives response.Second pseudo-device can send response or amendment be responsive to
2nd MDM service provider.
In some embodiments, the 3rd pseudo-device and the 4th pseudo-device can in cloud computing environment quilt
Set up and represent the second physical terminal subscriber equipment.Represent the pseudo-device of the second physical terminal subscriber equipment
In each can be arranged for being used together with each MDM service provider.Such as, table
Show that the 3rd pseudo-device of the second physical terminal subscriber equipment can be arranged for and a MDM service
Provider is used together.Represent that the 4th pseudo-device of the second physical terminal subscriber equipment can be set use
In being used together with the 2nd MDM service provider.3rd pseudo-device can be configured to represent second
Physical terminal subscriber equipment receives one or more order from a MDM service provider.4th is pseudo-
Equipment can be configured to represent the second physical terminal subscriber equipment and connect from the 2nd MDM service provider
Receive one or more order.3rd pseudo-device and the 4th pseudo-device can receive life as discussed herein
Make, send order, receive response and/or send response.
In some embodiments, the first pseudo-device can be arranged for carrying with a MDM service
It is used together for business.Specifically, represent that the first pseudo-device of the first physical terminal subscriber equipment can be sent out
Send the first registration request to a MDM service provider.First pseudo-device can be from a MDM
Service provider receives the strategy execution configuration file of a MDM service provider.First pseudo-device
Then the strategy execution configuration file of a MDM service provider can be stored in and set with the first puppet
In the standby memorizer being associated.Once it is arranged for being used together with a MDM service provider,
First pseudo-device can access the ERM of a MDM service provider.First pseudo-device also may be used
To receive one or more order to manage the first physical terminal user from a MDM service provider
Equipment.
In some embodiments, the second pseudo-device can be arranged for carrying with the 2nd MDM service
It is used together for business.Specifically, represent that the second pseudo-device of the first physical terminal subscriber equipment can be sent out
Send the second registration request to the 2nd MDM service provider.Second pseudo-device can be from the 2nd MDM
Service provider receives the strategy execution configuration file of the 2nd MDM service provider.Second pseudo-device
Then the strategy execution configuration file of the 2nd MDM service provider can be stored in and set with the second puppet
In the standby memorizer being associated.Once it is arranged for being used together with the 2nd MDM service provider,
Second pseudo-device can access the ERM of the 2nd MDM service provider.Second pseudo-device is permissible
Order is received to manage the first physical terminal subscriber equipment from the 2nd MDM service provider.At some
In embodiment, represent that the 3rd pseudo-device of the second physical terminal subscriber equipment can be in a similar manner
It is set.In some embodiments, represent that the 4th pseudo-device of the second physical terminal subscriber equipment can
To be set in a similar manner.
In some embodiments, represent that the first pseudo-device of the first physical terminal subscriber equipment can be from
Oneth MDM service provider receives the first order.As response, the first pseudo-device can be determined that
No transmission to the first physical terminal subscriber equipment orders (such as, the second order).In response to sending the
The determination of two orders, the first pseudo-device can send the second order to the first physical terminal subscriber equipment.
First pseudo-device can receive response from the first physical terminal subscriber equipment.First pseudo-device can send
Response or amendment be responsive to a MDM service provider.This response can include and the first order
The instruction that the operation being associated is done.
As explained above, the various aspects of the disclosure relate to providing mobile device management function.So
And, in other embodiments, concepts discussed herein can what other type of calculating equipment in office
(e.g., desk computer, server, control station, Set Top Box etc.) realize.Therefore, although
Through describing this theme with the language for architectural feature and/or method behavior it should be understood that,
Theme defined in the appended claims is not necessarily limited to above-described specific features or step.On the contrary,
Above-mentioned specific characteristic and behavior are described as some example of following claims and implement.
Claims (21)
1. a method, including:
The pseudo-device representing physical terminal subscriber equipment is set up in cloud computing environment;And
Supply described pseudo-device to carry for one or more mobile device managements (MDM) service
It is used together for business,
Wherein, described pseudo-device is configured to once be supplied, and represents described physical terminal subscriber equipment
Receive the one or more orders from the one or more MDM service provider.
Method the most according to claim 1, also includes:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider;And
Second is sent from described pseudo-device to described physical terminal subscriber equipment based on described first order
Order, described second order is different from described first order.
Method the most according to claim 1,
Wherein, supply described pseudo-device for the one or more MDM service provider one
Play use to include:
From described pseudo-device to the first of the one or more MDM service provider
MDM service provider sends the first registration request;
The first plan from a described MDM service provider is received at described pseudo-device
Slightly perform configuration file;
Storing described first strategy execution configuration file at described pseudo-device, described method is also
Including:
Supply described pseudo-device for another MDM with the one or more service provider
Service provider is used together, including:
From described pseudo-device to the second of the one or more MDM service provider
MDM service provider sends the second registration request, described 2nd MDM service provider
It is different from a described MDM service provider;
The second plan from described 2nd MDM service provider is received at described pseudo-device
Slightly performing configuration file, described second strategy execution configuration file is different from described first strategy
Perform configuration file;And
Described second strategy execution configuration file is stored at described pseudo-device.
Method the most according to claim 1, also includes:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider;
Determine whether that described physical terminal subscriber equipment sends the second order;And
Determination in response to not sending from described second order to described physical terminal subscriber equipment:
Send described first life to a described MDM service provider from described pseudo-device
The response of order and not do not send described first order and institute to described physical terminal subscriber equipment
Stating the second order, wherein, the response to described first order includes and described first order phase
The instruction that the operation of association is done.
Method the most according to claim 4, where it is determined whether use to described physical terminal
Family equipment sends the second order and also includes:
Inquiry is sent, physical terminal user described in described inquiry request to described physical terminal subscriber equipment
The status information of equipment;
Determine whether the described status information of described physical terminal subscriber equipment mates desired state letter
Breath;And
Described status information in response to described physical terminal subscriber equipment mates described desired state
The determination of information, generates the determination not sending described second order to described physical terminal subscriber equipment.
Method the most according to claim 1, also includes:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider,
Wherein, described first order wherein with the second of the one or more service provider
The strategy execution configuration file that MDM service provider is associated is on described physical terminal subscriber equipment
Being to be received during the movable time period, described 2nd MDM service provider is different from described first
MDM service provider.
Method the most according to claim 1, also includes:
The MDM clothes with the one or more MDM service provider are received at described pseudo-device
The resource data that business provider is associated;
When the strategy execution configuration file being associated with described resource data is currently at described physical terminal
On subscriber equipment during inertia, at described pseudo-device, cache described resource data;And
When described strategy execution configuration file is currently on described physical terminal subscriber equipment activity,
Described resource data is pushed from described pseudo-device.
Method the most according to claim 1, also includes:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider;
Revise described first order to produce the order of amendment;And
From described pseudo-device, the order of described amendment is sent to described physical terminal subscriber equipment.
Method the most according to claim 1, also includes:
From described pseudo-device, selective erasing order is sent to described physical terminal subscriber equipment,
Wherein, described selective erasing order is configured to make to service with the one or more MDM
The subset of the application that the oneth MDM service provider of provider is associated and the described son with application
At least one in the data that collection is associated is deleted, and
Wherein, described selective erasing order be configured to make individual application and with described individual application phase
The data of association, and the strategy execution configuration literary composition being associated with a described MDM service provider
Part is kept.
Method the most according to claim 1, also includes:
In response to receive at described pseudo-device from described physical terminal subscriber equipment, based on
Family input or described physical terminal subscriber equipment are positioned at by the one or more MDM service provider
The first geography fence of limiting of a MDM service provider in instruction in one initiate
Request, by the first strategy execution configuration file and described first of a described MDM service provider
The application data of MDM service provider are deployed to described physical terminal subscriber equipment from described pseudo-device;
In response to receiving based on another user input or described physical terminal subscriber equipment no longer position
Another request that in described first geography fence one in instruction initiates, from described physics
End user device recalls the described first strategy execution configuration literary composition of a described MDM service provider
Part and the described application data of a described MDM service provider;And
In response to receive at described pseudo-device from described physical terminal subscriber equipment, based on newly
User input or described physical terminal subscriber equipment be positioned at by the one or more service provider
The second geography fence of limiting of the 2nd MDM service provider in instruction in one initiate
New request, by the second strategy execution configuration file of described 2nd MDM service provider and described
The application data of the 2nd MDM service provider are deployed to described physical terminal user from described pseudo-device
Equipment.
11. methods according to claim 10, also include:
Identify the plan of a MDM service provider of the one or more MDM service provider
Slightly and the one or more MDM service provider the 2nd MDM service provider strategy it
Between conflict;
By perform following in one solve described conflict:
Apply the solution that the KBS Knowledge Based System from described cloud computing environment determines;
Sending warning to described physical terminal subscriber equipment, described warning includes one or more
At user option order is to solve described conflict;And
Miniature erasing order, wherein said miniature wiping is sent to described physical terminal subscriber equipment
Except order is configured at least make the subset causing the data of described conflict be deleted.
12. 1 kinds of methods, including:
Setting up multiple pseudo-device within cloud computing environment, each pseudo-device represents that physical terminal user sets
Standby;
Supply the first pseudo-device in the plurality of pseudo-device for the first mobile device management
(MDM) service provider is used together;And
Supply the second pseudo-device in the plurality of pseudo-device for be different from a described MDM
The 2nd MDM service provider of service provider is used together,
Wherein, described first pseudo-device be configured to represent described physical terminal subscriber equipment receive from
One or more orders of a described MDM service provider, and
Wherein, described second pseudo-device be configured to represent described physical terminal subscriber equipment receive from
One or more orders of described 2nd MDM service provider.
13. methods according to claim 12, also include:
The first order from a MDM service provider is received at described first pseudo-device;With
And
Second is sent from described pseudo-device to described physical terminal subscriber equipment based on described first order
Order, described second order is different from described first order.
14. methods according to claim 12,
Wherein, described first pseudo-device in the plurality of pseudo-device is supplied for described first
MDM service provider is used together and includes:
The first registration is sent to a described MDM service provider from pseudo-device described in first
Request;
The from a described MDM service provider is received at described first pseudo-device
One strategy execution configuration file;
Described first strategy execution configuration file is stored at described first pseudo-device,
Wherein, supply described second pseudo-device in the plurality of pseudo-device for the 2nd MDM
Service provider is used together and includes:
The second registration is sent to described 2nd MDM service provider from described second pseudo-device
Request;
The from described 2nd MDM service provider is received at described second pseudo-device
Two strategy execution configuration files, described second strategy execution configuration file is different from described first
Strategy execution configuration file;And
Described second strategy execution configuration file is stored at described second pseudo-device.
15. methods according to claim 12, also include:
The first order from a described MDM service provider is received at described first pseudo-device;
Determine whether that described physical terminal subscriber equipment sends the second order;And
In response to determining that not sending described second to described physical terminal subscriber equipment orders:
Send described the to a described MDM service provider from described first pseudo-device
One order response, and not to described physical terminal subscriber equipment send described first order and
Described second order,
Wherein, the described response to described first order includes being associated with described first order
The instruction that is done of operation.
16. methods according to claim 12, also include:
The resource being associated with a described MDM service provider is received at described first pseudo-device
Data;
When the strategy execution configuration file being associated with described resource data is currently at described physical terminal
On subscriber equipment during inertia, at described first pseudo-device, cache described resource data;And
When the currently activity on described physical terminal subscriber equipment of described strategy execution configuration file, from
Described first pseudo-device pushes described resource data.
17. 1 kinds of non-transitory storage medium, it stores machine-executable instruction, when described machine can
Perform when instruction is performed, to make the following operation of calculating equipment execution:
Set up in the cloud computing environment including described calculating equipment and represent physical terminal subscriber equipment
Pseudo-device;And
Supply described pseudo-device to carry for one or more mobile device managements (MDM) service
It is used together for business,
Wherein, described pseudo-device is configured to once be supplied, and represents described physical terminal subscriber equipment
Receive the one or more orders from the one or more MDM service provider.
18. non-transitory storage medium according to claim 17, wherein, when described machine
Below described calculating equipment execution is made to operate when executable instruction is performed:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider;And
Second is sent from described pseudo-device to described physical terminal subscriber equipment based on described first order
Order, described second order is different from described first order.
19. non-transitory storage medium according to claim 17, wherein:
Make upon being performed pseudo-device described in described calculating supply of equipment for one or many
The described machine-executable instruction that individual MDM service provider is used together also makes described calculating equipment hold
The following operation of row:
From described pseudo-device to the first of the one or more MDM service provider
MDM service provider sends the first registration request;
The first plan from a described MDM service provider is received at described pseudo-device
Slightly perform configuration file;
Described first strategy execution configuration file is stored at described pseudo-device,
Wherein, described calculating equipment is also made when described machine-executable instruction is performed:
Supply by making described calculating equipment perform following operation further described pseudo-device for
It is used together with another MDM service provider of the one or more service provider:
From described pseudo-device to the second of the one or more MDM service provider
MDM service provider sends the second registration request, described 2nd MDM service provider
It is different from a described MDM service provider;
The second plan from described 2nd MDM service provider is received at described pseudo-device
Slightly performing configuration file, described second strategy execution configuration file is different from described first strategy
Perform configuration file;And
Described second strategy execution configuration file is stored at described pseudo-device.
20. non-transitory storage medium according to claim 17, wherein, when described machine
Below described calculating equipment execution is also made to operate when executable instruction is performed:
Receive from the first of the one or more MDM service provider at described pseudo-device
First order of MDM service provider;
Determine whether that described physical terminal subscriber equipment sends the second order;And
In response to determining that not sending described second to described physical terminal subscriber equipment orders:
Send described first life to a described MDM service provider from described pseudo-device
The response of order, and do not send described first order with described to described physical terminal subscriber equipment
Second order.
21. non-transitory storage medium according to claim 17, wherein, described pseudo-device
It is the first pseudo-device and described physical terminal subscriber equipment is the first physical terminal being associated with user
Subscriber equipment,
Wherein, when described machine-executable instruction is performed, also make described calculating equipment:
Set up in the described cloud computing environment including described calculating equipment and represent relevant to described user
Second pseudo-device of the second physical terminal subscriber equipment of connection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910424505.3A CN110149634A (en) | 2013-12-31 | 2013-12-31 | The method and apparatus of mobile device management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2013/078457 WO2015102608A2 (en) | 2013-12-31 | 2013-12-31 | Providing mobile device management functionalities |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910424505.3A Division CN110149634A (en) | 2013-12-31 | 2013-12-31 | The method and apparatus of mobile device management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106031128A true CN106031128A (en) | 2016-10-12 |
CN106031128B CN106031128B (en) | 2019-06-14 |
Family
ID=50033775
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380082058.9A Active CN106031128B (en) | 2013-12-31 | 2013-12-31 | The method and apparatus of mobile device management |
CN201910424505.3A Pending CN110149634A (en) | 2013-12-31 | 2013-12-31 | The method and apparatus of mobile device management |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910424505.3A Pending CN110149634A (en) | 2013-12-31 | 2013-12-31 | The method and apparatus of mobile device management |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3090338A2 (en) |
CN (2) | CN106031128B (en) |
WO (1) | WO2015102608A2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274684A (en) * | 2018-10-31 | 2019-01-25 | 中国—东盟信息港股份有限公司 | The internet-of-things terminal system and its implementation being integrated based on eSIM communication with navigation Service |
CN109983751A (en) * | 2016-11-22 | 2019-07-05 | 安维智有限公司 | The management service of management equipment migrates |
CN110110970A (en) * | 2019-04-12 | 2019-08-09 | 平安信托有限责任公司 | Virtual resource risk rating method, system, computer equipment and storage medium |
WO2020034965A1 (en) * | 2018-08-13 | 2020-02-20 | 华为技术有限公司 | Message transmission method, device, and storage medium |
CN110832461A (en) * | 2017-08-09 | 2020-02-21 | 三星电子株式会社 | System for providing Function As A Service (FAAS) and method of operating the system |
CN112000397A (en) * | 2020-08-17 | 2020-11-27 | 北京双洲科技有限公司 | Mobile terminal system architecture and control method thereof |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10389847B1 (en) | 2015-12-23 | 2019-08-20 | Mitel Networks, Inc. | Provisioning resources in a communications system |
CN111093183B (en) | 2019-11-13 | 2022-02-11 | 华为技术有限公司 | Mobile equipment management method and equipment |
EP4205414A4 (en) * | 2020-08-27 | 2024-04-10 | App-Pop-Up Inc. | A system for providing a mobile device with remote or proxy access to merchant aprs and/or automatic registration on merchant aprs based on location parameters |
WO2024044836A1 (en) * | 2022-08-31 | 2024-03-07 | Edgegap Technologies Inc. | Computing entity, node and method for overcoming asynchrony errors in a network |
CN115883259B (en) * | 2023-02-23 | 2023-04-28 | 成都万创科技股份有限公司 | Mobile equipment management and control method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1894897A (en) * | 2003-09-29 | 2007-01-10 | 瑞姆系统公司 | Mobility device server |
CN102663842A (en) * | 2012-04-09 | 2012-09-12 | 李凯 | Method for mobile device to control multiple external devices |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060014530A1 (en) * | 2004-07-16 | 2006-01-19 | Denenberg Lawrence A | Personal server |
US8019995B2 (en) * | 2007-06-27 | 2011-09-13 | Alcatel Lucent | Method and apparatus for preventing internet phishing attacks |
US9451454B2 (en) * | 2012-01-05 | 2016-09-20 | International Business Machines Corporation | Mobile device identification for secure device access |
-
2013
- 2013-12-31 CN CN201380082058.9A patent/CN106031128B/en active Active
- 2013-12-31 CN CN201910424505.3A patent/CN110149634A/en active Pending
- 2013-12-31 EP EP13826916.2A patent/EP3090338A2/en not_active Withdrawn
- 2013-12-31 WO PCT/US2013/078457 patent/WO2015102608A2/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1894897A (en) * | 2003-09-29 | 2007-01-10 | 瑞姆系统公司 | Mobility device server |
CN102663842A (en) * | 2012-04-09 | 2012-09-12 | 李凯 | Method for mobile device to control multiple external devices |
Non-Patent Citations (2)
Title |
---|
AMSTERDAM,NL: ""A mobile device management framework for secure service delivery"", 《INFORMATION SECURITY TECHNICAL REPORT》 * |
KEUNWOO RHEE: "《HUMAN ASPECTS OF INFORMATION SECURITY》", 21 July 2013 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109983751A (en) * | 2016-11-22 | 2019-07-05 | 安维智有限公司 | The management service of management equipment migrates |
CN110832461A (en) * | 2017-08-09 | 2020-02-21 | 三星电子株式会社 | System for providing Function As A Service (FAAS) and method of operating the system |
CN110832461B (en) * | 2017-08-09 | 2023-10-31 | 三星电子株式会社 | System for providing Function As A Service (FAAS) and method of operating the system |
WO2020034965A1 (en) * | 2018-08-13 | 2020-02-20 | 华为技术有限公司 | Message transmission method, device, and storage medium |
CN110830538A (en) * | 2018-08-13 | 2020-02-21 | 华为技术有限公司 | Message transmission method, device and storage medium |
CN110830538B (en) * | 2018-08-13 | 2022-06-14 | 华为技术有限公司 | Message transmission method, device and storage medium |
CN109274684A (en) * | 2018-10-31 | 2019-01-25 | 中国—东盟信息港股份有限公司 | The internet-of-things terminal system and its implementation being integrated based on eSIM communication with navigation Service |
CN110110970A (en) * | 2019-04-12 | 2019-08-09 | 平安信托有限责任公司 | Virtual resource risk rating method, system, computer equipment and storage medium |
CN112000397A (en) * | 2020-08-17 | 2020-11-27 | 北京双洲科技有限公司 | Mobile terminal system architecture and control method thereof |
Also Published As
Publication number | Publication date |
---|---|
WO2015102608A2 (en) | 2015-07-09 |
EP3090338A2 (en) | 2016-11-09 |
WO2015102608A3 (en) | 2015-12-10 |
CN110149634A (en) | 2019-08-20 |
CN106031128B (en) | 2019-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11991051B2 (en) | Providing mobile device management functionalities | |
JP6775603B2 (en) | Virtual browser integration | |
CN105340309B (en) | Application with multiple operator schemes | |
CN105308923B (en) | Data management to the application with multiple operating mode | |
CN105247531B (en) | Managed browser is provided | |
CN104903910B (en) | Control access of the mobile device to secure data | |
JP6909863B2 (en) | Virtual private networking based on peer-to-peer communication | |
CN106031128B (en) | The method and apparatus of mobile device management | |
EP3095220B1 (en) | Evaluating application integrity | |
CN105308573B (en) | Generally existing cooperation in managed application | |
CN105247830B (en) | Mobile device management function is provided | |
CN105393524B (en) | Image analysis and management | |
EP3364629B1 (en) | Providing virtualized private network tunnels | |
US11062041B2 (en) | Scrubbing log files using scrubbing engines | |
CN105308561A (en) | Providing a native desktop using cloud-synchronized data | |
CN105247526A (en) | Providing an enterprise application store | |
CN105340239A (en) | Mobile device locking with context | |
US11385946B2 (en) | Real-time file system event mapping to cloud events |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |