Lab 9: Mobile email and content management

Objective and Tasks

Deploy and configure various productivity integration components for Workspace ONE UEM:

  1. Deploy Unified Access Gateway
  2. Configure the Secure Email Gateway Edge Service
  3. Configure the Content Gateway Edge Service
  4. Create an Exchange ActiveSync profile
  5. Deploy Workspace ONE Boxer
  6. Add content to Workspace ONE and push to the Omnissa Content app

Task 1: Deploy Unified Access Gateway

You build an .ini answer file iand deploy a Unified Access Gateway (UAG) using a Powershell script.

  1. On your ControlCenter VM, navigate to the S:\Scripts folder and open the uagdeploy folder.
  2. In the uagdeploy folder, select the uag2-advanced.ini file, and copy and paste the file so you have a backup of the original file
  3. In the uagdeploy folder, right click on uag2-advanced.ini file and select Edit with Notepad++.
  4. In Notepad++, find name and change the value to UAG-WS1.
  5. Find source= and change the value to: S:\Software\UAG\euc-unified-access-gateway-25.12.0.0-19824103628_OVF10.ova
  6. Next, scroll down to target= change the value to: vi://[email protected]:[email protected]/DC1/host/Cluster1/esx01.omnissatraining.com
  7. Scroll down to ds=Local Disk 1, and change the value to ds=Datastore1.
  8. Next to #diskMode=thin, remove the #, and change to diskMode=thin.
  9. Change the following network settings to:
    1. netInternet=DMZ
    2. netManagementNetwork=DMZ
    3. netBackendNetwork=DMZ
    4. defaultGateway=10.10.110.254
    5. deploymentOption=onenic (default)
    6. ip0=10.10.110.5
    7. netmask0=255.255.255.0
    8. routes0=10.10.110.0/24 10.10.110.254
  10. Scroll Down to the the entry dns=192.168.0.10, and change the IP address to 192.168.110.10.
  11. Under the [SSLCert] section, change the value for pfxCerts= to S:\SSL\PFX\omnissatraining_with_pwd.pfx.
  12. In the [SSLCertAdmin] section, change the value for pfxCerts= to S:\SSL\PFX\omnissatraining_with_pwd.pfx.
  13. In the Notepad++, save the .ini file.
  14. On the ControlCenter VM, launch Windows Powershell from the shortcut on the Start Menu.
  15. Set the script execution policy to unrestricted using the following command.
Set-ExecutionPolicy -scope currentuser unrestricted
Click to copy

If prompted during command, select Y.

  1. Within Powershell, navigate to the uagdeploy folder using the following command.
cd S:\Scripts\uagdeploy
Click to copy
  1. To deploy the UAG, enter the following command in the Powershell windows.
.\uagdeploy.ps1 -iniFile uag2-advanced.ini
Click to copy
  1. When prompted with a security warning type: R.
  2. Type R when prompted with a second security warning.
  3. When prompted to enter a root password for UAG-WS1, type Pa$$w0rd.
  4. Enter Pa$$w0rd when prompted to confirm the root password for UAG-WS1.
  5. When prompted to Enter an optional admin password for admin access, enter Pa$$w0rd.
  6. When prompted to Re-Enter an optional admin password, enter Pa$$w0rd.
  7. When asked whether or not to join the customer experience program, enter Yes.
  8. When prompted, enter the password for the specified [SSLcert] PFX certificate file omnissatraining_with_pwd.pfx, enter Pa$$w0rd.
  9. When prompted, enter the password for the specified [SSLcertAdmin] PFX certificate file omnissatraining_with_pwd.pfx, enter Pa$$w0rd.
  10. Enter Yes at the Fingerprint will be added to the known host file prompt. Press Enter.
  11. When prompted the password for [email protected], enter Pa$$w0rd. The password will not be visible.

The virtual appliance deployment will now start, it will take between 5 - 10min to deploy. 

Task 2: Configure the Secure Email Gateway Edge Service

You configure a Secure Email Gateway edge service in the Workspace ONE UEM console and enable the Secure Email Gateway edge service from the Unified Access Gateway administration console.

Because of the restrictive lab network, the deployed Unified Access Gateway instance is unreachable from the external network. As a result, it is not a functioning connection.
Running a test connection on the Email Configuration page in the Workspace ONE UEM console is expected to fail.

This task only demonstrates the procedures to follow when you plan to deploy a Secure Email Gateway edge service with Unified Access Gateway in a production environment.

  1. If not already logged in, log in to the ControlCenter VM.
    • User name: administrator
    • Password: Pa$$w0rd
  2. If the Workspace ONE UEM console is logged out due to inactivity, sign in to the Workspace ONE UEM administration console.
  3. Log in to Workspace ONE UEM.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd
  4. In the navigation pane at the top, select Groups & Settings. Then, select All Settings from the navigation on the left. Expand Email > Configuration.
  5. Click Configure.
  6. Next to Deployment Model, verify that Proxy is selected.
  7. From the Email Type drop-down menu, verify that Exchange is selected.
  8. From the Exchange version drop-down menu, select Exchange Office 365.
  9. Click Next.
  10. Configure the settings on the Deployment page.
  11. Enter Omnissatraining SEG in the Friendly Name text box.
  12. Enter https://seg.omnissatraining.com:443 in the External URL and Port text box.
  13. Enter 443 in the Listener Port text box.
  14. Next to terminate SSL on SEG, verify that Enable is selected.
  15. Ensure that Upload Locally is checked. (This means the certificate will be uploaded to the UAG)
  16. Under Email Server Settings, enter https://mail.office365.com:443 in the Email Server URL and Port text box.
  17. Under Security Settings and Cluster Settings, verify that Disable is selected for all settings.
  18. Click Next.
  19. On the Profiles page, click Next.
  20. On the Summary page, click Finish.
  21. Copy the value next to MEM Config GUID.
  22. From the ControlCenter Windows Start menu, open Notepad++ and paste the MEM Config GUID value into a new note.
  23. Open Chrome and open a new tab.
  24. On the bookmarks bar, click UAG.
  25. If necessary, log in to the Unified Access Gateway administration console.
    • User name: admin
    • Password: Pa$$w0rd
  26. Under Configure Manually, click Select.
  27. Turn on the Edge Service Settings toggle to display the available edge services.
  28. Click the settings icon next to Secure Email Gateway Settings. The Secure Email Gateway Settings dialog box appears.

The settings icon resembles a gear.

  1. Turn on the Enable Secure Email Gateway Settings toggle to enable the Secure Email Gateway edge service.
  2. Enter https://as1605.awmdm.com in the API Server URL text box.
  3. Enter studentadmin{labid} in the API Server Username text box.
  4. Enter Pa$$w0rd in the API Server Password text box.
  5. Enter seg.omnissatraining.com in the Secure Email Gateway Hostname text box. You do not include https:// in this entry.
  6. Open Notepad++ and copy the MEM Config GUID value that you pasted in an earlier step.
  7. Return to the Unified Access Gateway console.
  8. In the MEM Config GUID text box, paste the MEM Config GUID value that you copied from Notepad++.
  9. Turn on the Add SSL Certificate toggle.
  10. Next to SSL Certificate, click Select.
  11. Select the omnissatraining_with_pwd.pfx from C:\certificate  .
  12. Click Open.
  13. Enter Pa$$w0rd in the Password text box.
  14. Leave the Alias text box blank.
  15. Click Save.
  16. After saving, the Secure Email Gateway edge service might take up to 5 minutes to activate.
  17. Whiel you wait for the Secure Email Gatewat edge service to activate, return to the Workspace ONE UEM console.
  18. In the navigation pane at the top, select Security. Then, under Email Security, expand Control Policies.
  19. Review the available controls.

If you are at the organization group where mobile endpoint management (MEM) was configured, you have security policy controls for General Email Policies, Managed Device Policies, and Email Security Policies.

You can use the Run Compliance control to evaluate email access permissions for managed mobile devices. The Run Compliance control will fail in this test lab environment.

Task 3: Configure the Content Gateway Edge Service

You configure a Content Gateway configuration in the Workspace ONE UEM console and enable the Content Gateway edge service from the Unified Access Gateway console.

Because of the restrictive lab network, the deployed Unified Access Gateway instance is unreachable from the external network. As a result, it is not a functioning connection. Running a test connection on the Content Gateway page in the Workspace ONE UEM console is expected to fail. 

This task only demonstrates the procedures to follow when you plan to deploy a Content Gateway edge service with Unified Access Gateway in a production an environment.

  1. Return to the Workspace ONE UEM administration console in Google Chrome.
  2. If prompted, log in to Workspace ONE UEM.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd
  3. In the navigation pane at the top, select Groups & Settings. Then, expand All Settings > System > Enterprise Integration > Content Gateway.
  4. Next to Current Setting, click Override.
  5. Next to Enable the Content Gateway, click Enabled.
  6. Click Save.
  7. Click Add.

If the Add button is not visible, refresh the page.

  1. Configure the settings on the Content Gateway Configuration page as follows..
OptionAction
Installation TypeVerify that Unified Access Gateway is selected.
Choose Configuration TypeVerify that Basic is selected.
NameEnter Content Gateway in the text box.
Content Gateway Endpoint AddressEnter https://content.omnissatraining.com in the text box.
Content Gateway Endpoint PortEnter 8443 in the text box.
Ignore SSL Errors (not recommended)Verify that Disabled is selected.
Enable Cross-domain KCD AuthenticationVerify that Disable is selected.
  1. Click Save.
  2. Scroll to the right and copy the Content Gateway Configuration GUID value for the new Content Gateway.
  3. From the ControlCenter VM Start menu, open Notepad++ and paste the Content Gateway Configuration GUID value to a new note.
  4. Return to the Unified Access Gateway administration console in Google Chrome.

If the Unified Access Gateway console was closed at any point, open a new tab in Chrome and click UAG on the bookmarks bar.

  1. If prompted, log in to Unified Access Gateway.
    • User name: admin
    • Password: Pa$$w0rd
  2. Under Configure Manually, click Select.
  3. Turn on the Edge Service Settings toggle to display the available edge services.
  4. Click the settings icon next to Content Gateway Settings.

The settings icon resembles a gear.

  1. Turn on the Enable or disable Content Gateway Settings toggle to enable the Workspace ONE Content Gateway edge service.
  2. Configure the Content Gateway edge service settings as follows.
OptionAction
API Server URLEnter https://as1605.awmdm.com in the text box.
API Server UsernameEnter studentadmin{labid} in the text box.
API Server PasswordEnter Pa$$w0rd in the text box.
Content Gateway HostnameEnter content.omnissatraining.com in the text box.
Content Gateway Configuration GUIDPaste the Content Gateway Configuration GUID value from Notepad++.
  1. Click Save.

After saving, the Content Gateway edge service might take up to 5 minutes to activate.

Task 4: Create an Exchange ActiveSync profile

You create an Exchange ActiveSync profile to support the native mail client.

  1. If not already logged in, log in to the ControlCenter desktop VM.

    • User name: administrator

    • Password: Pa$$w0rd

  2. Open Chrome and log in to Workspace ONE UEM.

    • User name: studentadmin{labid}

    • Password: Pa$$w0rd

  3. In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.

  4. In the navigation pane on the left, select Resources. Then, under Profiles & Baselines, select Profiles.

  5. From the Add drop-down menu, select Add Profile.

  6. In the Add Profile dialog box, click Windows.

  7. In the Select Device Type dialog box, click Desktop.

  8. In the Select Context dialog box, click User Profile.

  9. Enter Corporate Exchange in the Name text box.

  10. Click the Smart Groups search box and select Windows Devices (Student{labid}).

  11. In the navigation pane on the left, select Exchange ActiveSync and click Configure.

  12. From the Mail Client drop-down menu, select Native Mail Client.

  13. Enter Corporate Exchange in the Account Name text box.

  14. Enter mail.office365.com in the Exchange ActiveSync Host text box.

  15. Select the Use SSL check box.

  16. Configure the login information as follows.

OptionAction
DomainLeave the default lookup value.
UsernameLeave the default lookup value.
Email AddressLeave the default lookup value.
PasswordLeave blank

  1. From the Past Days of Mail to Sync drop-down menu, select 1 Month.

  2. Leave the default values for all other settings.

  3. Click Save and Publish.

  4. Click Publish.

Task 5: Deploy Workspace ONE Boxer

You configure and deploy the Workspace ONE Boxer application to your enrolled devices.

  1. In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.

  2. In the navigation pane at the top, select Resources. Then, under the Apps, select Native Apps and click the Public tab.

  3. Click Add Application.

  4. From the Platform drop-down menu, select Apple iOS.

  5. Next to Source, click Search App Store.

  6. Enter Workspace ONE Boxer in the Name text box.

  7. Click Next.

  8. From the search result list, click Select next to the Boxer - Workspace ONE application.

  9. Leave the default application settings and click Save & Assign. The Boxer - Workspace ONE - Assignment window appears.

  10. On the Distribution page, enter Workspace ONE Boxer configuration in the Name text box.

  11. Enter a description of the assignment in the Description text box.

  12. From the Assignment Groups drop-down menu, select All Devices{labid}.

  13. Next to App Delivery Method, click On Demand.

  14. Leave the default values for the remaining settings.

  15. In the navigation pane on the left, select Email Settings.

  16. Enter Training Exchange ActiveSync in the Account Name text box.

  17. Enter seg.omnissatraining.com in the Exchange ActiveSync Host text box.

  18. Leave the default lookup value for the Domain text box.

  19. Leave the default lookup value for the User text box.

  20. Leave the default lookup value for the Email Address text box.

  21. Leave the Password text box blank.

  22. Leave the default values for the remaining settings.

  23. Click Create.

  24. Click Save.

  25. Click Publish.

Task 6: Add content to Workspace ONE and push to the Omnissa Content app

You add a document to the built-in repository in Workspace ONE UEM.

  1. In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.

  2. In the navigation pane at the top, select Groups & Settings. Then, click All Settings and expand Content.

  3. Select Applications and then click Workspace ONE Content App.

  4. Next to Current Setting, click Override.

  5. Review the settings available for managing the Workspace ONE Content App.

Do not change any settings for the Workspace ONE Content App.

  1. In the navigation pane on the left, expand Advanced. If prompted to "Disregard changes," click Ok.
  2. Click File Extensions.

  3. Next to Current Setting, click Override.

  4. Review the setings available for managing the file extensions.

Note that you can modify the list of file extensions for allowed content.

Do not change any of the settings displayed.

  1. In the navigation pane on the left, click on Corporate File Servers. If prompted to "Disregard changes," click Ok.
  2. Review the options available for managing Corporate File Servers.
  3. Close the Settings window by clicking the X in the upper right corner.
  4. In the navigation pane at the top, select Resources. Then, expand Workspace ONE Content and click Admin Repositories.
  5. Click Add.
  6. Enter Corporate Documents in the Name field.
  7. From the Type dropdown menu, select OneDrive.
  8. Ensure that Organization Group is set to Student{labid}.
  9. Click Continue.
  10. Review the available settings under the Security tab.
  11. Click the Assignment tab and review the available settings.
  12. Click the Deployment tab and review the available settings.

You will not be adding a new repository at this time.

  1. Click Cancel.
  2. From the navigation on the left, click Content.
  3. Click the Add Content button.
  4. In the Add Content window, click Select Files.

  5. Navigate to the Software folder on the desktop and double-click Lab Activities.

  6. Select the What_is_Workspace_ONE_UEM.pdf file and click Open.

  7. Change the document name to What is Workspace ONE UEM?.

  8. Click in the Category field and select Add Category.

  9. Enter Product Info as the name for the new category. Click Save.

  10. Click the Assignment tab.

  11. Click in the Organization Group field and select Student{labid} from the list that appears.

  12. Click Save.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.