z-push.net

[skummer]

Dear users,

with version 1.3 the REMOTE WIPE feature for mobile devices was introduced. This funcionality is generally available for all backends, but it was firstly implemented for the ICS (Zarafa) backend.

In order to see and wipe your devices, you have to use the Zarafa Webaccess and install a plugin. The Webaccess plugin framework will be introduced with Zarafa 6.30 (which is currently in ReleaseCandidate state).
That's the reason why we decided to publish this plugin as an EXPERIMENTAL version.

How to: install Z-Push 1.3 beta and Zarafa 6.30.X on your webserver. You can download it if you are registred as beta tester in the Zarafa Forum. If you are not, you can submit to the beta program or wait a few days until the final version is released.

Download the attached mdm plugin. MDM stands for Mobile Device Management. Extract the file to your webaccess/plugins directory (at the end it has to be webaccess/plugins/mdm/..) and completely reload the webaccess (eventually you have to clear the cache).

By clicking on the "Mobile Device Management" link you can see all devices connected to your store. Please note, that only devices synced with Z-Push 1.3 will appear in the list.

You can then select a device and "remote wipe" it. Please backup ALL your data from the device before wiping it and observe the disclaimer underneath the device list. You have been warned!

We would really appreciate your feedback on this!!

Greetings,
Sebastian
Z-Push dev team

Mobile Device Management in the Zarafa Webaccess

mdm.png (46.63 KiB) Viewed 9638 times

UPDATE 2009-06-15 18:35 (CET): there was a small bug in the previous plugin version (the user which issued wipe was always "undefined" when status is "wiped") which is fixed in this version.

[ac!]

very nice with the remote wiping, but i am not sure its implemented like it was intended.

when for example the iphone is not in "push mode" it does not maintain a persistent connection.
because of this pings are never sent and can't get handled and therefor this wiping method (Waiting for changes...) does not get invoked.

so the only other place i see wiping occurs is at provisioning.
now i dont know about other devices but the iphone only provisions under two circumstances:

a) the exchange activesync is freshly set up.
b) getPolicyKey "throws" a SYNC_PROVISION_STATUS_POLKEYMISM and the server sends a 449 Retry after sending a PROVISION command

so that currently leaves only two choices:

a) wiping only works when the device is in "push mode" and thus will drain the battery like there is no tomorrow
b) implement SYNC_PROVISION_REMOTEWIPE in more methods than just the provisioning and the push cycle

one more but not really an option:

c) enforce 449 provisioning on almost every request.

on another iphone note, i tried setting it to push and it only gave me a:

06/14/09 22:31:20 [13718] O <Ping:Ping>
06/14/09 22:31:20 [13718] O <Ping:Status>
06/14/09 22:31:20 [13718] O 7
06/14/09 22:31:20 [13718] O </Ping:Status>
06/14/09 22:31:20 [13718] O </Ping:Ping>

followed by a:

06/14/09 22:31:22 [13718] POST cmd: FolderSync

but it did not really initiate a wipe at some point.

after that i enforced $rwstatus = SYNC_PROVISION_RWSTATUS_WIPED near the end of the provisioning (around line 1366) and the iphone gets wiped.

so bottom line of all that jabbering, the wiping works fine it just needs some more places where it can get pushed out to the phone.
anybody ?

[ac!]

just as a lil warning for everybody who wants to try the same stunt as me:

the iphone takes about two hours for the low-level-remote-wipe-life-erasing-task it performs.

dingus.

[mku]

Hi ac,

so the only other place i see wiping occurs is at provisioning.
now i dont know about other devices but the iphone only provisions under two circumstances:

a) the exchange activesync is freshly set up.
b) getPolicyKey "throws" a SYNC_PROVISION_STATUS_POLKEYMISM and the server sends a 449 Retry after sending a PROVISION command

Yes, that's how the protocol is: remote wipe is a part of provisioning.

so that currently leaves only two choices:

a) wiping only works when the device is in "push mode" and thus will drain the battery like there is no tomorrow
b) implement SYNC_PROVISION_REMOTEWIPE in more methods than just the provisioning and the push cycle

That's not quite right. When the device is in "push mode" and the remote wipe was issued, the ping will return a status "7" telling a device to issue a "FolderSync" command. This command (and all others but "Ping" and "Provision") check the policy key status. If the keys on the mobile and on the server don't match, the Provision command is issued which may end with remote wipe request depending on the status.

one more but not really an option:

c) enforce 449 provisioning on almost every request.

The policy key check happens on every request, so theoretically provisioning can happen after every request.

on another iphone note, i tried setting it to push and it only gave me a:

06/14/09 22:31:20 [13718] O <Ping:Ping>
06/14/09 22:31:20 [13718] O <Ping:Status>
06/14/09 22:31:20 [13718] O 7
06/14/09 22:31:20 [13718] O </Ping:Status>
06/14/09 22:31:20 [13718] O </Ping:Ping>

followed by a:

06/14/09 22:31:22 [13718] POST cmd: FolderSync

but it did not really initiate a wipe at some point.

I assume that you have used the webaccess plugin, haven't you? Has the status of the device changed it the overview?

The ping status "7" followed by "FolderSync" is what should have happened. What followed the "FolderSync"?

Greets, Manfred

[ac!]

hi manfred,

i rewrote the thingy to fit into our environment.

after the ping status 7 the foldersync occured but no provisioning afterwards.

so the ping status 7 and the foldersync alone do not change the policy key, do they?
i assume in addition of setting SYNC_PROVISION_RWSTATUS_WIPED in getDeviceRWStatus() i would also change the policy key to a dummy value to reenforce provisioning?
because i left the policy key the same it was as before. that would explain all

[mku]

Hi ac!,

yes, changing the policy key on the server for remote wipe is crucial. Only when the keys don't match the provision will be issued and depending on RWStatus wipe will be executed or not.

Greets, Manfred

[ac!]

i guess not changing the policykey in addition to enabling the remote wipe was the problem.
any idea how to test this without killing the iphone for two hours every time?

[skummer]

Just try the windows mobile emulator. That one also performs a complete wipe and system reinstall, but on "virtual basis". If you save the state before, then it only takes about 20 seconds to restore the old status..

CHeers, Sebastian

[ac!]

is it something like Windows Mobile 6.1 Professional Images (USA).msi ?
around 270mb ?

the microsoft website really is a pain in the azz.

[skummer]

That's the one.
You also need MS VirtualPC to get the network conection running on the emulator.

Gr, Sebastian