Good Control overview for application developers

Introduction

The Good Control server is a Good Dynamics infrastructure and management component.

This page explains how the Good Control (GC) console is used to set up a Good Dynamics application for use at an enterprise. This page also provides an overview of the Good Control server, and the surrounding infrastructure, for the benefit of application developers.

More explanation of the general use of GC, as a management tool, is available in the GC console and in other documentation.

1. Application set-up

This section describes the necessary steps to set up a Good Dynamics application for use at an enterprise. In outline, the steps are as follows:

  1. Register the application
  2. Grant access to the application (user entitlement)
  3. Activate users

When all these steps are complete, the application can be utilised by enterprise users.

1.1 Preconditions

Before starting to set up an application, the following conditions must be met:

  • The GC and other infrastructure components are installed at the enterprise.
  • The GC and other infrastructure components are registered on the Good Dynamics network.
  • There is a Good Dynamics client application. This could be a sample application, provided by Good Technology.
  • The Application Server, if any, is installed at a known address.

In order to register a Good Dynamics application at the enterprise, it is necessary to:

  • Know the URL or IP address of the GC console, and
  • Have GC console login credentials

These can be obtained from enterprise I.T. or LAN administration.

1.2 Registering an Application

The following information will be required in the course of registering an application:

  • Name of the application
  • ID of the application. This must be the same as the applicationId in the GDAndroid.authorize call in the client application code.
  • Version identifier of the application. This must be the same as the appVersion parameter in the GDAndroid.authorize call in the client code.
  • Address and port number of the main application server, if any.
  • Address and port number of any additional application servers.

Except for the additional application server details, all the above is entered in the Applications section of the GC console. Open Add Application and specify the initial details, then add the server details on the Manage Application screen.
Any additional servers' details must be added in the Settings section, under Additional Servers, if they are not already configured on the GC.

Server details are entered in the GC console, but will then be provisioned to other infrastructure elements, such as the Good Proxy (GP). The GC, in effect, centralises the configuration user interface. See also the Overview, at the end of this page.

Entering the above information registers the application at the enterprise. After registering the application, users can be granted access to the application.

Note that registration is implicitly version-specific. Every version of the application must be individually registered.

1.3 Granting Access to an Application

Users can be given entitlement to applications that have been registered in the GC. This can be done for individual users, or for groups of users. Note that there is a special group,"EVERYONE", to which all users automatically belong.

In the early stages of Good Dynamics software development at an enterprise, the easiest approach may be to entitle the EVERYONE group to every newly registered application. Using this approach means that a user becomes entitled to all applications, as soon as the user is added. This approach may also be used long-term in a deployment that is pre-production.

Entitlements can be added to an individual user in the User Accounts section of the GC console. Entitlements can be added to a group of users in the Applications Groups section.

Enterprise users that have not been added to the GC are implicitly not entitled to any GD applications.

1.4 Adding Users

Enterprise users need to be added to the GC in order to access GD applications. To add a user, open Add User in the User Accounts section of the GC console and proceed as follows.

  1. Search for the user, usually by name or e-mail address. This is a search on the enterprise's Active Directory (AD) service, or equivalent.
  2. Locate the required enterprise user in the search results.
  3. Select to add the user to the GC

This causes the user to be recognised by the GC, and adds them to the EVERYONE group. If the EVERYONE group is entitled to any GD applications, the newly recognised user is now entitled to those applications. Otherwise, the new user must be added to a group that is entitled to use the required application, or must be given an individual entitlement.

Users that are entitled to applications can be activated.

1.5 Activating Users

Users that have been added to the GC, and who are entitled to one or more applications, can be activated. Activation is the last step in an individual roll-out that takes place at the GC.

When a user is activated, an activation key is issued. The key can be used once, by that user. Activation keys are not specific to an application. For example, a user that had been sent four activation keys could use them to activate any four applications to which they are entitled.

Note that activation keys do not support re-activation, as such. If the client software is uninstalled and re-installed on the same device, then a new activation key is required. This is also true if a new or factory-reset device is in use, or if a device emulator is in use and its state is not persisted. (Note that a user who has been issued multiple keys could use them to activate the same application multiple times.)

To activate a user, first open Manage User in the User Accounts section of the GC console and proceed as follows:

  1. Locate the required user's details and select to Edit
  2. Open the Access Keys tab
  3. Set the number of keys to send to the user
  4. Select to provision the keys

Activation keys will then be sent to the user's enterprise e-mail address. There will be one e-mail message per key. Hashes of the activation keys are also copied to the Good Technology Network Operation Centre (NOC), to enable validation.

To finalise the activation, the user needs to install and run a GD client application. At start-up, the Good Dynamics user activation interface will open. The user enters the activation key in the interface in the client. The library then sends the activation key to the NOC.

Assuming the correct key was entered, user activation is then finalised, and the key consumed. The application is then useable on the device.

2. Overview

The section gives a high-level explanation of the Good Dynamics (GD) infrastructure, including the following components:

  • Good Control (GC)
  • Good Proxy (GP)
  • Good Technology Network Operation Centre (NOC)

The following diagram shows these components, their communications links, and where they are installed. The diagram also shows enterprise components, including Application Servers, highlighted in italic.

2.1 Good Control server

A Good Control server is installed at every enterprise that is making use of the Good Dynamics platform. The GC server maintains various information about users and applications, see under Good Control console, below. The GC also provisions this data to the GP, NOC, and other infrastructure components.

2.2 Good Control console

The GC console is the user interface (UI) of the GC server. The GC console takes the form of a website, usually only accessible from the enterprise intranet. The following functions can be accessed through the GC console.

  • Application Server address configuration
  • User and group management
  • Application entitlement
  • Mobile device monitoring and management
  • Policy administration
  • Good Proxy configuration

2.3 Good Proxy server

At least one Good Proxy server is installed at every enterprise that is making use of the Good Dynamics platform. The GP handles the routing of traffic behind the enterprise firewall. This includes the following:

  • Inbound data, being sent from mobile devices, via the NOC, towards application servers
  • Outbound response data, being sent from application servers towards mobile devices via the NOC
  • Push Channel notifications, being sent from application servers to the NOC

The GP has no user interface. Configuration of the GP is done from the GC console.

2.4 Network Operation Centre

The NOC is the central mediation point for the Good Dynamics platform and its proxy infrastructure. The NOC is hosted by Good Technology, in a data centre facility.

From an architectural point-of-view, there is a single NOC for all Good Dynamics enterprises, users and services. For practical reasons, however, there may actually be a number of NOC deployments. For example, there may be separate production and development deployments.

The NOC has the following functions:

  • Relay data from mobile devices towards the GP at the associated enterprise, depending on the client application in use
  • Relay data from enterprise GPs towards mobile devices
  • Validate activation keys
  • Store user entitlements to applications
  • Store association of activated devices and enterprises

(In this context, the "activated device" is sometimes referred to as a "container". Conceptually, a Good Dynamics application and its data are within a secure container on the device. The container is owned by the enterprise, even if the device is not.)

The NOC has other functions, but these are beyond the scope of this overview.

2.5 Enterprise Installation checklist

Installation of Good Dynamics at an enterprise is usually complete before application development begins. Installation includes the following:

  • GC server installation, with a known URL or IP address for its console.
  • GC communication with the NOC.
  • GC communication with the enterprise Active Directory service, or equivalent.
  • GP installation. There may be more than one GP.
  • GC communication with GP, for configuration.
  • GP communication with the NOC.