AirWatch Console Configuration

This section will explain what configurations must be made in the AirWatch Console to achieve the features and restrictions that were outlined in the Introduction section.

1. iOS Per-App VPN Profile

This section will explain how to create a Per-App VPN profile, which will be used to allow VMware Browser to connect to an intranet site.

1.1. Add a Profile

  1. Click Devices.
  2. Expand Profiles & Resources.
  3. Click Profiles.
  4. Click ADD to expand the dropdown.
  5. Click Add Profile.

1.2. Select the Platform

Click Apple iOS.

1.3. Enter the Profile Details

  1. Ensure the General payload tab is selected.
  2. Enter "iOS Per-App VPN" for the Name field.
  3. Click the Assigned Groups field.
  4. Select All Devices ([email protected]) from the list.

1.4. Enable the VPN Payload

  1. Click the VPN payload tab.
  2. Click Configure.

1.5. Configure the VPN Payload

  1. Set Connection Type to VMware Tunnel.
  2. Set Enable VMware Tunnel to enabled.
  3. Click Save & Publish.

1.6. Publish the VPN Profile

Click Publish.

2. Configure Security Policies

This section will explain how to configure the default Security Policies to determine DLP controls.

  1. Click Groups & Settings.
  2. Click All Settings.
  1. Click Apps.
  2. Expand Settings & Policies.
  3. Click Security Policies.
  4. Set Current Setting to Override.

2.3. Configure Offline Access

  1. Scroll down to find the Offline Access section.
  2. Click Enabled for Offline Access.
  3. Enter "1" for Maximum Period Allowed Offline.
  4. Select day(s) for the time period dropdown.

2.4. Configure Data Loss Prevention

  1. Scroll down to find the Data Loss Prevention section.
  2. Click Enabled for Data Loss Prevention.
  3. Ensure Enable Copy and Paste is set to No.
  4. Ensure Enable Printing is set to No.
  5. Ensure Enable Camera is set to No.
  6. Ensure Enable Composing Email is set to No.

2.5. Save Security Policies Settings

  1. Scroll down to the bottom of the Security Policies menu.
  2. Click Save.

2.6. Confirm Saved Security Policies

Confirm that the Saved Successfully prompt shows.

3. Configure VMware Browser Settings

This section will explain how to configure the VMware Browser settings, including security settings, whitelisted and blacklisted sites, bookmarks and kiosk mode.

If you already closed the All Settings menu, reopen it by click Groups & Settings > All Settings.

  1. Click Apps.
  2. Click Browser.
  3. Set Current Setting to Override.

3.2. Configure Kiosk Mode Settings

  1. Scroll down to find the Mode section.
  2. Select Enabled for Kiosk Mode.
  3. Select Enabled for Enable Multiple Tabs Support.
  4. Enter "https://internal.airwlab.com" for the Home Page URL.
  5. Select Deny for Selection Mode.  This enables Blacklisting for the included site URLs, where selecting Allow would enable Whitelisting for the included site URLs.
  6. Enter "*.airwatch.com" for the Denied Site URLs.  This will allow traffic to all URLs except the *.airwatch.com domain.

NOTE: Normally, Kiosk Mode would restrict VMware Browser to a single page and it's available links.  For the purposes of the lab, we enable Multiple Tabs Support to showcase multiple bookmarks.  In this mode, the navigation bar returns and bookmarks can be selected from the menu, but other items are still restricted in this mode.

3.3. Save Browser Settings

  1. Scroll down to the bottom of the Browser Settings page.
  2. Click Save
  1. The menu will return to the top, and you should see the Saved Successfully prompt display.
  2. Click Bookmarks.

3.5. Add New Bookmark

The Internal Splash Page bookmark is already created for you, which is set to the Home Page.

  1. Click + Add Bookmark.
  2. Enter "AirWatch Home" for the new bookmark Name.
  3. Enter "https://www.airwatch.com" for the new bookmark URL.
  4. Click Save.

3.6. Close the Browser Settings Page

  1. Confirm the Saved Successfully prompt shows.
  2. Click Close

4. Publish the VMware Browser Application

Let us add VMware Browser as a Public app to manage and configure.

4.1. Add a New Public Application

  1. Click Apps & Books.
  2. Expand Applications.
  3. Click List View.
  4. Click the Public tab.
  5. Click + Add Application.

4.2. Search App Store for VMware Browser

  1. Select Apple iOS for the Platform
  2. Enter "VMware Browser" for the Name
  3. Click Next

4.3. Select the VMware Browser Result

Click Select for the VMware Browser result.

4.4. Save and Assign VMware Browser

Click Save & Assign

4.5. Add Assignment for VMware Browser

Click + Add Assignment

4.6. Configure VMware Browser Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices ([email protected]) Group.
  2. Select Auto for the App Delivery Method.

4.7. Configure Policies for VMware Browser

  1. Scroll down to find the Policies section.
  2. Select Enabled for Remove On Unenroll.
  3. Click Add.

4.8. Confirm Assignment and Save

  1. Confirm that the Assignment you just configured is displayed.
  2. Click Save & Publish.

4.9. Preview Assigned Devices and Publish

Click Publish.

5. Publish the VMware Tunnel Application

In order to leverage the Per-App VPN profile we created for VMware Browser, we will need to also publish VMware Tunnel to the device.

5.1. Add a New Public Application

  1. Click Apps & Books.
  2. Expand Applications.
  3. Click List View.
  4. Click the Public tab.
  5. Click + Add Application.

5.2. Search App Store for VMware Tunnel

  1. Select Apple iOS for the Platform.
  2. Enter "VMware Tunnel" for the Name.
  3. Click Next.

5.3. Select the VMware Tunnel Result

Click Select for the VMware Tunnel result.

5.4. Save and Assign VMware Tunnel

Click Save & Assign.

5.5. Add Assignment for VMware Tunnel

Click + Add Assignment.

5.6. Configure VMware Tunnel Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices ([email protected]) Group.
  2. Select Auto for the App Delivery Method.

5.7. Configure Policies for VMware Tunnel

  1. Scroll down to find the Policies section.
  2. Select Enabled for Remove On Unenroll.
  3. Click Add.

5.8. Confirm Assignment and Save

  1. Ensure the Assignment you created is displayed.
  2. Click Save & Publish.

5.9. Preview Assigned Devices and Publish

Click Publish.