wso2con usa 2017: managing verifone’s new payment device “carbon” with wso2’s emm
TRANSCRIPT
3
What is Carbon?
• New “flagship” payment terminal by Verifone
• Android based tablet merchant facing
• 3rd party app development SDK and app market(with payment APIs)
• PCI-DSS certified payment terminal customer facing
• Management of all devices (aka “estate”) on Estate Manager portal
• Management of merchants’ devices on Merchant portal
• Remote support by Verifone on Estate Owner Support portal
4
Carbon Use Cases
• With Commerce Platform, merchants can:
- reward their best customers with loyalty and points programs, - display promotional media and coupons, - leverage beacons for store analytics, and - invite customers to redeem personalized offers in real time.
7
Why Open Source MDM Solution?
• Commercial solutions for MDM exist, but:
- Incur large costs, often paid based on number of devices- Inflexible for customizations of the MDM solution- Potentially more difficult to integrate in existing terminal management infrastructure- Impossible to get source code to create own modifications of the MDM agent or server
• Thus, we decided to work with WSO2 to advance their existing tool “EMM” to fit our requirements
8
WSO2 Enterprise Mobility Management (EMM) [1]
• Open-source platform for managing Android, iOS and Windows devices
• Based on an “agent” installed on the device and a server that can be deployed on-premise or in the cloud
• Provides UI, as well as API-based control
• Integrates with other WSO2 products, in particular for authorization (SSO, OAuth, …), as well as LDAP
[1] http://wso2.com/products/enterprise-mobility-manager/
9
Self-Enrollment of Devices
• Using mutual TLS (EMM also supports OAuth)
Tablet
CertificateService
MDMServer
1. Send certificate request 2. Receive
certificate 4. Enrollment completed
3. Enroll w mutual TLS
10
Integration Into Our Environment
Tablet
TMSMDMServer
2. Poll for new commands
3. Receivecommand
Terminal
1. Trigger command to Android tablet “A”
4. Return success
5. Return success
11
“EMM as a Blackbox”: API-based MDM
• We needed more APIs than EMM provided out of the box
• I worked with WSO2 to accomplish that
• RESTful APIs documented on Swagger
12
How Do We Use EMM?
• Get device information (including geo location)
• OTA upgrade
• APK installation/update/removal
• Lock device
• Reboot
• Factory reset
• Send logcat
• Send notification
14
Scaling MDM
Tablet
ext. ELB
EMMworker 1
EMMworker 2
EMMworker 3
Auto-scalinggroup
S3 storage RDS
int. ELB
nginx nginxNginx used for TLS termination