使用AirWatch部署企业iOS应用程序的最佳方式是什么?
[英]What is the best way of deploying enterprise iOS app with AirWatch
问题描述
EDIT : see conclusion at the end of this post. 
编辑 :见本文末尾的结论。
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. 首先,让我澄清一下我在SO上发现了一些类似的问题/答案,但没有一个适用于我的特殊情况。 The one that came closest is this one but it doesn't address the AirWatch aspect. 最接近的是这一个,但它没有涉及AirWatch方面。
So I'll try to be very specific. 所以我会尝试非常具体。
Background 背景
I have an iOS application that's free. 我有一个免费的iOS应用程序。 I also have the same app for Android and Windows 10 but those are not my concern. 我也有Android和Windows 10相同的应用程序,但这些不是我的关注。 The iOS app is available to anyone from the App store. App应用程序中的任何人都可以使用iOS应用程序。 But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. 但我有一些大型企业客户使用AirWatch来管理其设备的安装/更新周期。 They either have Enterprise or VPP Apple accounts. 他们要么拥有Enterprise帐户,要么拥有VPP Apple帐户。 They want me to provide them with the IPA file so they can distribute it themselves through AirWatch. 他们希望我向他们提供IPA文件,以便他们可以通过AirWatch自行分发。 In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices. 在我看来,这是一个非常合理的请求:他们只是想要更好地控制在他们的设备上安装的内容。
Problem 问题
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. 根据我的理解,企业帐户要求使用客户的证书签署应用程序。 But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. 但是,如果我有几个这样的客户,这意味着每次我有新的更新时,我必须为每个客户重新签署每个应用程序。 And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones. 那些拥有VPP账户的客户无法使用它们,因为VPP计划仅适用于付费应用,而不适用于免费应用。
Note : keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. 注意 :请记住,在我准备向这些客户提供应用程序的那个阶段,该应用程序已经过App Store的审核和接受。 So it's deemed legit. 所以它被认为是合法的。
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. 在谷歌搜索这个问题一段时间之后,我知道如果以未签名的形式提供应用程序,那么其他人可能会第一次签署应用程序或签名。 However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well). 但是,AirWatch显然不支持重新签名的应用程序(我认为,其他MDM也是如此)。
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch. 如果这些信息不正确,那么我想我需要知道的是我作为一名程序员必须遵循的配方,然后才能将应用程序提供给我的客户以及他们必须采取哪些步骤才能使用AirWatch进行部署。
Question 题
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something. 那么我如何将我的免费应用程序提供给我的客户,这样他们就可以自己管理发行版,而不必在每次更改内容时都要经历另一套麻烦。 Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself. 请记住:如果我只有一个企业客户,我不会再考虑一下,我只会使用他们自己的证书,但我有几个具有相同要求的潜在客户,所以重点是让所有人都能轻松而对我自己。
I hope my question was clear enough, thanks in advance for any help. 我希望我的问题很清楚,提前感谢任何帮助。
EDIT - Conclusion : I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. 编辑 - 结论 :我能够验证未签名的IPA文件是否可以与客户的证书签名并上传到他们的AirWatch分发应用程序。 Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. 这意味着我只需向具有相同问题的任何客户提供未签名版本,他们就可以使用他们的MDM自行分发应用程序。 Hope this information helps others. 希望这些信息有助于他人。
2 个解决方案
解决方案1
2 已采纳 2016-06-02 20:49:43
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. 如果您的客户真的无法重新签署您的IPA,我相信您最好的解决方案是为自己注册企业帐户,然后使用您自己的企业配置文件签署单个ipa以便分发给公司需要应用程序。 Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account. 他们的MDM平台应该能够处理企业签名身份的“信任”,因此最终用户的体验与他们安装和运行由他们自己的企业帐户签名的体验没有什么不同。
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. 这样做的缺点是,当您的个人资料证书即将到期时,您将为您的客户提供新版本。 If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire. 如果您让他们重新签署您的IPA,他们有责任跟踪并在新的配置文件到期时重新分配/重新分发新的配置文件。
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. 此外,我从未听说过MDM分发重新签署的IPA有任何限制。 I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. 我甚至不明白他们如何阻止它,因为正确重新签名的IPA应该与使用新的签名身份和配置文件构建和签名的IPA没什么不同。 I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. 我会挑战这一点,因为许多MAM(移动应用程序管理)供应商提供的应用程序包装会重新签署二进制文件,并允许您通过MDM系统分发这些已撤销的IPA。 I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign . 我真的希望任何有Airwatch的公司都知道如何使用像iReSign这样的东西辞职。 That really is your easiest option. 这真的是你最简单的选择。 Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. 为每个版本构建一个IPA,将其发送给您的所有客户,每个客户都可以使用自己的签名身份重新签名。 That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running. 这样,如果您停止开发,他们就不会依赖您的签名身份和配置文件来保持应用程序的运行。
解决方案2
1 2016-06-02 23:23:29
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. 您可以使用VPP管理免费应用程序。 It's maybe free but it's still a license. 它可能是免费的,但它仍然是许可证。 VPP manages licenses for an organization and allows admins to give and tack back these licenses. VPP管理组织的许可证,并允许管理员提供和恢复这些许可证。
I have right now free Apps in my AirWatch Console, in the tab "Purchased". 我现在在我的AirWatch控制台中的“已购买”选项卡中免费提供应用程序。 This tab is only available if VPP is configured and displays only apps from the VPP. 此选项卡仅在配置VPP时可用,并且仅显示来自VPP的应用程序。 I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP. 我不能自己去检查VPP,因为我没有任何访问权限,但如果他们没有与VPP一起购买,这些免费应用程序将不会出现在“已购买”标签中。
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. 如果您准备这样做,您的客户可以将ipa文件作为内部应用程序上载,然后将其部署到iOS设备。 As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". 作为AirWatch的客户,他们应该可以通过Chatper 4“内部应用程序”访问VMware AirWatch Mobile Application Management (MAM) Guide文档。 There is a particular process for iOS apps described. 描述了iOS应用程序的特定过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.