Configuring Advanced Settings Parent topic

The advanced settings in Virtual Mobile Infrastructure includes the following:
  • Application usage log setting, to collect application usage log from user workspaces, to learn more about user behavior.
  • Mobile device location for each users using applications in user workspace.
  • Port range manual configuration for Virtual Mobile Infrastructure.
  • Screen resolution setting for user workspace.
  • OAuth 2.0 protocol configuration for user authorization. OAuth 2.0 provides specific authorization flows for Web applications, desktop applications, mobile phones, and living room devices. Virtual Mobile Infrastructure Secure Access includes the Authorization Server, which is required for OAuth 2.0 authentication.
    Before you can configure OAuth 2.0 authentication settings, you must configure Secure Access Settings in Mobile Client tab. Refer to Configuring Mobile Client Settings.
Use the Advanced tab in System Settings to configure advance settings for Virtual Mobile Infrastructure.

Procedure

  1. On the System Settings screen, click the Advanced tab.
  2. Under Application Usage Log section, configure the following settings:
    • Collect application usage log: If enabled, you can view the application usage log on the following screens:
      • Dashboard, in Top 5 Applications Used widget (also available even when the feature is disabled).
      • User Management, on the user details screen for each user. Click on a user name to see user details. The applications usage information on this screen includes the complete list of applications used, sequence and duration of usage and the locations where the applications were used.
      • Logs, using Apps Used Log query, you can look at the name of the applications used by users and the usage duration for each application.
    • Configure mobile device location: If enabled, you can view the details about location of users using certain applications.
  3. Under Virtual Mobile Infrastructure Server Port Setting section, type the port range in the field provided. Change this setting only if any of your application requires a port number ranging between 5900 and 6923, to avoid network conflict.
  4. Under Virtual Mobile Infrastructure Server Screen Resolution Setting section, select Enable high quality screen resolution for user workspacesoption if any of the applications installed in user workspace requires high-resolution, or does not display correctly using the default resolution.
    Note
    Note
    Enabling this feature consumes more data traffic for the Virtual Mobile Infrastructure server.
  5. Under OAuth 2.0 Authentication section, select Enable OAuth 2.0 authentication.
  6. Configure the following options:
    • Client ID and Client Secret: The Virtual Mobile Infrastructure server ID and secret code generated by the Authorization Server. The Client ID represents Virtual Mobile Infrastructure in Authorization Server and the secret code is required by the Authorization Server for access authorization.
      Use the following command on the command console on Secure Access to get the Client ID and Client Secret:
      /vmi/authorizationService/manage.py create_app "Trend Micro Virtual Mobile Infrastructure" https://{your secure access address:port}/api/v1/portal/oauth
      Note
      Note
      Replace {your secure access address:port} with Secure Access IP address and port number.
    • Authorization URL: The Authorization URL for the users to provide certificate authorization.
    • Token URL: The Token URL for the Virtual Mobile Infrastructure to get access token and refresh token from the Authorization Server. An access token has a limited lifetime. If Virtual Mobile Infrastructure needs access to Authorization Server beyond the lifetime of a single access token, it obtains a refresh token. The refresh token allows Virtual Mobile Infrastructure to obtain new access tokens.
    • Account Information URL: The Account Information URL is generated by the Authorization Server and includes the user account information for authentication.
    • Client Certificate: Client certificate is used to create a mutual authentication SSL connection to Authorization Server or Identity Provider (IdP). Generate, and then upload the client certificate file here.
      Use the following command to generate the client certificate file:
      /vmi/authorizationService/manage.py init_cert
      The Authorization Server generates the client certificate file at the following location:
      /etc/pki/vmi/client.pass.p12
      Note
      Note
      Virtual Mobile Infrastructure only supports .p12 and .pfx client certificate file types.
    • Certificate Password: Type the following client certificate password: vmi
    • Verify authorization server certificate: Select this option if you want to verify the CA certificate, and then upload the CA certificate in the Certificate Authority field. The CA Certificate is available at the following location:
      /vmi/testcert/root.crt
    • Certificate Authority: Certificate Authority is used to avoid man-in-the-middle (MitM) attack and verify Authorization Server certificate.
      Note
      Note
      Virtual Mobile Infrastructure only supports .pem CA certificate file types.
    Note
    Note
    The Authorize URL, Token URL and Account Information URL fields are automatically filled with the relevant information.
  7. (Optional) Click Test Connection to verify your settings.
  8. Click Save.

What to do next

Generate individual certificates for mobile users for enrollment. See Generating Client Enrollment Certificate.