Mobinergy helps you to extend your macOS management skills with the product provisioning on Workspace ONE UEM.
Deploying applications on macOS is quite easy and well-designed on Workspace One™ UEM with the software distributions methods built into the VMware platform.
But when these applications come with special configuration needs such as transformation files or scripts it can become more complicated.
This is where the Product Provisioning tool of the Workspace One™ UEM can take over and help us go the extra mile.
What are the Products ?
The main feature of the Product Provisioning system is creating an ordered installation of configurations, applications, and files/actions into one product to be pushed to devices based on the conditions you create.
In the case of macOS this will help us not only to install applications but also to configure them specifically with the help of files that we will be able to put where we want on the mac, or even execute terminal commands or scripts to achieve the desired goal.
This article is written for :
- Workspace One Administrators
- macOS 10.7+ devices : MacBook Pro, MacBook Air, Mac Mini, iMac, Mac Pro.
- Workspace One™ UEM version 18.xx+
In our example we will need to deploy a VPN client application called Pulse Secure on our fleet of macOS terminals.
This application comes with a specific configuration file allowing the automatic configuration of the user's VPN client for his company.
The application must therefore be installed and then the file dropped and executed with a specific terminal command for everything to work properly.
We must therefore :
- Deploy the .pkg of the Pulse Secure app on the Mac.
- Drop the Pulse Secure client configuration file.
- Install the Pulse Secure application.
- Execute the configuration command from the configuration file dropped in step 2.
The good news is that we can do all these steps at once by creating a Workspace One™ product, and that's what we're going to see now.
Let's now build the Product
Creating a Files/Actions component
First we log on as an administrator to our Workspace One™ UEM console and place ourselves at the desired organisational level to create our product. (We are currently using the latest version of the Workspace One™ UEM console as of March 2021).
We Navigate to Devices > Provisioning > Components > Files/Actions and select Add Files/Actions.
From there we will select the macOS platform.
A window opens and allows us to prepare our Files/Actions. The first tab "General" allows us to define a name for our Files/Actions. We enter a name and click on the second tab "Files".
On the "Files" tab, we will now clik on the ADD FILES button. A Pop-Up window will open to allow us to upload the desired files to build our Product. By clicking on the "select files" we are able to browse our own file system to select the desired files.
For the first file we will choose the .pkg of the Pulse Secure app previously retrieved from the editor's website. We then just have to click "Save" to start uploading the file to our Files/Actions Workspace One™.
At the end of the upload a new window opens automatically to configure the parameters of our .pkg deposit on the target macOS. In the "Download Path" field we just have to indicate where we want the Pulse Secure .pkg to be dropped on the macOS of our fleet. We advise you to choose a general or universal location, for example in our tutorial we choose the folder "/Users/Shared/filename".
We also need to indicate a version number relative to Workspace ONE™, we logically start with "1.0".
We finish by clicking on "Save".
Our Pulse Secure application .pkg is now added to our Files/Actions Workspace One™ UEM and appears listed.
We will now repeat the exact same action for the Pulse Secure client configuration file.
We just have to click again on the ADD FILES button.
The .pulsepreconfig file is a simple text file containing the informations of the company VPN, and we will use a spécific command in the Product to configure the Pulse Secure client with this config file. This file is provided by the VPN Editor support team.
We can once again drop this file in the "/Users/Shared" folder.
When the upload is finished, we can now see the list of uploaded files in our Product and where they will be dropped on the macOS terminal.
We will now click on the "Manifest" tab next to the "Files" tab.
We now arrive on the "Manifest" tab where we will indicate the actions that our Files/Actions will carry out within the Product and above all in which order.
We will start by clicking on the ADD ACTION button.
A new window opens allowing us to indicate the first action to be performed by our Product.
Since we want to start with the installation of our Pulse Secure application, we will logically choose the "Install" action in the drop-down menu.
Once the "Install" action is selected, this allows us to enter the path to the package that the macOS terminal should install.
In our case we just need to install the PulseSecure_V9.pkg app which we put in the "/Users/Shared" folder using the previous steps.
We finish creating this action by clicking on the "Save" button.
After saving we find the list of actions and our first action created, namely :
- Install the Pulse Secure client.
We are now going to create, in order, the second action we need to configure the Pulse Secure VPN Client which is automatically installed thanks to the configuration file.
We will click again on the ADD ACTION button.
For this second action, as we want to execute a command we will logically select the "Run" action from the drop-down menu.
Once we have selected the "Run" action we can enter the command that will be executed by the macOS terminal.
This command is the following and is quite simple:
/Applications/Pulse\Secure.app/Contents/Plugins/JamUI/jamCommand -importFile /Users/Shared/EMEA1.pulsepreconfig
We will call the "jamCommand" binary in the Pulse Secure app installation folder and ask it to read and parse the configuration file we dropped in the "/Users/Shared" folder during our previous actions.
We end by saving.
The list of actions is now visible and complete, actions will be carried out in the order in which they appear in the list. It is possible to rearrange them using the arrows provided.
Our Files/Actions component first performs the events on the "Files" tab and then those on the "Manifest" tab.
If we summarise, we have therefore implemented the workflow expressed at the beginning through this Files/Actions component, namely :
- Deploy the .pkg of the Pulse Secure app on the Mac. (Files Tab)
- Drop the Pulse Secure client configuration file. (Files Tab)
- Install the Pulse Secure application. (Manifest Tab)
- Execute the configuration command from the configuration file dropped in step 2. (Manifest Tab)
We can finish the creation of our Files/Actions by clicking on "Save".
Our Files/Actions component is now created and visible in the list view. We can now go ahead and create the Product to push it onto our macOS fleet.
Creating the Product
Still on our Workspace One™ UEM console, we navigate to Devices > Provisioning > Product List View.
From here we will click on the ADD PRODUCT button.
As with our File/Action component we will select the macOS platform.
The Product configuration window opens an we are now able to configure it.
On the "General" tab we will first specify a name that will appear in the Products list display. We also see the organisational level where it will be created.
We also need to specify an assignment for our product by indicating the target group for deployment (Smart Group or Organisation).
We can then click on the "Manifest" tab.
The "Manifest" tab will allow us to indicate the File/Action components that we want to put in our Product.
We will click on ADD
From there the Add Manifest window opens and we can select the "File/Action - Install" option.
This allows us to select our File/Action component created in the previous steps from the drop-down menu.
We finish by clicking on the "Save" button.
We can now see our File/Action component listed in the "Manifest" tab of the Product to execute the directives.
We can also find the "Conditions" tab which allows us to add execution parameters for the Product, such as environment constraints or interactions with the user. These conditions must be created in the menu of the same name in the same way as the File/Action components.
The "Deployment" tab allows us to set a precise date and time for the installation and execution of our Product.
Finally, the "Dependencies" tab allows you to create links between products to make them dependent. Example: "Product B will only be installed when Product A has finished its execution."
As we do not need these options in our Scenario we leave these tabs with default settings.
We finish creating our product by clicking on "Save".
We finally arrive at the Product list and can view our newly created Product.
The red dot in front of the Product name indicates that it is currently inactive. We will activate it.
To activate the Product we just have to click on the other dot next to the red one. It will turn green indicating that the Product is now active and starting to deploy to your macOS devices.
Thanks to the real-time deployment status of the Workspace One™ UEM console. We can see the status of the product installation. This is symbolised by the numbers on the line of our product name.
We can click on any of the numbers to access our deployment information and track any problems.
Thanks to the potential offered by Workspace One™ UEM's product provisioning tool, we were able to create a complex workflow that carried out a precise scenario on our macOS terminals.
In a single Product, we were able to drop in the Pulse Secure VPN app, a configuration file, install the application and finally run a command to configure it.
We can find many uses and fields of application for Workspace One™ UEM Products and perform complex and advanced actions thanks to the capabilities we have just seen in this article.
Hoping that this information will be useful to all our readers, good luck in the creation of your future macOS Products!