Post on 07-Oct-2018
Trend Micro Virtual Mobile Infrastructure (TMVMI)
Technical FAQ
Trend Micro Virtual Mobile Infrastructure (TMVMI) 1
Technical FAQ 1
About Virtual Mobile Infrastructure 3
What is Virtual Mobile Infrastructure 3
How does Virtual Mobile Infrastructure work 3
What are the minimum system requirements for using TMVMI 4
How does IT deploy TMVMI as a single server in corporate 4
How to support scalability How does load balance work 5
How does Secure Access Work How secure it is 5
What is the user status and how does the status change 6
What Android version does TMVMI use 6
How does RMX choose protocols 7
How does an instance use server resource 7
Does each virtual phone receive an IP address when it is created Who assigned it 7
What ciphers are supported on external link 8
Security 8
Is TMVMI safe enough 8
Can I know if RMX is secure Is it RMX and HTTPS or RMX in HTTPS 9
What certificates are supported for TMVMI Server and Secure Access 9
What is your strategy for copypaste text between real device and virtual Workspace 9
Server Installation 10
What kinds of network card do TMVMI support 10
Which IP address canrsquot be used for VMI Server and Secure Access 11
What can I do if the server installation fails 13
Why canrsquot I install TMVMI server on Hyper-V 15
Configurations for TMVMI Server 17
How to change the IP address of the Network Card 17
How do I configure the network card for Secure Access 17
How to use the external storage in TMVMI 17
How can I change the external storage 19
How to use the system recovery 19
How to change the HTTPS certificate for the management web console 20
How to export and import database in TMVMI server 20
Can I upload paid Google Play app to VMI console 21
Configuration for TMVMI Secure Access 21
How do I configure eth1 network card for Secure Access 21
How to change HTTPS certificate for Secure Access 21
How to check if Secure Access is connected to the server 22
How does Secure Access check if the user who is logging in is using the correct AD credentials
22
How to configure the Secure Access if the IP address of the management server is changed
23
How to configure the HTTP port in TMVMI Secure Access for playing video 23
Functions 24
Do you support notifications from mobile Workspace to real phone 24
Does Virtual Mobile Infrastructure support reconnection if it gets disconnected from the
network 24
Can users install or remove applications by themselves 24
What input method is used in the Workspace 24
Does TMVMI support the following mobile features CameraBluetoothGPSAudioVideo
25
User Management 25
What can users do if they forget the Workspace lock screen password 25
How to export or import user data in TMVMI server 26
How to export or import user data in External Storage 26
Why canrsquot I use Active Directory 27
Is it possible to block users that tries to brute force attack the VMI user credentials with VMI
client 27
How to get local user password without email 28
Why do I always see old web UI 28
TMVMI Client 29
How to download the mobile client 29
How to logout from the mobile client 29
Cannot install the iOS inhouse IPA in iOS 1031 or above 29
I have TMVMI installed and I can login but I canrsquot see the virtual desktop Why 29
Is it possible to log in to the same virtual phone from two different devices at the same time
30
Applications 30
How can I make sure that distributed 3rd party applications does not have any license issues
30
How to do app wrapper for single sign on 30
Does app wrapper have limitation 31
Why I canrsquot upload apps for single sign on 31
Why does SSO fail with companylsquos exchange server 32
Does TMVMI support all the video player 32
Some applications cannot run normally with Virtual Mobile Infrastructure (VMI) 33
Why does the installed application in TMVMI server fail to login 34
About Virtual Mobile Infrastructure
What is Virtual Mobile Infrastructure
The Virtual Mobile Infrastructure solution hosts mobile operating systems on centralized servers
making them accessible over a network using an efficient remote display protocol and rendering
technology
It enables clear separation of corporate personal data amp Workspace
For users this means they can access the same mobile environment with their applications and
data from any location without being tied to a single device
For IT administrators this means a more centralized efficient Workspace that is easier to manage
and maintain
How does Virtual Mobile Infrastructure work
bull Using a Web-based management console administrators can create and provision secure
mobile Workspace with applications data and customized mobile system to end users
bull Using an AndroidiOSWindows device an employee can logon to the Workspace over the air
to remotely access the mobile Workspace
bull Enterprises can continue to manage and update the Workspaces
bull If necessary they can remotely remove a userrsquos entire Workspace including all corporate
applications and data
What are the minimum system requirements for using
TMVMI
bull System requirements for Client
Virtual Mobile Infrastructure client supports iOS Android and Windows also support phone
and tablet both
ndash iOS 80 or later
ndash Android 40 or later
ndash Windows 81Windows Phone 81Windows 10 Mobile
bull System requirements for TMVMI Server
Virtual Mobile Infrastructure Server is delivered as a Linux-based appliance and is packaged
as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
bull System requirements for TMVMI Secure Access
Secure Access is delivered as a Linux-based appliance and is packaged as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
How does IT deploy TMVMI as a single server in
corporate
How to support scalability How does load balance work
bull Supports multiple servers
bull Supports multiple Secure Access
TMVMI support two kinds of load balance
bull TMVMI Secure Access load balance IT can put multiple Secure Access in intranet and export
them through a L4 switch device Client access a FQDN (VMIcompanycom) and L4 switch
device relay the request to one of Secure Access Secure Access will relay the request to TMVMI
Server
bull TMVMI Server load balance IT can deploy multiple TMVMI server (one is master server and
others are slave servers) TMVMI will allocate new user to the server that has largest available
seat number
Available Seat Number = (Server Capacity) ndash (Active User number)
How does Secure Access Work How secure it is
bull The Secure Access provides Internet access on mobile clients It receives mobile client
enrollment request and relay to TMVMI server IT admin can just open one IP address and one
port number for mobile client access
bull Secure Access can be deployed to in DMZ or intranet It only needs one network card if there
is a separation between internet mobile devices and Secure Access It needs two network
cards if it is deployed as a bridge mode (one NIC is for mobile clients to access from internet
the other NIC is to connect to the internal TMVMI servers)
bull Internet mobile clients use HTTPS to connect Secure Access Then Secure Access relays the
client requests to the TMVMI
bull Secure Access controls its export ports by iptables to ensure the security TMVMI server also
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How to change HTTPS certificate for Secure Access 21
How to check if Secure Access is connected to the server 22
How does Secure Access check if the user who is logging in is using the correct AD credentials
22
How to configure the Secure Access if the IP address of the management server is changed
23
How to configure the HTTP port in TMVMI Secure Access for playing video 23
Functions 24
Do you support notifications from mobile Workspace to real phone 24
Does Virtual Mobile Infrastructure support reconnection if it gets disconnected from the
network 24
Can users install or remove applications by themselves 24
What input method is used in the Workspace 24
Does TMVMI support the following mobile features CameraBluetoothGPSAudioVideo
25
User Management 25
What can users do if they forget the Workspace lock screen password 25
How to export or import user data in TMVMI server 26
How to export or import user data in External Storage 26
Why canrsquot I use Active Directory 27
Is it possible to block users that tries to brute force attack the VMI user credentials with VMI
client 27
How to get local user password without email 28
Why do I always see old web UI 28
TMVMI Client 29
How to download the mobile client 29
How to logout from the mobile client 29
Cannot install the iOS inhouse IPA in iOS 1031 or above 29
I have TMVMI installed and I can login but I canrsquot see the virtual desktop Why 29
Is it possible to log in to the same virtual phone from two different devices at the same time
30
Applications 30
How can I make sure that distributed 3rd party applications does not have any license issues
30
How to do app wrapper for single sign on 30
Does app wrapper have limitation 31
Why I canrsquot upload apps for single sign on 31
Why does SSO fail with companylsquos exchange server 32
Does TMVMI support all the video player 32
Some applications cannot run normally with Virtual Mobile Infrastructure (VMI) 33
Why does the installed application in TMVMI server fail to login 34
About Virtual Mobile Infrastructure
What is Virtual Mobile Infrastructure
The Virtual Mobile Infrastructure solution hosts mobile operating systems on centralized servers
making them accessible over a network using an efficient remote display protocol and rendering
technology
It enables clear separation of corporate personal data amp Workspace
For users this means they can access the same mobile environment with their applications and
data from any location without being tied to a single device
For IT administrators this means a more centralized efficient Workspace that is easier to manage
and maintain
How does Virtual Mobile Infrastructure work
bull Using a Web-based management console administrators can create and provision secure
mobile Workspace with applications data and customized mobile system to end users
bull Using an AndroidiOSWindows device an employee can logon to the Workspace over the air
to remotely access the mobile Workspace
bull Enterprises can continue to manage and update the Workspaces
bull If necessary they can remotely remove a userrsquos entire Workspace including all corporate
applications and data
What are the minimum system requirements for using
TMVMI
bull System requirements for Client
Virtual Mobile Infrastructure client supports iOS Android and Windows also support phone
and tablet both
ndash iOS 80 or later
ndash Android 40 or later
ndash Windows 81Windows Phone 81Windows 10 Mobile
bull System requirements for TMVMI Server
Virtual Mobile Infrastructure Server is delivered as a Linux-based appliance and is packaged
as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
bull System requirements for TMVMI Secure Access
Secure Access is delivered as a Linux-based appliance and is packaged as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
How does IT deploy TMVMI as a single server in
corporate
How to support scalability How does load balance work
bull Supports multiple servers
bull Supports multiple Secure Access
TMVMI support two kinds of load balance
bull TMVMI Secure Access load balance IT can put multiple Secure Access in intranet and export
them through a L4 switch device Client access a FQDN (VMIcompanycom) and L4 switch
device relay the request to one of Secure Access Secure Access will relay the request to TMVMI
Server
bull TMVMI Server load balance IT can deploy multiple TMVMI server (one is master server and
others are slave servers) TMVMI will allocate new user to the server that has largest available
seat number
Available Seat Number = (Server Capacity) ndash (Active User number)
How does Secure Access Work How secure it is
bull The Secure Access provides Internet access on mobile clients It receives mobile client
enrollment request and relay to TMVMI server IT admin can just open one IP address and one
port number for mobile client access
bull Secure Access can be deployed to in DMZ or intranet It only needs one network card if there
is a separation between internet mobile devices and Secure Access It needs two network
cards if it is deployed as a bridge mode (one NIC is for mobile clients to access from internet
the other NIC is to connect to the internal TMVMI servers)
bull Internet mobile clients use HTTPS to connect Secure Access Then Secure Access relays the
client requests to the TMVMI
bull Secure Access controls its export ports by iptables to ensure the security TMVMI server also
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
About Virtual Mobile Infrastructure
What is Virtual Mobile Infrastructure
The Virtual Mobile Infrastructure solution hosts mobile operating systems on centralized servers
making them accessible over a network using an efficient remote display protocol and rendering
technology
It enables clear separation of corporate personal data amp Workspace
For users this means they can access the same mobile environment with their applications and
data from any location without being tied to a single device
For IT administrators this means a more centralized efficient Workspace that is easier to manage
and maintain
How does Virtual Mobile Infrastructure work
bull Using a Web-based management console administrators can create and provision secure
mobile Workspace with applications data and customized mobile system to end users
bull Using an AndroidiOSWindows device an employee can logon to the Workspace over the air
to remotely access the mobile Workspace
bull Enterprises can continue to manage and update the Workspaces
bull If necessary they can remotely remove a userrsquos entire Workspace including all corporate
applications and data
What are the minimum system requirements for using
TMVMI
bull System requirements for Client
Virtual Mobile Infrastructure client supports iOS Android and Windows also support phone
and tablet both
ndash iOS 80 or later
ndash Android 40 or later
ndash Windows 81Windows Phone 81Windows 10 Mobile
bull System requirements for TMVMI Server
Virtual Mobile Infrastructure Server is delivered as a Linux-based appliance and is packaged
as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
bull System requirements for TMVMI Secure Access
Secure Access is delivered as a Linux-based appliance and is packaged as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
How does IT deploy TMVMI as a single server in
corporate
How to support scalability How does load balance work
bull Supports multiple servers
bull Supports multiple Secure Access
TMVMI support two kinds of load balance
bull TMVMI Secure Access load balance IT can put multiple Secure Access in intranet and export
them through a L4 switch device Client access a FQDN (VMIcompanycom) and L4 switch
device relay the request to one of Secure Access Secure Access will relay the request to TMVMI
Server
bull TMVMI Server load balance IT can deploy multiple TMVMI server (one is master server and
others are slave servers) TMVMI will allocate new user to the server that has largest available
seat number
Available Seat Number = (Server Capacity) ndash (Active User number)
How does Secure Access Work How secure it is
bull The Secure Access provides Internet access on mobile clients It receives mobile client
enrollment request and relay to TMVMI server IT admin can just open one IP address and one
port number for mobile client access
bull Secure Access can be deployed to in DMZ or intranet It only needs one network card if there
is a separation between internet mobile devices and Secure Access It needs two network
cards if it is deployed as a bridge mode (one NIC is for mobile clients to access from internet
the other NIC is to connect to the internal TMVMI servers)
bull Internet mobile clients use HTTPS to connect Secure Access Then Secure Access relays the
client requests to the TMVMI
bull Secure Access controls its export ports by iptables to ensure the security TMVMI server also
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
What are the minimum system requirements for using
TMVMI
bull System requirements for Client
Virtual Mobile Infrastructure client supports iOS Android and Windows also support phone
and tablet both
ndash iOS 80 or later
ndash Android 40 or later
ndash Windows 81Windows Phone 81Windows 10 Mobile
bull System requirements for TMVMI Server
Virtual Mobile Infrastructure Server is delivered as a Linux-based appliance and is packaged
as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
bull System requirements for TMVMI Secure Access
Secure Access is delivered as a Linux-based appliance and is packaged as an ISO file
ndash Processor 64-bit x86 four-core
ndash Memory 4-GB
ndash Hard disk 30 GB available for installation
ndash Network Cards (NIC) One 1-GB NICs
How does IT deploy TMVMI as a single server in
corporate
How to support scalability How does load balance work
bull Supports multiple servers
bull Supports multiple Secure Access
TMVMI support two kinds of load balance
bull TMVMI Secure Access load balance IT can put multiple Secure Access in intranet and export
them through a L4 switch device Client access a FQDN (VMIcompanycom) and L4 switch
device relay the request to one of Secure Access Secure Access will relay the request to TMVMI
Server
bull TMVMI Server load balance IT can deploy multiple TMVMI server (one is master server and
others are slave servers) TMVMI will allocate new user to the server that has largest available
seat number
Available Seat Number = (Server Capacity) ndash (Active User number)
How does Secure Access Work How secure it is
bull The Secure Access provides Internet access on mobile clients It receives mobile client
enrollment request and relay to TMVMI server IT admin can just open one IP address and one
port number for mobile client access
bull Secure Access can be deployed to in DMZ or intranet It only needs one network card if there
is a separation between internet mobile devices and Secure Access It needs two network
cards if it is deployed as a bridge mode (one NIC is for mobile clients to access from internet
the other NIC is to connect to the internal TMVMI servers)
bull Internet mobile clients use HTTPS to connect Secure Access Then Secure Access relays the
client requests to the TMVMI
bull Secure Access controls its export ports by iptables to ensure the security TMVMI server also
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How to support scalability How does load balance work
bull Supports multiple servers
bull Supports multiple Secure Access
TMVMI support two kinds of load balance
bull TMVMI Secure Access load balance IT can put multiple Secure Access in intranet and export
them through a L4 switch device Client access a FQDN (VMIcompanycom) and L4 switch
device relay the request to one of Secure Access Secure Access will relay the request to TMVMI
Server
bull TMVMI Server load balance IT can deploy multiple TMVMI server (one is master server and
others are slave servers) TMVMI will allocate new user to the server that has largest available
seat number
Available Seat Number = (Server Capacity) ndash (Active User number)
How does Secure Access Work How secure it is
bull The Secure Access provides Internet access on mobile clients It receives mobile client
enrollment request and relay to TMVMI server IT admin can just open one IP address and one
port number for mobile client access
bull Secure Access can be deployed to in DMZ or intranet It only needs one network card if there
is a separation between internet mobile devices and Secure Access It needs two network
cards if it is deployed as a bridge mode (one NIC is for mobile clients to access from internet
the other NIC is to connect to the internal TMVMI servers)
bull Internet mobile clients use HTTPS to connect Secure Access Then Secure Access relays the
client requests to the TMVMI
bull Secure Access controls its export ports by iptables to ensure the security TMVMI server also
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
controls its export ports by iptables to ensure the security
What is the user status and how does the status change
bull Each user has one virtual mobile Workspace Workspace is hosted in Virtual Mobile
Infrastructure server It has three types of status Active Idle and Offline
ndash Active User logged on userrsquos virtual mobile instance is alive user is using the virtual
mobile instance
ndash Idle User logged on userrsquos virtual mobile instance is alive user is not using the virtual
mobile instance
ndash Offline User logged out userrsquos virtual mobile instance is not alive
IT administrator can manually disable user from web console After disabled user cannot
logon to access its virtual mobile instance any more
What Android version does TMVMI use
bull The Android OS version of the Workspace is based on Android 5 1 in TMVMI 51
bull Some 3rd party application display strange in UNIA After test we found the apps also have
same issue on the real device
bull TMVMI can only support what the Android Version (eg Android 51) offers it cannot add OS
features
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How does RMX choose protocols
bull RMX (Remote Mobile eXperience) choose different protocols for different devices
bull CSR (client side rendering) protocol All Android devices with available memory gt= 100MB and
physical memory gt= 500MB and supports OpenGL 20
bull H264 encoding with VNC protocol Windows 81Windows phone 81 devicesWindows 10
Mobile
bull OpenGL CSR protocol All iOS devices
How does an instance use server resource
The instance means the virtual mobile that launched in TMVMI server Each user will have a virtual
mobile when they are using TMVMI
bull Instances can share the serverrsquos storagememoryCPU but with some limitations
bull Server storage is shared for every instance and the administrator can set a limit by going to
Profile-gt Storage Limit settings
bull Memory is also shared for every instances but has limitation at most 2GB for each instance
bull CPU is also shared for each instances but has limitation at most 2 cores for each instance
Does each virtual phone receive an IP address when it is
created Who assigned it
bull Yes each virtual phone receives an IP address when it is created The IP is assigned by the
TMVMI server NOT by the DHCP server It means all virtual phones share the TMVMIrsquos eth0 IP
address just use NAT port forward traffic No need to allocate IP for virtual phone
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
What ciphers are supported on external link
All external mobile client connect to TMVMI Secure Access server with HTTPS connection and
ciphers supported are as follows
ndash DHE-RSecure Access-AES256-SHA SSLv3Kx=DH Au=RSecure
Access Enc=AES(256) Mac=SHA1
ndash AES256-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(256) Mac=SHA1
ndash EDH-RSecure Access-DES-CBC3-SHA SSLv3 Kx=DH Au=RSecure Access Enc=3DES(168)
Mac=SHA1
ndash DES-CBC3-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=SHA1
ndash DES-CBC3-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=3DES(168) Mac=MD5
ndash DHE-RSecure Access-SEED-SHA SSLv3 Kx=DH Au=RSecure Access Enc=SEED(128)
Mac=SHA1
ndash SEED-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=SEED(128) Mac=SHA1
ndash RC4-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=SHA1
ndash RC4-MD5 SSLv3 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash RC2-CBC-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC2(128) Mac=MD5
ndash RC4-MD5 SSLv2 Kx=RSecure Access Au=RSecure Access Enc=RC4(128) Mac=MD5
ndash DHE-RSecure Access-AES128-SHA SSLv3 Kx=DH Au=RSecure
Access Enc=AES(128) Mac=SHA1
ndash AES128-SHA SSLv3 Kx=RSecure Access Au=RSecure Access Enc=AES(128) Mac=SHA1
ndash Mobile client negotiated with TMVMI server to choose cipher to encrypt connection
during enrollment
Security
Is TMVMI safe enough
bull TMVMI enhances its security from communication storage and all components
ndash Zero enterprise data reside on employees devices
ndash All traffic are encrypted with SSL
ndash Multi-factor authentication
ndash Managed virtual Workspace
ndash Security hardened client app
ndash Single sign On
bull We have a security report about TMVMI you can check it for detail
TMSMW Security Reportpdf
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Can I know if RMX is secure Is it RMX and HTTPS or
RMX in HTTPS
bull The traffic from Internet mobile device to TMVMI Server consist of two parts first part is login
authentication packages after authentication it comes second part is RMX packages (RMX a
Trend optimized remote access protocol for iOSAndroidWindows to display the image of the
Workspace)
bull Between internet mobile device and TMVMI Secure Access therersquos only HTTPS Login
authentication and RMX are both encrypted as HTTPS
bull Between TMVMI Secure Access and TMVMI Server both HTTPS and RMX are present
bull HTTPS port 443
bull RMX port 5901-6923
What certificates are supported for TMVMI Server and
Secure Access
bull Common server SSL certificate will be acceptable
What is your strategy for copypaste text between real
device and virtual Workspace
bull In current version it is restricted to copypaste any data between real device and virtual
Workspace
bull In future version copypaste from real device to virtual Workspace can be configured allow or
not But copypaste from virtual Workspace to real device will be always disallowed to assure
security
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Server Installation
What kinds of network card do TMVMI support
bull You can use the ldquomodprobe -l | grep driversnetrdquo command to see the list of all the supported
network card drivers within the TMVMI server
bull Below is the list of network cards that the TMVMI server currently support If your serverrsquos
network card driver is not in the list it may have a problem or is not supported More network
card types may be supported in the future
ndash kerneldriversnetethernet3com3c59xko
ndash kerneldriversnetethernet3comtyphoonko
ndash kerneldriversnetethernetamdamd8111eko
ndash kerneldriversnetethernetamdpcnet32ko
ndash kerneldriversnetethernetbroadcomb44ko
ndash kerneldriversnetethernetbroadcombnx2ko
ndash kerneldriversnetethernetbroadcomcnicko
ndash kerneldriversnetethernetbroadcombnx2xbnx2xko
ndash kerneldriversnetethernetbroadcomtg3ko
ndash kerneldriversnetethernetchelsiocxgb3cxgb3ko
ndash kerneldriversnetethernetchelsiocxgb4cxgb4ko
ndash kerneldriversnetethernetciscoenicenicko
ndash kerneldriversnetethernetintele100ko
ndash kerneldriversnetethernetintele1000ee1000eko
ndash kerneldriversnetethernetinteligbigbko
ndash kerneldriversnetethernetinteligbvfigbvfko
ndash kerneldriversnetethernetintelixgbeixgbeko
ndash kerneldriversnetethernetintelixgbevfixgbevfko
ndash kerneldriversnetethernetinteli40ei40eko
ndash kerneldriversnetethernetintelixgbixgbko
ndash kerneldriversnetethernetinteli40evfi40evfko
ndash kerneldriversnetethernetintelfm10kfm10kko
ndash kerneldriversnetethernetmarvellmvmdioko
ndash kerneldriversnetethernetmarvellskgeko
ndash kerneldriversnetethernetmarvellsky2ko
ndash kerneldriversnetethernetpacketengineshamachiko
ndash kerneldriversnetethernetpacketenginesyellowfinko
ndash kerneldriversnetethernetqlogicqla3xxxko
ndash kerneldriversnetethernetqlogicqlcnicqlcnicko
ndash kerneldriversnetethernetqlogicqlgeqlgeko
ndash kerneldriversnetethernetqlogicnetxennetxen_nicko
ndash kerneldriversnetethernetrealtek8139cpko
ndash kerneldriversnetethernetrealtek8139tooko
ndash kerneldriversnetethernetrealtekr8169ko
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
ndash kerneldriversnetethernetec_bhfko
ndash kerneldriversnetethernetdnetko
ndash kerneldriversnetetherneticplusipgko
ndash kerneldriversnetethernetjmeko
ndash kerneldriversnetmacvlanko
ndash kerneldriversnetmiiko
ndash kerneldriversnetmdioko
ndash kerneldriversnetnetconsoleko
ndash kerneldriversnettunko
ndash kerneldriversnetvirtio_netko
ndash kerneldriversnetpppppp_genericko
ndash kerneldriversnetppppppoxko
ndash kerneldriversnetppppppoeko
ndash kerneldriversnetslipslhcko
ndash kerneldriversnetvmxnet3vmxnet3ko
ndash kerneldriversnetxen-netfrontko
ndash kerneldriversnethypervhv_netvscko
ndash
Which IP address canrsquot be used for VMI Server and
Secure Access
bull During VMI server and Secure Access installation please do not use IP within
192168248021
ndash Range (1921682480~192168255255)
bull Here is the reason
ndash Every virtual phone needs an IP address and VMI will need to provide these IP address
for user VMI uses NAT (Share server IP address with Workspaces) This makes admin
just provide an eth0 IP address then VMI create a subnet inside which allocate to
virtual phone to use
ndash It need eth0 IP address and Secure Access canrsquot fall within the VMI subnet otherwise
your mobile device canrsquot connect to the virtual phone because of IP conflict
bull To solve the issue we have a tool to configure network but it can only stay in Class-C network
range
bull Use ssh to connect your TMVMI server use following command
ndash cd vmimanager
ndash python nat_configpyc
Parameter error
nat_config ltgatewaygt ltnetmaskgt ltip_startgt ltip_endgt
bull To check if your configuration takes effect you can use the two method
ndash Use ifconfig command check the address changed to new gateway
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
ndash Check the defaultxml file located in etclibvirtqemunetworks and you can see your new
configured gateway netmask and IP start and end
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
What can I do if the server installation fails
If the problem happens on the first screen only and no other screen follows you can try to
press the Tab button
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
bull Move the cursor after initrd=initrdimg add ldquoxdriver=vesa nomodesetrdquo then press enter to
continue The installation will be successful
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Why canrsquot I install TMVMI server on Hyper-V
bull You may get the rdquoUnable to Continue Trend Micro Virtual Mobile Infrastructure does not
support your current hardwarerdquo error message during the TMVMI server installation on
Microsoft Hyper-V
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
bull To solve the error you can try either of the following
bull Your bare metal CPU may not support Intel SSSE3 You may need to change
to another bare metal CPU
bull If you confirm that your bare metal CPU supports Intel SSSE3 you can check
the Hyper-V Processor Compatibility configuration Make sure you uncheck
the item ldquoMigrate to a physical computer with a different processor versionrdquo
Then try again
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Configurations for TMVMI Server
How to change the IP address of the Network Card
bull Eth0 Network interface for accessing management web console and for mobile devices to
access the server
ndash Login to command console with tmvmi account and type rdquoclishrdquo ldquoenablerdquo command
to enable privileged mode
ndash Type the ldquoconfigure network interface ipv4 eth0 ltipaddressgt ltsubmaskgtrdquo command
to change eth0 IP address For example ltipaddressgt could be ldquo10648810rdquo
ltsubmaskgt could be ldquo2552552520rdquo
ndash Type the ldquoconfigure network route default ipv4 ltipaddressgtrdquo command to change the
default gateway of your TMVMI server ltipaddressgt could be ldquo1064881rdquo
ndash Type the ldquoconfigure network dns ipv4 ltipaddress for DNS1gtrdquo command to change DNS
server address ltipaddressgt could be ldquo8888rdquo
ndash If you want to configure the secondary DNS type the ldquoconfigure network dns ipv4
ltipaddress for DNS1gt ipv4 ltipaddress for DNS2gtrdquo command to change DNS server
address
How do I configure the network card for Secure Access
bull If you want to deploy Secure Access as bridge mode you need two network cards for Secure
Access One for internet access the other for Secure Access connect to TMVMI server
bull If you want to deploy Secure Access in the intranet you can just configure one network card
for it You need to use L4 switch or another network device which can relay the internet traffic
to Secure Access
bull You need to make sure that Secure Access can connect to TMVMI serverrsquos eth0 (for mobile
client access)
How to use the external storage in TMVMI
bull External storage is a feature to save user data to an external server that supports NAS When
administrator enables this feature all the user data will be stored into external server instead
of local server You can follow the two steps to configure external storage
bull For multiple server support you must enable the external storage
ndash Step1 Configure a new folder in external storage server and set related privilege
bull Create a new folder in the external storage server
bull Set privilege
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
bull Configure exports
bull Add the new created path and set shared privilege
bull Restart the NFS service
ndash Step2 Configure the external storage information in TMVMI server
Test the connection and save the settings If the tests are successful you can start to use
external storage now
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How can I change the external storage
bull When trying to change the external storage you may meet an error about you canrsquot disable
previous external storage The reason is because TMVMI canrsquot unmount the old external
storage as it is not in the same subnet
bull The solution is to configure both TMVMI and old external storage to be in the same subnet
and disable it Once this is done you can connect to your new external storage successfully
How to use the system recovery
bull You can use system recovery to rescue your operating system such as change password repair
grub installrepair system software fix Linux kernel export data when system crash
bull Below are the steps about how to use system recovery
1 You need to modify BIOS to let system boot from CD-ROM drives then insert the
installation disc and restart the server
2 Select System Recovery on the installation UI
3 Select your language and keyboard type
4 Select Local CDDVD contains rescue image
5 In Setup Networking page if you donrsquot want to change network card IP select No
6 In Rescue page select continue to mount CD under ldquomntsysimagerdquo
7 Click OK to mount CD as ldquomntsysimagerdquo
8 Select ldquoShell Start shellrdquo to open command line
bull You can use the bash command line now You can rescue your system on this mode
bull To change the root password
1 Enter the ldquochroot mntsysimagerdquo command
2 Under the shell use the ldquopasswd rootrdquo command to set new password for root
3 Use the ldquoexitrdquo command to exit current shell
bull To repair grub
1 Enter the ldquochroot mntsysimagerdquo command
2 Use the ldquofdisk -lrdquo command to check the current device this will appear as ldquodevsdardquo
in our system
3 Enter the ldquogrub-install devsdardquo command to repair grub
4 Check the result if the repair is successful
5 Use the ldquoexitrdquo command to exit current shell
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
bull To installrepair software
ndash Enter the ldquochroot mntsysimagerdquo command
1 Create a mountable directory by using the ldquomkdir mntsourcerdquo command
2 Type the ldquomount devdvd mntsourcerdquo command
3 Use the ldquorpm ndashivh mntsourceTMVMIrpmrdquo command to install rpm package
4 Reboot the system to check if the rpm has been installed
bull To fix the Linux kernel
1 Use the ldquomount devdvd mntsourcerdquo command
2 Use the ldquorpm -ivh mntsourceTMVMIkernel-340+-1x86_64rpm --
root=mntsysimage -- forcerdquo Your kernel will be installed
bull To export data when the system crashes
1 Enter the ldquochroot mntsysimagerdquo command
2 Configure the IP address for the network card
3 Copy the file(s) to another device with ldquoscp [options] source destrdquo to export data (eg
ldquoscp ndashr homeaccount root106490125homerdquo)
How to change the HTTPS certificate for the management
web console
bull Upload the certificate and private key to TMVMI server (using winscp tool or other scp tool)
ndash Place the private key to the ldquoetcpkitlsprivaterdquo directory
ndash Place the certificate file to the ldquoetcpkitlscertsrdquo directory
bull After uploading the certificate and private key change the ldquoetcHTTPdconfdwsgi-vmiconfrdquo
configuration file then replace the corresponding file name with your real file name
ndash The following is the location for the certificate file
bull SSLCertificateFile etcpkitlscertsxxxxcrt
ndash The following is the location for the private key file
bull SSLCertificateKeyFile etcpkitlsprivatexxxxkey
bull You need to restart the Apache service using the ldquoservice HTTPd restartrdquo command Now your
new certificate take effect
How to export and import database in TMVMI server
bull Exporting database from TMVMI server
ndash 1 Login to the TMVMI server command line console run the command ldquomysqldump
-uvmi -pvmi4trend vmigt vmisqlrdquo
ndash 2 Copy the vmisql to your computer (use scp tools)
bull Importing database to TMVMI server
ndash 1 Copy the database file ldquovmisqlrdquo to the TMVMI server (use scp tools)
ndash 2 Login to the TMVMI server command line console run the command ldquomysql -uvmi
-pvmi4trend vmi lt vmisqlrdquo
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Can I upload paid Google Play app to VMI console
bull VMI provides an app named ldquoTMVMI App Pushrdquo which enables secure and easy provisioning
of applications to VMI server
bull If you have a paid Google Play app on your mobile device we donrsquot suggest you to upload the
app to VMI console because of the following reasons
bull Sharing a paid app will violate Google rules
bull You may encounter an error like the screenshot below
Configuration for TMVMI Secure Access
How do I configure eth1 network card for Secure Access
bull During the Secure Access installation you can configure the eth0 network card If you want to
configure the eth1 network card for Secure Access you can follow the steps
1 Login to command console with admin account And type ldquoenablerdquo command to
enable privileged mode
2 Type ldquoconfigure network interface ipv4 eth1 ltipaddressgt ltsubmaskgtrdquo command to
configure eth1 IP address For example ltipaddressgt could be ldquo10648830rdquo
ltsubmaskgt could be ldquo2552552520rdquo
How to change HTTPS certificate for Secure Access
bull Upload the certificate (p12 format) to Secure Access (using winscp tool or other scp tool)
ndash Upload the certificate file to ldquovmigatewayrdquo
bull If you have a password for your certificate use the following command to generate key
ndash vmigatewaycs -e xxxx
(where xxxx is your password)
bull After uploading change the configuration file rdquovmigatewayconfigurationjsonrdquo replace
corresponding file name with your real file name then replace the key with your key
ndash This line is for certificate file
bull ldquossl_cert_filerdquo ldquoxxxxp12rdquo
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
bull ldquossl_key_passwordrdquo ldquoxxxxrdquo
(If you donrsquot have password please keep the item empty)
bull You need to restart Secure Access using the ldquoservice vmigateway restartrdquo command Now your
new certificate take effect
How to check if Secure Access is connected to the
server
Browse the client download page through the Secure Access IP The Secure Access IP can be
accessed using the URL HTTPSltSecure Access_IPgt443 If the Secure Access is connected with
server you can see the download page
If you cannot see this page check the network as following
1 Ping the Secure Access IP from TMVMI server (eg ping ltSecure Access_IPgt)
2 Telnet Secure Access IP and 443 port in TMVMI server (eg telnet ltSecure Access_IPgt 443)
How does Secure Access check if the user who is logging
in is using the correct AD credentials
bull Secure Access does not check the AD credentials it just forwards the AD info to the TMVMI
server and the TMVMI server will do the authentication with the AD server Secure Access just
works as a transparent proxy server which forwards the mobile client request to TMVMI server
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How to configure the Secure Access if the IP address of
the management server is changed
1 Login Secure Access command console
2 Change the IP address to the eth0 of management server in the file
vmigatewayconfigurationjson then edit the following line
parameters
server 19216810111
3 Save the file
4 Restart service with command ldquoservice vmigateway restartrdquo
How to configure the HTTP port in TMVMI Secure Access
for playing video
If you want to play video through Secure Access you need to do one of the following
bull Deploy a public HTTPS certificate on secure access (Suggested)
bull Open an HTTP port on Secure Access
Follow the steps below to open an HTTP port on Secure Access for playing videos
For example the HTTP port is 8080
1 Stop the TMVMI server(s)
2 Login to the Secure Access command console edit the line ldquoHTTP_portrdquo to
ldquoHTTP_port8080rdquo in the file vmigatewayconfigurationjson save the file
3 Restart the vmigateway service by using the service vmigateway restart command
4 Login TMVMI management server command console edit the line Secure
Access_HTTP_PORT=80 to Secure Access_HTTP_PORT=8080 in the file
vmimanagerweb_portalsettingspy Save the file
5 Restart both the httpd and vmiengine services by using the following commands
service httpd restart
service vmiengine restart
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Functions
Do you support notifications from mobile Workspace to
real phone
bull We have a feature called v-Notification it can notify the real mobile phone if therersquos any
notification from the virtual Workspace such as email calendar etc It means that the virtual
phonersquos notification can be displayed on real phonersquos notification bar It works following the
workflow below
ndash One user logs in to the virtual phone and run an app Then switch the virtual phone
to background If the v-app has a v-notification in the virtual phone user will receive
a notification on real phone
ndash When the user opens the received notification on the real phone it will launch the
virtual phone to foreground
Does Virtual Mobile Infrastructure support reconnection if
it gets disconnected from the network
bull If the mobile client gets disconnected from the network it will try to reconnect once If it fails
to reconnect it will show the ldquoUnable to access serverrdquo message Click the message to
reconnect
Can users install or remove applications by themselves
bull Users cannot install or remove applications by themselves in the Workspace The applications
can be only distributed to users by IT administrator through profile
What input method is used in the Workspace
bull Workspace support two kinds of input method One is Mobile device keyboard and the other
is the Built-in cloud Workspace keyboard
bull Workspace uses Mobile device keyboard by default Mobile device keyboard is what the
mobile user installed and used in their device It can sync your device language and locale and
it is convenient to use
bull Built-in cloud Workspace keyboard is installed in the Workspace Once the user clicks the
Workspace remote image the Workspace will display your keyboard It is safer but the input
response may be slower depending on the network delay
You can switch between these two input methods in Administration gt System Settings gt Mobile
Client gt User keyboard for Workspace
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Does TMVMI support the following mobile features
CameraBluetoothGPSAudioVideo
bull Camera ndashsupported
bull Bluetooth ndash supported from version 53 but depends on the wireless module and wireless
connections which are not included in Workspace (hosted on enterprise servers)
bull GPS ndash supported
bull Audiondash supported from version 50
bull Videondash supported from version 50
User Management
What can users do if they forget the Workspace lock
screen password
bull Depending on their preference users can choose NonePatternPINPassword for their lock
screen If they forgot it they can ask the administrator for help
bull Administrator can logon web console open Users tab and select the user Find the item Clear
Workspace screen lock click Clear
bull Administrator can then do te following
1 Login to the web console then go to the Users tab
2 Select the user
3 Click Clear
bull Once cleared the user will have the default lock screen settings When the user logs in again
they can set the lock screen again
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How to export or import user data in TMVMI server
bull To export user data from TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console the copy the ldquoglusterrdquo and
ldquovmidatardquo folders to your computer (use scp tools)
ndash 3 Start the TMVMI server from the Servers tab of the web console
bull To import user data to TMVMI server
ndash 1 Stop the TMVMI server from the Servers tab of the web console
ndash 2 Login to the TMVMI server command line console copy the previously exported
ldquoglusterrdquo and ldquovmidatardquo folders to TMVMI serverrsquos same folder
ndash 3 Start the TMVMI server from the Servers tab of the web console
How to export or import user data in External Storage
bull To Export user data from External Storage
ndash 1 Keep the external storage connected with server
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the ldquoglusterrdquo folder
to your computer (use scp tools)
ndash 4 Start the TMVMI server from the Servers tab of the web console
bull Importing user data to External Storage
ndash 1 Enable the external storage from web console by going to Administration gt System
Settings tab
ndash 2 Stop the TMVMI server from the Servers tab of the web console
ndash 3 Login to the TMVMI server command line console then copy the previously
exported ldquoglusterrdquo folder to the External Storagersquos ldquoglusterrdquo folder
ndash 4 Start the TMVMI server from the Servers tab of the web console
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Why canrsquot I use Active Directory
bull This happens when you use an AD administrator account to authenticate the login Windows
Security policy forbids the query of administrator account from the AD and this will result in
the failure of the Test Connection
bull The solution is to use a non-administrator account to authenticate the login This will result to
a successful connection to the AD
Is it possible to block users that tries to brute force attack
the VMI user credentials with VMI client
If a malicious user tries to guess the VMI credentials by exhaustive test on the client admin
can configure unsuccessful sign in restriction on web console
You can configure it through web console ldquoAdministrationrdquo tab -gt ldquoSystem Settingsrdquo -gt ldquoMobile
Clientrdquo-gt ldquoRestriction Settings for Unsuccessful Signinrdquo You can enable it and configure if failed to
login x times mobile client canrsquot login within x seconds
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
How to get local user password without email
bull TMVMI sends an invitation email to invite local user which contains the password If you do
not have a SMTP server you will not be able receive this email
bull You can get the local user password by following the steps below
1 Login to the TMVMI web console then go to the Users tab
2 Select the user then click Reset to reset the user password A dialog box will appear
containing the new password as seen from the screenshot below
Why do I always see old web UI
bull If you installed TMVMI server with Simplified Chinese language then re-installed an English
TMVMI server the web console may still show the Simplified Chinese language It is because
of the browser cache
bull To avoid this you should be clean browse cache and re-login to the web console
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
TMVMI Client
How to download the mobile client
bull You can download the mobile client from Google Play Apple App Store and Windows Store
How to logout from the mobile client
bull For Android and iOS devices you can click ldquoSign Outrdquo button
Cannot install the iOS inhouse IPA in iOS 1031 or above
bull In iOS 1031 or above users need to manually turn kon trust for SSL certs when manually
installing a profile that contains a certificate payload This is due to an update for this iOS
version For more details on this refer to httpssupportapplecomen-hkHT204477
I have TMVMI installed and I can login but I canrsquot see the
virtual desktop Why
bull You need to follow the firewall port rule
ndash Secure Access to TMVMI TCP 443 accept
ndash Secure Access to TMVMI TCP 5900-TCP 6923 accept
ndash Internet client to Secure Access TCP 443 accept
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Is it possible to log in to the same virtual phone from two
different devices at the same time
Currently this is not supported If a new device wants to login to the virtual phone previous one
will be kicked out
Applications
How can I make sure that distributed 3rd party applications
does not have any license issues
bull If you downloaded 3rd party apps from app store and distributed the apps from TMVMI
application centers you may contact the 3rd party apps vendor if you can use them for more
license
bull TMVMI assumes customer already have had apps ready and uploaded them to TMVMI server
How to do app wrapper for single sign on
We have two methods to support SSO One is using app wrapper technology and TMVMI will
modify the app to support SSO The other method is send the username and password to the app
by intent then the app developer will need to add the sample code in the app to support SSO
If you cannot re-develop the app you can use the first method If the app is still developing we
suggest you use the second method
bull App wrapper method
ndash Login to the administration web console then browse the URL
HTTPSlttmvmi_IPgt8443appsappwraphtm
ndash Click the Upload button to upload the app into web console
ndash Wait until the process is finished download the wrapped app and upload the app
to Applications screen
bull Intent method
ndash Re-develop the app by adding the sample code in the application
Override
protected void onCreate(Bundle savedInstanceState)
String strUsernameFromIntent = null
String strPasswordFromIntent = null
Intent intent = getIntent()
Bundle bundleExtra = intentgetExtras()
if (bundleExtra = null)
strUsernameFromIntent = bundleExtragetString(username)
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
strPasswordFromIntent = bundleExtragetString(password)
if (strUsernameFromIntent == null ampamp strPasswordFromIntent == null)
No usernamepassword in Bundle
else
No extras in Intent
ndash Repack the sign the app Upload the app to Applicationsgt Cloud Workspace Applications
in administration web console
ndash Edit the app enable ldquoEnable SSO for this applicationrdquo
Does app wrapper have limitation
bull App wrapper has some limitations
ndash APK signature checking If APK has signature checking wrapped APK may not run
correctly
ndash Code obfuscation If APK developer is using code obfuscation wrapper may not able
to find important functions for wrapping
ndash Function Even if wrapping succeeded the code we injected into APK still may not
work well
Why I canrsquot upload apps for single sign on
bull If you use Internet Explorer and you cannot upload apps successfully you may be having a
permission issue To resolve this follow the steps from this Microsoft article
ndash httpsupportmicrosoftcomkb908356en-us
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Why does SSO fail with companylsquos exchange server
If the SSO fails with the companylsquos exchange server and get the following error message in
your Workspace ldquoYou donrsquot have permission to sync with this serverrdquo Please check whether the
number of your mobile devices that you bind to exchange server is ten or more than ten If it is
you cannot add extra mobile device and it will cause the SSO to fail
Please login Outlook Web App and delete unused mobile device from
ldquoOptiongtTelephonegtMobilerdquo
After you finished tap NEXT to try SSO again
Does TMVMI support all the video player
bull TMVMI only support the video player that uses the Android systemrsquos Media Player API to play
video
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Some applications cannot run normally with Virtual Mobile
Infrastructure (VMI)
bull Some application developers encounter issues in running their apps in VMI This article
enumerates the possible reasons why some apps cannot run with the product
bull VMI is incompatible with certain settings in APK An app may fail to work in VMI if it has the
following settings
bull The application requires hardware support (eg Bluetooth or NFC)
ndash For Bluetooth APKs AndroidManifestxml contains the following stringltuses-
permissionandroidname=androidpermissionBLUETOOTH gt
ndash For NFC APKs AndroidManifestxml contains the following stringltuses-permission
androidname=androidpermissionNFC gt
bull The application needs OpenGL ES 20 or 30 support APKs AndroidManifestxml contains
the following stringsltuses-feature androidglEsVersion=0x20000
androidrequired=truegt
ltuses-feature androidglEsVersion=0x30000 androidrequired=truegt
bull The application needs Google Framework APKs AndroidManifestxml contains the string
belowltmeta-data androidname=comgoogleandroidgmsversion
androidvalue=integergoogle_play_services_version gt
bull The application must be run in SDK which version is greater than 22 APKs
AndroidManifestxml contains the following string wherein minSdkVersion is higher than
22ltuses-sdk androidminSdkVersion=integer androidtargetSdkVersion=integer
androidmaxSdkVersion=integer gt
bull Note In order for an app to work with VMI the minSdkVersion value should be less than
or equal to 22
bull An application contains mismatched ARM and x86 lib VMI supports APK with x86 since we
are running on x86 server Also VMI supports APK with ARM lib because it has box However
APKs that put ARM (or other non-x86 processors) lib in x86 directory are not supported APKs
with mismatched x86 libs and ARM libs are unsupported too Below are some examples of
unsupported settings
bull An APK has armeabi and x86 directories There are aso bso and cso in
armeabi and another aso bso and cso in x86 But bso is in ARM format which
means there is an ARM lib in x86 dir
bull An APK has armeabi and x86 directory There are aso bso and cso in
armeabi but only aso and bso in x86
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt
Why does the installed application in TMVMI server fail to
login
When user logs in to the app from TMVMI server the application connects to the application
server from TMVMI server not from the the client If you fail to login in TMVMI server it may be
caused by a network problem Please check the network between the TMVMI server and the
application server by using telnet command telnet ltapplication server IPgt ltlogin portgt