Avalanche Android Communication Flow

Version 7

    Verified Product Versions

    Avalanche 6.1Avalanche 6.0Avalanche 6.2

    Scenario:

    This document covers the basic communication flow of how Android devices communicate to the SDS.

     

    Enrollment:

    1.png

    Devices will initiate enroll process via 443 to securely communicate with the SDS via HTTPS. There is a fallback port of 8888 (configurable in the sds.properties file) that will allow the device to communicate via HTTP.

     

    When troubleshooting enrollment, it is best to use the SDS enrollment page to test if communication is open and the enabler is receiving the SDS certs correctly.

     

    To do this go to a browser and enter https://(FQDN_or-IP-of_SDS)/mdm alternatively you can also try http://(FQDN_or-IP-of_SDS):8080/mdm both will take you to a page that looks like this for HTTPS:

     

    8.PNG

    please be aware that if a self signed cert is used you will receive an error saying the server is "Not secure" this will remain until you trust the cert on your device or computer.

    7.png

    2.png

     

     

    It should be noted that all communication for avalanche should be done via 443. You will not be able to do standard sync processes if 443 is not working correctly on the SDS.

    HTTP enroll page will look like this:

     

     

    3.png

     

     

    Potential 443 issues:
    1. Firewall is blocking 443 on the server (windows firewall) or to the server (external firewall)
    2. Certificate is missing chain of trust
    3. Certificate was created improperly
    4. DNS routing is not working correctly for FQDN
     
    Additional Resources:

    Bulk Enrollment for Android Smart Devices

    How to Enroll your Android Device on Avalanche On Premise

    Avalanche 6.X and Certificates

     

    Syncing Devices

    Devices use two ports to communicate to the SDS for synchronization; 443 and 7309. 7309 is utilized for the Avalanche Notification Service. The device must establish a connection to the SDS via 7309 for automatic synchronizations to work. All actions that can be triggered via scheduled task or by manual interactions from the console will be pushed via 7309.

     

    When the device runs an actual synchronization, it will communicate to the SDS via 443. It will start with a handshake to the SDS and then receive all its tasks from the SDS. Finally, it sends a sync completed statement to the SDS.

     

    General Synchronization:

    7.png

    1. ANS tells device it needs to sync (7309)
    2. Device initiates sync with SDS (443)
    3. SDS provides list of profiles to device
    4. Device informs SDS that it has completed its sync (443)
    File Payloads

    When dealing with file payloads the device will create a new get action to connect to the tomcat instance running avalanche. The process flow is as follows:

    5.png

    1. ANS tells device it needs to sync (7309)
    2. Device initiates sync with SDS (443)
    3. SDS provides list of profiles to device
    4. Device identifies file payload and initiates connection to Tomcat and downloads file (8080)
    5. Device informs SDS that it has completed its sync (443)

     

    Synchronization with software payloads from iis on sds

    6.png

    1. ANS tells device it needs to sync (7309)
    2. Device initiates sync with SDS (443)
    3. SDS provides list of profiles to device
    4. Device identifies manifest url from iis on SDS and downloads file (80)
    5. Device informs SDS that it has completed its sync (443)

     

    Potential Issues

    Running IIS with HTTPS configurations on the same server as your SDS will cause port conflicts and will block the SDS from fully starting

     

    Additional Resources

    Avalanche 6.0 - 6.1 - Creating and Deploying App Payload to Android & iOS Devices / Issues with payloads and packages

    Basic IIS Setup for Avalanche Payloads

     

     

     

    Potential Issues: