]

Solution

  • Workspace ONE

Type

  • Document

Level

  • Intermediate

Category

  • Fundamental

Product

  • Workspace ONE UEM

Phase

  • Deploy
  • Manage

Enrolling Head-Mounted Wearables with VMware Workspace ONE UEM

Overview

In the enterprise, Internet of Things (IoT) technology and smart connected devices will completely revolutionize how we work. While high costs, protocol fragmentation, and security and connectivity issues have slowed mass adoption of large-scale enterprise IoT projects, a subset of lightweight IoT-type endpoints, called workspace IoT, has emerged as the IoT of now. Today, workspace Io—which includes wearables, peripherals, and single-purpose endpoints—are being used alongside mobile devices, across a variety of verticals and use cases, to dramatically increase productivity, efficiency, and employee and customer experience.

The VMware Workspace ONE Unified Endpoint Management (UEM) platform enables organizations to securely manage any device—from laptops and smartphones to rugged devices and wearables—from a single console, but enrollment is the first step. For head-mounted wearables, enrollment can be challenging. While Android is the operating system of choice for head-mounted wearables, they are all running Android Open Source Project (AOSP) and the out-of-the-box experience varies widely. The Workspace ONE UEM team has been partnering with hardware manufacturers for three years to ensure the best possible management experience of these devices.

Purpose of This Guide

The purpose of this guide is to show you how to set up your Workspace ONE UEM instance to onboard wearable devices, as well as to navigate the specific nuances of all of the head-mounted wearable devices that Workspace ONE UEM supports. A variety of options are covered, and more are continually being added:

Note: This guide contains two types of useful links. External links take you to other resources on the web, and internal links take you to other sections within this guide. After you click an internal link and read its content, you can return to your original location by clicking the Back button of your browser.

Audience

This guide is intended for IT professionals planning to take advantage of the growing market of wearable technologies and to use VMware Workspace ONE UEM to deliver scalable management and app delivery for Android and head-mounted wearables. Familiarity with VMware Workspace ONE UEM, directory services, and supporting technologies is assumed.

Initial Workspace ONE UEM Setup

VMware Workspace ONE Unified Endpoint Management (UEM) enables you to securely manage your head-mounted wearables from a single console, with an easy onboarding process.

Regardless of the type of wearable devices you are enrolling, this process begins with the initial Workspace ONE UEM setup. The Workspace ONE UEM setup includes verifying prerequisites, registering Android EMM with Google Play account, and configuring enrollment settings, restrictions, and messaging.

Verifying Prerequisites

Before starting the enrollment process, make sure you meet the prerequisites for your particular type of wearable devices:

  • Realwear:
    • VMware Workspace ONE UEM version 1908 or newer
    • HMT-1, or HMT-1Z1 running Android 8.1 or above (and firmware v11 or newer)
  • Pico:
    • VMware Workspace ONE UEM version 1908 or newer
    • G2 4K (PUI 3.11.3) and Neo 2 (PUI 3.13.1)
  • Google Glass:
    • VMware Workspace ONE UEM version 1908 or newer
    • Google Glass Enterprise Edition 2

Registering Android EMM with Google Play Account

After you verify that you meet all prerequisites, the first step in the enrollment process is to register Android EMM with a Google Play account.

  1. Log in to your Workspace ONE UEM Console using your Administrator Account. Note that certain functions might require advanced roles, such as account creation. Check with your Workspace ONE UEM Console Administrator for proper role assignments.
  2. From the Customer Level Organization Group (OG), navigate to Getting Started > Workspace ONE > Android EMM Registration.

    Note: If you prefer to not use the wizard for Android EMM Registration, or if the wizard is not available in your environment, you can navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration.
  3. Make sure that you are signed into Google with your preferred (corporate account specific to your environment) Google account credentials, and select Configure.
  4. In the Android EMM Registration window, click Register with Google. If you are already signed in with your Google credentials, you are redirected back to the Workspace ONE console.
     
  5. On the Bring Android to Work window, select Sign In, if you are not already signed in, enter your Google credentials, and then select Get Started.
     
  6. Enter your Organization Name. The Enterprise Mobility Manager (EMM) provider field populates automatically as VMware Workspace ONE UEM.
  7. Select Next. The Data Protection Officer and EU Representative information is optional. Make sure to confirm that you have read and agreed to the Managed Google Play agreement.
  8. Select Confirm > Complete Registration.
  9. When you are redirected to the Workspace ONE Console, verify that your Google Service Account credentials are automatically populated, and select Save > Test Connection to verify that the service account is set up and connected successfully.

Configuring Enrollment Settings

After registering Android EMM with the Google Play account, the next step of the initial process is to configure enrollment settings. We recommend creating a Child Level OG for these settings.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration, and select the Enrollment Settings tab.
  1. In the Enrollment Settings window, select the Override radio button to change the default settings.
  2. For Work Managed Enrollment Type, select AOSP / CLOSED NETWORK, select WORK MANAGED DEVICE, and then click Save.
     

Note: All of the devices covered by this guide run the Android Open Source Project (AOSP) version of Android, which does not include Google Mobile Services (GMS). For this reason, Work Managed is the only mode of management supported, and certain features need to be disabled as a result.

Configuring Enrollment Restrictions

After configuring enrollment settings, the next step of the initial process is to set up enrollment restrictions.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration, and select the Enrollment Restrictions tab.
  1. In the Enrollment Restrictions window, select the Override radio button to change the default settings.
  • From the Define the enrollment method for this organization group dropdown menu, select Always use Android.
  • In the Allow Work Profile Enrollment field, select Disable, as this mode isn't supported on these devices. Click Save, and close the Settings window.
     
  1. Your Android EMM Registration status should show as Complete

Setting up Intelligent Hub Settings

After setting up enrollment restrictions, the next step of the initial process is to set up Workspace ONE Intelligent Hub Settings for this Organizational Group.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Intelligent Hub Settings.
  1. Select the Override radio button to change the default settings.
  2. For Require Google Account, select the DISABLED button.
  3. Scroll down, then select the ENABLED button, for AirWatch Cloud Messaging.
  4. Click Save.

Creating a Basic User Account

After setting up AirWatch Cloud Messaging, the final step of the initial process is to create a basic user account.

Note: Workspace ONE UEM manages devices by keeping track of the users of each device. Therefore, it is necessary to create and integrate user accounts for devices to enroll in Workspace ONE UEM. See Workspace ONE UEM documentation for detailed information on advanced topics, such as integrating Workspace ONE UEM with Directory Services.

  1. From the Customer Level Organization Group (OG), navigate to Accounts > Users > List View, select Add, then Add User.
  1. In the General tab of the Add / Edit User window, complete the following settings to add a Basic User.
  • Setting - Description
  • Security Type - Select Basic to add a basic user.
  • Username - Enter a username with which the new user is identified. For testing purposes, we recommend using lower case, alpha, and no special characters.
  • Password - Enter a password that the user can use to log in. This will be included in the QR Bar Code setup. A user will not need to enter this in manually.
  • Confirm Password - Confirm the password.
  • Full Name - Complete the First Name, Middle Name, and Last Name of the user.
  • Display Name (Optional) - Represent the user in the UEM console by entering a name.
  • Email Address - Enter or edit the user's email address.
  • Email username (Optional) - Enter or edit the user's email username.
  • Domain (Optional) - Select the email domain from the drop-down setting.
  • Phone Number (Optional) - Enter the user's phone number including plus sign, country code, and area code. This option is required if you intend to use SMS to send notifications.
  1. In the Enrollment tab, complete the following settings to add a Basic User:
  • Enrollment Organization Group - Select the organization group into which the user enrolls. Default settings are recommended.
  • Allow the user to enroll into additional Organization Groups - You can allow the user to enroll into more than one organization group. If you Enable this option, but leave Additional Organization Groups blank, then any child OG created under the Enrollment Organization Group can be used as a point of enrollment. Default settings are recommended.
  • Additional Organization Groups - This setting only appears when the option to allow the user to enroll into additional OGs is Enabled. This setting allows you to add additional organization groups from which your basic user can enroll. Default settings are recommended.
  • User Role - Select the role for the user you are adding from this drop-down setting. Default settings are recommended.
  1. In the Notification tab, complete the following settings to add a Basic User, and then click Save:
  • Message Type - Select the type of message you want to send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number option.
  • Message Template - The basic user activates their account with this notification. For security reasons, this notification does not include the user's password. Instead, a password reset link is included in the notification. The basic user selects this link to define another password. This password reset link expires in 24 hours automatically. Select the template for email or SMS messages by selecting one from this drop-down setting. Optionally, select Message Preview to preview the template and select the Configure Message Template to create a template.

Next Step: Specific Device Enrollment

After you have completed the initial Workspace ONE UEM setup, select one of the following specific devices to finish enrollment:

 

Realwear Headset Enrollment

This section describes how to conduct a Realwear HMT-1 (Non-Intrinsically Safe) or HMT-1Z1 (Intrinsically Safe) wearables/Workspace ONE enrollment. Realwear wearables are designed for hands-free use in hazardous environments. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Realwear wearables from a single console, with an easy onboarding process.

After completing the initial Workspace ONE UEM setup, you are now ready to enroll your Realwear HMT-1 (Non-Intrinsically Safe) or HMT-1Z1 (Intrinsically Safe) wearable devices.

Creating QR Enrollment Code

The first step in the device enrollment process is to create QR enrollment codes.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  1. In the Enrollment Configuration Wizard window, select the Android panel.
  2. Select the QR Code panel, and click the Configure button.
     
  3. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert-based Wi-Fi Networks.) Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
     
  4. Complete the form by providing the SSID and Password, and click Next.
  5. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
     
  6. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  7. Configure the Login Credentials. This is the Basic User that you created earlier (this only supports basic users). Select the Enabled button, then click the Username field, and choose the user from the dropdown list. Next, provide the correct associated password for that user.
  8. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
     
  9. To save a .pdf document to your hard drive, select the Download File option. To scan the QR Enrollment Code directly from your PC Screen, select the View PDF option.

Checking Firmware Version

After creating QR enrollment codes, the next step in the device enrollment process is to conduct a firmware versions check.

Note: The Realwear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11).

  1. Power on your Realwear HMT-1 device. (For device operations, see the instruction manual provided by Realwear.)
  2. Check the display to make sure that the battery level is greater than 30%, as a Software update cannot be performed if the battery is not at 30% or higher.
  3. Speak the Show Help command to show the list of available commands on the screen.
     
  4. Speak the My Programs command.
  5. Speak the About Device command to determine the version of firmware running on the device.
  6. If the version of firmware is lower than the one shown here, you’ll need to upgrade the firmware to complete the QR Code enrollment process. Skip the Firmware Update Section below, if your firmware is already updated to this version or higher.

Updating Firmware

After conducting a firmware versions check, the next step in the device enrollment process is to conduct a firmware update.

Note: The Realwear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11). If the version of your firmware is lower, upgrade the firmware before proceeding. If your firmware is already updated to this version or higher, skip this Firmware Update section, and proceed to Finish Enrollment.

  1. Power on your Realwear HMT-1 device. For device operations, see the instruction manual provided by Realwear.
  2. Check the display to make sure that the battery level is greater than 30%, as a Software update cannot be performed if the battery is not at 30% or higher.
  3. Speak the Navigate Home command to return to the home screen.
  4. Speak the My Programs command to view the My Programs screen.
  5. Speak the Configuration command to scan a QR Bar Code that will establish Wi-Fi Settings for the device, in order to download the latest version of firmware.
  6. On your PC or MAC, navigate to https://realwear.setupmyhmt.com. Click the Configuration button.
     
  7. Click the First Time Setup button.
     
  8. Select your preferred language, then select NEXT.
     
  9.  Set your time and date, then select NEXT.
     
  10. Provide your preferred WiFi Settings for the device, and select NEXT.
     
  11.  Scan the QR Code with the HMT-1 Camera to configure your device.
     
  12. The Wi-Fi should be configured at this point. Speak the Wireless Update command. If available, follow the commands on the screen to complete the Wireless Update.

Finishing the Realwear HMT-1 QR Code Enrollment

After updating firmware, the final step is to complete the Realwear HMT-1/Workspace ONE enrollment.

Note: The Realwear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11).

  1. After a firmware update, the HMT-1 should have performed a factory reset. Within a few minutes, this will automatically present the Configuration screen through the HMT-1 viewer, allowing for a QR Code scan.
  1. Aim your HMT-1 Camera at the QR Code that you created in the QR Enrollment Code Creation section.
     
  2. The camera will automatically capture the QR Code, and the enrollment process will begin. The Downloading Status screen will appear as the WS1 Hub is downloaded from the cloud, followed by an Installing… notification.
  3. When the Accept & Continue Screen appears, speak the command Accept & Continue. Enrollment will begin.
  4. Shortly, the device will become enrolled, and the Workspace ONE Intelligent Hub app will show the current user. Speak the command Navigate Home. The Hub Icon should be present in your My Programs screen.
     
  5. From the Customer OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console.

Conclusion

You have now completed a Realwear HMT-1 or HMT 1Z1 enrollment with Workspace ONE UEM. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide:

 

 

Pico VR Headset Enrollment

Virtual reality headsets are not only used for video games, but are also used in training environments and simulations. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Pico VR Headsets from a single console, after an easy onboarding process. This section describes how to conduct a Pico VR Headset/Workspace ONE enrollment.

A picture containing remote, video, wii, game

Description automatically generated

After completing the initial Workspace ONE UEM setup, you are now ready to enroll your Pico VR Headset devices.

Installing and Enrolling

The first step in the device enrollment process is to proceed with the installation and enrollment process.

  1. Download the following APK and have it on your local machine:
    http://discovery.awmdm.com/mobileenrollment/airwatchagent.apk
  2. Factory wipe a Pico HMD, connect it to a Wi-Fi network, ensure that USB debugging is turned on (under Advanced Setting > Developer Settings) and that you can successfully ADB into the device with the above-mentioned machine. The adb devices command should result in showing your connected device authorized for access.
  3. Critical: From the Pico HMD, launch the browser and verify that you can connect to your Workspace ONE URL. For example, https://ds135.awmdm.com (a successful connection means you will be re-directed, and you should see a Workspace ONE login screen). If you cannot connect to this site, you must switch to a Wi-Fi network that can before you continue.
  4. Install the apk you downloaded above onto the Pico using adb install command. This should result in a success message.
  5. Run the following adb command:

adb shell dpm set-device-owner
com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver

This should also result in a success message.

Note: The rest of the process is done on the Pico HMD directly.

  1. Launch the Hub app that you installed above.
  2. Enter the following in the next few screens to enroll the device:
  • Server: Device Services Server address (for example: ds135.awmdm.com)
  • Group ID: Organization Group ID
  • Enrollment User/Password: Enrollment User & password

There should be one privacy statement to click through, but otherwise, the device should run through enrollment and you should be brought to a screen where you can see the enrolled user, email address, and some informational items. You should now be able to manage these devices using Android Enterprise based profiles.

Setting Up Certificate Management

If you need to install private certificates (certs with a password), setting a device pin is required to enable the Android keystore. In order to support a device pin, you need to ensure your devices are running the following firmware: G2 4K (PUI 3.11.3) and Neo 2 (PUI 3.13.1). Contact to your Pico representatives to request this firmware.

Setting Up Controller Binding

If you are using the device in kiosk mode, you should bind the controller to the HMD. For more information, see http://static.appstore.picovr.com/docs/ControllerBinding/chapter_two.html.

Conclusion

You have now completed the Pico VR Headset/Workspace ONE UEM enrollment. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide:

 

Google Glass Enrollment

This section describes how to conduct a Google Glass EE2/Workspace ONE enrollment. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Google Glass EE2 wearables from a single console, after an easy onboarding process.

A pair of sunglasses

Description automatically generated

After completing the initial Workspace ONE UEM setup, you are now ready to enroll your Google Glass EE2 wearable smart glasses.

Creating QR Enrollment Code

The QR code enrollment method sets up and configures Google Glasses through simply scanning a QR code. The QR code contains a payload of JSON values with all the information needed for the device to connect to a Wi-Fi network, download the WS1 Intelligent Hub and be enrolled all with one quick scan. Although this can also be set up manually with a third party QR Code generator and a manual JSON payload, Workspace ONE UEM provides an easy wizard for creating a QR Code that can be used to enroll Google Glasses.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  2. In the Enrollment Configuration Wizard window, select the Android panel.
  3. Select the QR Code panel, and click the Configure button.
     
  4. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert-based Wi-Fi Networks). Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
     
  5. Complete the form by providing the SSID and Password, and click Next.
  6. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
     
  7. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  8. Configure the Login Credentials. This is the Basic User that you created earlier. Select the Enabled button, then click the Username field, and choose the user from the dropdown list. Next, provide the correct associated password for that user.
  9. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
     
  10. To save a .pdf document to your hard drive, select the Download File option. To scan the QR Enrollment Code directly from your PC Screen, select the View PDF option.

Finishing Google Glass EE2 QR Code Enrollment

After creating QR enrollment codes, the final step is to complete the enrollment process on the smart glasses.

  1. From a factory refreshed state, EE2 presents a provisioning application. After the device boots up, you should be presented with the following screen. If you do not see this screen upon boot up, you need to factory reset your device.
    A picture containing drawing, bird

Description automatically generated 
  1. From this screen, a tap on the right temple of the Google Glass will launch the camera in the EE2 eyepiece, allowing for a QR Code scan.
  2. Aim your EE2 Camera at the QR Code that you created in the QR Enrollment Code Creation section.
    A screenshot of a computer

Description automatically generated 
  3. The camera will automatically capture the QR Code, and the enrollment process will begin. The Downloading Status screen will appear as the Workspace ONE Intelligent Hub is downloaded from the cloud, followed by an Installing… notification.
  4. If the Accept & Continue Screen appears, tap the right temple of the glass for Enrollment to begin.
  5. Shortly, the device will become enrolled, and the Workspace ONE Intelligent Hub app will show the current user. Swiping down on the right temple from here should exit to the home screen of the device.
  6. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled in the Workspace ONE UEM Console.

Conclusion

You have now completed the Google Glass/Workspace ONE UEM enrollment. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide:

Summary and Additional Resources

Wearable technologies are becoming ever more popular—particularly augmented reality (AR), mixed reality (MR), and virtual reality (VR) head-mounted displays (HMDs)—and interest is expected to grow rapidly. To address this growing market and its resulting challenges, VMware has partnered with leading vendors to deliver scalable management and app delivery for Android and Windows 10-based wearables. This guide walks you through the steps toward Workspace ONE UEM enrollment for Realwear, Pico, and Google Glass devices.

Additional Resources

For more information about delivering and managing wearable devices through VMware Workspace ONE UEM, explore the following resources:

Changelog

The following updates were made to this guide.

Date

Description of Changes

2020‑10‑15

  • Initial publication

Authors and Contributors

The following authors, contributors, and subject-matter-expert reviewers collaborated to create this guide.

Authors

  • Dave Dwyer, Sr. Solution Engineer, End-User-Computing Technical Marketing, VMware
  • Jon Duncan, Group Product Line Manager, UEM IoT, Mobile PM, EMM VMware

Contributors

  • Christina Minihan, Senior Architect, End-User-Computing Technical Marketing, VMware

Feedback

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.

 

 

 

Filter Tags

  • Workspace ONE
  • Intermediate
  • Fundamental
  • Document
  • Workspace ONE UEM
  • Deploy
  • Manage