Airwatch Content Repositories are databases that contain vulnerable data within the SecurityCenter.

Introduction

Users and devices can manage and upload content, access a detailed overview of content use(user & content status, engagement, user breakdown, and storage history trends), and access other content-specific settings( user storage, VMware Content Locker home screen configuration, batch import status, content categories, content repositories) under Airwatch.

Airwatch Content Repositories are databases that contain vulnerable data within the SecurityCenter. Based on admin-defined assets, repositories can be shared with users and organizations. Repositories provide configurable and scalable data storage. Repository data can be shared between multiple SecurityCenters optionally. Storage is designated within SecurityCenter for different types of vulnerability data when adding a local repository. Local repositories are populated with vulnerability data by Scanners attached to a SecurityCenter.

Admin can access a local repository from another SecurityCenter when adding an external repository:

• Via an SSH session, repository data can be shared from one SecurityCenter deployment to primary SecurityCenter deployment with Remote repositories.
• Via manual export and import, repository data can be shared from one SecurityCenter deployment to primary SecurityCenter deployment with Offline repositories. By importing multiple files to the offline repository, data from several repository files can be combined into a single offline repository.

It is used solely for reporting purposes. The external repository data is static, and the repository has a maximum size of up to 32 GB.

Airwatch Content Repositories

Administrators with the required authorizations have complete control over the files stored in a particular location, referred to as Airwatch Content Repository. The end users (or employees) can access the added content but cannot edit the content from the repository labeled UEM Managed.

Features

The following features are provided by Managed Content repository:

• Files can be uploaded manually.
• Provide permissions and options to configure for individual devices.
• Control content accessed with Sync control on end-user devices.
• Advanced file management options with List view.

Security

Following security features are available to protect the content synced from the repository and data stored to end-user devices:

• During transit (transfer of data via API calls) between the UEM console and the end-user devices, SSL encryption secures data
• Controlled access to the content with roles with the security pin.

Deployment

Airwatch UEM database stores the UEM Managed repository content. Host the database on-premises or host the database in the Airwatch UEM cloud based on the deployment model.

Configure the Airwatch UEM managed Content Category Structure

The UEM Managed repository content is organized in the UEM console and the Airwatch Content app. The category structure is configured for the UEM Managed content before uploading content to the UEM console.

Upload Content to the Airwatch UEM Managed Repository

Manually upload and configure files in the UEM console to add files to the UEM Managed Content repository. In the Workspace ONE UEM database, the repository stores its content by default. The VMware Workspace ONE Content app also syncs with the repository stores delivering content to end users’ devices. The end-users cannot edit the synced managed content.

Upload Airwatch UEM Managed Content in Batches

Bypass external file share integration with batch imports in a dedicated SaaS or on-premises deployment with a hardened network.

Local File Storage for Airwatch UEM Managed Content

The managed content is separated from the Airwatch UEM database with Local File Storage, storing it in a dedicated, on-premises location connected to the Airwatch UEM instance.

Airwatch Mobile Repositories

Mobile repositories stores data from various MDM servers and is of local type. For all mobile repository types, configure the following options:

• Name: The name of the repository is entered.
• Description: Optional, the description of the repository is provided.
• Type: Select the type of repository to be configured. The type selection determines the type-specific options that the admin must configure.
• Organizations: Organizations are specified which have access to the vulnerability data stored in the repository. The security center prompts the admin to grant or deny access to the groups configured for the organization. Access must be granted within the settings for that group for more granular control.

Active Sync Options

The additional options to configure is described in the following table when creating an ActiveSync mobile repository:

• Domain Controller: ActiveSync domain controller is configured.
• Domain: Windows domain within the ActiveSync.
• Domain Username: The domain administrator account’s username for SecurityCenter to use to authenticate to ActiveSync.
• Domain Password: The password SecurityCenter uses to authenticate to ActiveSync for the domain administrator’s account is specified.

Airwatch MDM Options

The additional options to configure are described in the following table when creating an AirWatch MDM mobile repository.

• AirWatch Environment API URL: The REST API URL or the SOAP URL the security center uses to authenticate with AirWatch is specified.
• Port: The port is specified which SecurityCenter uses to authenticate with AirWatch.
• Username: To authenticate to AirWatch’s REST API, the username for the account SecurityCenter uses is specified.
• Password: To authenticate to AirWatch’s REST API, the password for the account SecurityCenter uses is specified.
• API Key: For the AirWatch REST API, the API key is specified.
• HTTPS: An encrypted connection to authenticate to AirWatch’s REST API is used when enabled by SecurityCenter.
• Verify SSL Certificate: The SSL Certificate on the server is signed by a trusted CA is verified by Security Center when enabled.
• Scanner: When scanning the MDM server, this setting determines which Nessus scanner is used. To add data to the mobile repository, only one Nessus scanner may be used.
• Update Schedule: To update the mobile repository, set the schedule for the MDM server to be scanned. The current data in the repository is deleted and replaced with the information from the latest scan after each scan.

Good MDM Options

The additional options to configure are described in the following table when creating a Good MDM mobile repository:

• Server: To authenticate with Good MDM, the server URL SecurityCenter uses is provided.
• Port: To authenticate with Good MDM, the port SecurityCenter uses is provided.
• Domain: Good MDM domain name is provided.
• Username: To authenticate with Good MDM, the username for the account SecurityCenter uses is provided.
• Password: To authenticate with Good MDM, the password for the account SecurityCenter uses is provided.
• HTTPS: An encrypted connection to authenticate to Good MDM is used by SecurityCentre when enabled.
• Verify SSL Certificate: The SSL Certificate on the server is verified by SecurityCentre, if signed by a trusted CA. when enabled.
• Scanner: When scanning the Good MDM server, this setting decides which Nessus scanner is used. To add data to the mobile repository, only one Nessus scanner may be used.
• Update schedule: To update the mobile repository, decide the schedule for the Good MDM server to be scanned. The current data in the repository is deleted and replaced with the information from the latest scan.

Apple Profile Manager Options

When creating an Apple Profile Manager mobile repository,  the additional options to configure are described in the following table.

• Server: To authenticate with Apple Profile Manager, the server URL SecurityCenter uses is specified.
• Port: To authenticate with Apple Profile Manager, the port SecurityCenter uses is specified.
• Username: To authenticate with Apple Profile Manager, the username for the account SecurityCenter uses is specified.
• Password: To authenticate with Apple Profile Manager, the password for the account SecurityCenter uses is specified.
• HTTPS: An encrypted connection is used by SecurityCentre to authenticate with Apple Profile Manager when enabled.
• Verify SSL Certificate: The SSL Certificate on the server is verified by SecurityCentre if signed by a trusted CA when enabled.
• Scanner: When scanning the MDM server, this setting determines which Nessus scanner is used. To add data to the mobile repository, only one Nessus scanner may be used.
• Update Schedule: To update the mobile repository, the schedule is set for the MDM server to be scanned. The current data in the repository is deleted after each scan and replaced with configuration options information from the latest scan.

MobileIron Options

The additional options to configure are described in the following section when creating a Mobile Iron mobile repository.:

• MobileIron VSP Admin Portal URL: To authenticate to the MobileIron administrator portal, the server URL SecurityCenter uses is specified.
• VSP Admin Portal Port: To authenticate to the MobileIron administrator portal (typically, port 443 or 8443), The port SecurityCenter uses is specified. Port 443 is set by default.
• MobileIron Port: To authenticate to MobileIron (typically, port 443), the port SecurityCenter uses is specified.
• Username: To authenticate to MobileIron, the username for the administrator account SecurityCenter uses is specified.
• Password: To authenticate to MobileIron, the password for the administrator account SecurityCenter uses is specified.
• HTTPS: An encrypted connection is used by SecurityCentre to authenticate to MobileIron when enabled.
• Verify SSL Certificate: The SSL Certificate on the server is verified by SecurityCentre if signed by a trusted CA when enabled.
• Scanner: When scanning the MobileIron server, this setting determines which Nessus scanner is used. To add data to the mobile repository, only one Nessus scanner may be used.
• Update Schedule: To update the mobile repository, the schedule is set for the MobileIron server to be scanned. The current data in the repository is deleted and replaced with the information from the latest scan.