Managing the Samsung KNOX Container with SAP Afaria

SAP has been a long time partner of Samsung, so it only makes sense that we’ve extended our partnership again to offer the most scalable and widely-deployed Android mobile security and management solution – this time for Samsung KNOX. 

Recently, SAP announced a few things related to the launch of KNOX. First, we have half a dozen mobile apps already approved and in the Samsung container, and second, SAP Afaria can manage the container. The apps are listed on the SAP Samsung KNOX apps website. For the rest of this blog I’ll focus on MDM (mobile device management) of the KNOX container.

Samsung provides a complete set of features that can be managed by an MDM solution. These features include:

• Enterprise license management
• Container creation & configuration
• The ability to set container policies
• KNOX-specific inventory reporting

There are over 180 features that can be enabled and disabled. They fall into three main categories and a few of the most interesting ones are highlighted below. If you want to go into even more details, I’m pleased to share a video recorded by SAP Afaria Product Manager Bryan Whitmarsh that dives into more detail. Its about 20 minutes long and can be viewed on-demand at your convenience.

In summary, the new Samsung KNOX functionality provides complete separation between personal and business data on a single device. Effectively, your device becomes a device with a “split-personality”. You can log in to the business side of the device (the container) and find apps that are guaranteed secured. The personal side of the device isn’t regulated by the strict guidelines, and itn’t managed.

KNOX features you may be interested in include:

Firewall Policies – You have both IP and URL firewall based control of the KNOX container.

Premium FIPS VPN – You can configure the VPN to apply to all applications in the container or apply to only specific applications in the container. This supports FIPS mode, which is very important to any public sector organization looking to use Android.

Certificate Management: You can completely manage the entire lifecycle of your certificates inside the KNOX container included trusted and untrusted support, revocation, renewals, etc.

KNOX Attestation: This is one that’s new to me, but it’s a pretty cool feature that provides boot tampering protection. You can complete a posture check for the device prior to container creation. It validates the device has not been tampered with and an administrator can decide to block containers on a fail condition.

Application security: Only KNOX signed apps can run in the KNOX container. This ensures that security policies are safe inside the container. Apps need to be submitted to and approved by Samsung. There is a Samsung process to “wrap” the application for use in the container.

Whitelist and Blacklist support: You can build an exception list, allow only specific applications and block specific applications inside the container.

Single Sign On: Single sign support for applications within the KNOX persona.

Restriction Control: You can configure policies and enable or disable the camera, share list, custom keyboards, etc.

The items listed above are only a few of the hundreds of features of Samsung KNOX that can be managed by SAP Afaria. To learn more, please watch the 20 minute ondemand webinar that dives into more detail.

To test out SAP Afaria for Samsung KNOX, sign up for a free trial of the award-winning SAP Afaria, cloud edition solution. The website is SAPmobilesecure.com and the version of the software that supports KNOX will be made available in November.

If you’re planning to be at SAP TechEd October 21-25 in Las Vegas, you can meet our KNOX experts, Bryan Whitmarsh and James Naftel at the SAP Mobile Secure booth. Read more in my SAP Mobile Secure at TechEd blog. We’ll also be onsite at the Samsung Developer Conference October 27-29 in San Francisco.