The A-10 Warthog - Useful is Beautiful
Back when it was first introduced in the early 80s, the A-10 Thunderbolt was cited by the Washington Post as the ugliest and slowest jet in the Air Force. Due to its awkward looks, it was giving the name “Warthog” and the name stuck. If you are not familiar with the A-10 it is essentially a giant machine gun the size of a Volkswagen that fires 70 rounds of 7-inch armor-piercing bullets per second, with two engines tacked on, some wings, and a carbon fiber bathtub for the pilot to sit in…. that’s about it.
Over the last 40 years, it has continuously proved itself to be incredibly useful in the role that it was built for (tank killer and close air support of troops on the ground). During the initial Gulf War, the Warthogs destroyed over 4000 ground targets with the loss of only 4 aircraft. The Warthog has continued to operate successfully in campaigns against ISIS and other conflicts all over the globe.
In the early 2000’s, the US Government decided that it was going to replace the A-10 with the next generation “Swiss Army Knife” jet known as the F-35. The F-35 was designed to do everything: Air-to-Air Fighter… check, Bomber… check, Ground Support… check, Can opener… check.
Due to the complexity of building a one size fits all multi-role air platform, the program is hundreds of billions over budget and aircraft are just now entering active service roles. As a result of these delays and the uncertainty around the F-35, it was decided in 2016 that the Warthog would continue to remain in service for the foreseeable future.
One of the key lessons I take away from the success of the A-10:
Designing individual tools to solve a specific key mission can be better and more cost-effective than building a single tool that solves every mission.
We Built Ourselves the Warthog of Android Launchers
One of the early features that got Android traction in the consumer market was the ability to customize and configure the “Launcher” home screen.
The Android Launcher can control the user experience and flow on a given device. It can launch mobile apps, make phone calls and perform other tasks on demand.
Most vendors created their own versions of a launcher for their Android devices, you can even install launchers from 3rd parties or other manufacturers on your device. The quote that always stood out to me from Computer World was “A good launcher can make a bad phone tolerable and a great phone phenomenal.”
At BlueFletch, we started implementing Android for enterprise clients in 2012. One of the features we identified as important during our original discovery was an authentication mechanism that could lock down devices, control access to settings, and support multi-user enterprise authentication sources like LDAP/Active Directory.
The default Google launcher was designed for a single user and didn’t support any of these capabilities. The other launchers introduced by MDMs and device manufacturers didn’t have what we were looking for.
We needed a Launcher that was designed specifically for the purpose of supporting shared enterprise rugged devices.
After reviewing all of our options in the market, we decided to build our own Enterprise Launcher. Having over 15 years as a group developing, supporting, and deploying rugged devices & applications in the field across industry verticals, we had a unique perspective on the requirements that would serve as the foundation for BlueFletch Enterprise Launcher.
The key user stories we initially were seeking to meet were:
- Allow multiple users to authenticate on a shared device
- Present or restrict applications based on a user role
- Control access to system settings to prevent users from changing configurations
- Handle shared application context and support Single Sign-on for enterprise applications
The initial Enterprise Launcher versions we built were well received by our clients. We have continued to refine the experience, features, and performance of the launcher.
If you walk into a major retailer in the US and see what looks like a good login experience on a rugged Android device, it is likely the BlueFletch Enterprise Launcher.
What does the BlueFletch Enterprise Launcher have in common with other Android Launchers — and how does it differ?
There are a limited number of options for Android Launchers that can be used on rugged mobile devices. Most of the enterprise launchers are focused on locking down the desktop to a single kiosk app or a set number of apps.
However, they don’t provide a seamless SSO login experience for end-users or offer the full gamut of security features required to protect company data. Additionally, they provide a minimal amount of look and feel customization.
The most common we have run across include:
- VMWare Workspace ONE – VMWare includes a launcher as part of its Android licensing. Workspace ONE supports iOS and Android, and allows you to present a restricted list of applications to users, lockdown devices, and configure logout timers per user role. You can read an in-depth comparison of Workspace ONE and BlueFletch Launcher here.
- Zebra EHS – Zebra provides their EHS (enterprise home screen) free with their devices. This tool is designed to lock down the Android device to a single set of apps. You can also configure the background image. There is an admin mode, but no user login and therefore apps are available to be launched anytime a device is picked up. You can read more about configuring EHS here.
- Imprivata OneSign: Imprivata offers a lockdown solution for iOS and Android devices and they have a large presence in healthcare. Their single sign-on solution, OneSign, allows you to restrict apps by user role and it also supports multiple methods of authentication including fingerprint biometric and proximity card readers.
- Honeywell Launcher – Honeywell offers a lockdown launcher specifically certified for Android and Windows 10 Honeywell mobile computers. It restricts access to settings, limits access to approved applications, and pairs with Honeywell Enterprise Browser. This is offered from Honeywell’s marketplace. Take a look at the Honeywell Dolphin CT40.
- SOTI MobiControl – Similar to VMWare’s Workspace ONE Launcher, the SOTI MobiControl lockdown tool can be used to replace the default launcher on an Android device. Read more about configuring the lockdown tool here.
- Android Kiosk Mode – Android Kiosk mode supports an out of the box kiosk mode for corporate- owned single-use devices (known as COSU). This launcher can lock a device down to a single app or to a set of apps. Read more about configuring COSU here.
It’s important to note that a good enterprise launcher is not just about the end-user and securing a device. It is also about how to operationalize an organization, provide visibility and build the case for how these devices are adding value to our organization
As you can see from the chart above, the BlueFletch Launcher offers the most robust set of features for enterprises. In addition to the standard security features supported by common launchers, the BlueFletch Enterprise Launcher includes these value-add features:
- Enterprise Single Sign-On – The BlueFletch Launcher provides the end-user access to the applications and settings based on their credentials. It also allows them to access applications without having to sign-in to each one, which simplifies the login process significantly. Through single sign-on (SSO) you can tie into your existing Identity Provider (IDP) such as Okta, Office365, Google Auth, Ping, and Active Directory/LDAP.
- Advanced Security Features – The BlueFletch Launcher was designed to provide IT admins with advanced security features required to safeguard company data and secure device fleets. Some examples include disabling access to settings, restricting apps by user role, and configuring smart logout rules (such as logout on cradle, inactivity timers, or no detected motion). Launcher also has an “Open Zone”, or offline mode when a user isn’t logged in. In this state, the home screen only displays approved public-facing apps, preventing non-authorized users from accessing apps with sensitive company data.
- Multiple Re-Authentication Methods – With the BlueFletch Launcher, users can quickly re-authenticate and access their apps by way of NFC badge tap, fingerprint biometrics, face recognition, barcode scanning, or PIN/secondary token. Not only does this improve the login experience and optimize workflows, but it also reduces security threats caused by password fatigue and lower IT support costs due to password resets.
- Check-in/Check-out Data – As part of our product suite, customers also get access to Support Agent, an integrated support tool that captures device-specific events to improve device visibility and accountability. The BlueFletch Launcher works in tandem with Support Agent to collect check-in/check-out data, which allows companies to see which users have what device and when they last used them.
- Integrated Support Tooling – BlueFletch Launcher includes a support application apk, which gives users an easy way to call the help desk, see device-specific information for quick troubleshooting, submit ServiceNow tickets, and conduct self-service password resets.
- Simple Branding – Companies can easily configure a color pallet and add a logo so that our launcher can fit with their corporate branding. There is also the ability to customize the app icons on the screen and it also supports icon badges, widgets, and shortcuts. This is a small detail but highlights how much we think about our clients and what we would do if we were in their shoes.
- Notifications…On-premises or cloud – When we started delivering our Enterprise Launcher to clients in 2011 support for notifications on early Zebra rugged devices did not exist. So naturally, we built our own implementation that runs in the cloud or on-premise. Internal applications can now leverage this notification service.
- Application Whitelisting – We take whitelisting applications to the next level. Our Enterprise Launcher has the ability to uninstall applications that are not whitelisted. This prevents bad actors from side-loading applications that are not specifically approved.
- Smart Contextual Search – We extend the Android search bar on the launcher home screen to provide an additional layer of efficiency. You can configure the search bar to recognize patterns to make common tasks easier – like typing a phone number, or searching for pallet information to looking up a SKU.
- Enterprise Mobility Management Agnostic – Works with any and all mobile device management solutions such as VMware AirWatch, SOTI MobiControl, IBM MaaS360 and BlueFletch’s Playbook MDM. Every organization is different and some even change MDM solutions from time to time.
- Customizable – Every organization is unique like a snowflake. From the outside looking in, these enterprises look similar but there is a lot of past experience, culture and nuance that informs how an organization operates. We recognize that every organization is different. We are open to adding or modifying the enterprise launcher to meet your needs. We will customize our Enterprise Launcher and share the customized code base with your team’s needs.
– – – – –
Editor’s note: this post was originally published in August 2018 and has been updated for accuracy and comprehensiveness.