General Provisioning Architecture
4/8/2010
The most common method of provisioning a device after deployment is OTA. The following figure shows the overall architecture of OTA provisioning. The actual path traveled will depend on the protocol used. The following sections explain this in more detail:
- OMA Client Provisioning
- OMA Device Management
.gif "Bb737647.security(en-us,MSDN.10).gif")
Security Note:For OMA Client Provisioning, configuration data is not encrypted when sent over the air (OTA). Be aware of this potential security risk when sending sensitive configuration data, such as passwords. OMA DM sessions are encrypted.
.gif "Bb737647.c3f8a5d9-6dac-4281-a924-6283e7082192(en-us,MSDN.10).gif")
The following table shows the differences between how OMA Client Provisioning and OMA DM handle various features in Windows Mobile devices:
| Feature | OMA Client Provisioning | OMA DM |
|---|---|---|
Transport |
WAP-based Push over binary Short Message Service (SMS) |
HTTPr Secure Sockets Layer (SSL). |
DM session |
One way push. There is no response channel, so you cannot get execution results or perform a remote query. |
Two way communication allows a request-response exchange. |
Message format |
WAP Client Provisioning XML |
OMA-DM XML |
Compression |
wbxml (tokenization) |
xml |
DM commands |
Add Windows Mobile extends the commands with update, delete, query-local usage. |
Add, replace, get, exec, delete, and response |
Managed settings |
Data connectivity, WAP gateway, and application access information Windows Mobile extends with other custom settings. |
DMAcc, DMS, DevInfo, DevDetail No restriction, extendable DM tree. Windows Mobile extends with custom settings. |
Security |
Data integrity and server authentication by using a OMA Client Provisioning standard, PIN signed message. There is no built-in encryption. For information about security roles, see Security Roles. |
Mutual authentication at the application and transport level. Encryption and data integrity check relies on SSL transport. |
Access control |
None. Windows Mobile extends with role-based access control. |
Supports Windows Mobile role-base access control |
For examples of OMA DM continuous provisioning, see Provisioning Using OMA Device Management.
See Also
Tasks
Creating a Provisioning XML File
Other Resources
Understanding Provisioning
Security Roles
RAPI Restricted Mode Security