General Provisioning Architecture

4/8/2010

The most common method of provisioning a device after deployment is OTA. The following figure shows the overall architecture of OTA provisioning. The actual path traveled will depend on the protocol used. The following sections explain this in more detail:

  • OMA Client Provisioning
  • OMA Device Management
    Bb737647.security(en-us,MSDN.10).gifSecurity Note:
    For OMA Client Provisioning, configuration data is not encrypted when sent over the air (OTA). Be aware of this potential security risk when sending sensitive configuration data, such as passwords. OMA DM sessions are encrypted.

Bb737647.c3f8a5d9-6dac-4281-a924-6283e7082192(en-us,MSDN.10).gif

The following table shows the differences between how OMA Client Provisioning and OMA DM handle various features in Windows Mobile devices:

Feature OMA Client Provisioning OMA DM

Transport

WAP-based Push over binary Short Message Service (SMS)

HTTPr Secure Sockets Layer (SSL).

DM session

One way push. There is no response channel, so you cannot get execution results or perform a remote query.

Two way communication allows a request-response exchange.

Message format

WAP Client Provisioning XML

OMA-DM XML

Compression

wbxml (tokenization)

xml

DM commands

Add

Windows Mobile extends the commands with update, delete, query-local usage.

Add, replace, get, exec, delete, and response

Managed settings

Data connectivity, WAP gateway, and application access information

Windows Mobile extends with other custom settings.

DMAcc, DMS, DevInfo, DevDetail

No restriction, extendable DM tree. Windows Mobile extends with custom settings.

Security

Data integrity and server authentication by using a OMA Client Provisioning standard, PIN signed message. There is no built-in encryption. For information about security roles, see Security Roles.

Mutual authentication at the application and transport level. Encryption and data integrity check relies on SSL transport.

Access control

None.

Windows Mobile extends with role-based access control.

Supports Windows Mobile role-base access control

For examples of OMA DM continuous provisioning, see Provisioning Using OMA Device Management.

See Also

Tasks

Creating a Provisioning XML File

Other Resources

Understanding Provisioning
Security Roles
RAPI Restricted Mode Security