Thursday, March 30, 2017

Device Grouping - WSO2 IoT Server Mobile Device Management (MDM) Features

The WSO2 IoT server is an extensible version of the product previously known as the WSO2 Enterprise Mobility Manager. The IoT server inherits all Mobile Device Management (MDM) features as well as Mobile Application Management (MAM) features from the WSO2 EMM and supports Android, iOS and Windows mobile platforms. The significant additions that come with the IoT server are out-of-the-box support for well-known development boards such as Arduino UNO and Raspberry Pi and the ability to be extended to support any type of device through device agent implementations.

In this post we'll take a look at the Device Grouping functionality in IoT server 3.0.0. The WSO2 EMM product already provided means to group users based on roles (this is because WSO2 products use role-based authentication). For example all managers could be assigned the Manager role. It was then possible to apply policies and provision applications (Enterprise app installation) based on user roles. The IoT server goes one step forward by providing Device Grouping. With device grouping you can group a set of devices immaterial of the users or user-roles of the device owners. You can then apply policies to a specific device grouping.

Login to the device management console and go to Group Management
You will see a list of existing devices. By default the system would have created a grouping for all BYOD devices.

Click on Add Group to create a new group

 Enter a Group Name and Description and click Add

Now the group has been created. You can add devices by either going to the device management console or by clicking Assign from My Devices in the group summary (this will also direct you to the device management console.

Click on the Select button, then click on the devices you want to add to select them, and then click Add To Group. You will be prompted with a drop-down to select the group to add the devices.

Once you've added the devices they will show in the Device Group summary.

The device group summary also has options to search devices based on device name, owner, active status, platform and ownership (BYOD or COPE). Furthermore, the Advance Search option allows you to search by device location and by advance search parameters such as Device model, Vendor, OS version, internal memory, SSID, CUP Usage etc. and allows AND & OR operators in the search query. 

Tuesday, December 6, 2016

Data Analytics with WSO2 Analytics Platform

Data Analytics and Visualization is a key requirement for any organization today. Proper Analytics and Visualization of data helps make better informed business decisions, reduce losses and increase profitability.

Data Analytics requirements can vary depending on what kind of data you need to analyze, the input mediums as well as the urgency of when it needs to be analyzed and acted upon.

Today any organization would produce a large amount of data. This data could be complex, scattered and transmitted through multiple mediums and protocols. Capturing this data and conducting analysis on large sets of structures and unstructured data could be a daunting task.

Furthermore, there are occasions where data needs to be analyzed as they are produced in real time.

In other cases it is required to predict future events or trends based on historical and current data.

And in all cases data visualization is a key aspect. Interactive dashboards would make it easy for users to interact with data using functions such as sort and filter and make the decision making process much easier. 

What WSO2 offers:

WSO2 offers a complete Analytics Platform that provides solutions for all the aforementioned use-cases. The WSO2 Analytics platform offers the following:

Batch Analytics
Analyze a set of data collected over a period of time.
Suitable for high volumes of data.

Real-Time Analytics
Continuous processing of input data in real time.
Suitable for critical systems where immediate actions is required e.g: Flight radar systems

Interactive Analytics
Obtaining fast results on indexed data by executing ad-hoc queries

Predictive Analytics
Predict future events by analyzing historical and current data

Batch Analytics

Lets look at Batch Analytics in the perspective of Big Data.

What is Big Data ?

“Big data is a term for data sets that are so large or complex that traditional data processing applications are inadequate to deal with them”    - (Ref: Wikipedia)

Why Analyze Big Data ?

  • Make informed Business decisions - make decisions based on patterns emerging from analyzing historic data
  • Improve customer experience - discover customer preferences, purchasing patterns and present the most relevant data
  • Process Improvements - identify areas of the business process that needs improvement 

Example: Better customer experience in airline seat reservation/allocation

Automatically allocate seats to customers based on their previous seat booking preferences by analyzing historic data related to seat reservations.


img ref:

Real Time Analytics

Identify most meaningful events within an event cloud
Analyze the impact
Acts on them in real time

Example: City Transport Control System - Analyzing traffic, monitor movement of buses, generate alerts based on traffic, speed & route
img ref:

Predictive Analytics:

  1. Machine Learning
  2. Other approaches such as statistical modeling
Machine learning is the science of getting computers to act without being explicitly programmed - (ref:

Example: e-Commerce sites use predictive analytics to suggest the most relevant merchandize, increasing sales opportunity

img ref:

Thursday, November 10, 2016

Containerization on Android devices with WSO2 Enterprise Mobility Manager (EMM)

Data security is one of the main concerns of organizations today. With the increasing use of mobile devices for work organizations are faced with the challenge of protecting confidential corporate data that is accessible through mobile devices.

If the organization allows corporate data access only via COPE devices, then they would have control over the device as well as the ability to perform security measures such as device wipes if the device is lost. However, in most organizations employees are allowed to access company data (e.g: email, shared drives etc.) on their personal devices. This is more cost effective for the company as well as helps improve the productivity as well.

However, allowing data access on BYOD raises concerns on both sides. From the organization point of view they are concerned about data security and need to implement measures such as limiting certain apps and enabling features such as remote device wipe. On the employees point of view they are reluctant to allow the organization gain total control of their device and allow app restrictions and remote wipe.

With version 2.2.0 WSO2 EMM will provide a solution to this problem using containerization using 'Android for Work'. With Containerization you can maintain a separate space within the device for corporate apps/data. This container provides total data isolation and can be managed separately by the organization. With this approach the company will not be able to access the personal space of the user's device, but would be able to manage the work profile. For example the company may decide to disable some apps on the work profile, but that would not prevent the user from using those apps in his/her personal space. There will be no data or context sharing between the apps run within and outside of the work profile. The work profile will be saved as encrypted files on the device. Therefore, the corporate data cannot be accessed outside of the container. If the organization wishes they can remote-wipe the corporate data on the device; this would not however effect the users personal data outside of the container.

Thursday, July 21, 2016

Publishing and Reading from JMS Queue using WSO2 ESB and WSO2 Message Broker

Integrate WSO2 ESB and MB using the following instructions:

Be mindful to uncomment the  transportReceiver relevant to WSO2 MB which has  the comment "JMS transport support with WSO2 MB [version]".

Reading from a queue using an ESB proxy:

Create the following ESB proxy:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns=""
         <property name="OUT_ONLY" value="true"/>
         <address uri=[enter uri to foward the message to a specific uri]/>

This will create a proxy named validRequests as well as a JMS queue named validRequests in the message broker. You can view this queue by logging into the WSO2 Message Broker and navigation to 'List' under 'Queues'

If you want to read from an existing queue you can simply create the proxy with the same queue name 

Writing to a queue from the ESB:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns=""
         <property name="OUT_ONLY" value="true"/>
               <address uri="jms:/validRequests?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&amp;java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory&amp;java.naming.provider.url=repository/conf/;transport.jms.DestinationType=queue"/>
   <publishWSDL uri="file:repository/samples/resources/proxy/sample_proxy_1.wsdl"/>


This creates a proxy service that would simply forward the request to a JMS queue on WSO2 MB named "validRequests"

The property named OUT_ONLY indicates that the ESB will not return a response and will only do an out only invocation from the proxy service.

Creating a queue without creating a proxy:
To create a queue without creating a proxy add it in E:\WSO2\ESB\wso2esb-4.9.0\repository\conf\ OR simply add it through the MB's management console.


Thursday, April 28, 2016

Android Device Registration on WSO2 Enterprise Mobility Manager

EMM Configs:

Before we proceed we need to make the following config changes

Change the LBHostPortPrefix and ServerUrl values from localhost to server IP at

Change the host value under generalConfig from localhost to server IP at

Add SMTP configurations:

Add the following code to the axis2.xml which is located at <EMM_HOME>/server/repository/conf/axis2
[1/8/16, 2:06 PM] Milan Perera (<transportSender name="mailto"
        <parameter name="mail.smtp.from"></parameter>
        <parameter name="mail.smtp.user"></parameter>
        <parameter name="mail.smtp.password">abc123</parameter>
        <parameter name=""></parameter>

        <parameter name="mail.smtp.port">587</parameter>
        <parameter name="mail.smtp.starttls.enable">true</parameter>
        <parameter name="mail.smtp.auth">true</parameter>

Create User

Go to https://<server_ip>:9443/emm

log in to the console (default admin/admin).
Click on Add under USERS
Fill in the information. The last field asks you to enter a user role. If you have a user role you can directly define it here. Creating a role will be discussed in the next section below.

Once you submit an email will be sent to the specified address with the EMM Agent download URL. And also a screen will appear with a QR code that embeds the download URL as well.

Once this is done you can download the EMM Agent to your mobile device using the URL.

To register agent, follow steps given in [1] below:


Once you register your device it will show up under Device Management in the EMM Console

By clicking on the view icon under the device you can view all device management options for the device:

Saturday, April 23, 2016

In and Out of JMS queue using WSO2 ESB

In this example we'll take a look at inserting a message to a JMS queue via a proxy service in WSO2 ESB, and how to pull it from the queue using an Inbound Endpoint

Part 1: Get Message From Queue

For the first part we will be using Sample 901 which ships with ESB 4.9.0.

Install ActiveMQ and follow steps in the following sample 901:

For the first part you need to start the ESB with Sample configuration 901.
in <ESB_HOME>/bin
wso2esb-samples.bat -sn 901 for Windows

./ -sn 901 in Linux

Deploy SimpleStockQuoteService:

Run ant from <ESB_HOME>/samples/axis2Server/src/SimpleStockQuoteService

Then start the Axis2 Server at <ESB_HOME>/samples/axis2Server and send a message to the queue as shown in the sample.

Output - you will see a stock quote for IBM generated  in the Axis2 Server console.

Part 2: Put message to queue using proxy service

Create a pass through proxy and modify the source configuration with the following:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns=""
         <property name="OUT_ONLY" value="true"/>
         <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/>
               <address uri="jms:/ordersQueue?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&amp;java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&amp;java.naming.provider.url=tcp://;transport.jms.DestinationType=queue"/>

The above is a pretty simple configuration that will forward the message sent to the proxy to the JMS queue.

You can get the WSDL file for the proxy service and invoke the proxy via SoapUI with the same payload shown in Sample 901. The end-to-end scenario will be when you send a message to the proxy the proxy will forward it to the JMS queue, and the inbound endpoint will pick it from the queue and send it to the SimpleStockQuoteService


Wednesday, October 22, 2014

Managed APIs with WSO2 API Manager

In this post we'll take a look at what Managed API's are and how to expose your API's as managed API's using the WSO2 API Manager.


An API is a business capability delivered over the Internet to internal or external consumers. API's provide a means for vendors to provide their software as a service (SaaS) remotely to other parties. API's hide the underlying implementations and provide consumers with a standard programming interface to access functions.

For example there are many calendar apps that can access your google calendar and display events that are on it. This is made possible by the Google Calendar API. Many websites have YouTube videos embedded in them, this is done by using YouTube APIs.

Most service providers expose their services as API's. Yahoo, Amazone, Facebook, TripAdvisor and eBay to name a few.

eBay gives a good crisp intro as to what their APIs allow you to do:

Managed API's

So what are managed API's ?

Say you operate a service that provide customers with reccomendations to purchase/sell stocks based on current market trends and predictions. You want to monetize this service and charge for API usage.

You want to expose your API's to both stock brokers and individual clients who wish to do trading on their own. You intend on having different account registrations for individual clients e.g: Basic accounts will have a lesser monthly subscription fee but with a limited number of API calls allowed, Silver/Gold subscriptions will have a higher number of permitted calls while Premium accounts will allow unlimited API calls. Furthermore, stock brokers will be charged differently based on the number of calls they make.

This type of service requires Managed API's. You should be able to authenticate and authorize users, limit access (throttle) and collect statistics in order to monetize the API's.

With Managed API's you can do the following:

Actively advertise API's and allow subscriptions to them
Can Secure API's and carry out authentication and authorization
Monitore and monetize with analytics
Throttle access
Enforce Service Level Agreements (SLA's)

The WSO2 API Manager is a product that allows organizations to expose their business functionality as Managed API's.

The API-M is made up of 4 components, namely the API Publisher, API Store, API Gateway and Key Manager.

API Publisher: allows developers to publish API's, manage API versions, govern the API life-cycles, apply security policies, attach related documentation etc.

API Store: is a store where API's are advertised. Subscribers can discover and subscribe to API's using the API Store. There is a public user store as well as tenant based user stores.

API Gateway: the API Gateway is where API's are deployed. It intercepts API calls and enforces SLA's, performs security checks (using key manager), handles throttling and passes it to the actual back end service. The gateway also publishes API data for analysis.

Key Manager: handles security key related operations and token validations.

In this example we'll use an existing weather API in order to demonstrate how to create a Managed API using it.

OpenWeatherMap provides free weather data based on City. The following service call returns a JSON request which gives you the current weather in London:

We'll create a managed API using this service as the back end.

Download and extract WSO2 API-M from here.

Start the server by going to <PRODUCT_HOME>/bin and by running wso2server.bat (Windows) or wso2server.bat (Unix).

Once the server starts you will see 3 url's displayed. By default they are:

http://your_ip:9443/carbon - Admin console url
http://your_ip:9763/publisher - Publisher url
http://your_ip:9763/store - Store url

These ports can be changed by incrementing the <offset> value in <PRODUCT_HOME>/repository/conf/carbon.xml

WSO2 products adhere to a role based permission model. Users are granted permissions based on the roles assigned to them. Permissions are assigned to roles, not the users.

Create 3 roles that allow creating API's, publishing and subscribing. Log in to the Admin Console using the default username/password : admin/admin and follow the instructions in the following documentation to create user roles: User Roles in the API Manager

Now add 2 users 'provider1' with create and publish roles assigned and 'subscriber1' with subscriber role assigned. Follow the steps listed in: Adding Users

Now log into the Publisher (http://your_ip:9763/publisher) using the 'provider1' user

The above screenshot shows some already existing API's. If there are no API's created yet this page will be blank.

Create API

Now Click on Add in the left panel.

Fill in the details as shown below:

Context will be the URI context path of the API
You can have many versions of the same API; define a version number
you can add a Thumbnail to your API as well

You can add Resources by defining a URL pattern and selecting the HTTP verbs that are associated with it. If you don't do this you will be prompted to add a wildcard resource (/*) with all 5 methods associated with it.

Click on Save.
Then click Implement

give the production endpoint as:

you can enter a Sanbox endpoint as well if needed for testing.

Now click Manage

Tier Availability means what throttling tiers would be available for subscription.

by default the API-M ships with 4 throttling tiers: bronze, silver, gold and unlimited. You can add more tiers based on your requirement.

Access to API could be throttled in a fine grained manner at Resource/verb level:

Click Save & Publish and the API will be Published. Optionally you can just save the API and publish later. If the user you are logged in with does not have Publish permission you will not be able to publish.

Notice the Copy button below. That allows you to easily copy the API and create a new version.

You can manage the Lifecycle by going to the Lifecycle tab.

API Store

Now lets take a look at the API Store - http://your_ip:9763/store

You will be taken to the public store. API's will be listed in thumbnail views similar to a mobile app store.

Log in using the subscriber credentials we created: subscriber1/subscriber1

Now you can Subscribe to an API. Click on the Weather API to subscribe to it.

You will see 2 drop-downs. One to select the Application and the other for the Tier.

Application - Applications allow API's to be grouped together. A single application may have one or many API's. Access keys are issued on an application basis, not on an API basis.

By default the application selected would be 'DefaultApplication'. Click on the dropdown and select New Application.

This will direct you to create a new application.

Notice the application allows you to define a Throttling Tier as well. This will throttle out all API access at Application level once the quota is exceeded even if individual API's have not reached their throttle limit. Lets select Gold for the application.

Once the application is added select Silver for the throttling tier of the API and click Subscribe.

API Manager uses OAuth 2.0 for authentication. Go to My Subscriptions and select the weatherApp. Click on Generate under Production and Sandbox (if needed). This will generate aConsumer Key, Consumer secret and also an Access Token that could be used for testing.

A token validity period could be set for the Access token and you can Re-generate it when ever required.

Testing the API

The API Store ships with a RestClient that helps you test your API's Restfully.

Under tools select RestClient.

Use one of the production URL's from the WeatherService API page (click on WeatherService API to go to the page).

Copy the Access token which was generated in our previous step.

Add url with the query parameter: q=London
Pass the token by specifying it as: Authorization :Bearer 36bd42e345c1bb027ce952255918f4
Note: B in Bearer should be Capital

Now you'll get the weather in London as a JSON response;


Remember we set the throttling tier to Silver for the Weather API. Now send more than 5 requests within a minute using the rest client and see what happens.

You will get a Message Throttled Out response with a code.

* Notice the response is in JSON. If you want to convert this to XML you can do so by editing the synapse configuration and setting the 'messageType' property in the outgoing message to XML. However, the more recommended way of doing this is by adhering to the API Façade pattern. Refer to my previous blog post: Format Conversion using API Façade Pattern