In a typical device enrollment, the AirWatch Agent must be installed on a device before any other installer packages can be executed. The Bootstrap Package allows installer packages to deploy to a device immediately after the device is enrolled.
Bootstrap Packages use the Apple MDM command
InstallApplication, which allows an MDM to natively install .pkg files to an enrolled device. Historically, the AirWatch Agent handles the download and installation of application files. Bootstrap Packages allow .pkg files to install immediately after enrollment whether or not the AirWatch Agent is installed.
You may want to use alternative tools for device and application management in addition to the AirWatch Agent. Bootstrap package enrollment comprises an enrollment flow paired with a bootstrap package that installs the alternative tooling and configures the device before the end user begins using the device.
Bootstrap Package Use Cases
Bootstrap Packages may be useful in certain deployment scenarios. This list is not exhaustive.
You want to create a custom-branded end-user experience, such as launching a window as soon as enrollment completes, to inform the user about the installation process and instruct them to wait to use the device until provisioning and installation complete.
Your deployment does not include the AirWatch Agent, but you still have critical software to deploy to devices.
You want to use Munki for Application Management, and need the Munki client to install immediately after enrollment so the user can begin installing apps, rather than going through the AirWatch Agent and App Catalog.
Your deployment only uses MDM for certificate management and software management, and uses Chef or Puppet for configuration management. In this configuration, Chef or Puppet must be installed as soon as enrollment completes to finish configuring the device.
Bootstrap Package Creation
Bootstrap packages are deployed to the device as soon as enrollment completes. Bootstrap packages deployed from the Console will not deploy to existing enrolled devices unless the devices are specifically queued using the Assigned Devices list for the package.
You must create packages before you deploy them. There are several tools available that can create a package for use in the Bootstrap Package functionality. Created packages must meet two criteria:
- The package must be signed with an appropriate certificate (such as a TLS/SSL certificate with signing usage). Only the package needs to be signed, not the app, since the Apple Gatekeeper does not check apps installed through MDM.
- The package must be a distribution package (product archive), not a flat component package.
When you have created a bootstrap package, you must deploy the package to your devices. For more information, see Deploy a Bootstrap Package.