Menu

About Knox E-FOTA

This section of the guide provides a brief introduction to the functionality of Knox E-FOTA. Start here to learn more about Knox E-FOTA and how its features can benefit your enterprise.

What is Knox E-FOTA?

Typically, devices receive their firmware updates from their service provider, through a Samsung Business-To-Consumer (B2C) FOTA server. With Knox E-FOTA, enterprises get updates from a Samsung Business-To-Business (B2B) FOTA server. There are exceptions such as AT&T and Verizon, which provide firmware updates from their own servers and don't use the Knox E-FOTA service.

Previously, enterprises could use a Mobile Device Management (MDM) system to set a policy to prevent the latest firmware updates from being installed on employee devices, but could not specify which versions to install.

Knox E-FOTA now allows enterprises to assign devices to groups, select a firmware version for each group, and either force an immediate firmware update or allow firmware updates to occur the next time a device checks if one is needed. When an enterprise IT admin registers a device with a group, the MDM registers the device with the B2B FOTA server, flagging it as a device whose firmware updates will be handled by the B2B FOTA server. This means that any firmware updates are pushed to the device from the B2B FOTA server, which then syncs the device information with the B2C FOTA server.

The MDM admin can fetch a list of available firmware versions from the B2B server, and then select a version to deploy to a group of devices. The targeted updates are delivered to the devices in the group, which download the firmware from the B2B server and install them.

Use Cases

Knox E-FOTA is a solution that allows IT admins to remotely control which firmware version updates are installed on enterprise devices.

IT admins managing a fleet of enterprise devices can maximize cost efficiency with Knox E-FOTA with the following benefits:

  • Manage a group of devices by pushing firmware version updates to devices with no user interaction needed.
  • Manage devices efficiently by silently pushing forced updates to target devices to run the same firmware in a group of devices.
  • Enhance productivity by setting a schedule for firmware updates to push to devices after business hours to minimize disruptions.
  • Maintain efficiency by selecting a specific firmware version to be pushed. Verify OS compatibility for business-critical software prior to updating firmware to prevent conflicts that can break business processes and reduce productivity.
  • Quickly address critical security issues or bugs by rolling out security patches to all enterprise devices for immediate deployment. This can prevent the propagation of known security exploits.

For more details on Knox E-FOTA's features and benefits, visit https://www.samsungknox.com/.

How does Knox E-FOTA work?

To implement Knox E-FOTA, you create both:

  • Web server code—Using the Knox E-FOTA REST API to manage firmware updates with Samsung's Knox E-FOTA servers.
  • Android client code—To use the Samsung Knox SDK to enable OTA updates and set the highest firmware version allowed on a device.

The end-to-end process for using Knox E-FOTA to update firmware on enterprise devices is illustrated below:

Knox E-FOTA process

  1. Get REST API key, development Knox E-FOTA info —Your REST API key consists of a client ID and client secret, which you use to generate OAuth tokens to authenticate yourself in REST API calls to the Knox E-FOTA server.
    NOTE—The Knox E-FOTA info you get is to simulate an MDM customer during testing for development purposes only.
  2. Register a company’s devices for Knox E-FOTA—Through the web server, send the REST API call serviceRegister to register an MDM customer for the Knox E-FOTA service.
  3. Get list of available firmware versions—Send the REST API call firmware to get a list of the firmware versions available for a specific device model.
  4. Set the highest allowed firmware version—Through the Android app, call the Knox SDK API method RestrictionPolicy.setAllowedFOTAVersion. This does the following:
    • Switches the device from getting firmware from their service provider’s B2C FOTA server to the B2B Knox E-FOTA server.
    • Associates the device with an MDM customer.
    • Sets the highest firmware version that the device is allowed to update to. By default, the device check for required firmware upgrades is set to occur weekly.
  5. NOTE— Alternatively, you can force an update to start within a specified time by using the REST API call serverInit.
  6. Check if firmware update needed—The device checks with its FOTA server to see if a firmware update is needed. This can be weekly, during its regular automatic checks, or immediately, if you have forced a firmware update. If there is another firmware version required, the device initiates an update.