Network Platform Analytics

What is NPA?

The Knox Network Platform Analytics (NPA) framework enables insights into the misuse, misconfiguration, or threats posed by mobile devices. The framework is used by powerful networking products to increase the visibility of device health and lower the risk of undetected issues. These NPA checks are all achieved without violating the privacy of the data being transmitted across mobile and enterprise networks. NPA not only helps detect network issues, but it also helps with endpoint devices and software.

How is the Knox NPA Framework used?

The Knox NPA framework facilitates input from every party that helps manage the enterprise devices as follows.

  • The EMM provides two components:
    • An updated console that allows the enterprise IT admin to select an NPA client and administer NPA functions
    • An updated EMM agent that supports the Knox NPA framework
  • App developers, either from the EMM or an ISV, provide the NPA client. The essential requirement for this app is that it support the required Knox NPA APIs and AIDL interfaces.
  • The enterprise IT admins ensure that the NPA client is installed on the enterprise mobile devices and uses the EMM console to identify the app. Depending on the design of the EMM console, the IT admin may also have the option to change the number of data flows provided by the NPA framework.

The Scope of Data Flow Visibility

The following table describes the data flows that are available from the NPA framework based on the associated DO or PO privileges of the EMM agent and NPA client as well as whether or not a container is present.

Container configuration Device type Available data flows
Knox 2.8 or 2.9 container CL device Only observe apps that are inside the container so long as the EMM agent is installed outside the container and the NPA client is installed inside the container.
Android Enterprise or Knox 3.0 container as PO (user 10) BYO device Only observe apps that are inside the container so long as the EMM agent and NPA client are both installed inside the container.
Android Enterprise or Knox 3.0 container as DO (user 0) CL device Device-wide data observation when no container is present.

Android Enterprise* or Knox 3.0 container as both DO and PO (user 0 and user 10)

CL device Device-wide data observation so long as the EMM agent and the NPA client are both outside the container.
* Support for Android Enterprise in this configuration is available starting in the Knox 3.2 release.