Network Platform Analytics

What is NPA?

The Knox Network Platform Analytics (NPA) framework enables insights into the misuse, misconfiguration, or threats posed by mobile devices. The framework is used by powerful networking products to increase the visibility of device health and lower the risk of undetected issues. This is all achieved without violating the privacy of data moving across mobile and enterprise networks. NPA not only helps detect network issues, but it also helps with endpoint devices and software.

The NPA Ecosystem

A successful network analytics strategy and deployment requires the following elements:

  • Enterprise Device Administrators: Manage the solution and correctly respond to events
  • Any Knox-compatible EMM or UEM: Provide NPA support to the enterprise admin by way of a console to deploy, configure and handle event alerts
  • An NPA client: Responsible for consuming analytics data to detect dubious behavior or patterns.
  • A console: A purpose-built console or as an integrated feature of an EMM console. The integrated solution is preferred as a single console is preferable for device management, network visibility, and issue remediation.

The NPA interface types

NPA provides both a management interface and an analytics interface. A single product can handle both roles and integrate with both sets of interfaces. The following sections provide instructions for each set of interfaces.

  • Management interface
    This interface is for solutions that want to deploy and configure other analytics products. It requires integration with management APIs from the Knox SDK.
  • Analytics interface
    This interface is for solutions which consume the analytics data. It requires methods that implement an Android Interface Definition Langauge (AIDL) reference design. This interface also requires integration with Knox APIs to start and stop data flows and to retrieve configuration details. Configuration consists of required standard NPA configuration settings along with any vendor-specific configuration settings required for the specific deployed analytics solution.

The Scope of Data Flow Visibility

The following table describes the data flows that are available from the NPA framework based on the associated DO or PO privileges of the EMM agent and NPA client as well as whether or not a container is present.

Container configuration Device type Available data flows
Knox 2.8 or 2.9 container CL device Only observe apps that are inside the container so long as the EMM agent is installed outside the container and the NPA client is installed inside the container.
Android Enterprise or Knox 3.0 container as PO (user 10) BYO device Only observe apps that are inside the container so long as the EMM agent and NPA client are both installed inside the container.
Android Enterprise or Knox 3.0 container as DO (user 0) CL device Device-wide data observation when no container is present.

Android Enterprise* or Knox 3.0 container as both DO and PO (user 0 and user 10)

CL device Device-wide data observation so long as the EMM agent and the NPA client are both outside the container.
* Support for Android Enterprise in this configuration is available starting in the Knox 3.2 release.