Page 1: IBM Endpoint Manager - Executive Overview

1 1

Darryl Miles Client Technical Professional @vtdarryl

Overview of IBM Endpoint Manager Webinars – July to October 2013

Page 2: IBM Endpoint Manager - Executive Overview

2 2

Presentation Overview

• Overview  of  IBM  Endpoint  Manager  

– Patch  Management  

– So.ware  Usage  Analysis  

– Mobile  Device  Management  

•  IBM’s  Internal  Experience  deploying  IEM  

• Case  Studies  

• Summary  

Page 3: IBM Endpoint Manager - Executive Overview


Today’s leading organizations are dealing with powerful new technology forces

BYOD: BYOD users expected to double by 2014 to 350 million

Security: 13 billion security events monitored per day

13 billion

Data: 1.2 trillion gigabytes in the digital universe.

1.2 zettabytes

Mobility: Nearly ½ of devices accessing applications will be mobile


350 million

Page 4: IBM Endpoint Manager - Executive Overview


IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent


•  Common management agent

•  Unified management console

•  Common infrastructure

•  Single server

IBM Endpoint Manager

Patch Management

Lifecycle Management

Software Use Analysis

Power Management

Mobile Devices

Security and Compliance

Core Protection

Desktop / laptop / server endpoint Mobile Purpose specific

Systems Management Security Management

Server Automation

Page 5: IBM Endpoint Manager - Executive Overview


Desktop / laptop / server endpoint Mobile Purpose specific

IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent


•  Common management agent

•  Unified management console

•  Common infrastructure

•  Single server

IBM Endpoint Manager

Patch Management

Lifecycle Management

Software Use Analysis

Power Management

Mobile Devices

Security and Compliance

Core Protection

Systems Management Security Management

Server Automation

Why IBM Endpoint Manager ?

Concord Hospital achieves 98% first-pass success in hours on their Microsoft

and 3rd party patches

Hutchinson Builders can now easily track the software installed and running

computers across the company’s 16 offices and up to 160 construction sites

Bendigo Bank expects to save $175,000 off its power bill within 12 months and avoid 2190 tonnes

of carbon emissions

IBM has deployed Endpoint Manager to over

700,000 endpoints on three servers. Expects to save over $10M in Year 1

Over 13,000 mobile devices enrolled in 72


Page 6: IBM Endpoint Manager - Executive Overview


Single Server & Console •  Highly secure, highly scalable •  Aggregates data, analyzes & reports •  Pushes out pre-defined/custom policies

Cloud-based Content Delivery •  Highly extensible •  Automatic, on-demand functionality

Single Intelligent Agent •  Performs multiple functions •  Continuous self-assessment & policy enforcement •  Minimal system impact (< 2% CPU)

Lightweight, Robust Infrastructure •  Use existing systems as Relays •  Built-in redundancy •  Support/secure roaming endpoints

How it Works

Page 7: IBM Endpoint Manager - Executive Overview


Patch Management

•  IBM  Cloud  content  delivery  service    (operaAng  systems  and  3rd  party  applicaAons)  

•  Patch  capabiliAes  for  mulAple  plaGorms:      Windows,  Mac  OS  X,  Linux  and  UNIX  

•   Intelligent  agent  

•  ReducAon  in  patch  and  update  Ames  from  weeks  and  days  to  hours  and  minutes  

•  Increase  first-­‐pass  success  rates  from  60-­‐75%  to  95-­‐99+%  

•  Real-­‐Ame  reporAng  

•  Automated  self-­‐assessment,  no  centralised  or  remote  scanning  required  

Benefits: Services:

"We  compressed  our  patch  process  from  6  weeks  to  4  hours"    "We  consolidated  eight  tools/infrastructures  to  one"    "We  reduced  our  endpoint  support  issues  by  78%"    "We  freed  up  tens  of  admins  to  work  on  higher  value  projects"    

Page 8: IBM Endpoint Manager - Executive Overview


Overview of Patch Management

Patch Management Video (6:33) Local Video File (6:33)

Start with the Patch Management domain

The patches dashboard provides a real-time view on Windows patches

requirement across your environment

See any New Content here

Application vendor patches

•  Adobe Acrobat •  Adobe Reader •  Apple iTunes •  Apple QuickTime •  Adobe Flash Player •  Adobe Shockwave Player •  Mozilla Firefox •  RealPlayer •  Skype •  Oracle Java Runtime Environment •  WinAmp •  WinZip

…and operating system patches

Page 9: IBM Endpoint Manager - Executive Overview


Patch Management for Windows now supports non-security updates, specifically critical updates and service packs for

the Microsoft Windows product family

Page 10: IBM Endpoint Manager - Executive Overview


•  For  Windows  Servers  and  PCs  

•  Unix/Linux  Servers  •  So^ware  Asset  Discovery  •  So^ware  Use  Metering  

•  So^ware  Use  ReporAng  

•  Near  real  Ame  so^ware  inventory  

•  Near  real  Ame  so^ware  usage  reporAng  

•  Search,  browse,  and  edit  the  Endpoint  Manager  so^ware  idenAficaAon  catalogue,  which  contains  over  105,000  signatures  out  of  the  box  

•  Periodic  catalogue  updates  are    released  regularly  

•  Easily  customize  the  so^ware  idenAficaAon  catalogue  to  include  tracking  of  home-­‐grown  and  proprietary  applicaAons  

Benefits: Services:

Software Usage Analysis

Software publishers


Application signatures out of the box


Page 11: IBM Endpoint Manager - Executive Overview

11 11

Software Usage Analysis (13:58) Local Video File (13:58)

Software Usage Analysis

Page 12: IBM Endpoint Manager - Executive Overview


•  Providing  enterprise-­‐wide  visibility  (eg.  device  details,  apps  installed,  device  locaAon)  

•  Ensuring  data  security  and  compliance  

•  Device  configuraAon  •  Support  devices  on  the  Apple  iOS,  Google  Android,  Microso^  Windows  Phone,  Blackberry,  Nokia  Symbian  

•  Address  business  and  technology  issues  of  security,  complexity  and  bring  your  own  device  (BYOD)  in  mobile  environments  

•  Manage  enterprise  and  personal  data  separately  with  capabiliAes  such  as  selecAve  wipe  

•  Leverage  a  single  infrastructure  to  manage  all  enterprise  devices—smartphones,  tablets,  desktops,  laptops  and  servers  

Benefits: Services:

Apple iOS Google Android

“IBM's  MDM  capability  is  very  complementary  to  that  of  PCs,  and  it  is  one  of  the  few  vendors  in  this  Magic  Quadrant  that  can  support  PCs  and  mobile  devices”      

Gartner,  MQ  for  Mobile  Device  Management  So^ware,  2012  

Mobile Device Management

Windows Phone Blackberry

Nokia Symbian Windows Mobile

Page 13: IBM Endpoint Manager - Executive Overview


Security & Management Challenges §  Potential unauthorized

access (lost, stolen) §  Disabled encryption §  Insecure devices

connecting to network §  Corporate data leakage


•  Mail / Calendar / Contacts •  Access (VPN / WiFi) •  Apps (app store) •  Enterprise Apps


iCloud Sync

iTunes Sync

Encryption not enforced

End User

VPN / WiFi Corporate Network Access

Managing Mobile Devices – The Problem

Page 14: IBM Endpoint Manager - Executive Overview



iCloud Sync

iTunes Sync

End User

VPN / WiFi Corporate Network Access

•  Personal Mail / Calendar •  Personal Apps

Corporate Profile •  Enterprise Mail / Calendar •  Enterprise Access (VPN/WiFi) •  Enterprise Apps (App store or


Secured by BigFix policy

Encryption Enabled

Endpoint Manager for Mobile Devices §  Enable password policies §  Enable device encryption §  Force encrypted backup §  Disable iCloud sync §  Access to corporate email,

apps, VPN, WiFi contingent on policy compliance!

§  Selectively wipe corporate data if employee leaves company

§  Fully wipe if lost or stolen

Managing Mobile Devices – The Solution

Page 15: IBM Endpoint Manager - Executive Overview


What’s New in Endpoint Manager for Mobile Devices

Integration with Enterproid’s Divide container technologies for iOS and Android Web-based administration console for performing basic device management tasks with role-based access control Integration with BlackBerry Enterprise Server for integrated support of BlackBerry v4 – v7 devices Enhanced security with support for FIPS 140-2 encryption and bi-directional encryption of communications with Android agent Additional Samsung SAFE APIs for expanded management and security of SAFE devices SmartCloud Notes & Notes Traveler 9.0 support, including cloud and high-availability versions

IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent feature enhancements without the difficulty of performing upgrades

Page 16: IBM Endpoint Manager - Executive Overview


Implement BYOD With Confidence

•  App container. Deploy, manage, configure, and remove Enterproid Divide containers to separate personal and work environments on iOS and Android devices

•  PIM container. Separate personal and corporate email and prevent sensitive data from being copied into other apps with NitroDesk TouchDown integration

•  Dual-persona OS. Manage BlackBerry 10 devices, which provide a native user experience to personal and work personas

•  Extend BYOD to laptops. IBM Endpoint Manager’s unified device management approach brings together containers, smartphones, tablets, laptops, desktops, and servers under one infrastructure

How do I deal with the business mandate that employees be allowed to "Bring Your Own Device"?

Manage and secure only the apps and data inside the enterprise container, leaving users free to control the personal side of their device with

Enterproid Divide.

Page 17: IBM Endpoint Manager - Executive Overview


Secure Sensitive Data, Regardless of the Device

•  Unified compliance reporting across all devices, including CIS Benchmarks

•  Configure security settings such as password policy, encryption, WiFi, iCloud sync

•  Full wipe, remote lock, map device location, and clear passcode options if device is lost or stolen

•  Blacklist apps and automate alerts, policy response

•  Detect jailbroken / rooted devices to notify users, disable access

•  Integrate with mobile VPN and access management tools to ensure only compliant devices are authorized

How do I ensure the security of mobile devices as they access more and more sensitive systems?

Multiple user communication and alert methods, including Google Cloud Messaging (GCM),

enables users to be part of the security solution.

Page 18: IBM Endpoint Manager - Executive Overview


Minimize Administration Costs

•  Multiple authenticated device enrollment options, including LDAP/AD integration

•  Employee self-service portal to enable employees to protect personal and enterprise data

•  Enterprise app store directs employees to approved apps, includes support for Apple’s Volume Purchase Program (Apple VPP)

•  Integration with IBM Worklight for 1-click transfer of internally-developed mobile apps from dev to production

•  A ‘single device view’ enables IT personnel to easily view device details and take required action

How do I cost-effectively manage the sheer volume of these tiny devices with average replacement rates of 12-18 months?

A flexible enrollment process enables organizations to include a EULA and to collect critical device and

employee data via customizable questions

Page 19: IBM Endpoint Manager - Executive Overview


Apple iOS Google Android

IEM approach for Mobile Device Management

Nokia Symbian Windows Phone

Blackberry Nokia Symbian

Windows Mobile

•  Advanced management on iOS through Apple’s MDM APIs

•  Agent based management / server communication •  iOS •  Android •  Windows Phone

•  Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync)

•  iOS •  Android •  Windows Phone •  Windows Mobile •  Symbian

•  Symbian •  BlackBerry OS 10 •  BlackBerry Playbook

Page 20: IBM Endpoint Manager - Executive Overview


MDM Functionality Overview


Platform Support

Management Actions

Application Management

Policy and Security Management

Location Services

Enterprise Access Management

Endpoint Manager Capabilities

Selective/full wipe, deny email access, remote lock, user notification, clear passcode

Application inventory, enterprise app store, iOS WebClips, whitelisting/blacklisting

Configuration of Email, VPN, Wi-Fi, Authenticated Enrollment, Self Service Portal

Track devices and locate on map

Expense Management Enable/disable voice and data roaming

Cloud Email Device Management Office 365 support

Apple iOS, Google Android, Windows Phone, Blackberry, Symbian, Windows Mobile

Password policies, Samsung SAFE, device encryption, jailbreak/root detection

Containerisation Nitrodesk Touchdown (Android), Enterproid Divide, Red Bend

Page 21: IBM Endpoint Manager - Executive Overview


Fast and cost-effective development, integration and management of rich, cross-platform mobile applications

Client Challenge

Key Capabilities

Using standards-based technologies and tools and delivering an enterprise-grade services layer that meets the needs of mobile employees and customers

Mobile optimised middleware •  Open approach to 3rd-party integration •  Mix native and HTML •  Strong authentication framework •  Encrypted offline availability •  Enterprise back-end connectivity •  Unified push notifications •  Data collection for analytics •  Direct updates and remote disablement •  Packaged runtime skins

Delivering for multiple mobile platforms IBM Worklight

Encrypted cache on-device

•  A mechanism for storing sensitive data on the client side

•  Encrypted - like a security deposit box

Page 22: IBM Endpoint Manager - Executive Overview


Publish applications to your mobile devices directly from Worklight

Endpoint Manager customers can directly import and distribute Worklight-built apps via Enterprise App Store, thereby improving workflow between Development and Operations

Distribute App to Employees

Import into Endpoint Manager App Store 2


Build app in Worklight 1

Page 23: IBM Endpoint Manager - Executive Overview


An Evaluators Guide is available for MDM

Page 24: IBM Endpoint Manager - Executive Overview


IBM’s experience using IBM Endpoint Manager

Before After Patch availability typically 3-14+ days Patch availability within 24 hours

92% compliance within 5 days (ACPM only) 98% within 48 hours

EZUpdate sometimes misses application of patches on required machines

Detected about 35% of participants missing at least one previous patch

Compliance model, completely reliant on user

90% of Windows requirements can be automatically remediated

Exceptions at machine level Exceptions at setting level

IBM gained real-time visibility into endpoints, and automatically remediates issues across over 500,000 endpoints and supports multiple policies based on employee role and data access

Reference -

Page 25: IBM Endpoint Manager - Executive Overview



•  IBM Endpoint Manager enables unified management of all enterprise devices – desktops, laptops, servers, smartphones, and tablets

•  Real-time/proactive endpoint management: Patch

management, anti-virus/malware, power management and device location information

•  Continuous compliance reduces costs and risk •  Power management •  Management of assets

Page 26: IBM Endpoint Manager - Executive Overview


Contacts: [email protected] or @vtdarryl

Top Related