Download - Mobile Device Management
What is MDM?
• Automation● User configuration● Administration
• Standardization
• Remote Support● OTA (Over-the-air)
Agenda
• Enterprise Mobility Status
• Enterprise Challenges● Security● Management● Applications
• Mobile Device Management Approaches
• Mobile Device Management Technologies
But just what is mobility ?But just what is mobility ?Devices:
• Mobility = Mobile phones?• Mobility = Smart phones?• Mobility = PDAs ?
Wireless:• Mobility = Wireless LANs?• Mobility = GSM/GPRS?
Applications:• Mobility = Form-factor adaptation?• Mobility = Synchronisation?
Mobility on the rise!YO
Y
% s
hip
pin
g g
row
th
35
30
25
20
15
10
5
0
2006-2010Source: Gartner Dataquest, and IDC 2006
18.6%Mobile PCs
34.1%ConvergedMobile Phones
5.8%Mobile Phones
3.9%Desktop PCs
245 Million converged devices by 2010•140 Million Windows Mobile devices•Over 3 Billion mobile subscriptions
Status of Mobility
• Components Maturing● Exponential growth in mobile devices● Near-ubiquitous wireless access● Application mobilization accelerating
• Hype transforming into stealth
• Enterprise adoption● Organic● Consumer-driven
7 HP Confidential
What customers typically want from mobility
- Animated (0)
Legacy Legacy
Forms WorkflowSheets
Mobile Business Applications•Industry specific applications (i.e. Mobile construction workforce…)
•Field Sales Automation (SFA) •Field Force Automation (FFA)
•Paperless Forms (Police Force…)•Proof of Delivery (Transport)
•Field Service Bundle•Work Order Mgmt
•Parts & Inventory tracking•Expense Management
•Asset / Property Management•Merchandizing / FMCG Sales
•Healthcare, Public safety•Inspections, Data Capture
•Unified Communications – Fixed Mobile Convergence
•Mobile office (Mail, PIM, Calendar) (Baseline)•Mobile device management (Baseline)
•Mobile Device security (Optional)•Shared Mobile Device Management (Baseline)
•Shared MDM Device security (Optional)•End 2 End security (authentication, encryption, protection…)
Mobile Business Applications•Industry specific applications (i.e. Mobile construction workforce…)
•Field Sales Automation (SFA) •Field Force Automation (FFA)
•Paperless Forms (Police Force…)•Proof of Delivery (Transport)
•Field Service Bundle•Work Order Mgmt
•Parts & Inventory tracking•Expense Management
•Asset / Property Management•Merchandizing / FMCG Sales
•Healthcare, Public safety•Inspections, Data Capture
•Unified Communications – Fixed Mobile Convergence
•Mobile office (Mail, PIM, Calendar) (Baseline)•Mobile device management (Baseline)
•Mobile Device security (Optional)•Shared Mobile Device Management (Baseline)
•Shared MDM Device security (Optional)•End 2 End security (authentication, encryption, protection…)
Messaging
Mobility: Challenges
Mobile Content ProtectionAccess Control Solutions
• Native Pocket PC
• Biometric Authentication
• HP ProtectTools
• Pointsec
• Credant
• TrustDigital
• Utimaco
• Bluefire
Bluetooth securityIn
WLAN security• Rogue Access Points
• Decoy Access points
• WPA-Personal
• WPA-Enterprise
April 10, 2023 12
Why MDM?
• Security: Ensure integrity of configuration
• Higher ease-of-use
• Deploying line-of-business applications
• Lower TCO
Reduction in Total Cost of Ownership
Cost per User per Year
MDM Benefit
Device Cost $250 8% Amortized over 2 years
Connectivity data
$900 30%
Connectivity voice
$800 27%
Backend/Ops
$504 17% -30% -$151 Setup & operate backend mobile application, change requests
Service Management
$192 6% -40% -$77 Setup users, connectivity, user management, change requests
User Support
$312 11% -30% -$94
$2958 100% -11% -$322
Cost reduction per user per year with MDM $322Net Reduction in TCO 11%Net Reduction in Annual Device Management Costs 32%
Source: HP & Gartner
April 10, 2023 14
Customer MDM Maturity Levels• Infancy
● Inventory collection● Basic software updates
• Adolescence● Software Updates● Configuration Control● Device Security Enforcement
• Mature● Data publication and synchronization● Multi-platform support● Policy driven application install and update● “OTA” startup and maintenance● Extension of Desktop Management **
April 10, 2023 15
Different MDM Approaches• Extension of Desktop Environment
● Altiris● Microsoft SMS● HP Client Automation
• Comprehensive Solution Suite● Exchange 2007● Good
• Enterprise MDM Focused● iAnywhere Afaria● HP Enterprise Mobility Suite● Microsoft System Center Mobile Device Manager
• Carrier MDM
● Intellisync● RIM Blackberry
OMA DM Standard• Device Management protocol:
● Defined by the Open Mobile Alliance (OMA) group● Current specification : 1.2 – April 2006● Based on SyncML● Conceived for Carrier MDM
• Designed for management of mobile devices● Device Provisioning (1st time use)● Device configuration – Enabling/Disabling features● Software distribution
– Firmware upgrade over the air (FOTA)» Firmware Update Management Object (FUMO)
– Applications deployment on devices– Software upgrades
● Fault Management: report/ query status
HP MDM Logical Topology
April 10, 2023 17
Domain Licensing site
VPN orProxy orFirewall
hole
MDM Server(s) (i.e Afaria)
Authentication
Internet viaWireless Wan or Wireless
LAN Networks
Customer Enterprise Network
Neutral Zone(DMZ)
Internal WLAN or Cradle
April 10, 2023 18
Scalability: Replication & Server Farms
GEO 2 CLUSTER
MASTERTESTDEV
GEO 1 CLUSTER
•Server Farms provide scalable capacity•Replication provides a logical master server, with many physical instances•Replication also facilitates division of ownership of functions; Multiple owners can maintain portions of the total server (eg. IT owns base configuration; Business Units own their applications & data.)
Device Management Technologies• Afaria
● XcelleNet, Sybase, and now iAnywhere● Mobile Device Management and Mobile Security Solution● Historically market leader in Managed Mobility Solutions
• HP Enterprise Mobile Suite (EMS)● Formerly Bitfone● OMA-DM interoperable● Heterogeneous (multi-platform) device set● Integration with OVCM (OpenView Configuration Manager)
• Microsoft SCMDM● Compliant with OMA DM● Mobile Device Management solution (System Center family)● Based on Windows infrastructure: AD – SQL ● Windows Mobile 6.1 devices only
April 10, 2023 20
Afaria Mobile Clients
Windows LaptopsJavaWinCE/Pocket PCPalmBlackberrySymbian
Console Highlights
Web AdministrationSNMP Alerts ConsoleStatus and Event Logs
ESM IntegrationEnterprise Integration Microsoft SMS Software & Inventory
Management Capabilities
Inventory ManagementSoftware and Application DeploymentDocument and Content ManagementProcess AutomationData Backup and RecoveryConfiguration Management
Web Server
ConnectivityTCP/IPWireless WWANHTTP, HTTPS, ISADial-upLAN or WLAN
Mobile Optimizations
CompressionCheck-Point RestartByte Level DifferencingSegmented File DeliveryOpportunistic ExecutionSafe File TransferEncryption
Afaria Server Features
MS NT 4.0/2000/2003Unlimited ClientsHighly ScalableDevice and Data SecurityLDAP & NT Domain User
AuthenticationChannel Replication
iAnywhere Afaria
April 10, 2023 21
Inventory
April 10, 2023 22
Server “Channels”
April 10, 2023 23
Channel Sets
April 10, 2023 24
Script Commands
SMS
TCP/IP
WW Wireless Operator Networks
HP Enterprise Devices
SMS
TCP/IP
HP Enterprise Mobility Suite
HP Worldwide Hosting Facilities
Enterprise
HTTPS
Internet
HTTPS
• Device Support• S/W Maintenance• WW Network Support
FusionDM for Enterprise
• Device Troubleshooting• Device Security• Policy Mgmt• Asset Mgmt• IT Dash Board
• Exchange®• Domino®• Groupwise®
• Corporate Directory• Active Directory ®
• Intranet• CRM• Application Portal
Existing IT Systems
HTTPS
FOR ENTERPRISE
Leading OEM Device Manufacturers
Self Care Driven
Use Case: Set Up My Device
• Out-of-the-box device setup• Employee Joe purchases a new device
● Logs into the Enterprise Self Care portal● Enters his phone number● Selects setup my device
• Joe’s email, ActiveSync, and corporate WiFi settings are automatically configured on the device
• Automated OTA Delivery Without Cradle
• Simple One Click Trigger for Setting Up New Device
• Minutes to Fully Configured, Ready-to-Use Device
Use Case: Diagnose My Device
• Device Diagnostics• Joe’s email is not working
● Selects diagnose my device● Problem is automatically displayed
• Activesync settings are incorrect● Selects the checkbox & presses go
• Joe’s ActiveSync settings are corrected and he is receiving his email
• Instantly Validate All Device Settings• Automatically Detect Device Faults• OTA Push Fixes to Address Root
Causes
Use Case: Update Software
• Joe needs the new VPN client● Selects Update Software● Device inventory is remotely● List of required applications are
displayed● Selects the checkbox for VPN & presses
go
• VPN application is automatically installed
• Instantly distribute corporate tools and applications and their updates OTA
• Collect S/W Inventory of Device Fleet• Detect and Remove Unauthorized S/W
Use Case: Device Security
• Joe loses his device on a business trip
● Logs into the web-based application● Selects Lock & Wipe device● Remotely locks his device
• Corporate data is secure until the device is recovered
• Remotely Lock Compromised Devices
• Wipe All User Data OTA• Unlock Recovered Devices
Microsoft SCMDM
Security Security ManagementManagement
Active Directory Domain Join Policy enforcementusing Active Directory/Group Policy targeting (>125 policies)Communications and camera disablement*Application blacklisting and whitelisting File encryption Remote wipe
Device Device ManagementManagementFull OTA provisioning and bootstrapping OTA Software distribution based on WSUS 3.0Inventory SQL Server 2005 based reporting capabilities Role based administration MMC snap-ins and Powershell cmndletsOMA-DM compliant
MobileMobileVPNVPN
Machine authentication and “double envelope security”Session PersistenceFast ReconnectInternetwork roamingStandards based (IKEv2, MobIKE, IPsec tunnel mode)
Management WorkloadDeployment: inside firewall
Network Access WorkloadDeployment: in DMZ
Security Management BenefitsSCMDM extends Active Directory/Group Policy to Windows Mobile•AD is the most widely deployed enterprise network directory worldwide
● 80% + penetration in the U.S.● 55% + penetration in
G7 countries overall
•AD- GP is widely used by IT to configure policies for their desktops, laptops and servers
● Over 90% of Active Directory customers use Group Policy
•Over 130+ configuration settings for Windows Mobile can now be managed through Group Policy including control of Bluetooth, WIFI, SMS/MMS, IR, Camera, and POP/IMAP•Extensible architecture
Device Management Benefits• Enterprise-wide OTA software distribution
● Leverages Windows Software Update Service (WSUS) 3.0 • Most widely deployed Windows software update solution across organizations of all size
(60%+ penetration)
• Rich targeting and packaging capabilities required by IT departments
• Rich Inventory and Reporting● Robust hardware
and software inventory capabilities
● SQL Server 2005-based reporting infrastructure• Highly flexible
• Customizable
Allows end-to-end securityHeadless gateway deployed in the DMZPrivacy compliance
Security
Use best available channelAdapt to network to minimize keep alive traffic (goal)
Efficiency
Transparent to mobile application Transparent to LOB services
Extensible
Always connectedAllows pushed technology
Reliability
Minimum user configurationTransparent to user and to applications
Simplicity
Secured Corporate Data Access• Enables secure behind-the-firewall access to the corporate network and applications
● Any intranet data! (SAP, Siebel, intranet sites, SQL, etc)
• Aligns with existing remote access model for desktops/laptops and scales to a broad set of scenarios
● Thin and rich client apps
DMZDMZ
Internal Corporate SiteInternal Corporate SiteDomain ControllerDomain Controller
Mob
ile V
PN
Mob
ile V
PN
Mobile VPN
Mobile VPN
Mobile Operators Cellular DataMobile Operators Cellular DataConnectionConnection
Internet
WiFi ConnectionWiFi Connection
Mobile VPN GatewayMobile VPN Gateway
Corporate Internal FirewallCorporate Internal Firewall
Controlled access to InternalControlled access to Internalcorporate resources from thecorporate resources from themobile devices connected viamobile devices connected via
Mobile VPNMobile VPN
Corporate External FirewallCorporate External Firewall
Summary
• Rapid acceleration of Mobility• Enterprise obstacles: Manageability &
Security• Multiple Mobile Device Management options• Enterprise requirements will determine
optimal choice● Platform standardization● VPN capabilities and LOB applications● OMA-DM
Questions?
Contact me at: [email protected]
Your Feedback is Important
Please fill out a session evaluation form and either put them in the basket near
the exit or drop them off at the conference registration desk.
Thank you!