microsoft system center mobile device manager 2008 sp1...
TRANSCRIPT
Jim TsuiSenior Solutions ManagerMicrosoft CorporationWMB203
Customer Priorities
Key BDM Priorities
Key IT Priorities Key End User Priorities
Platform on which to build, deploy, and manage apps
End user productivity
Scalable and reliable procurement
Minimize support and TCO
“I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers.”
Director of business group for major manufacturer
Secure data
Secure network access
Manageable, scalable
Standards Based
Integrate with existing IT infrastructure
Training and support
Anytime access to corporate info
Dependable
Superior productivity including unified communications
“Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework.”
VP of IT for largeWall Street bank
“Provide me with always available access to the people, information and applications I need even when I am on the go”
Sales Manager at global pharmaceutical firm
System Center Mobile Device Manager
Helps IT Pros manage Windows MobileSmartphones in the same way as laptops and PCs
Manages security, policy, and applications for Windows Mobile phones
Provides increased access to Corporate data, applications, and servicesthrough a single point and your firewalls
Core Feature Areas
Security Management
Device Management
NetworkAccess
System Center Mobile Device Manager enables Windows Mobile phones
to be deployed and managed (device and security) like PCs and laptops in
the IT infrastructure, providing network access to corporate data
Security Management Benefits
Windows Active Directoryuser and device memberships
AD based Group Policy targeting
130+ manageable configuration settings (Bluetooth, Wi-Fi, SMS/MMS, IR,Camera, mail, etc.)
Extensible for customer apps through custom ADM templates
Device File Encryption
Remote Device Wipe
Security Management
Device Management BenefitsEnterprise Software Distribution OTAUsing Windows Software Update Service (WSUS) 3.0
Rich inventory and reportingRobust hardware and software inventory capabilities SQL Reporting infrastructure
Device Provisioning OTA
Familiar Management ToolsMMC Snap-InsWindows PowerShellADGP, WSUS
Device Management
Role Based Administration
Allows end-to-end securityHeadless gateway deployed in the DMZStandards based (IKEv2, IPSEC tunnel)
Mobile VPN Benefits
Use best available channelAdapt, minimize keep alive trafficFast Reconnect, Session Persistence
Transparent to mobile application Transparent to LOB services
Always connectedAllows pushed technology
Minimum user configurationTransparent to user and to applications
Security
Efficiency
Extensible
Reliability
Simplicity
NetworkAccess
MDM SP1 Feature Updates
Multiple Instances
More than one instance of MDM within the same AD Forest
Enrollment Auto Discovery
Windows Server Infrastructure
Supports deployment of more than 30,000 devices within a single forest
Enrollment server matches the user with the correct MDM instance
SP1 will run within Windows Server 2008 AD Domain and CA Services
Support for Hyper-V hosting MDM server roles on Windows Server 2003
Performance and Scalability
More!
Self Service Portal Software Package CAB Signing Wizard
Device PIN Recovery Self Service Portal
Perimeter
MDM Deployment Topology
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
HTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
The Enrollment Server
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
HTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Enrollment Server
Location
Intranet based (domain joined server/service)
Purpose
Other
Manage the process flow of enrollment
Create domain objects
Create certificates
Supply provisioning instructions
Best practice: protected by a Proxy (e.g., ISA)
Can co-exist on DM Server in integrated implementation
Public DNS
The Enrollment Process
Firewall Enrollment Server
Active Directory
CertificationAuthority
Negotiate SSL Root
Submit Cert Request
Receive Cert
Create Acct.
Issue Cert
Discovery
SCMDM Device Enrollment
The Mobile VPN Gateway
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
HTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Mobile VPN Server
Location
Corporate DMZ (remotely managed)
Purpose
Other
Enables access to corporate data and LOB resources
Assigns a stable internal IP address for the device
Authenticates incoming connections for authorized devices
Negotiates keys to encrypt traffic over the Internet
Standards Based (IPSec Tunnel Mode, MobIKE, IKEv2)
Enables fast resume/reconnect features for devices and applications
VPN Scenario: LOB Application
FW
FW
ProxyISA
LOB 2
LOB 1
Double envelope security
User Authentications:1) Certificate2) NTLM v23) Basic
Kerberos delegation
Accessing Corporate Applications
Device Management Server
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
HTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Device Management Server
Location
Intranet based (domain joined server/service)
Multi-Purposed
Other
Primary administration and management point for all managed devices
Group Policy management, device software distribution, and device data wipes
Application allow/deny; Inventory and Reporting
Proxies information and commands between core Windows Servers (AD/CA) and devices
OMA-DM compliant
MDM DMServer
Group Policy
OMA Proxy Engine
SYSVOL
Group Policy Driver
Group Policy Editor
GPMC
Windows Mobile Device
MDM DB
Software Distribution
DM ServerGW Server
21
1. The device is connected to the GW Server
2. The device connects to the DM Server
3. The DM Server obtains the OMA DM commands for the device
4. The DM Server offers the software packages applicable to the device;The device downloads and automatically installs the software packages
5. The device reports the result of the installation of software packagesto the DM Server
3
4 45 5
Creating a SCMDM Software PackageSCMDM Software Distribution
Device Management Server Console
IT Infrastructure Details
RequiredWindows Server2003 SP2 64 bit
SQL Server 2005
Windows 2003/2008 Active Directory
Microsoft CA
Group Policy
Windows Mobile 6.x
OptionalExchange Server
System Center Operation Manager
Systems Center Configuration Manager
ISA Server
MDM Foundations – Familiarity and Stability
Microsoft Systems Infrastructure
Tools
Windows Server
Windows Mobile Smartphones
IIS & SQL
SQL Server Reporting Services
Certificate Services
Active Directory
SSL and IKE
WSUS
MMC
ADGP and RSoP
Group Policy Editor
Windows Mobile SDK
Interoperability
ISA Server
Exchange Server
Office SharePoint Server
Office Communications Server
Which Solution fits my Needs?
Security
Management
Device
Management
MobileVPN
SCCM 2007 SCMDM 2008Scenarios
SCCM2007 SCMDM
2008
Platforms WM 2003 to 6.x CE 4.2/5.0 WM 6.x
Exch 2007 SP1
Exchange 2007 SP1
EAS Licensees
System Center Evolution
ConfigMgr v.Next
• Retain MDM & ConfigMgr 07 DM Scenarios
• Windows Mobile and CE device mgt (based on device capability)
• For desktop, laptop, and Windows Mobile devices:
• ‘Single pane of glass’ admin
• Unified infrastructure
• Migration path for both products
MDM 2008 SP1Comprehensive Windows Mobile 6.x device management, enabling IT control for security, management and access.
ConfigMgr 2007Delivers proven, robust capabilities for managing your IT systems including your desktop, laptop, server, and mobile devices.
Roadmap Summary
MDM 2008 is a complete mobile solution
Great for new device rollouts where mobile applicationspolicies, and corporate network access are vital
System Center Configuration Manager 2007
Both Products are capable and adoption ready
Both Products have a roadmap toward SCCM v.Next to meet your device management needs
Great single point of management for both desktopsand Windows Mobile devices
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Related Content
Breakout Sessions
WMB202 Windows Mobile 6.5 Check out the recorded session!
WMB201 New in Mobile Messaging: Outlook Mobile and Office Communicator
Track ResourcesMDM home pagehttp://www.microsoft.com/systemcenter/mobile/default.mspx
Windows Mobile Deviceshttp://www.microsoft.com/windowsmobile/mobiledevicemanager/devices.mspx
MDM TechCenterhttp://technet.microsoft.com/en-us/scmdm/default.aspx
Trial Softwarehttp://technet.microsoft.com/en-us/scmdm/bb986596.aspx
Resource Kit Toolshttp://technet.microsoft.com/en-us/scmdm/cc304591.aspx
TechNet MDM Forumhttp://forums.technet.microsoft.com/en-US/SCMDM/threads/
Windows Mobile® ResourcesTechNet TechCenter – System Center Mobile Device Manager 2008http://technet.microsoft.com/scmdm
TechNet TechCenter – Windows Mobile http://technet.microsoft.com/windowsmobile
MSDN Center – Windows Mobilehttp://msdn.microsoft.com/windowsmobile
Webcasts and Podcasts for IT – Windows Mobilehttp://www.microsoft.com/events/series/msecmobility.aspx
General Information – Windows Mobilehttp://www.windowsmobile.com
General Information – System Center Mobile Device Manager 2008http://www.windowsmobile.com/mobiledevicemanager
Windows Marketplace Developer Portalhttp://developer.windowsmobile.com
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.