Jim TsuiSenior Solutions ManagerMicrosoft CorporationWMB203

Customer Priorities

Key BDM Priorities

Key IT Priorities Key End User Priorities

Platform on which to build, deploy, and manage apps

End user productivity

Scalable and reliable procurement

Minimize support and TCO

“I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers.”

Director of business group for major manufacturer

Secure data

Secure network access

Manageable, scalable

Standards Based

Integrate with existing IT infrastructure

Training and support

Anytime access to corporate info

Dependable

Superior productivity including unified communications

“Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework.”

VP of IT for largeWall Street bank

“Provide me with always available access to the people, information and applications I need even when I am on the go”

Sales Manager at global pharmaceutical firm

System Center Mobile Device Manager

Helps IT Pros manage Windows MobileSmartphones in the same way as laptops and PCs

Manages security, policy, and applications for Windows Mobile phones

Provides increased access to Corporate data, applications, and servicesthrough a single point and your firewalls

Core Feature Areas

Security Management

Device Management

NetworkAccess

System Center Mobile Device Manager enables Windows Mobile phones

to be deployed and managed (device and security) like PCs and laptops in

the IT infrastructure, providing network access to corporate data

Security Management Benefits

Windows Active Directoryuser and device memberships

AD based Group Policy targeting

130+ manageable configuration settings (Bluetooth, Wi-Fi, SMS/MMS, IR,Camera, mail, etc.)

Extensible for customer apps through custom ADM templates

Device File Encryption

Remote Device Wipe

Security Management

Device Management BenefitsEnterprise Software Distribution OTAUsing Windows Software Update Service (WSUS) 3.0

Rich inventory and reportingRobust hardware and software inventory capabilities SQL Reporting infrastructure

Device Provisioning OTA

Familiar Management ToolsMMC Snap-InsWindows PowerShellADGP, WSUS

Device Management

Role Based Administration

Allows end-to-end securityHeadless gateway deployed in the DMZStandards based (IKEv2, IPSEC tunnel)

Mobile VPN Benefits

Use best available channelAdapt, minimize keep alive trafficFast Reconnect, Session Persistence

Transparent to mobile application Transparent to LOB services

Always connectedAllows pushed technology

Minimum user configurationTransparent to user and to applications

Security

Efficiency

Extensible

Reliability

Simplicity

NetworkAccess

MDM SP1 Feature Updates

Multiple Instances

More than one instance of MDM within the same AD Forest

Enrollment Auto Discovery

Windows Server Infrastructure

Supports deployment of more than 30,000 devices within a single forest

Enrollment server matches the user with the correct MDM instance

SP1 will run within Windows Server 2008 AD Domain and CA Services

Support for Hyper-V hosting MDM server roles on Windows Server 2003

Performance and Scalability

More!

Self Service Portal Software Package CAB Signing Wizard

Device PIN Recovery Self Service Portal

Perimeter

MDM Deployment Topology

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

HTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

The Enrollment Server

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

HTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Enrollment Server

Location

Intranet based (domain joined server/service)

Purpose

Other

Manage the process flow of enrollment

Create domain objects

Create certificates

Supply provisioning instructions

Best practice: protected by a Proxy (e.g., ISA)

Can co-exist on DM Server in integrated implementation

Public DNS

The Enrollment Process

Firewall Enrollment Server

Active Directory

CertificationAuthority

Negotiate SSL Root

Submit Cert Request

Receive Cert

Create Acct.

Issue Cert

Discovery

SCMDM Device Enrollment

The Mobile VPN Gateway

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

HTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Mobile VPN Server

Location

Corporate DMZ (remotely managed)

Purpose

Other

Enables access to corporate data and LOB resources

Assigns a stable internal IP address for the device

Authenticates incoming connections for authorized devices

Negotiates keys to encrypt traffic over the Internet

Standards Based (IPSec Tunnel Mode, MobIKE, IKEv2)

Enables fast resume/reconnect features for devices and applications

VPN Scenario: LOB Application

FW

FW

ProxyISA

LOB 2

LOB 1

Double envelope security

User Authentications:1) Certificate2) NTLM v23) Basic

Kerberos delegation

Accessing Corporate Applications

Device Management Server

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

HTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Device Management Server

Location

Intranet based (domain joined server/service)

Multi-Purposed

Other

Primary administration and management point for all managed devices

Group Policy management, device software distribution, and device data wipes

Application allow/deny; Inventory and Reporting

Proxies information and commands between core Windows Servers (AD/CA) and devices

OMA-DM compliant

MDM DMServer

Group Policy

OMA Proxy Engine

SYSVOL

Group Policy Driver

Group Policy Editor

GPMC

Windows Mobile Device

MDM DB

Software Distribution

DM ServerGW Server

21

1. The device is connected to the GW Server

2. The device connects to the DM Server

3. The DM Server obtains the OMA DM commands for the device

4. The DM Server offers the software packages applicable to the device;The device downloads and automatically installs the software packages

5. The device reports the result of the installation of software packagesto the DM Server

3

4 45 5

Creating a SCMDM Software PackageSCMDM Software Distribution

Device Management Server Console

IT Infrastructure Details

RequiredWindows Server2003 SP2 64 bit

SQL Server 2005

Windows 2003/2008 Active Directory

Microsoft CA

Group Policy

Windows Mobile 6.x

OptionalExchange Server

System Center Operation Manager

Systems Center Configuration Manager

ISA Server

MDM Foundations – Familiarity and Stability

Microsoft Systems Infrastructure

Tools

Windows Server

Windows Mobile Smartphones

IIS & SQL

SQL Server Reporting Services

Certificate Services

Active Directory

SSL and IKE

WSUS

MMC

ADGP and RSoP

Group Policy Editor

Windows Mobile SDK

Interoperability

ISA Server

Exchange Server

Office SharePoint Server

Office Communications Server

Which Solution fits my Needs?

Security

Management

Device

Management

MobileVPN

SCCM 2007 SCMDM 2008Scenarios

SCCM2007 SCMDM

2008

Platforms WM 2003 to 6.x CE 4.2/5.0 WM 6.x

Exch 2007 SP1

Exchange 2007 SP1

EAS Licensees

System Center Evolution

ConfigMgr v.Next

• Retain MDM & ConfigMgr 07 DM Scenarios

• Windows Mobile and CE device mgt (based on device capability)

• For desktop, laptop, and Windows Mobile devices:

• ‘Single pane of glass’ admin

• Unified infrastructure

• Migration path for both products

MDM 2008 SP1Comprehensive Windows Mobile 6.x device management, enabling IT control for security, management and access.

ConfigMgr 2007Delivers proven, robust capabilities for managing your IT systems including your desktop, laptop, server, and mobile devices.

Roadmap Summary

MDM 2008 is a complete mobile solution

Great for new device rollouts where mobile applicationspolicies, and corporate network access are vital

System Center Configuration Manager 2007

Both Products are capable and adoption ready

Both Products have a roadmap toward SCCM v.Next to meet your device management needs

Great single point of management for both desktopsand Windows Mobile devices

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Related Content

Breakout Sessions

WMB202 Windows Mobile 6.5 Check out the recorded session!

WMB201 New in Mobile Messaging: Outlook Mobile and Office Communicator

Track ResourcesMDM home pagehttp://www.microsoft.com/systemcenter/mobile/default.mspx

Windows Mobile Deviceshttp://www.microsoft.com/windowsmobile/mobiledevicemanager/devices.mspx

MDM TechCenterhttp://technet.microsoft.com/en-us/scmdm/default.aspx

Trial Softwarehttp://technet.microsoft.com/en-us/scmdm/bb986596.aspx

Resource Kit Toolshttp://technet.microsoft.com/en-us/scmdm/cc304591.aspx

TechNet MDM Forumhttp://forums.technet.microsoft.com/en-US/SCMDM/threads/

Windows Mobile® ResourcesTechNet TechCenter – System Center Mobile Device Manager 2008http://technet.microsoft.com/scmdm

TechNet TechCenter – Windows Mobile http://technet.microsoft.com/windowsmobile

MSDN Center – Windows Mobilehttp://msdn.microsoft.com/windowsmobile

Webcasts and Podcasts for IT – Windows Mobilehttp://www.microsoft.com/events/series/msecmobility.aspx

General Information – Windows Mobilehttp://www.windowsmobile.com

General Information – System Center Mobile Device Manager 2008http://www.windowsmobile.com/mobiledevicemanager

Windows Marketplace Developer Portalhttp://developer.windowsmobile.com

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.