WSO2 Enterprise Mobility Manager (EMM) 2.0

Dilshan Edirisuriya Senior Software Engineer WSO2

Agenda

• Enterprise Mobile Device Management Overview • Key Challenges Faced by Organizations • Need for Mobile Device Management • EMM Architecture and Features • CDMF Architecture and Features • Demo • Platform Features

Enterprise Few Years Back

Employees

Enterprise

Data

Device

Work• Carried out inside a place • Dependent on specific technology • Resources Within the premise Owned by enterprise

Device

Enterprise Now

Enterprise

Device

DataWork• Independent of place • Independent of technology • Resources Within the premise and outside Owned by enterprise and employees

Data

Employees

Challenges

Enterprise

Data

Employees

Device

Data

Employees working out of the office with mobile devices and cloud services to perform business tasks.

Challenge - Data Security

How data can be compromised ? Device being lost or stolen Malicious applications stealing data Data leaks

What is data ? Email message or the attachments Documents like pdf, word, excel, ppt, text files Browser accessing HTML pages with cookies Contacts, calendars and notes Application with databases

Why data is sensitive ? It can be highly confidential like quotation value, salary details etc. It can have a high impact if it goes to the wrong person

Who can compromise ? External Internal

Challenge - Monitor Devices

• What to monitor (location, root check, malicious apps, bandwidth usage etc.)?

• To what extent? • A threat to employee privacy?

Challenge - Enterprise Application Development & Management

Challenge - Legacy Back End System Integrations

• Legacy backends are not mobile friendly. • Adheres to older protocols and standards. • Only compatible with older mobile technologies.

Eg: MIDlets.

Why EMM?

Applications

Documents Emails

Browsers Devices

Enterprise

Data

Employees

Devices

AndroidiOS Windows 8Blackberry

COPECorporate Owned

Personally Enabled

BYODBring Your

Own Device

Phones Tablets Laptops

CYODChoose Your Own Device

Device Ownership

How EMM addresses Data Security

• Device level • Application level

Data Security - Device LevelData Security Enforce Password Policy Encrypt Device Data

Remote Device Management

Monitor Device (location, battery)

Configure device(Email, VPN)

Control Device (Enable/Disable Camera)

Update OS, Install & Uninstall App

Data Security - Application Level

MAM gets you a step closer to managing what you care about MAM brings the perimeter closer to the corporate resources

Data is protected Application can be controlled remotely

MAM Controls Application Behavior

• Encrypt the data at transmit. Eg: Uses app VPN tunnel or app tunnel.

• Encrypt the data at storing & decrypt only when viewing.

• Two factor authentication. • Data Loss Prevention - DLP (disable cut, copy and

paste). • Policy based data control, where policy can be

pushed and updated.

Solution - Enterprise Application Development & Management

Data

COPE BYOD

1

32

4

Data Security

Remote Device Management

Enterprise Store

Decision for CIOs or IT Managers

Allow mobility in my business? Allow employees to use their device ? Allow business partners, distributors to use their device ? Allow them access corporate resources? To what extent?

Risks vs Benefits

risks

benefits

Drafting a BYOD Policy

• What devices are permitted? • Supported features and boundaries for device

types. • Ownership and permissions to applications and

data. • Policy violation criteria and actions. • Employee exit strategy. • Prompt for approval.

Enterprise Mobility Manager

Key Components

• Connected Device Management Framework (CDMF)

• Mobile Device Management (MDM) • Mobile Application Management (MAM)

Connected Device Management Framework

Connected Device Management Framework (CDMF) Cont.

• Device Management • Operation Management • Application Management • Policy Management • Compliance Monitoring • Configuration Management • License Management

Connected Device Management Framework (CDMF) Cont.

• API Management • Certificate Management • Identity Extensions • Web Application Authenticators • Notifications • User Management • Permissions

Connected Device Management Framework (CDMF) Cont.

Devices

Operations

ApplicationsPolicies

Monitoring

Configurations

Licenses

API Management

Certificate Management

Identity Extensions

Authenticators

Notifications

Permissions

Enterprise Mobility Manager Architecture

Notification Method - MDM Push

Notification Method - Local

Notification Method - App Push & Silent

Mobile Device Management Features

• Self-service device enrollment and management with end-user EMM Console for iOS, Android and Windows devices.

• Integrates to enterprise identity systems for device ownership: LDAP, Microsoft AD

• Policy-driven device and profile management for security, data, and device features (Camera, Password Policy)

• Deploy policies over-the-air (OTA).

Mobile Device Management Features

• Compliance monitoring for applied policies on devices.

• Role-based access control (RBAC) for device management.

• Securely wipe enterprise configurations from Enterprise wipe.

• Track locations of enrolled devices. • Retrieve device information.

Mobile Device Management Features

• Facilitate device-owner operations such as registering and unregistering devices, installing, rating, sorting mobile apps, etc.

Mobile App Management

• Supports App management. • App approval process through a lifecycle. • Provision and deprovisioning apps to enrolled

devices. • Provision apps to enrolled devices based on

roles. • Provision apps to multiple enrolled devices per

user.

Mobile App Management

• Retrieve list of apps. • Install new apps and update existing apps on iOS

devices via REST APIs, enabling automation of application installation/updates for third party systems/vendors.

• Install Web Clips on devices. • Enterprise App Store. • Discover mobile apps through an Enterprise App

Store.

Mobile App Management

• Self-provisioning of mobile apps to devices. • Rating and Sorting Applications.

Device and Data Security

• Multi-tenancy to ensure data isolation across all tenants.

• Enforce built-in security features of passcode and encryption.

• Encryption of data storage. • Device lock and reset. • Managed APIs to perform administrative functions. • Ring and GPS to locate device remotely if lost/stolen.

Demo

Email configurations

<EMM_HOME>/repository/conf/axis2/axis2.xml

<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.from">cdm.wso2@gmail.com</parameter> <parameter name="mail.smtp.user">cdm.wso2@gmail.com</parameter> <parameter name="mail.smtp.password">wso21234</parameter> <parameter name="mail.smtp.host">smtp.gmail.com</parameter>

<parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> </transportSender>

Change config.json file

• <EMM_HOME>/repository/deployment/server/jaggeryapps/emm-web-agent/config

• <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config

Change cdm-config.xml file

• Change LBHostPortPrefix in <EMM_HOME>/repository/conf

Enroll Email

Dear Dilshan, You have been registered to WSO2 MDM with following credentials. Domain: Username: dilshan Password: LbmS82 Below is the link to enroll. https://192.168.1.5:9443/emm-web-agent/enrollment Best Regards, WSO2 MDM Team. http://www.wso2.com

Platform Features

iOS Features

• Self-service device enrollment and management with end-user EMM Console via iOS Agent or Web interface for versions up to iOS 9 SDK.

• Facilitate remote notifications via Apple Push Notification Service (APNS).

• Support for iOS 9. • Device Tracking. • Configuring cellular network settings. • Device profile management.

iOS Features

• Retrieving device info. • Device lock • Restricting device operations. • Automatic WiFi configuration. • Set up AirPlay • Set up restrictions • Enterprise WIPE • Set up APN

iOS Features

• Setup LDAP. • Setup email accounts. • Set up CalDav • Calendar subscription • Passcode policy • Clear passcode • App installation and update • Retrieve app list

iOS Features

• Web clip installation • Supports App management • Setup email accounts

Android Features

• Self-service device enrollment and management with end-user EMM Console via Android Agent (Android 4.0.3 Ice Cream Sandwich MR1 up to 5.0 Lollipop).

• Supports App management. • App policy compliance monitoring. • Device location tracking. • Retrieving device info. • Changing lock code.

Android Features

• Restricting Camera. • OTA WiFi configuration. • Enterprise WIPE. • Configuring encryption settings. • Passcode policy configuration and clear passcode policy. • Device master reset • Mute device • Ring device

Android Features

• Send messages to the device. • Install/uninstall store and enterprise

applications. • Retrieve apps installed on the device. • Install web clips on the device. • Support GCM/LOCAL connectivity modes.

Windows Features

• Self-service device enrollment and management with end-user EMM Console via Workplace (Windows 8.1).

• Passcode policy • Restriction on camera. • Encryption settings • Retrieve device info. • Device Lock and Lock Reset • Ring device • Data Wipe

GitHub Repositories

• Connected Device Management Framework https://github.com/wso2/carbon-device-mgt

• Device management plugins https://github.com/wso2/carbon-device-mgt-plugins

• Enterprise Mobility Manager https://github.com/wso2/product-mdm

Questions?

Thank You