IBM Endpoint Manager - Executive Overview

2,419 views
2,203 views

Published on

An executive overview of IBM Endpoint Manager (IEM)

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,419
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
180
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Most enterprise networks are highly distributed.  Users are connecting to your HQ site from across the Internet, while on the road, and also from remote offices – which makes security and systems management extremely challenging.  Additionally, most enterprise networks have bandwidth constraints – over wireless, shared MPLS, satellite links, etc - which makes pushing fat software packages and security patches over these latency-prone links a huge burden for the IT organization.  Moreover, many of these devices are intermittently connected – particularly those roaming laptops – which makes validating and updating their configuration virtually impossible. Finally, most enterprises have many different types of servers, desktops, laptops and handheld devices, making cross-platform support a must for any security and systems management solution.Unlike alternative solutions, BigFix was purpose-built to work efficiently within these types of environments.  As you can see from the diagram, BigFix Agents can be deployed on all types of devices, whether those are running Windows, Windows Mobile, different flavors of UNIX, Linux and Mac.  The BigFix Agent is the “brains” of the BigFix Unified Management Platform and continuously assesses the state of the endpoint against policy, whether connected to the network or not.  As soon as it notices that an endpoint is out of compliance with a policy or checklist, it informs the BigFix server and executes the configured remediation strategy, and immediately notifies the BigFix Server of task status (completed, in process, not completed).The BigFix Server manages policy content – delivered in messages called “BigFixFixlets” and updated continuously via the BigFix Content Delivery cloud-based service – and enables the BigFix Operator to maintain real-time visibility and control over all devices in the environment – including instantaneous discovery of devices that aren’t managed by BigFix.  Because most of the analysis, processing and enforcement work is done by the BigFix Agent rather than the Server, ONE BigFix Server can support more than 200K endpoints, enabling customers to make the most of their security and systems management investment.  Whatever specific BigFix solution a customer uses – whether it’s endpoint protection, systems lifecycle management or security configuration and vulnerability management – it’s delivered via a single management console view. Additionally, new services can be provisioned and delivered via the BigFix Content Delivery cloud with no additional hardware or software installations or network changes.Deployment is straightforward, and is typically completed within hours or days. Agents can automatically be installed within minutes, without disrupting end-users.   Additionally, most customers deploy BigFix Relays to help manage distributed devices and policy content and as you can see in the diagram – an existing workstation can be leveraged for this purpose.  Promoting an Agent to a Relay takes minutes and doesn’t require dedicated hardware or network configuration changes.   It’s entirely up to the customer how many Relays to deploy and where they’d like to place them; however, we can certainly make recommendations based on business and technical considerations.  In addition to caching patches and other software updates close to end user devices, BigFix Relays manage the bandwidth used by BigFix to ensure that systems and security management tasks don’t consume all available network bandwidth.To a world accustomed to multiple, fragmented technologies and point solutions, BigFix offers an alternative: the industry’s only single-console, single-agent platform that addresses operations, security and compliance initiatives in real-time and at global scale.
  • Penn State Presentation on IEM and managing Macs - http://bit.ly/1aGrW3S and http://bit.ly/17hvmV6
  • IBM Endpoint Manager - Executive Overview

    1. 1. Overview of IBM Endpoint Manager Webinars – July to October 2013 Darryl Miles Client Technical Professional @vtdarryl 1
    2. 2. Presentation Overview • Overview  of  IBM  Endpoint  Manager   – Patch  Management   – So.ware  Usage  Analysis   – Mobile  Device  Management   • IBM’s  Internal  Experience  deploying  IEM   • Case  Studies   • Summary   2
    3. 3. Today’s leading organizations are dealing with powerful new technology forces 1/2 13 billion Mobility: Nearly ½ of devices accessing applications will be mobile Security: 13 billion security events monitored per day 1.2 zettabytes 350 million Data: 1.2 trillion gigabytes in the digital universe. 3 BYOD: BYOD users expected to double by 2014 to 350 million
    4. 4. IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent Endpoints •  Common management agent Desktop / laptop / server endpoint Mobile Purpose specific •  Unified management console •  Common infrastructure •  Single server Patch Management Lifecycle Management Software Use Analysis Mobile Devices Power Management Core Protection Server Automation Security and Compliance Systems Management Security Management IBM Endpoint Manager 4
    5. 5. IBM Endpoint Manager continuously monitors the health and security of Why IBM Endpoint Manager ? all enterprise computers in real-time via a single, policy-driven agent Endpoints Concord Hospital achieves 98% firstpass success in hours on their Microsoft and 3rd party patches Desktop / laptop / server endpoint Hutchinson Builders can now easily track the software installed and running computers across the company’s 16 offices and up to 160 construction sites •  Common management agent Mobile Purpose specific •  Unified management console •  Common infrastructure •  Single server Patch Management Lifecycle Management Software Use Analysis Power Management Core Protection Server Automation Mobile Devices IBM has deployed Endpoint Manager to over Security and Compliance 700,000 endpoints on three servers. Expects to save over $10M in Year 1 Systems Management Bendigo Bank expects to save $175,000 off its power bill within 12 months and avoid 2190 tonnes of carbon emissions Security Management IBM Endpoint Manager 5 Over 13,000 mobile devices enrolled in 72 hours!
    6. 6. How it Works Lightweight, Robust Infrastructure •  Use existing systems as Relays •  Built-in redundancy •  Support/secure roaming endpoints Cloud-based Content Delivery •  Highly extensible •  Automatic, on-demand functionality Single Server & Console •  Highly secure, highly scalable •  Aggregates data, analyzes & reports •  Pushes out pre-defined/custom policies Single Intelligent Agent •  Performs multiple functions •  Continuous self-assessment & policy enforcement •  Minimal system impact (< 2% CPU) 6
    7. 7. Patch Management Services: Benefits: •  IBM  Cloud  content  delivery   service    (operaAng  systems  and   3rd  party  applicaAons)   •  ReducAon  in  patch  and  update  Ames   from  weeks  and  days  to  hours  and   minutes   •  Patch  capabiliAes  for  mulAple   plaGorms:      Windows,  Mac  OS  X,   Linux  and  UNIX   •  Increase  first-­‐pass  success  rates  from   60-­‐75%  to  95-­‐99+%   •   Intelligent  agent   •  Automated  self-­‐assessment,  no   centralised  or  remote  scanning  required   •  Real-­‐Ame  reporAng   "We  compressed  our  patch  process  from  6  weeks  to  4  hours"     "We  consolidated  eight  tools/infrastructures  to  one"     "We  reduced  our  endpoint  support  issues  by  78%"     "We  freed  up  tens  of  admins  to  work  on  higher  value  projects"     7
    8. 8. See any New Content here Overview of Patch Management provides a The patches dashboard real-time view on Windows patches requirement across your environment Application vendor patches …and operating system patches •  •  •  •  •  •  •  •  •  •  •  •  Adobe Acrobat Adobe Reader Apple iTunes Apple QuickTime Adobe Flash Player Adobe Shockwave Player Mozilla Firefox RealPlayer Skype Oracle Java Runtime Environment WinAmp WinZip Start with the Patch Management domain Patch Management Video (6:33) 8 Local Video File (6:33)
    9. 9. Patch Management for Windows now supports non-security updates, specifically critical updates and service packs for the Microsoft Windows product family 9
    10. 10. Software Usage Analysis Services: Benefits: •  For  Windows  Servers  and  PCs   •  Near  real  Ame  so^ware  inventory   •  Unix/Linux  Servers   •  Near  real  Ame  so^ware  usage   reporAng   •  So^ware  Asset  Discovery   •  So^ware  Use  Metering   •  So^ware  Use  ReporAng   •  Search,  browse,  and  edit  the   Endpoint  Manager  so^ware   idenAficaAon  catalogue,  which   contains  over  105,000  signatures   out  of  the  box   •  Periodic  catalogue  updates  are     released  regularly   •  Easily  customize  the  so^ware   idenAficaAon  catalogue  to  include   tracking  of  home-­‐grown  and   proprietary  applicaAons   5000+ Software publishers 105,000+ Application signatures out of the box 10
    11. 11. Software Usage Analysis Software Usage Analysis (13:58) 11 11 Local Video File (13:58)
    12. 12. Mobile Device Management Services: Benefits: •  Providing  enterprise-­‐wide   visibility  (eg.  device  details,   apps  installed,  device   locaAon)   •  Address  business  and  technology   issues  of  security,  complexity   and  bring  your  own  device   (BYOD)  in  mobile  environments   •  Ensuring  data  security  and   compliance   •  Manage  enterprise  and  personal   data  separately  with  capabiliAes   such  as  selecAve  wipe   •  Device  configuraAon   •  Support  devices  on  the   Apple  iOS,  Google  Android,   Microso^  Windows  Phone,   Blackberry,  Nokia  Symbian   •  Leverage  a  single  infrastructure   to  manage  all  enterprise  devices —smartphones,  tablets,   desktops,  laptops  and  servers   “IBM's  MDM  capability  is  very  complementary  to  that  of  PCs,  and  it  is  one   of  the  few  vendors  in  this  Magic  Quadrant  that  can  support  PCs  and   mobile  devices”       Gartner,  MQ  for  Mobile  Device  Management  So^ware,  2012   12 Apple iOS Google Android Windows Phone Blackberry Nokia Symbian Windows Mobile
    13. 13. Managing Mobile Devices – The Problem Security & Management Challenges §  Potential unauthorized access (lost, stolen) §  Disabled encryption §  Insecure devices connecting to network §  Corporate data leakage End User •  •  •  •  Mail / Calendar / Contacts Access (VPN / WiFi) Apps (app store) Enterprise Apps VPN / WiFi Encryption not enforced Corporate Network Access iCloud iCloud Sync iTunes Sync 13 13
    14. 14. Managing Mobile Devices – The Solution Endpoint Manager for Mobile Devices §  Enable password policies §  Enable device encryption §  Force encrypted backup §  Disable iCloud sync §  Access to corporate email, apps, VPN, WiFi contingent on policy compliance! §  Selectively wipe corporate data if employee leaves company §  Fully wipe if lost or stolen Secured by BigFix policy End User •  Personal Mail / Calendar •  Personal Apps Corporate Profile •  Enterprise Mail / Calendar •  Enterprise Access (VPN/WiFi) •  Enterprise Apps (App store or Custom) VPN / WiFi Encryption Enabled Corporate Network Access iCloud iCloud Sync iTunes Sync 14
    15. 15. What’s New in Endpoint Manager for Mobile Devices IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent feature enhancements without the difficulty of performing upgrades Integration with Enterproid’s Divide container technologies for iOS and Android Web-based administration console for performing basic device management tasks with role-based access control Integration with BlackBerry Enterprise Server for integrated support of BlackBerry v4 – v7 devices Enhanced security with support for FIPS 140-2 encryption and bi-directional encryption of communications with Android agent Additional Samsung SAFE APIs for expanded management and security of SAFE devices SmartCloud Notes & Notes Traveler 9.0 support, including cloud and highavailability versions 15
    16. 16. Implement BYOD With Confidence How do I deal with the business mandate that employees be allowed to "Bring Your Own Device"? •  App container. Deploy, manage, configure, and remove Enterproid Divide containers to separate personal and work environments on iOS and Android devices •  PIM container. Separate personal and corporate email and prevent sensitive data from being copied into other apps with NitroDesk TouchDown integration •  Dual-persona OS. Manage BlackBerry 10 devices, which provide a native user experience to personal and work personas •  Extend BYOD to laptops. IBM Endpoint Manager’s unified device management approach brings together containers, smartphones, tablets, laptops, desktops, and servers under one infrastructure 16 Manage and secure only the apps and data inside the enterprise container, leaving users free to control the personal side of their device with Enterproid Divide.
    17. 17. Secure Sensitive Data, Regardless of the Device How do I ensure the security of mobile devices as they access more and more sensitive systems? •  Unified compliance reporting across all devices, including CIS Benchmarks •  Configure security settings such as password policy, encryption, WiFi, iCloud sync •  Full wipe, remote lock, map device location, and clear passcode options if device is lost or stolen •  Blacklist apps and automate alerts, policy response •  Detect jailbroken / rooted devices to notify users, disable access •  Integrate with mobile VPN and access management tools to ensure only compliant devices are authorized 17 Multiple user communication and alert methods, including Google Cloud Messaging (GCM), enables users to be part of the security solution.
    18. 18. Minimize Administration Costs How do I cost-effectively manage the sheer volume of these tiny devices with average replacement rates of 12-18 months? •  Multiple authenticated device enrollment options, including LDAP/ AD integration •  Employee self-service portal to enable employees to protect personal and enterprise data •  Enterprise app store directs employees to approved apps, includes support for Apple’s Volume Purchase Program (Apple VPP) •  Integration with IBM Worklight for 1click transfer of internally-developed mobile apps from dev to production •  A ‘single device view’ enables IT personnel to easily view device details and take required action 18 A flexible enrollment process enables organizations to include a EULA and to collect critical device and employee data via customizable questions
    19. 19. IEM approach for Mobile Device Management •  Advanced management on iOS through Apple’s MDM APIs •  Agent based management / server communication •  •  •  iOS Android Windows Phone •  Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync) •  •  •  •  •  iOS Android Windows Phone Windows Mobile Symbian 19 •  •  •  Symbian BlackBerry OS 10 BlackBerry Playbook Apple iOS Google Android Nokia Symbian Windows Phone Blackberry Nokia Symbian Windows Mobile
    20. 20. MDM Functionality Overview Category Endpoint Manager Capabilities Platform Support Apple iOS, Google Android, Windows Phone, Blackberry, Symbian, Windows Mobile Management Actions Selective/full wipe, deny email access, remote lock, user notification, clear passcode Application Management Application inventory, enterprise app store, iOS WebClips, whitelisting/blacklisting Policy and Security Management Password policies, Samsung SAFE, device encryption, jailbreak/root detection Location Services Track devices and locate on map Enterprise Access Management Configuration of Email, VPN, Wi-Fi, Authenticated Enrollment, Self Service Portal Expense Management Enable/disable voice and data roaming Cloud Email Device Management Office 365 support Containerisation Nitrodesk Touchdown (Android), Enterproid Divide, Red Bend 20
    21. 21. Delivering for multiple mobile platforms IBM Worklight Fast and cost-effective development, integration and management of rich, crossplatform mobile applications Client Challenge Using standards-based technologies and tools and delivering an enterprise-grade services layer that meets the needs of mobile employees and customers Key Capabilities Encrypted cache on-device •  A mechanism for storing sensitive data on the client side •  Encrypted - like a security deposit box 21 Mobile optimised middleware •  Open approach to 3rd-party integration •  Mix native and HTML •  Strong authentication framework •  Encrypted offline availability •  Enterprise back-end connectivity •  Unified push notifications •  Data collection for analytics •  Direct updates and remote disablement •  Packaged runtime skins
    22. 22. Publish applications to your mobile devices directly from Worklight 1 Build app in Worklight 2 Import into Endpoint Manager App Store 3 Endpoint Manager customers can directly import and distribute Worklight-built apps via Enterprise App Store, thereby improving workflow between Development and Operations 22 Distribute App to Employees
    23. 23. An Evaluators Guide is available for MDM 23
    24. 24. IBM’s experience using IBM Endpoint Manager IBM gained real-time visibility into endpoints, and automatically remediates issues across over 500,000 endpoints and supports multiple policies based on employee role and data access Before Patch availability typically 3-14+ days After Patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 48 hours EZUpdate sometimes misses application of patches on required machines Detected about 35% of participants missing at least one previous patch Compliance model, completely reliant on user 90% of Windows requirements can be automatically remediated Exceptions at machine level Exceptions at setting level Reference - http://ibm.co/Ikm5xR 24
    25. 25. Summary •  IBM Endpoint Manager enables unified management of all enterprise devices – desktops, laptops, servers, smartphones, and tablets •  Real-time/proactive endpoint management: Patch management, anti-virus/malware, power management and device location information •  Continuous compliance reduces costs and risk Power management Management of assets •  •  25
    26. 26. Contacts: TEM@dk.ibm.com or @vtdarryl ibm.com 26

    ×