IBM Endpoint Manager Overview - Webinars
Upcoming SlideShare
Loading in...5

IBM Endpoint Manager Overview - Webinars



This is an edited slide deck, where we provide an overview of IBM Endpoint Manager (IEM) and introduce three modules - Patch Management, Software Usage Analysis and Mobile Device Management

This is an edited slide deck, where we provide an overview of IBM Endpoint Manager (IEM) and introduce three modules - Patch Management, Software Usage Analysis and Mobile Device Management



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Most enterprise networks are highly distributed.  Users are connecting to your HQ site from across the Internet, while on the road, and also from remote offices – which makes security and systems management extremely challenging.  Additionally, most enterprise networks have bandwidth constraints – over wireless, shared MPLS, satellite links, etc - which makes pushing fat software packages and security patches over these latency-prone links a huge burden for the IT organization.  Moreover, many of these devices are intermittently connected – particularly those roaming laptops – which makes validating and updating their configuration virtually impossible. Finally, most enterprises have many different types of servers, desktops, laptops and handheld devices, making cross-platform support a must for any security and systems management solution.Unlike alternative solutions, BigFix was purpose-built to work efficiently within these types of environments.  As you can see from the diagram, BigFix Agents can be deployed on all types of devices, whether those are running Windows, Windows Mobile, different flavors of UNIX, Linux and Mac.  The BigFix Agent is the “brains” of the BigFix Unified Management Platform and continuously assesses the state of the endpoint against policy, whether connected to the network or not.  As soon as it notices that an endpoint is out of compliance with a policy or checklist, it informs the BigFix server and executes the configured remediation strategy, and immediately notifies the BigFix Server of task status (completed, in process, not completed).The BigFix Server manages policy content – delivered in messages called “BigFixFixlets” and updated continuously via the BigFix Content Delivery cloud-based service – and enables the BigFix Operator to maintain real-time visibility and control over all devices in the environment – including instantaneous discovery of devices that aren’t managed by BigFix.  Because most of the analysis, processing and enforcement work is done by the BigFix Agent rather than the Server, ONE BigFix Server can support more than 200K endpoints, enabling customers to make the most of their security and systems management investment.  Whatever specific BigFix solution a customer uses – whether it’s endpoint protection, systems lifecycle management or security configuration and vulnerability management – it’s delivered via a single management console view. Additionally, new services can be provisioned and delivered via the BigFix Content Delivery cloud with no additional hardware or software installations or network changes.Deployment is straightforward, and is typically completed within hours or days. Agents can automatically be installed within minutes, without disrupting end-users.   Additionally, most customers deploy BigFix Relays to help manage distributed devices and policy content and as you can see in the diagram – an existing workstation can be leveraged for this purpose.  Promoting an Agent to a Relay takes minutes and doesn’t require dedicated hardware or network configuration changes.   It’s entirely up to the customer how many Relays to deploy and where they’d like to place them; however, we can certainly make recommendations based on business and technical considerations.  In addition to caching patches and other software updates close to end user devices, BigFix Relays manage the bandwidth used by BigFix to ensure that systems and security management tasks don’t consume all available network bandwidth.To a world accustomed to multiple, fragmented technologies and point solutions, BigFix offers an alternative: the industry’s only single-console, single-agent platform that addresses operations, security and compliance initiatives in real-time and at global scale.
  • Patch ManagementProduct Benefits Reduction in patch and update times from weeks and days to hours and minutes Increase first-pass success rates from 60-75% to 95-99+% System administrator workload reductions of 75% or more Assured compliance with internal and external standards/requirementsProduct Features Patch capabilities for multiple platforms: Windows, Linux, UNIX and Mac OS X 3rd Party Windows applications (Adobe, Java Run Time, Mozilla, QuickTime, Skype etc.) Automated self-assessment, no centralised or remote scanning required Real-time reporting on patch deployment: When deployed, who deployed them, and to which endpoints Ability for custom patches for in-house or other vendor patches Lightweight agent (<2% of CPU on average)
  • Available within IBM from -

IBM Endpoint Manager Overview - Webinars IBM Endpoint Manager Overview - Webinars Presentation Transcript

  • 11 Darryl Miles Client Technical Professional @vtdarryl Overview of IBM Endpoint Manager Webinars – July to October 2013
  • 22 Presentation Overview • Overview of IBM Endpoint Manager – Patch Management – Software Usage Analysis – Mobile Device Management • IBM’s Internal Experience deploying IEM • Case Studies • Summary
  • 3 Today’s leading organizations are dealing with powerful new technology forces BYOD: BYOD users expected to double by 2014 to 350 million Security: 13 billion security events monitored per day 13 billion Data: 1.2 trillion gigabytes in the digital universe. 1.2 zettabytes Mobility: Nearly ½ of devices accessing applications will be mobile 1/2 350 million
  • 4 IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent Endpoints • Common management agent • Unified management console • Common infrastructure • Single server IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Desktop / laptop / server endpoint Mobile Purpose specific Systems Management Security Management Server Automation
  • 5 Desktop / laptop / server endpoint Mobile Purpose specific IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent Endpoints • Common management agent • Unified management console • Common infrastructure • Single server IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Systems Management Security Management Server Automation Why IBM Endpoint Manager ? Concord Hospital achieves 98% first- pass success in hours on their Microsoft and 3rd party patches Stena Lines achieved a 12:1 labor savings ratio by reducing administrative overhead time for patch processes Hutchinson Builders can now easily track the software installed and running computers across the company’s 16 offices and up to 160 construction sites Bendigo Bank expects to save $175,000 off its power bill within 12 months and avoid 2190 tonnes of carbon emissions IBM has deployed Endpoint Manager to over 700,000 endpoints on three servers. Expects to save over $10M in Year 1 Over 13,000 mobile devices enrolled in 72 hours!
  • 6 Single Server & Console • Highly secure, highly scalable • Aggregates data, analyzes & reports • Pushes out pre-defined/custom policies Cloud-based Content Delivery • Highly extensible • Automatic, on-demand functionality Single Intelligent Agent • Performs multiple functions • Continuous self-assessment & policy enforcement • Minimal system impact (< 2% CPU) Lightweight, Robust Infrastructure • Use existing systems as Relays • Built-in redundancy • Support/secure roaming endpoints How it Works
  • 7 Patch Management • IBM Cloud content delivery service (operating systems and 3rd party applications) • Patch capabilities for multiple platforms: Windows, Mac OS X, Linux and UNIX • Intelligent agent • Reduction in patch and update times from weeks and days to hours and minutes • Increase first-pass success rates from 60-75% to 95-99+% • Real-time reporting • Automated self-assessment, no centralised or remote scanning required Benefits:Services: "We compressed our patch process from 6 weeks to 4 hours" "We consolidated eight tools/infrastructures to one" "We reduced our endpoint support issues by 78%" "We freed up tens of admins to work on higher value projects"
  • 8 Overview of Patch Management Patch Management Video (6:33) Local Video File (6:33) Start with the Patch Management domain The patches dashboard provides a real-time view on Windows patches requirement across your environment See any New Content here Application vendor patches • Adobe Acrobat • Adobe Reader • Apple iTunes • Apple QuickTime • Adobe Flash Player • Adobe Shockwave Player • Mozilla Firefox • RealPlayer • Skype • Oracle Java Runtime Environment • WinAmp • WinZip …and operating system patches
  • 9 Patch Management for Windows now supports non- security updates, specifically critical updates and service packs for the Microsoft Windows product family
  • 10 • For Windows Servers and PCs • Unix/Linux Servers • Software Asset Discovery • Software Use Metering • Software Use Reporting • Near real time software inventory • Near real time software usage reporting • Search, browse, and edit the Endpoint Manager software identification catalogue, which contains over 105,000 signatures out of the box • Periodic catalogue updates are released regularly • Easily customize the software identification catalogue to include tracking of home-grown and proprietary applications Benefits:Services: Software Usage Analysis Software publishers 5000+ Application signatures out of the box 105,000+
  • 1111 Software Usage Analysis (13:58) Local Video File (13:58) Software Usage Analysis
  • 12 • Providing enterprise-wide visibility (eg. device details, apps installed, device location) • Ensuring data security and compliance • Device configuration • Support devices on the Apple iOS, Google Android, Microsoft Windows Phone, Blackberry, Nokia Symbian • Address business and technology issues of security, complexity and bring your own device (BYOD) in mobile environments • Manage enterprise and personal data separately with capabilities such as selective wipe • Leverage a single infrastructure to manage all enterprise devices— smartphones, tablets, desktops, l aptops and servers Benefits:Services: Apple iOS Google Android “IBM's MDM capability is very complementary to that of PCs, and it is one of the few vendors in this Magic Quadrant that can support PCs and mobile devices” Gartner, MQ for Mobile Device Management Software, 2012 Mobile Device Management Windows Phone Blackberry Nokia Symbian Windows Mobile
  • 13 Security & Management Challenges  Potential unauthorized access (lost, stolen)  Disabled encryption  Insecure devices connecting to network  Corporate data leakage 13 • Mail / Calendar / Contacts • Access (VPN / WiFi) • Apps (app store) • Enterprise Apps iCloud iCloud Sync iTunes Sync Encryption not enforced End User VPN / WiFi Corporate Network Access Managing Mobile Devices – The Problem
  • 14 iCloud iCloud Sync iTunes Sync End User VPN / WiFi Corporate Network Access • Personal Mail / Calendar • Personal Apps Corporate Profile • Enterprise Mail / Calendar • Enterprise Access (VPN/WiFi) • Enterprise Apps (App store or Custom) Secured by BigFix policy Encryption Enabled Endpoint Manager for Mobile Devices  Enable password policies  Enable device encryption  Force encrypted backup  Disable iCloud sync  Access to corporate email, apps, VPN, WiFi contingent on policy compliance!  Selectively wipe corporate data if employee leaves company  Fully wipe if lost or stolen Managing Mobile Devices – The Solution
  • 15 What’s New in Endpoint Manager for Mobile Devices Integration with Enterproid’s Divide container technologies for iOS and Android Web-based administration console for performing basic device management tasks with role-based access control Integration with BlackBerry Enterprise Server for integrated support of BlackBerry v4 – v7 devices Enhanced security with support for FIPS 140-2 encryption and bi-directional encryption of communications with Android agent Additional Samsung SAFE APIs for expanded management and security of SAFE devices SmartCloud Notes & Notes Traveler 9.0 support, including cloud and high- availability versions IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent feature enhancements without the difficulty of performing upgrades
  • 16 Implement BYOD With Confidence • App container. Deploy, manage, configure, and remove Enterproid Divide containers to separate personal and work environments on iOS and Android devices • PIM container. Separate personal and corporate email and prevent sensitive data from being copied into other apps with NitroDesk TouchDown integration • Dual-persona OS. Manage BlackBerry 10 devices, which provide a native user experience to personal and work personas • Extend BYOD to laptops. IBM Endpoint Manager’s unified device management approach brings together containers, smartphones, tablets, laptops, desktops, and servers under one infrastructure How do I deal with the business mandate that employees be allowed to "Bring Your Own Device"? Manage and secure only the apps and data inside the enterprise container, leaving users free to control the personal side of their device with Enterproid Divide.
  • 17 Secure Sensitive Data, Regardless of the Device • Unified compliance reporting across all devices, including CIS Benchmarks • Configure security settings such as password policy, encryption, WiFi, iCloud sync • Full wipe, remote lock, map device location, and clear passcode options if device is lost or stolen • Blacklist apps and automate alerts, policy response • Detect jailbroken / rooted devices to notify users, disable access • Integrate with mobile VPN and access management tools to ensure only compliant devices are authorized How do I ensure the security of mobile devices as they access more and more sensitive systems? Multiple user communication and alert methods, including Google Cloud Messaging (GCM), enables users to be part of the security solution.
  • 18 Minimize Administration Costs • Multiple authenticated device enrollment options, including LDAP/AD integration • Employee self-service portal to enable employees to protect personal and enterprise data • Enterprise app store directs employees to approved apps, includes support for Apple’s Volume Purchase Program (Apple VPP) • Integration with IBM Worklight for 1- click transfer of internally-developed mobile apps from dev to production • A ‘single device view’ enables IT personnel to easily view device details and take required action How do I cost-effectively manage the sheer volume of these tiny devices with average replacement rates of 12-18 months? A flexible enrollment process enables organizations to include a EULA and to collect critical device and employee data via customizable questions
  • 19 Apple iOS Google Android IEM approach for Mobile Device Management Nokia Symbian Windows Phone Blackberry Nokia Symbian Windows Mobile • Advanced management on iOS through Apple’s MDM APIs • Agent based management / server communication • iOS • Android • Windows Phone • Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync) • iOS • Android • Windows Phone • Windows Mobile • Symbian • Symbian • BlackBerry OS 10 • BlackBerry Playbook
  • 20 MDM Functionality Overview Category Platform Support Management Actions Application Management Policy and Security Management Location Services Enterprise Access Management Endpoint Manager Capabilities Selective/full wipe, deny email access, remote lock, user notification, clear passcode Application inventory, enterprise app store, iOS WebClips, whitelisting/blacklisting Configuration of Email, VPN, Wi-Fi, Authenticated Enrollment, Self Service Portal Track devices and locate on map Expense Management Enable/disable voice and data roaming Cloud Email Device Management Office 365 support Apple iOS, Google Android, Windows Phone, Blackberry, Symbian, Windows Mobile Password policies, Samsung SAFE, device encryption, jailbreak/root detection Containerisation Nitrodesk Touchdown (Android), Enterproid Divide, Red Bend
  • 21 Fast and cost-effective development, integration and management of rich, cross- platform mobile applications Client Challenge Key Capabilities Using standards-based technologies and tools and delivering an enterprise-grade services layer that meets the needs of mobile employees and customers Mobile optimised middleware • Open approach to 3rd-party integration • Mix native and HTML • Strong authentication framework • Encrypted offline availability • Enterprise back-end connectivity • Unified push notifications • Data collection for analytics • Direct updates and remote disablement • Packaged runtime skins Delivering for multiple mobile platforms IBM Worklight Encrypted cache on-device • A mechanism for storing sensitive data on the client side • Encrypted - like a security deposit box
  • 22 Publish applications to your mobile devices directly from Worklight Endpoint Manager customers can directly import and distribute Worklight-built apps via Enterprise App Store, thereby improving workflow between Development and Operations Distribute App to Employees Import into Endpoint Manager App Store 2 3 Build app in Worklight1
  • 23 An Evaluators Guide is available for MDM
  • 24 IBM’s experience using IBM Endpoint Manager Before After Patch availability typically 3-14+ days Patch availability within 24 hours 92% compliance within 5 days (ACPM only) 98% within 48 hours EZUpdate sometimes misses application of patches on required machines Detected about 35% of participants missing at least one previous patch Compliance model, completely reliant on user 90% of Windows requirements can be automatically remediated Exceptions at machine level Exceptions at setting level IBM gained real-time visibility into endpoints, and automatically remediates issues across over 500,000 endpoints and supports multiple policies based on employee role and data access Reference -
  • 25 Summary • IBM Endpoint Manager enables unified management of all enterprise devices – desktops, laptops, servers, smartphones, and tablets • Real-time/proactive endpoint management: Patch management, anti-virus/malware, power management and device location information • Continuous compliance reduces costs and risk • Power management • Management of assets
  • 26 Contacts: or @vtdarryl