Mobile Device Management
Upcoming SlideShare
Loading in...5
×
 

Mobile Device Management

on

  • 4,984 views

Microsoft ExchangeConnections, Orlando, 2008

Microsoft ExchangeConnections, Orlando, 2008

Statistics

Views

Total Views
4,984
Views on SlideShare
4,953
Embed Views
31

Actions

Likes
2
Downloads
291
Comments
0

3 Embeds 31

http://www.slideshare.net 27
http://www.linkedin.com 3
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Microsoft ASP.NET Connections Updates will be available at http://www.devconnections.com/updates/LasVegas _06/ASP_Connections

Mobile Device Management Mobile Device Management Presentation Transcript

  • Mobile Device Management John Rhoton Hewlett Packard [email_address]
  • What is MDM?
    • Automation
      • User configuration
      • Administration
    • Standardization
    • Remote Support
      • OTA (Over-the-air)
  • Agenda
    • Enterprise Mobility Status
    • Enterprise Challenges
      • Security
      • Management
      • Applications
    • Mobile Device Management Approaches
    • Mobile Device Management Technologies
  • But just what is mobility ?
      • Devices:
        • Mobility = Mobile phones?
        • Mobility = Smart phones?
        • Mobility = PDAs ?
      • Wireless:
        • Mobility = Wireless LANs?
        • Mobility = GSM/GPRS?
      • Applications:
        • Mobility = Form-factor adaptation?
        • Mobility = Synchronisation?
  • Mobility on the rise! YOY % shipping growth 35 30 25 20 15 10 5 0 2006-2010 Source: Gartner Dataquest, and IDC 2006 18.6% Mobile PCs 34.1% Converged Mobile Phones 5.8% Mobile Phones 3.9% Desktop PCs
    • 245 Million converged devices by 2010
    • 140 Million Windows Mobile devices
    • Over 3 Billion mobile subscriptions
  • Status of Mobility
    • Components Maturing
      • Exponential growth in mobile devices
      • Near-ubiquitous wireless access
      • Application mobilization accelerating
    • Hype transforming into stealth
    • Enterprise adoption
      • Organic
      • Consumer-driven
  • What customers typically want from mobility HP Confidential - Animated (0) Legacy
    • Mobile Business Applications
    • Industry specific applications (i.e. Mobile construction workforce…)
    • Field Sales Automation (SFA)
      • Field Force Automation (FFA)
    • Paperless Forms (Police Force…)
    • Proof of Delivery (Transport)
    • Field Service Bundle
    • Work Order Mgmt
    • Parts & Inventory tracking
    • Expense Management
    • Asset / Property Management
    • Merchandizing / FMCG Sales
    • Healthcare, Public safety
    • Inspections, Data Capture
    • Unified Communications – Fixed Mobile Convergence
    • Mobile office (Mail, PIM, Calendar) (Baseline)
    • Mobile device management (Baseline)
    • Mobile Device security (Optional)
    • Shared Mobile Device Management (Baseline)
    • Shared MDM Device security (Optional)
    • End 2 End security (authentication, encryption, protection…)
    Messaging Forms Workflow Sheets
  • Mobility: Challenges
  • Mobile Content Protection Access Control Solutions
    • Native Pocket PC
    • Biometric Authentication
    • HP ProtectTools
    • Pointsec
    • Credant
    • TrustDigital
    • Utimaco
    • Bluefire
    Centralized Provisioning and Configuration
  • Bluetooth security Bluejacking Bluesnarfing PIN Attack Virus Propagation In
  • WLAN security
    • Rogue Access Points
    • Decoy Access points
    • WPA-Personal
    • WPA-Enterprise
    Require Non-Trivial Client Configuration
  • Why MDM?
    • Security: Ensure integrity of configuration
    • Higher ease-of-use
    • Deploying line-of-business applications
    • Lower TCO
    June 9, 2009
  • Reduction in Total Cost of Ownership Cost reduction per user per year with MDM $322 Net Reduction in TCO 11% Net Reduction in Annual Device Management Costs 32% Source : HP & Gartner Cost per User per Year MDM Benefit Device Cost $250 8% Amortized over 2 years Connectivity data $900 30% Connectivity voice $800 27% Backend/Ops $504 17% -30% -$151 Setup & operate backend mobile application, change requests Service Management $192 6% -40% -$77 Setup users, connectivity, user management, change requests User Support $312 11% -30% -$94 $2958 100% -11% -$322
  • Customer MDM Maturity Levels
    • Infancy
      • Inventory collection
      • Basic software updates
    • Adolescence
      • Software Updates
      • Configuration Control
      • Device Security Enforcement
    • Mature
      • Data publication and synchronization
      • Multi-platform support
      • Policy driven application install and update
      • “ OTA” startup and maintenance
      • Extension of Desktop Management **
    June 9, 2009
  • Different MDM Approaches
    • Extension of Desktop Environment
      • Altiris
      • Microsoft SMS
      • HP Client Automation
    • Comprehensive Solution Suite
      • Exchange 2007
      • Good
    • Enterprise MDM Focused
      • iAnywhere Afaria
      • HP Enterprise Mobility Suite
      • Microsoft System Center Mobile Device Manager
    • Carrier MDM
    June 9, 2009
      • Intellisync
      • RIM Blackberry
  • OMA DM Standard
    • Device Management protocol:
      • Defined by the Open Mobile Alliance (OMA) group
      • Current specification : 1.2 – April 2006
      • Based on SyncML
      • Conceived for Carrier MDM
    • Designed for management of mobile devices
      • Device Provisioning (1 st time use)
      • Device configuration – Enabling/Disabling features
      • Software distribution
          • Firmware upgrade over the air (FOTA)
            • Firmware Update Management Object (FUMO)
          • Applications deployment on devices
          • Software upgrades
      • Fault Management: report/ query status
  • HP MDM Logical Topology June 9, 2009
  • Scalability: Replication & Server Farms June 9, 2009 GEO 2 CLUSTER MASTER TEST DEV GEO 1 CLUSTER
    • Server Farms provide scalable capacity
    • Replication provides a logical master server, with many physical instances
    • Replication also facilitates division of ownership of functions; Multiple owners can maintain portions of the total server (eg. IT owns base configuration; Business Units own their applications & data.)
  • Device Management Technologies
    • Afaria
      • XcelleNet, Sybase, and now iAnywhere
      • Mobile Device Management and Mobile Security Solution
      • Historically market leader in Managed Mobility Solutions
    • HP Enterprise Mobile Suite (EMS)
      • Formerly Bitfone
      • OMA-DM interoperable
      • Heterogeneous (multi-platform) device set
      • Integration with OVCM (OpenView Configuration Manager)
    • Microsoft SCMDM
      • Compliant with OMA DM
      • Mobile Device Management solution (System Center family)
      • Based on Windows infrastructure: AD – SQL
      • Windows Mobile 6.1 devices only
  • June 9, 2009 Afaria Mobile Clients Windows Laptops Java WinCE/Pocket PC Palm Blackberry Symbian Console Highlights Web Administration SNMP Alerts Console Status and Event Logs ESM Integration Enterprise Integration Microsoft SMS Software & Inventory Management Capabilities Inventory Management Software and Application Deployment Document and Content Management Process Automation Data Backup and Recovery Configuration Management Web Server Connectivity TCP/IP Wireless WWAN HTTP, HTTPS, ISA Dial-up LAN or WLAN Mobile Optimizations Compression Check-Point Restart Byte Level Differencing Segmented File Delivery Opportunistic Execution Safe File Transfer Encryption Afaria Server Features MS NT 4.0/2000/2003 Unlimited Clients Highly Scalable Device and Data Security LDAP & NT Domain User Authentication Channel Replication iAnywhere Afaria
  • Inventory June 9, 2009
  • Server “Channels” June 9, 2009
  • Channel Sets June 9, 2009
  • Script Commands June 9, 2009
  • HP Enterprise Mobility Suite WW Wireless Operator Networks HP Enterprise Devices HP Worldwide Hosting Facilities Enterprise HTTPS Internet HTTPS
    • Device Support
    • S/W Maintenance
    • WW Network Support
    • FusionDM for Enterprise
    • Device Troubleshooting
    • Device Security
    • Policy Mgmt
    • Asset Mgmt
    • IT Dash Board
    • Exchange®
    • Domino ®
    • Groupwise®
    • Corporate Directory
    • Active Directory ®
    • Intranet
    • CRM
    • Application Portal
    Existing IT Systems FOR ENTERPRISE Leading OEM Device Manufacturers SMS TCP/IP SMS TCP/IP HTTPS
  • Self Care Driven
  • Use Case: Set Up My Device
    • Out-of-the-box device setup
    • Employee Joe purchases a new device
      • Logs into the Enterprise Self Care portal
      • Enters his phone number
      • Selects setup my device
    • Joe’s email, ActiveSync, and corporate WiFi settings are automatically configured on the device
    • Automated OTA Delivery Without Cradle
    • Simple One Click Trigger for Setting Up New Device
    • Minutes to Fully Configured, Ready-to-Use Device
  • Use Case: Diagnose My Device
    • Device Diagnostics
    • Joe’s email is not working
      • Selects diagnose my device
      • Problem is automatically displayed
        • Activesync settings are incorrect
      • Selects the checkbox & presses go
    • Joe’s ActiveSync settings are corrected and he is receiving his email
    • Instantly Validate All Device Settings
    • Automatically Detect Device Faults
    • OTA Push Fixes to Address Root Causes
  • Use Case: Update Software
    • Joe needs the new VPN client
      • Selects Update Software
      • Device inventory is remotely
      • List of required applications are displayed
      • Selects the checkbox for VPN & presses go
    • VPN application is automatically installed
    • Instantly distribute corporate tools and applications and their updates OTA
    • Collect S/W Inventory of Device Fleet
    • Detect and Remove Unauthorized S/W
  • Use Case: Device Security
    • Joe loses his device on a business trip
      • Logs into the web-based application
      • Selects Lock & Wipe device
      • Remotely locks his device
    • Corporate data is secure until the device is recovered
    • Remotely Lock Compromised Devices
    • Wipe All User Data OTA
    • Unlock Recovered Devices
  • Microsoft SCMDM Management Workload Deployment: inside firewall Network Access Workload Deployment: in DMZ Security Management
    • Active Directory Domain Join
    • Policy enforcementusing Active Directory/Group Policy targeting (>125 policies)
    • Communications and camera disablement*
    • Application blacklisting and whitelisting
    • File encryption
    • Remote wipe
    Device Management
    • Full OTA provisioning and bootstrapping
    • OTA Software distribution based on WSUS 3.0
    • Inventory
    • SQL Server 2005 based reporting capabilities
    • Role based administration
    • MMC snap-ins and Powershell cmndlets
    • OMA-DM compliant
    Mobile VPN
    • Machine authentication and “double envelope security”
    • Session Persistence
    • Fast Reconnect
    • Internetwork roaming
    • Standards based (IKEv2, MobIKE, IPsec tunnel mode)
  • Security Management Benefits
    • SCMDM extends Active Directory/Group Policy to Windows Mobile
    • AD is the most widely deployed enterprise network directory worldwide
      • 80% + penetration in the U.S.
      • 55% + penetration in G7 countries overall
    • AD- GP is widely used by IT to configure policies for their desktops, laptops and servers
      • Over 90% of Active Directory customers use Group Policy
    • Over 130+ configuration settings for Windows Mobile can now be managed through Group Policy including control of Bluetooth, WIFI, SMS/MMS, IR, Camera, and POP/IMAP
    • Extensible architecture
  • Device Management Benefits
    • Enterprise-wide OTA software distribution
      • Leverages Windows Software Update Service (WSUS) 3.0
        • Most widely deployed Windows software update solution across organizations of all size (60%+ penetration)
        • Rich targeting and packaging capabilities required by IT departments
    • Rich Inventory and Reporting
      • Robust hardware and software inventory capabilities
      • SQL Server 2005-based reporting infrastructure
        • Highly flexible
        • Customizable
  • Secured Corporate Data Access
    • Enables secure behind-the-firewall access to the corporate network and applications
      • Any intranet data! (SAP, Siebel, intranet sites, SQL, etc)
    • Aligns with existing remote access model for desktops/laptops and scales to a broad set of scenarios
      • Thin and rich client apps
        • Allows end-to-end security
        • Headless gateway deployed in the DMZ
        • Privacy compliance
    Security
        • Use best available channel
        • Adapt to network to minimize keep alive traffic (goal)
    Efficiency
        • Transparent to mobile application
        • Transparent to LOB services
    Extensible
        • Always connected
        • Allows pushed technology
    Reliability
        • Minimum user configuration
        • Transparent to user and to applications
    Simplicity DMZ Internal Corporate Site Domain Controller Mobile VPN Mobile VPN Mobile Operators Cellular Data Connection Internet WiFi Connection Mobile VPN Gateway Corporate Internal Firewall Controlled access to Internal corporate resources from the mobile devices connected via Mobile VPN Corporate External Firewall
    • SCMDM Architecture
    June 9, 2009 Internet DMZ Corporate Intranet Front Firewall Initial OTA Device Enrollment Mobile GW Back Firewall SSL Auth (PIN+Corp Root) SSL Machine Mutual Auth E-mail and LOB Servers SSL User- mutual Auth or Similar Console Mobile Server Back-end R/O AD WSUS Catalog Self Help Site Enrollment Service OMA Proxy CA Mobile VPN
  • Summary
    • Rapid acceleration of Mobility
    • Enterprise obstacles: Manageability & Security
    • Multiple Mobile Device Management options
    • Enterprise requirements will determine optimal choice
      • Platform standardization
      • VPN capabilities and LOB applications
      • OMA-DM
  • Questions? Contact me at: john.rhoton@hp.com
  • Your Feedback is Important
    • Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk.
    • Thank you!