IBM Endpoint Manager for Mobile Devices (Overview)


Published on

Manage all devices - smartphones, tablets, laptops, desktops, and servers - from a single console. IBM Endpoint Manager also integrates Enterproid Divide secure container and NitroDesk TouchDown secure email technologies for separation of organizational content on BYOD and contractor devices.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In addition to being a fully-integrated module of IBM Endpoint Manager, our mobile device management solution is also a key component of the IBM MobileFirst family of products, which span every aspect of becoming a mobile enterprise.
  • Available within IBM from -
  • IBM Endpoint Manager for Mobile Devices (Overview)

    1. 1. © 2012 IBM Corporation IBM Endpoint Manager for Mobile Devices Product Introduction and Overview [NAME], [TITLE] [DATE]
    2. 2. © 2012 IBM Corporation2 Today‟s leading organizations are dealing with powerful new technology forces BYOD: BYOD users expected to double by 2014 to 350 million Security: 13 billion security events monitored per day 13 billion Data: 1.2 trillion gigabytes in the digital universe. 1.2 zettabytes Mobility: Nearly ½ of devices accessing applications will be mobile 1/2 350 million
    3. 3. © 2012 IBM Corporation3 IBM Endpoint Manager Continuously monitor the health and security of all enterprise computers in real-time via a single, policy-driven agent Endpoints • One infrastructure: management server, console, agent for Windows, Mac, Unix, Linux, Mobile • Scales to 250,000 endpoints per management server • Robust, flexible architecture with built-in failover • Nearly-invisible impact to network, endpoints • Operates in low-bandwidth / high-latency environments • Physical or virtual, network or Internet-connected IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Desktop / laptop / server endpoint Mobile Purpose specific Systems Management Security Management Server Automation
    4. 4. © 2012 IBM Corporation4 Security & Compliance Vulnerability Assessment Compliance Analytics 3rd Party Endpoint Protection Management Patch Management Security Configuration Management Core Protection Anti-Malware Firewall Data Protection (add-on) Software Use Analysis Software Catalog Correlation Software Usage Reporting Software Inventory Patch Management Offline VM Patching Application Patching OS Patching Mobile Devices Compliance App Mgmt Mobile Device Mgmt The IBM Endpoint Manager Family Middleware Management Multi-Platform OS Deployment Physical & Virtual Server Lifecycle Management Cross-Server Sequenced Task Automation (e.g. Patch OS on Server Cluster) Server Automation Power Management Windows & Macs Carbon, cost reduction reports End-user Dashboard Lifecycle Management Software Distribution OS Deployment Remote Control Patch Management Basic HW & SW Inventory Lifecycle Management Starter Kit
    5. 5. © 2012 IBM Corporation5 Stores / Kiosks WAN Data center Headquarters Remote offices Distribution center Internet WiFi Airport Hotel Coffee shop Home Leased line 3G WiFi IBM Endpoint Manager, built on BigFix technology Whether it’s a Mac connecting from hotel WiFi, a Windows laptop at 30K feet or a Red Hat Linux Server in your data center, IBM Endpoint Manager has it covered. In real time, at any scale. Satellite Network-friendly architecture delivers large packages without disrupting critical business applications Single, intelligent agent uses <2% CPU, <10MB RAM Cloud-based service continuously provides new patch, policy updates Full command and control of Internet- connected devices Use existing computers as Relays to minimize network traffic Content Update Service Leased line
    6. 6. © 2012 IBM Corporation6 IBM Endpoint Manager elements Single server and console • Highly secure, highly available • Aggregates data, analyzes and reports • Manages up to 250K endpoints per server Flexible policy language (Fixlets) • Thousands of out-of-the-box policies • Best practices for operations and security • Simple custom policy authoring • Highly extensible/applicable across all platforms Virtual infrastructure • Designate IBM Endpoint Manager agent as a relay or discovery point in minutes • Provides built-in redundancy • Leverages existing systems/shared infrastructure Single intelligent agent • Continuous self-assessment • Continuous policy enforcement • Minimal system impact (<2% CPU, <10MB RAM)
    7. 7. © 2012 IBM Corporation7 Device Lifecycle, Data Protection IBM Endpoint Manager, part of the IBM Mobile Foundation Implement BYOD with confidence Secure sensitive data, regardless of device Handle multi-platform complexities with ease Minimize administration costs Endpoint Management Systems Management Security Management Common agent Unified console Single mgmt server Managed = Secure Desktops, Laptops , & Servers Smartphones & Tablets Purpose-specific Endpoints
    8. 8. © 2012 IBM Corporation8 What‟s New in Endpoint Manager for Mobile Devices Integration with Enterproid‟s Divide container technologies for iOS and Android Web-based administration console for performing basic device management tasks with role-based access control Integration with BlackBerry Enterprise Server for integrated support of BlackBerry v4 – v7 devices Enhanced security with support for FIPS 140-2 encryption and bi-directional encryption of communications with Android agent Additional Samsung SAFE APIs for expanded management and security of SAFE devices SmartCloud Notes & Notes Traveler 9.0 support, including cloud and high- availability versions IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent feature enhancements without the difficulty of performing upgrades
    9. 9. © 2012 IBM Corporation9 Implement BYOD With Confidence  App container. Deploy, manage, configure, and remove Enterproid Divide containers to separate personal and work environments on iOS and Android devices  PIM container. Separate personal and corporate email and prevent sensitive data from being copied into other apps with NitroDesk TouchDown integration  Dual-persona OS. Manage BlackBerry 10 devices, which provide a native user experience to personal and work personas  Extend BYOD to laptops. IBM Endpoint Manager‟s unified device management approach brings together containers, smartphones, tablets, laptops, desktops, and servers under one infrastructure How do I deal with the business mandate that employees be allowed to "Bring Your Own Device"? Manage and secure only the apps and data inside the enterprise container, leaving users free to control the personal side of their device with Enterproid Divide.
    10. 10. © 2012 IBM Corporation10 Secure Sensitive Data, Regardless of the Device  Unified compliance reporting across all devices, including CIS Benchmarks  Configure security settings such as password policy, encryption, WiFi, iCloud sync  Full wipe, remote lock, map device location, and clear passcode options if device is lost or stolen  Blacklist apps and automate alerts, policy response  Detect jailbroken / rooted devices to notify users, disable access  Integrate with mobile VPN and access management tools to ensure only compliant devices are authorized How do I ensure the security of mobile devices as they access more and more sensitive systems? Multiple user communication and alert methods, including Google Cloud Messaging (GCM), enables users to be part of the security solution.
    11. 11. © 2012 IBM Corporation11 Handle Multi-Platform Complexities With Ease  Device management via Android agent, iOS APIs, Lotus Traveler, Microsoft Exchange, and Office 365  Complete device hardware and software inventory in near real-time  Web reports provide at-a-glance mobile device deployment overviews  Pass mobile device data to network management, service desk, asset management, and security and compliance systems  Multi-tenancy support for service providers and organizations that need to completely separate different parts of the organization How do I manage an ever-expanding list of OS and hardware platforms when the user controls what apps are loaded and the carrier controls when the OS is updated? Better plan internal mobile projects with easy access to near-real time data about your mobile environment.
    12. 12. © 2012 IBM Corporation12 Minimize Administration Costs  Multiple authenticated device enrollment options, including LDAP/AD integration  Employee self-service portal to enable employees to protect personal and enterprise data  Enterprise app store directs employees to approved apps, includes support for Apple‟s Volume Purchase Program (Apple VPP)  Integration with IBM Worklight for 1- click transfer of internally-developed mobile apps from dev to production  A „single device view‟ enables IT personnel to easily view device details and take required action How do I cost-effectively manage the sheer volume of these tiny devices with average replacement rates of 12-18 months? A flexible enrollment process enables organizations to include a EULA and to collect critical device and employee data via customizable questions
    13. 13. © 2012 IBM Corporation13  Consolidate management of endpoints – PCs, laptops, mobile devices  HIPAA compliance  Minimize on-going operational costs  Minimize device replacement costs Customer Needs Key Features & Outcomes Large Healthcare Provider  This regional healthcare provider purchased IBM Endpoint Manager for its unified approach to endpoint management  1 employee is able to manage and secure 30,000 PCs + 4,000 mobile devices Extending the reach of healthcare This innovative healthcare provider in the southeastern United States is piloting a program to improve patient outcomes by providing secure healthcare support remotely through mobile devices, such as: Home Health Care: iPads provided to home health care diabetes patients to enable direct input of diagnostic data; Facetime sessions with home health nurses reduce the need for on-site visits, which improves nurse utilization while reducing costs Education: iPod Touches with pre-loaded educational apps provided to parents of babies in Neonatal Intensive Care Unit (NICU)
    14. 14. © 2012 IBM Corporation14 Endpoint Manager for Mobile Devices, Part of IBM MobileFirst AnalyticsSecurityManagement IBM & Partner Applications Application Platform and Data Services Banking Insurance Transport Telecom Government Industry Solutions HealthcareRetail Automotive Application & Data Platform Strategy&DesignServices Development&IntegrationServices Cloud & Managed Services Devices Network Servers
    15. 15. © 2012 IBM Corporation15 1 Download the IBM Endpoint Manager for Mobile Devices 30 day trial Talk with your IBM representative or Business Partner to find the right next step for you 2 3 Learn more: (#IBMMobileFirst) Three ways to get started with IBM MobileFirst
    16. 16. © 2012 IBM Corporation16 Legal Disclaimer • © IBM Corporation 2011. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM‟s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM‟s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.
    17. 17. © 2012 IBM Corporation17 BACKUP SLIDES • Enterproid Divide details • Additional Case Studies • Screen shots • Architecture diagrams
    18. 18. © 2012 IBM Corporation18 IBM Endpoint Manager + divide: Complete MDM & BYOD Solution Dual Persona Leverages the sophisticated policies and features of IBM MDM and Endpoint Management Marry full device management for enterprise- owned devices with Divide containers for personally-owned devices Deploy, configure, update, and remove Divide containers Display individual data from devices and integrate into overview reports Execute basic Divide container commands such as wipe and lock + + Immediate solution for BYOD challenges and security concerns for Mobile OS‟s Seamless delivery: same Divide App, binding to IBM MDM at time of enrollment Business Apps IBM Endpoint Manager
    19. 19. © 2012 IBM Corporation19 19 What it organizations need for byod Divide Container Security Data Protection • Device PIN/passcode • Passcode history and complexity • Passcode failure actions • FIPS 140-2 validated encryption • Full and selective device wipe • Wipe on SIM removal/rooted • VPN support • S/MIME support OTA Self-Service Provisioning • ActiveSync email • VPN configuration Container Controls • Whitelisting – application push • Blacklisting • Location based services • Data leakage prevention • URL blocking Compliance Management and Reporting • Device hardware • Operating system • Policy compliance • Compromised device status • Voice, Data, and SMS usage reporting
    20. 20. © 2012 IBM Corporation20 • Professional-grade email, contacts, calendar and browser • Data-at-rest is protected with AES 256 bit encryption • Data-in-motion leverages existing VPN investments • Secure cloud based file storage (optional) • Separate voice and messaging (including future 2-number UC) • Internally developed apps uploaded and assigned via policy – in minutes and with no developer modifications • Divide App security automatically provides data-at-rest AES-256 bit encryption • Divide Extensions provide extraordinary integration with 3rd party Apps and Cloud services GEARED FOR INNOVATION Leveraging the App Ecosystem STANDARD DIVIDE APPS THIRD PARTY APPS
    21. 21. © 2012 IBM Corporation21 Extensible for the future 21
    22. 22. © 2012 IBM Corporation22 22 Divide is licensed by the user Others licensed by the device 1 Cisco IBSG Horizons Study of 600 U.S. IT and business leaders “ By 2014, the average number of connected devices per knowledge worker will reach 3.3, up from an average of 2.8 in 2012.” 1 Licensed to scale…..cost effectively
    23. 23. © 2012 IBM Corporation23 The right solution for byod? 23 A first generation solution purpose-built for email sync A next generation solution purpose-built for BYOD Device Management X ✔ Manages the Divide workspace and integrates with IBM Endpoint Manager for device MDM Does not integrate with deployed MDM solutions Secure “Workspace” ✔ X Provides a secure workspace that preserves the native iOS and Android user experience Provides an email sandbox with a proprietary user interface Secure VPN ✔ X Provides VPN connectivity between the workspace and corporate apps No VPN integration - all data traverses the Good NOC App Choice ✔ X App wrapper technology enables the use of any third party app within the workspace Third-party apps must be modified and recompiled using the Good SDK ($) Avg TCO/ User $$$$ $$$$ $
    24. 24. © 2012 IBM Corporation24 PCs and mobile devices have many of the same management needs  Device inventory  Security policy mgmt  Application mgmt  Device config (VPN/Email/Wifi)  Encryption mgmt  Roaming device support  Integration with internal systems  Scalable/Secure solution  Easy-to-deploy  Multiple OS support  Consolidated infrastructure  Device Wipe  Location info  Jailbreak/Root detection  Enterprise App store  Self-service portal  OS provisioning  Patching  Power Mgmt Traditional Endpoint Management Mobile Device Management
    25. 25. © 2012 IBM Corporation25 IBM‟s CIO Office is managing 56,000+ smartphones and tablets with IBM Endpoint Manager (60% iOS, 40% Android) and projecting 125,000 enrolled devices by end of March Deployment Time (days) Mobile Devices Enrolled 13k devices in first 24 hours 24k in first month 46k in first 2.5 months 125k projected by end of March MDM Deployment Progress Shared Under NDA
    26. 26. © 2012 IBM Corporation26  Support 20,000+ mobile devices  Corporate and employee-owned, many platforms and OS versions  High availability for certain devices used in the field  Adherence to internal security policies, external regulations Customer Needs Key Features & Outcomes Public Utility  Scalability to 250,000 endpoints provides room to grow without adding infrastructure  Added mobile devices to existing IEM deployment in days  Ability to integrate with Maximo, Remedy  Responsiveness and agility of product and product team Adding Mobile Devices Without Adding Infrastructure Serving 4.5 million customers in the southwestern region of the United States, this electric company of 25,000 employees is a leader in clean energy while exceeding reliability standards and keeping consumer costs below average. They are experiencing a migration from traditional endpoints to mobile devices.
    27. 27. © 2012 IBM Corporation27 Security & Management Challenges  Potential unauthorized access (lost, stolen)  Disabled encryption  Insecure devices connecting to network  Corporate data leakage 27 • Mail / Calendar / Contacts • Access (VPN / WiFi) • Apps (app store) • Enterprise Apps iCloud iCloud Sync iTunes Sync Encryption not enforced End User VPN / WiFi Corporate Network Access Managing Mobile Devices – The Problem
    28. 28. © 2012 IBM Corporation28 iCloud iCloud Sync iTunes Sync End User VPN / WiFi Corporate Network Access • Personal Mail / Calendar • Personal Apps Corporate Profile • Enterprise Mail / Calendar • Enterprise Access (VPN/WiFi) • Enterprise Apps (App store or Custom) Secured by BigFix policy Encryption Enabled Endpoint Manager for Mobile Devices  Enable password policies  Enable device encryption  Force encrypted backup  Disable iCloud sync  Access to corporate email, apps, VPN, WiFi contingent on policy compliance!  Selectively wipe corporate data if employee leaves company  Fully wipe if lost or stolen Managing Mobile Devices – The Solution
    29. 29. © 2012 IBM Corporation29 29 Management by Email Fully-Managed Devices IEM Server DB ActiveSync Agent Comms / Management APIs Consolidated Reports / Management TEM Relay Mgmt Extender for iOS Lotus Traveler / Exchange Server ActiveSync IBM Endpoint Manager for Mobile Devices Architecture Apple Push Notification Servers Google Cloud Messaging (optional)
    30. 30. © 2012 IBM Corporation30 Endpoint Manager for Mobile Devices Dashboard
    31. 31. © 2012 IBM Corporation31 A unified report of password policies across all mobile OS‟ makes it easy for administrators to identify non-compliant devices
    32. 32. © 2012 IBM Corporation32 A “Single Device View” enables administrators and helpdesk personnel to easily view device details and take required action View Location information is also available
    33. 33. © 2012 IBM Corporation33 Create your own Enterprise AppStore 33
    34. 34. © 2012 IBM Corporation34 A user-friendly iOS Profile Configuration Wizard exposes all of the configuration capabilities exposed by Apple‟s MDM APIs
    35. 35. © 2012 IBM Corporation35 A flexible enrollment process can include an EULA and collect critical device and employee data via customisable questions
    36. 36. © 2012 IBM Corporation36 Optional Authenticated Enrollment and Self Service portal
    37. 37. © 2012 IBM Corporation37 View installed apps on Android and iOS devices
    38. 38. © 2012 IBM Corporation38 IBM Endpoint Manager for Mobile Devices Architecture TEM Server DB Console / Web Reports Relay(s) Android Email Server (Exchange/Lotus) Android Apple Apple Push Notification Servers w/Email ActiveSync Phones / Tablets Desktops / Laptops Full Agents http / 52311 http / 52311 http / 52311 ActiveSync / IBM Sync https Apple MDM Interaction Apple Push Notification Servers Full Agents Management Extender for (Exchange or Lotus) http / 52311 Mgmt Extender for iOS Apple AppAndroid App Windows, Symbian, BlackBerry
    39. 39. © 2012 IBM Corporation39 Fast and cost-effective development, integration and management of rich, cross- platform mobile applications Client Challenge Key Capabilities Using standards-based technologies and tools and delivering an enterprise-grade services layer that meets the needs of mobile employees and customers Mobile optimised middleware • Open approach to 3rd-party integration • Mix native and HTML • Strong authentication framework • Encrypted offline availability • Enterprise back-end connectivity • Unified push notifications • Data collection for analytics • Direct updates and remote disablement • Packaged runtime skins IBM Worklight - Developing for multiple mobile platforms Encrypted cache on-device • A mechanism for storing sensitive data on the client side • Encrypted - like a security deposit box
    40. 40. © 2012 IBM Corporation40 Mobile Foundation Potential Integration Scenario Streamlined App Deployment Workflow Today Endpoint Manager customers could directly import and distribute Worklight-built apps via Enterprise App Store, thereby improving workflow between Development and Operations Distribute App to Employees Import into Endpoint Manager App Store 2 3 Build app in Worklight1
    41. 41. © 2012 IBM Corporation41 An Evaluators Guide is available for MDM