Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[Whitepaper] an overview of ibm mobile first platform

Mobile platform

  • Login to see the comments

  • Be the first to like this

[Whitepaper] an overview of ibm mobile first platform

  1. 1. IBM Software WebSphere Technical White Paper An overview of IBM MobileFirst Platform Build, test, integrate, deploy and manage mobile applications Contents 1 The IBM MobileFirst Platform 2 More efficient development 9 Optimizing user engagement 13 Securing your mobile channel at the user, application and device levels 17 Managing your mobile ecosystem The IBM MobileFirst Platform The IBM® MobileFirst Platform is a standards-based mobile- middleware, categorized as a Mobile Enterprise Application Platform (MEAP) and Mobile Application Development Platform (MADP). IBM MobileFirst Platform Foundation core value-add is the connectivity to and extension of existing back-end systems also known as Systems of Records (SoR) with development, user engagement, security and management capabilities. Track problems that affect UX Manage and enforce app versions Security User engagement Operations Back-end Front-end 30% of the value and effort is visible (mobile UI) 70% of the value and effort lies under the surface Short time to market Web? Hybrid? Native? Teamwork Industrialize app dev Integrate with SDLC Ensuring continued support in a quick- changing landscape Data protection Push upgrades Malware detection integ User authentication Connect to back-end systems Efficient and flexible push notifications Offline availability Track and use location B2E app distribution Mobile apps go much deeper than the front-end User Interface
  2. 2. 2 WebSphere Technical White PaperIBM Software With the MobileFirst Platform, organizations can more effec- tively address the full lifecycle of mobile app development, delivery and on-going management. The IBM MobileFirst Platform consists of three distinct offerings: ●● IBM MobileFirst Foundation to build, test, integrate, deploy, manage and better secure web, hybrid and native applications for desktop and mobile from standards-based technologies and tools ●● IBM MobileFirst App Scanning to detect code vulnerabili- ties earlier during development ●● IBM MobileFirst Quality Assurance to capture feedback from users and testers with sentiment analysis and frictionless bug reporting DevelopObtain insight Manage Deploy Instrument Integrate Test Scan and certify Operationalize Integrated DevOps for Mobile Des ign X The mobile application lifecycle Application Center Quality AssuranceApplication Scanning Development Continuous Delivery Studio Console Server Run time Application Scanning Detect code vulnerabilities at the time of development Quality Assurance Collect beta test feedback, crashes and analyze user sentiment Foundation Development, Run time, Operations, Console and Private Store IBM MobileFirst Platform overview More efficient development With MobileFirst Foundation, you can support a wide range of development approaches from native to hybrid as well as web approaches. Therefore, you can evaluate the best approach for each situation, according to skills, time and functionality, with- out being limited by a specific approach to mobile application development. Developers can use tools of their choice—the provided com- mand line interface (CLI) enables integration with tools such as Xcode, Android Studio, Xamarin, or any other development tool developers want to use. The MobileFirst platform also includes the IBM MobileFirst Studio, an Eclipse-based integrated development environment (IDE) that helps developers to conduct virtually all the coding and integration tasks required to develop rich and engaging applications. MobileFirst Studio is designed to augment Eclipse tools with a wide variety of enterprise-grade features delivered as plug-ins to streamline application development, debugging and testing as well as to facilitate enterprise connectivity.
  3. 3. 3 WebSphere Technical White PaperIBM Software Mobile web site (browser access) Native shell enclosing external Pre - packaged HTML5 resources HTML5 + native UI Mostly native, some HTML5 screens Pure native HybridPure web Pure native Web-native continuum HTML5, JS, and CSS3 (full site or Quicker and cheaper way to mobile • • • Sub-optimal experience HTML5, JS, and CSS Usually uses Cordova Downloadable, app store presence, push capabilities • • • • Can use native APIs As previous• • + more responsive, available offline Web + native code • • Optimized user experience with native screens, controls, and navigation App fully adjusted to OS • • Some screens are multiplatform when makes sense • • • App fully adjusted to OS Best attainable user experience Unique development effort per OS, costly to maintain Approaches for the development of mobile apps Regardless of how you choose to develop your apps, develop- ment complexity rises when you need to develop multiple apps in different versions, support multiple mobile operating systems, or enable many developers to work together on a rich app. ●● With the MobileFirst Foundation, developers can reduce the development cycle by automating app tests directly on their PC. They can reuse code across or within apps by using templates and components. Developers can integrate with SOAP, REST and SAP services in seconds without writing a line of code. In addition, they can efficiently tailor ready-to-use mobile build and test scripts to their corporate build framework and share the resulting applications with developers and testers. ●● All these capabilities are available for native, hybrid and web developers in a complete IDE or as a flexible set of command-line tools. ●● Developers of hybrid applications can also benefit from greater flexibility to build Cordova-based apps, where the IBM platform helps enable them to have control of the portions
  4. 4. 4 WebSphere Technical White PaperIBM Software Capability Objective-C for iOS Java for Android C# for Windows Phone 8 C# for Windows 8 Integration with back-end systems through adapters √ √ √ √ MobileFirst Platform Authentication Framework √ √ √ √ Development Functional testing √ √ √ - Application version enforcement √ √ √ √ Unified push and SMS notifications √ √ √ - Location Services √ √ - - On-Device Encrypted JSON Store √ √ - - Log collection for analytics √ √ - - Remote-controlled client-side log collection √ √ - - Pure native development With the pure native development approach, you can create applications that fully use the device capabilities without any compromise on performance and user experience. Such applications are written for a specific platform environment as Objective-C for iOS, Java for Android for Java ME or C# for Microsoft Windows Phone 8 and Microsoft Windows 8 and use MobileFirst Platform capabilities through its provided native APIs. Command Line Interface To help developers get a better tools experience, the CLI tool can be used to more easily create and manage both native and hybrid apps. The CLI enables developers to use their preferred text editors or alternative IDEs to create mobile applications. The CLI does not require MobileFirst Studio for most stan- dard activities. The commands support tasks such as creating, adding and configuring with the MobileFirst Platform API library, adding the client-side MobileFirst Platform properties file and conducting the build and deployment of the MobileFirst Platform application. Adapter creation, deployment and local testing can be conducted within the command line. Administration of your MobileFirst Platform project can be done from CLI or REST services, or the MobileFirst Console, where you can more easily control the local server and observe the logs. Command-line tools can be used on their own, or in parallel with the MobileFirst Studio tools. Everything that is generated by using the command-line inter- face is compatible with MobileFirst Studio. You can also use the CLI to integrate third-party tools such as ANT or Grunt to create your own tool chain for automated testing, build and deployment flows. MobileFirst Platform native capabilities
  5. 5. 5 WebSphere Technical White PaperIBM Software Native-device SDK integration MobileFirst Studio is also designed to integrate with the software development kits (SDKs) of the mobile devices that the MobileFirst Platform supports including Android, iOS, Microsoft Windows 8, Microsoft Windows Phone and Blackberry. With this integration, developers can take full advantage of the native code capabilities, development tools, testing and debugging mechanisms that are native to the mobile SDKs, without leaving the development environment. Automated mobile functional testing To accelerate delivery cycles of mobile applications, you require fast and effective test cycles. MobileFirst Platform software includes integrated automated functional testing. This testing is available for Android and iOS native, hybrid and web applica- tions. Created for developers and testers, this capability is designed to automate functional testing of apps that are devel- oped with the MobileFirst Platform. First, developers or testers record a sequence of actions on a mobile device, emulator or simulator by using an instrumented recording-ready application to generate a test script. Next, developers or testers edit and enhance the script by using natural-language syntax to add veri- fication points and other instructions. Developers and testers can run the enhanced test script on demand on a real device, simulator or emulator. They can view and share the results by using a generated HTML report. Developers and testers can test MobileFirst Platform apps more rapidly and methodically at a reduced cost because of automated functionality testing. As a result, developers and testers can help enable higher-quality mobile apps. Centralized build The IBM MobileFirst Platform Builder is a stand-alone appli- cation that can be more easily integrated with common central build services, such as IBM Rational® Jazz™ Builder, Hudson and Luntbuild. Using the centralized build functional- ity, the different teams involved in the development, testing and quality assurance (QA) phases can work from one common version of the code without complex installation of dedicated mobile environments locally. Therefore, teams can more effec- tively enhance the collaboration and automation of the internal application development process. Hybrid development Facing the constantly evolving fragmented ecosystem of mobile devices and operating systems, application development has become a costly, yet an unavoidable endeavor. This challenge has led to the creation of a market for cross-platform mobile development solutions that is rapidly growing. Most solutions in the market today rely on limited proprietary tools delivering lowest-common denominator based on code cross compilation or interpretation from what you see is what you get (WYSIWYG) tools or prepackaged apps. The result is an unavoidable tradeoff between user experience and multiplat- form coverage. With the MobileFirst Platform hybrid develop- ment approach, applications can have any mix of standard native and web code, even in the same UI views. Hybrid appli- cations execute inside a native container and use the browser engine to display the HTML5/JavaScript and CSS part of the application interfaces and business logic. The native container, based on Apache Cordova also known as PhoneGap, grants application access to device capabilities that are not accessible to standard web applications, such as the accelerometer, camera and device local storage. Hybrid applications developed with the MobileFirst Platform can be distributed through public or private cross-platform application stores and developed either by using the provided MobileFirst Studio CLI or IDE tools. For example, the Mobile Browser Simulator enables advanced debugging earlier in the development cycle to further accelerate developments with multiple form factors preview side by side and Apache Cordova APIs simulation.
  6. 6. 6 WebSphere Technical White PaperIBM Software Because developers are not dependent on an intermediary build-time or runtime layer, such as a cross-compiler or inter- preter, native APIs are accessible upon release of new mobile operating system (OS) versions or third-party libraries. Furthermore, the applications web code is executed directly by the mobile browser, so developers have direct access to the HTML Document Object Model (DOM) and are free to use any JavaScript API or third-party JavaScript toolkits and frameworks. There are several ways of combining native and web code in MobileFirst Platform hybrid applications, including: ●● Native and web code mix. With the MobileFirst Platform, you can mix virtually any set of native code with web code for different, or within the same screens or application logic. Some of the benefits include full use of native capabilities and optimized balance between code reuse and performance for user experience where needed. ●● Pre-packaged HTML5 resources. Unlike the following approach, the web resources are not loaded from an external website at run time but are packaged within the application itself, thus enabling improved application responsiveness and off-line operations support. In addition, you can enable greater cross-reuse across delivery channels with the com- bined use of responsive design and MobileFirst Platform skins. ●● Native shell application enclosing an external mobile website. With this approach, your mobile website is dis- played inside the native shell provided instead of the device browser allowing application access to the device native functionality through JavaScript APIs. There are drawbacks to this approach because of downgraded user experience with subpart response time and off-line modes. Support for HTML5 MobileFirst Platform software uses a standards-based approach that enables developers to write or import code, to circumvent the debugging and maintenance limitations of proprietary interpreters or code translators. You can benefit from capabilities that include: ●● A cleaner, more readable and consistent HTML code ●● Visual HTML editing in Rich Page Editor; HTML5 tags and attributes are directly supported in RPE ●● Access to rich media types including audio and video that are usually available only by way of native code ●● Use of advanced UI components, such as data pickers, sliders and edit boxes that automatically support ellipsis and others—implemented natively by the browser ●● Use of Cascading Style Sheets 3 (CSS3) styles and CSS3-based animation to reduce application size and to improve application responsiveness ●● Application distribution channels that go beyond the different application stores and their time-consuming and limited restrictions ●● Support for location services ●● Offline storage capabilities Support for third-party JavaScript toolkits and UI frameworks In addition to its support for HTML5, MobileFirst Platform software provides integration with the growing ecosystem of UI frameworks, such as Ionic, Angular or jQuery Mobile. Developers can pick the JavaScript UI framework of their choice and use it to develop their application within the MobileFirst Studio.
  7. 7. 7 WebSphere Technical White PaperIBM Software Rich Page Editor (RPE) Furthermore, the MobileFirst Studio ships with a WYSIWYG drag-and-drop for UI design and development. With these editing capabilities, developers can create pure HTML or HTML and JavaScript files by dragging HTML5, JQuery and Dojo mobile components from a built-in palette to the HTML canvas. Developers can use property sheets to control HTML and CSS properties. At the same time, with these editing capa- bilities, developers can enable direct editing of HTML and CSS files, updating the graphical canvas to visualize almost immediately the impact of their changes. These editing capabil- ities are integrated with the MobileFirst Platform optimization framework, making it possible for developers to view a specific application environment or to view a specific skin. Screen templates To deliver an outstanding mobile UI experience, conformance to continuously evolving mobile patterns of behavior that are specific to each OS family is required. MobileFirst Platform software includes screen templates that automate the creation of mobile screens. The design of these screen templates is based on industry-proven methods. Developers can choose from templates in four categories including: ●● Lists ●● Authentication ●● Navigation and search ●● Configuration Each screen template can be previewed live, used as is, or further refined using any combination of web and native technologies. Optimization framework Unlike other alternative approaches, the MobileFirst Platform optimization framework enables developers to share the majority of the application code across multiple environments, without compromising platform-specific user experience or application functionality. Developers can share the common application code among multiple environments, while isolating environment-specific code in designated code branches that can overwrite or augment the commonly shared code. As a result, application logic remains consistent among the different envi- ronments, while the UI behaves natively and adheres to user expectations and the differentiated functionality and design guidelines of the device. Therefore, developers can strike the desired balance between development efficiency, application functionality and user experience. Hybrid application web portion of the code can be updated with the IBM MobileFirst Platform Direct Update mechanism. Further performance improvements with direct update are possible through differen- tial direct update where the end users receive only the web resources that have changed between updates instead of the entire web resource package. Runtime skins You can further optimize your hybrid apps by using runtime skins. These skins are packaged with the application’s executable files and are applied to the mobile app during run time. With this capability combined with responsive design techniques, it is easier to automatically adjust the application appearance and behavior to different devices from the same OS family and better manage application code complexity. Common scenarios that benefit from runtime skins include: ●● Different screen sizes and screen densities ●● Different input method ●● Different support levels for HTML5
  8. 8. 8 WebSphere Technical White PaperIBM Software The shell approach When different teams having varying degrees of expertise work on common mobile projects, the MobileFirst Platform shell approach can help separate concerns among teams. An external shell is a customizable container that provides JavaScript access to the native capabilities of the device. A dedicated expert team works on one or multiple shells for branding, security configu- rations, audits and authentication frameworks. Using such shell structure forces hybrid inner applications to automatically comply with its built-in policies as data access restriction, use of certain APIs and different branding. With the corporate policies enforced by the shell, the inner applications can be more easily built by departmental develop- ment teams using well-known web technologies. Such teams are only required to focus on the user interface and business logic. Desktop and mobile website development In this model, the application that executes the device’s browser can be made platform independent and requires no installation, with simple access through a URL or bookmark. The downside is support for connected mode only, sub-part user experience with potentially response time and no access to the device functions such as camera or contact list. Aspects of each development approach With the MobileFirst Platform, you can select the most appro- priate development approach fitting your application context and objectives. Selecting the best development approach must be the first step of your application project. The major aspects of the supported development approaches to help you decide which one best fits your needs include the following: Comparison of mobile development approaches Aspect Mobile website development Native shell, external mobile website Prepackaged HTML5 resources Mixing web and native in code and UI Pure native development Easy to learn Easiest Easiest Medium Harder Hardest Application performance Slowest Moderate Good Fastest Fastest Device knowledge required None Some Some Some A lot Development lifecycle - build, test, deploy Shortest Shortest Medium Medium Longest Application portability to other platforms Highest High High Medium None Support for native device functionality Some Most Most All All Distribution with built-in mechanisms No No Yes Yes Yes Ability to write extensions to device capabilities No No Yes Yes Yes
  9. 9. 9 WebSphere Technical White PaperIBM Software Optimizing user engagement Users value apps that help them complete tasks such as ordering takeout, hailing a taxi, or making a restaurant reserva- tion. To deliver this type of transactions, you require mobile application integration with existing back-end services and data. Standardized back-end access with adapters The MobileFirst Platform enables mobile apps back-end con- nectivity over HTTP, JMS, SAP, Unstructured Supplementary Service Data (USSD) and SQL and you can further optimize connectivity by using IBM Integration Bus or IBM Cast Iron®. The MobileFirst Platform adapter architecture is designed to promote a decoupling of integration logic, which is hosted on the server side from the mobile application logic. As a result, with this IBM architecture, you can manage back-end services and mobile-apps-distinct evolution timelines. Moreover, mobile apps often have to connect to services that were built long before mobile was in existence, which poses challenges in both data delivery and service security for the mobile channel. The MobileFirst Platform is designed to deliver ready-to-use data transformation capabilities to the JSON format to optimize payloads size and response time for the mobile applications. For instance, adapters can easily filter out unneeded parts of large payloads from legacy services tar- geted at the traditional web channel. Furthermore, adapters can enable server-side service composition to reduce the number of requests to optimize application response time over slow mobile network. In terms of integration security, the MobileFirst Platform pro- vides mobile-specific and fine-grained security controls that can be wrapped around legacy services. In addition, the MobileFirst Platform acts as a strong control point, enabling overview and management of mobile activities. This platform also includes built-in analytics for user actions and device and application properties with possible extension to monitor and act upon unusual usage patterns that might result from fraudulent repackaged apps. Integration is the driver for the level of interaction many users expect from their mobile apps and the MobileFirst Platform provides a robust set of integration capabilities. With these features, you can use existing enterprise investment, optimize data delivery to sustain user interactions over unstable mobile networks and help reduce development cost by providing zero- code integration paths. In addition, you can improve organiza- tional insight into user experience through analytics. Automated services discovery for SOAP and SAP Generation of adapters for the discovery of SOAP automated services
  10. 10. 10 WebSphere Technical White PaperIBM Software With the MobileFirst Platform, you can further expedite the creation of mobile apps that call SAP NetWeaver Gateway and SOAP-based web services described by Web Services Description Language (WSDL). With the MobileFirst Platform services discovery wizard, developers can specify the back-end services called from the mobile app and generate application specific adapters for web, hybrid, or native app with near-zero coding. Further, developers can place them in the proper mobile app project folder. Unified push notification and SMS There are many differentiated characteristics of mobile apps but perhaps none more so than the notion of anywhere, anytime engagement. The MobileFirst Platform provides a unified API to send push notifications and SMS from the server to mobile apps, helping developers to more easily manage mobile plat- form fragmentation. In addition, they can develop a single set of logic to send push notifications across their target platforms. The MobileFirst Platform provides the ability to send broadcast notification to all devices and targeted messages to a specific set of users, a specific device or a specific user. By using the device specific capabilities, the MobileFirst Platform also supports interactive push notifications for iOS8, Android L heads up notification and silent notifications for iOS7 onwards. Location services If push notifications deliver the means for engagement, location services deliver the ability to engage in context. The MobileFirst Platform is designed to help engage users based on their location by providing end-to-end services for detect- ing, transmitting and consuming location-based events in back-end business processes, decision management systems and analytics systems. Polling Adapters Back-end System Back-end System Message- based Adapters Unified Push API Notification State Database User Device Database iOS Dispatcher Android Dispatcher Windows Phone Dispatcher SMS Dispatcher Apple Push Servers (APN) Google Push Servers (GCM) Microsoft Push Servers SMS/MMS Brokers Administrative Console Notification statistics, SMS subscription control Worklight Client-side Push Services iOS Push API Android Push API Windows Push API Broker API Optional 2-way SMS Worklight Client-side Push Services Worklight Client-side Push Services Unified Push Notifications
  11. 11. 11 WebSphere Technical White PaperIBM Software Traditional approaches constantly poll device GPS or triangulate and then send the resulting position to the back-end systems for decision-making. Whereas, the MobileFirst Platform delivers a location services framework that helps optimize development time, battery and network usage. MobileFirst Platform geo-services architecture MobileFirst Platform USSD architecture overview Device Run time Application code Device location API Server location API Worklight device run time Worklight server run time Analytics and reporting Set acquisition policy and triggers Transmit events Log activities and event with device and app contexts Events Device context Set event handlers Get device context Set app context Trigger callbacks Event callbacks Adapter code Worklight Server Enterprise backend Worklight HTTP/S USSD Gateway Mobile User dials USSD short code e.g. *123# Telco forwards this to a USSD gateway Gateway maps the short code to a known URL provided by the enterprise and creates the USSD session Worklight responds to the gateway request with the USSD menu options (configurable) Enterprise Adapter
  12. 12. 12 WebSphere Technical White PaperIBM Software IBM MobileFirst Platform Foundation location services provide both client-side and server-side services that deliver: ●● Points of interest and geo-fences definition and a more efficient, policy-based controlled acquisition of GPS, triangulation and Wi-Fi coordinates to save battery, whether the application is executing in the background or foreground ●● Events generation for action triggering based on location changes as when crossing a geo-fence and server-side logic to enable meaningful reaction to important geo events ●● More efficient communication with back-end systems and batch sends to optimize network use ●● Unified server-side API that enables developers to consume location events on the server and take action to facilitate enterprise systems integration into patterns of intelligent user engagement The benefits of MobileFirst Platform location services are twofold to the organization. First, developers do not have to worry about efficient location data collection and transmission for the client because they can use MobileFirst Platform services. Second, developers can build one set of location- enriched engagement logic on the server and apply that logic to their mobile apps throughout platforms. This IBM platform’s location services help people at organizations more efficiently understand where app users are and more importantly execute business logic based on this contextual understanding. Indoor location using iBeacons You can engage users based on their proximity to an enterprise beacon by delivering location-relevant messages, information, promotions and so on. The MobileFirst Platform provides REST APIs to register and manage the beacons on the server side. Similar to outdoor location triggers, the admin team creates triggers that are activated when a user is nearby enterprise beacons. Developers can retrieve a list of beacons and triggers by calling a WL Server API in an adapter Unstructured Supplementary Service Data USSD provides a cost-effective alternative to mobile apps in emerging markets where feature phones as opposed to smart- phones are still fairly common and data networks unreliable. USSD is a protocol used by GSM cellular telephones to send text messages between a mobile phone and an application program in the network. USSD establishes a real-time session between the mobile phone and the application that handles the service. The MobileFirst Platform is able to: ●● Accept incoming requests from a USSD gateway and map the USSD short codes as a user entering *123# to the corresponding MobileFirst Platform adapters ●● Construct and respond with USSD menu options ●● Call corresponding back-end services through the MobileFirst Platform adapters The IBM MobileFirst Application Center cross-platform private app store The MobileFirst Application Center enables teams to set up an enterprise cross-platform private application store to help govern the distribution and management of pre-release and production-ready mobile applications. This MobileFirst private app store can manage MobileFirst and non-MobileFirst-based applications, including apps from public app store. Administrators can make the most of existing authentication frameworks, including ACL and LDAP, to manage app distri- bution by department, job function, geography and other schema. Employees who access the MobileFirst Application Center from their mobile devices will only see the mobile apps that they are allowed to download and can rate apps and provide feedback to help future enhancements.
  13. 13. 13 WebSphere Technical White PaperIBM Software For development teams, the MobileFirst Application Center provides a more convenient way to distribute pre-release soft- ware to developers and testers. Feedback can be organized by device and by version to quickly isolate and resolve defects, whether those defects are device-specific or version-specific. The MobileFirst Application Center is designed to also inte- grate with software-build processes to automate the distribution of the latest releases to project teams, helping to accelerate the develop-test-debug cycle. The MobileFirst Application Center provides: ●● Administrators with improved governance over the distribu- tion of mobile apps throughout the enterprise, including app hosted on public app stores; ●● Employees with easier access to the latest apps that are needed by their departments or job function and that are optimized for their device; ●● Developers with an easier way to distribute mobile builds and to elicit feedback from members of development and test teams The MobileFirst Application Center is designed to manage native or hybrid applications for the Google Android platform, the Apple iOS platform, the Microsoft Windows Phone 8 plat- form, Microsoft Windows 8 and the BlackBerry OS 6 and OS 7 platform. Securing your mobile channel at the user, application and device levels Security is a clear priority for executives at organizations embarking on mobile implementations but it proves to be challenging. Up to 53 percent of enterprises report that they struggle to implement effective end-to-end mobile security measures.1 A key characteristic of the MobileFirst Platform security frame- work is its delegation to the existing security infrastructure to foster reuse and security standardization across delivery chan- nels. IBM MobileFirst Server is designed to integrate more seamlessly as a presentation tier into the existing enterprise infrastructure while supporting custom extensions to integrate with virtually any security mechanism. The IBM MobileFirst Foundation security framework provides a wire protocol that enables the combination of challenges and responses of multiple security checks during a single request-and-response round trip. With this IBM security framework, the number of client and server round trips can be reduced and the application logic from the security checks implementation can be separated. The MobileFirst Platform facilitates stronger implementation of security measures at the user, data, application and device levels: ●● The MobileFirst Platform provides an open user- authentication framework to help you integrate your mobile apps with existing enterprise or third-party security systems. The MobileFirst Platform enables the basic authentication approach that uses the username and password. But the MobileFirst Platform also enables more complex schemes such as certificate-based authentication and multifactor authentication protocols with one-time passcodes, step-up authentication procedures and more. A typical example of multifactor authentication is the combination of device, application and user authentication. You can also integrate the MobileFirst Platform with existing enterprise certificate authority such as X509 Public Key Infrastructures (PKI) certificate creation back-end, to pass requests for the creation of certificates and use resulting certificates. Resulting X509 certificates stored on the devices help deliver enhanced user experience by streamlining user authentication steps as removing login and password steps for a particular app on a given device. X509 certificate creation software is provided if you do not already have one deployed. The MobileFirst Platform is also designed to support off-line authentication, single sign on (SSO) capabilities for multiple mobile apps to participate in a globally authenticated session.
  14. 14. 14 WebSphere Technical White PaperIBM Software ●● The MobileFirst Platform helps more effectively secure data on the device with the JSON Store AES-256 encryption. You can further secure data on the device and in transit with the use of optional libraries to make them FIPS 140-2 compliant. ●● You can protect applications against repackaging attacks with app authentication by ensuring that mobile apps that connect to the MobileFirst Platform environment are known and trusted. With the MobileFirst Platform, you can also support integration with third-party jailbreak and malware detection libraries. These capabilities are complemented with the MobileFirst Platform direct update to automatically propa- gate updates of web portions of the hybrid mobile apps, thus helping to ensure latest security patches are deployed to users. ●● To protect against malicious changes to direct update, the MobileFirst Platform provides direct update authenticity verification, where the authenticity of the direct update package is verified before it is installed on the end user’s device. ●● The MobileFirst Platform also provides device provisioning capabilities which enable control over which device can access corporate back-end systems. ●● In addition to all of these capabilities, this IBM platform provides management controls through standard Java EE security controlled for role-based access to UI console, analytics console, CLI and REST APIs used for the automa- tion of tasks. They help administrators to mitigate risk in the face of unknown app vulnerabilities and recently lost devices. Furthermore, administrators can more quickly change access rules with fine-grained management of user or device or application triplets with disablement of all or given apps for all or given users or devices. Proactively enforce security updates Remote disable Direct update Provide robust authentication and authorization to secure users Authentication integration framework Data protection realms Coupling device id with user id Streamline corporate security approval processes Mobile platform as a trust factor Protect from known application security threats Code obfuscation SSL with server identity verification Proven platform security Jailbreak and malware detection App authenticity testing Protect data on the device Encrypted cache / DB Offline authentication Secure challenge- response on startup MobileFirst Platform Security Framework
  15. 15. 15 WebSphere Technical White PaperIBM Software Mechanism Benefit Details On-device encrypted storage Help protect sensitive information from malware attacks and device theft ●● ●● ●● Uses AES256 and PCKS #5-generated encryption keys for storing app-generated information on the device Enables offline user authentication Implemented in JavaScript that is highly obfuscated, with optional native performance enhancements Direct update Take action to help ensure timely propagation of updated hybrid app versions to the entire install base ●● New versions of the code can be distributed without requiring the manual update of the application and are applicable to web resources Remote disable Enforce timely adoption of critical security updates to the entire install base ●● Server-side console enables configuration of allowed app versions. Administrator can ask users to install security updates to the native code. Authentication framework Help reduce overall cost and complexity of integration with authentication infrastructure ●● ●● ●● ●● ●● ●● Server-side architecture designed for integration with back-end authentication infrastructure based on Java Authentication and Authorization Service (JAAS) concepts, with authentication realms Specify one SSL per HTTP adapter for enhanced flexibility and security Ready-to-implement integration with Kerberos, NTLM, Basic and Digest authentication Ability to encrypt server-to-server SOAP communication with X509 certificates, following the Web Services Security (WSS) standard Client-side framework for asynchronous login requests on session expiration X509 certificates support Server-side safeguards Help prevent SQL injection and help protect against cross-site request forgery (XSRF) ●● ●● Prepared-statement enforcement Validation of submitted data against session cookie Enterprise SSO integration Use existing enterprise authentication facilities and user credentials and enable employee-owned devices ●● ●● ●● Client-side mechanism obtains and encrypts user credentials, sends to the server with requests Encryption incorporates user-supplied PIN, server-side secret and device ID Credentials cannot be retrieved from lost or stolen device
  16. 16. 16 WebSphere Technical White PaperIBM Software Mechanism Benefit Details Device SSO ●● Enables a mobile user to authenticate one time to ●● Upon successful login, the authentication state is saved in the integration ●● ●● ●● gain access to multiple mobile applications from a single device Mobile users get a more-seamless experience without having to explicitly log in to each application Enterprise teams can integrate authentication services under a single umbrella, streamlining governance and reducing help-desk costs that are related to password resets and security Developers can help eliminate redundant development effort; they are no longer required to build authentication into each application independently ●● database and used for validations in subsequent sessions from the same device No credentials are stored in the on-device database; only the state of the authentication is stored, for improved security Virtual private ●● Enable delivery and operation of mobile apps for ●● Client-side and server-side frameworks act as secure socket layer network (VPN) employee-owned devices or device types that are (SSL)-based VPN alternative ●● not allowed on the corporate network Enable delivery when installation of VPN client on mobile devices is not possible or when such installation is complicated to manage ●● ●● ●● Network access control and policies are preconfigured in the client-side framework layer Network access and security measures are updated using server-side framework On-device encrypted storage to help prevent compromise of sensitive data These capabilities are essential, but business leaders realize that delivering secure mobile apps is about more than securing the run time; security must be embedded into the development and app lifecycle management process. With MobileFirst Application Scanning, you can conduct a static code analysis of a mobile app, both native and web content, to detect potential vulnerabilities earlier during the development cycle for data leakage, sensitive information exposure, high-risk API usage and more. This analysis can be an automated part of an organization’s continuous integration and build strategy and it can be run on demand as well. Static code analysis for mobile apps is an important part of raising an organization’s overall security posture. With MobileFirst Application Scanning this analysis is made easier to institutionalize as part of the mobile app lifecycle.
  17. 17. 17 WebSphere Technical White PaperIBM Software The MobileFirst Platform also integrates with: ●● IBM MaaS360® from IBM Fiberlink® to help support BYOD strategies with full device control through policies, app containerization and app security as copy and paste prevention ●● IBM Trusteer® to deliver a context-driven risk assessment and advanced malware and jailbreak detection ●● IBM DataPower® for scalable security enforcement points (PEP), traffic management, message validation, transport level communications protection and rate limitation through policies ●● ISAM for risk-based access (RBA) and single sign-on (SSO) using LTPA token, HTTP header, or OAuth Clearly, security is an imperative for companies delivering mobile apps and it goes deeper than security measures employed for traditional web applications. The MobileFirst Platform provides a more comprehensive set of and integration with security-focused capabilities that help address both devel- opment and runtime concerns. Security officers and developers can use these capabilities to enhance their mobile security posture without spending considerable upfront and ongoing resources to match with what the MobileFirst Platform provides right off the shelf. The MobileFirst Platform does not warrant that systems and products are immune from the malicious or illegal conduct of any party. Managing your mobile ecosystem Unlike web application where you are in full control of the experience and versioning where users get the sanctioned version when connecting, mobile applications are a different challenge, with binaries executing on end-users devices, traditionally outside of your control. The MobileFirst Platform is designed to provide means to claim back control with its Mobile Application Management (MAM) capabilities while maintaining a higher level of insights with operational analytics. Enterprises can hardcode the MobileFirst server address in the client application in which case all the users connect to the same server. An alternative will be for enterprises to distribute a single application to multiple groups of users and each user group connects to a locally hosted MobileFirst server. The MobileFirst Platform provides APIs to dynamically change the MobileFirst server address. The MobileFirst Console The MobileFirst Console is a web-based user interface, also available through REST services, Ant tasks or CLI tools to more seamlessly integrate with your automation system of choice. The MobileFirst Console is dedicated to the ongoing administration of the MobileFirst Server and its deployed apps, adapters and push-notification services whether in development or production.
  18. 18. 18 WebSphere Technical White PaperIBM Software Supports multiple versions on the same platform Device specific versions are uncoupled Worklight console app management Main management tasks include: ●● Deployment of mobile applications and adapters ●● Fine-grained management of users, devices and applications ●● Black listing given devices when lost and managing their provisioning, preventing access to given users when role changed or managing multiple versions of the same application ●● Remotely disabling applications by version and mobile-operating-system type ●● Management of notification messages on application startup when installation of new application version is requested ●● Control and monitor push-notification services, event sources and related applications. ●● Troubleshooting and problem determination with server- initiated client log collection for given devices, apps and users Automated collection of user-adoption, device and app properties, user actions and back-end calls, JSONStore and back-end system calls performance, usage information, exceptions, crashes, logs and response time, with customizable dashboards for auditing and reporting purposes. All collected data can be easily exported for further analysis by external business intelligence tools.
  19. 19. 19 WebSphere Technical White PaperIBM Software Ready-to-use analytics helps address the following: e rojects with oring of ove her s the lications The MobileFirst Console can administer several runtim environments from several independent MobileFirst p deployed to the same application server or cluster. The MobileFirst Console includes role-based security different built-in profiles: ●● Monitor. This role includes read-only profile monit MobileFirst-deployed artifacts. ●● Operator. With this feature, you cannot add or rem applications and adapters but you can conduct all ot management operations ●● Deployer. This role includes the same capabilities a operator role but also the capability of deploying app and adapters. ●● Administrator. This role includes all administration operations. Operational analytics for usage insights The MobileFirst Platform provides an advanced operational analytics platform to automatically assemble and analyze user-adoption, device and app properties, user actions and back-end calls, JSONStore and back-end calls performance, usage information, exceptions, crashes, logs and response time. Search across logs and events collected from devices, apps and servers enable patterns and problems and platform-usage insights. The following sources are combined into the analytics repository: ●● Interactions of any app-to-server activity; anything that is supported by the MobileFirst Platform client/server protocol, including push notification ●● Client-side logs and crashes ●● Server-side logs that are captured in traditional MobileFirst Platform log files The IBM MobileFirst Server for analytics is provided as a WAR file for standard install and administration. Using the MobileFirst Platform approach, developers can instrument mobile apps using the provided library for more efficient collection and streaming of information. Business leaders who optionally upgrade to the IBM Tealeaf® CX mobile platform can gain additional insight into mobile user-experience analytics. This insight includes session replays, device orientation, screen size and touch-screen interactions, to understand the behavior of mobile users for web and native applications. These insights empower organizational teams to diagnose and resolve customer struggles that can be difficult to identify and that inhibit application usability and effectiveness. For more information To learn more about the IBM MobileFirst Platform, please contact your IBM representative or IBM Business Partner, or visit the following website: Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit:
  20. 20. © Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America November 2014 IBM, the IBM logo,, Cast Iron, DataPower, Jazz, Rational, Tealeaf, and Trusteer are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at Fiberlink, MaaS360 are trademarks or registered trademarks of Fiberlink Communications Corporation, an IBM Company. Microsoft, Windows and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. This document is current as of the initial date of publication and may be changed by IBM at any time. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 The Upwardly Mobile Enterprise, IBM Institute for Business Value, October 2013 WSW14181-USEN-09 Please Recycle