Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Connect 2016 - IBM Mobile Connect - Real World Usage Scenarios

These slides have been shown at IBM Connect 2016 in Orlando and show a best practice overview for using IBM Mobile Connect.

  • Login to see the comments

Connect 2016 - IBM Mobile Connect - Real World Usage Scenarios

  1. 1. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect 1130 – IBM Mobile Connect Real World Usage Scenarios René Winkelmeyer, midpoints GmbH Sun, 31 Jan 2016
  2. 2. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Agenda •  IBM Mobile Connect at a glance •  Scenario “Configuration for IBM Traveler (and others)” •  Security considerations – Certificate based authentication •  Security considerations – MDM integration
  3. 3. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount About me IBM Advanced Business Partner IBM Design Partner (Notes Domino, Mobile, Verse) Apple Enterprise Developer and MDM Group Member Samsung Enterprise Alliance Partner Worldwide Service Offerings - Enterprise Mobility - Mobile Device and Application Management - IBM Traveler and IBM Mobile Connect implementation + custom addon products René Winkelmeyer Head of Development
  4. 4. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount About me Reach out any time Skype / Twitter / LinkedIn => muenzpraeger Web https://blog.winkelmeyer.com http://www.midpoints.de Mail mail@winkelmeyer.com rene.winkelmeyer@midpoints.deRené Winkelmeyer Head of Development
  5. 5. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount What is this session about? •  Enhancements and new configurations of IBM Mobile connect to make your live easier. •  If you look for a starter guide please check out my slides from Lotusphere 2012 and 2013.
  6. 6. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect IBM Mobile Connect at a glance Latest version of this slidedeck is available on https://slideshare.net/muenzpraeger
  7. 7. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect – Specifications •  Current version: §  6.1.5.2 •  Server §  Windows - 2003/2008/2012 Server §  Linux – Red Hat Enterprise & SuSE Enterprise Server §  AIX
  8. 8. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect – Specifications •  Mobility (VPN) Clients §  Microsoft Windows 2000, XP, Vista, 7 §  OS X §  Linux (Red Hat, SuSE, Novell) §  Windows Mobile inkl. 6.5, Symbian (ausgewählte Devices), Palm §  Android •  Browser §  IE, Firefox, Safari, Chrome
  9. 9. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect – Capabilities •  VPN gateway §  Clients are available for Windows, Mac, Linux, Android •  WiFi gateway •  Clientless gateway §  HTTP access, like browsers or mobile apps Focus
  10. 10. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Reverse Proxy – why and how? •  A Reverse Proxy acts as a tier between a requester (i. e. browser) and a backend system. •  In contrast to a Forwarding Proxy a Reverse Proxy acts on behalf of the web server. •  The Reverse Proxy forwards the incoming request to the backend system and sends the response back to the user.
  11. 11. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Reverse Proxy – why and how? Backend systemReverse Proxy
  12. 12. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount What is a Secure Reverse Proxy? •  Defined endpoint for encrypted communication between external clients and internal systems. •  Central authentication and Single-Sign-On for all connected backend systems. •  Access authorisation for the connected backend systems.
  13. 13. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect as Secure Reverse Proxy •  Single-Sign-On using username/password or certificates for IBM backend systems •  Authentication sources are Domino LDAP or Active Directory •  Single URL access •  Automatic IBM Traveler Pool assignment
  14. 14. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Infrastructure scenarios Traveler Sametime Connections HTTPS HTTP(S) External URL: https://mobile.midpoints.net /traveler /chat /social Backend systems Secure Reverse Proxy

  15. 15. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Infrastructure scenarios Domino Mail Domino Mail Domino Mail Traveler 1 Traveler 2 Traveler 3 HTTPS Notes HTTP(S) External URL: https://mobile.midpoints.net/traveler IBM DB2 / MS SQL IBM DB2 / MS SQL DB2/SQL Traveler HA Service Pool Secure Reverse Proxy
 with Load Balancing and Failover

  16. 16. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Why IBM Mobile Connect – and not others? •  Native integration for all IBM Collaboration products •  Up-to-date TLS stack •  Scaling – one server can handle 10k parallel accesses •  MDM integration •  IBM support
  17. 17. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Remember Domino and SHA2?
  18. 18. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect – Components •  Connection Manager §  The IMC Connection Manager is the main component. He forwards the client requests to the backend systems. •  Gatekeeper §  A Java-based administration client for IMC. Can be installed on the same or another system as the Connection Manager.
  19. 19. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect – Components •  Access Manager §  Gets installed with the Connection Manager on the server. It is responsible for pushing the configuration changes (from the Gatekeeper) to the internal used database. It also updates the Connection Manager dynamically.
  20. 20. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect Scenario “Configuration for IBM Traveler (and others)”
  21. 21. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Traveler and IBM Mobile Connect •  Mobile mail access is a critical component nowadays in every environment. So is Traveler. •  Different environment setups are possible for Traveler §  Standalone setup §  High Availability with one or multiple pools
  22. 22. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Traveler – Pool definition / challenges •  A “Traveler pool” is the logical combination of multiple Traveler servers that share the same backend database. §  A single pool can serve up to 10k devices. §  The Traveler servers handle load balancing internally. •  Different setups are possible, like splitting pools by device type, user region and more. §  Without a centralized proxy all will have different entrypoint URLs.
  23. 23. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Traveler – How IBM Mobile Connect helps •  IMC has four main features that improve the Traveler experience. §  Defined proxy rules for Traveler access §  Session assignment §  Single URL support §  Automatic Server/Pool assignment
  24. 24. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount
  25. 25. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IMC workflow (simplified) Authenticated user connects Check if Pool assignment is active Validate user LDAP attribute set not set assign don‘t assign
  26. 26. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  Define within a http-access service which LDAP attribute should be queried
  27. 27. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  An “Application server pool” is a dedicated resource type
  28. 28. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  A “Pool configuration” contains one or multiple backend host names.
  29. 29. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  One or multiple strings can be added for the automatic pool assignment. The value must match the content of the LDAP field.
  30. 30. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  Multiple server pools can be defined.
  31. 31. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Automatic Server/Pool assignment configuration •  Activate the application server pool usage in the http-access service
  32. 32. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Adding more apps •  Besides Traveler all ESS backend systems are supported with specialized URL and content handling §  i. e. URL rewriting of transmitted content •  Delivers perfect integration including SSO capabilities §  IBM Connections §  IBM Connections Chat §  IBM Domino
  33. 33. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Adding more apps •  Simplified by application specific identifier.
  34. 34. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Summary •  The built-in capabilities help to deliver a streamlined administrative experience. •  Hassle-free connection to IBM ESS backend systems. §  LTPA1 and LTPA2
  35. 35. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect Security considerations – Certificate based authentication
  36. 36. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Certificates? Certificates! •  A high level of security can be achieved by using certificates for authentication. •  Certificates are a common practice for verifying clients and servers. The latter one is mostly known as “SSL hostname authentication”. §  Companies are moving more and more to client certificate based authentication for different services. §  Domino companies should be familiar with that… ;-)
  37. 37. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Why to setup IBM Mobile Connect for this? •  Achieve a higher level of security by using certificate based authentication for your critical data. §  Different setup scenarios are available. •  Remove the need of using passwords – make it easier for your users. But only if you want.
  38. 38. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IMC workflow (simplified) Client presents certificate 2FA IMC validates public key and validity LDAP Subject string check SSO
  39. 39. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring Certificate based authentication •  The standard authentication process leverages an username/ password combination.
  40. 40. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring Certificate based authentication •  Add 2-Factor-Authentication by enforcing additional password usage. §  Can be enriched with user id check
  41. 41. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring Certificate based authentication •  Trust your certificates and resolve the username based on certificate criteria.
  42. 42. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring Certificate based authentication •  Additional security/alternatives can be added using a custom string match.
  43. 43. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Summary •  Certificate based authentication enhances your backend applications security. •  Different setups allow to leverage it as you need it. •  Certificate deployment options need to be revisited. §  Not all IBM ESS apps support certificate based authentication (yet).
  44. 44. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect Security considerations – MDM integration
  45. 45. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount What is MDM? •  Mobile Device Management (MDM) is used to manage devices and applications in your mobile workforce §  Lots of companies still don’t use a MDM. And you? •  Allows remote device configuration, data and device deletion, app deployment and much more.
  46. 46. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Why MDM integration for IBM Mobile Connect? •  A Reverse Proxy authenticates only the user – not the device. So no control if “unmanaged” devices can access internal resources. §  Jailbroken/rooted devices §  Data Loss Prevention
  47. 47. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IMC / MDM integration infrastructure Domino Mail Domino Mail Domino Mail IBM Notes Traveler MDM
 HTTPS Notes HTTP(S) External URL: https://mobile.midpoints.net/traveler https://mobile.midpoints.net/connections Services IBM Mobile Connect
 IBM Connections
  48. 48. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount How does the MDM integration work? •  Depending on the incoming request different values are evaluated. §  Traveler identification is determined by the submitted sync device id in the URL call. §  IBM ESS apps are sending custom headers with their authorization requests. Those headers are set via MDM. •  Custom access definitions, like “allow” or “deny”, are then applied.
  49. 49. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IMC workflow (simplified) User is authenticated allowed Device information is extracted not allowed Device is validated via MDM interface access no access
  50. 50. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring MDM integration •  “MDM Integration” is a separate resource type
  51. 51. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring MDM integration •  Validation results (and outcome) are configurable.
  52. 52. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring MDM integration •  Enhanced checks are available like compliance re-validation and user mapping.
  53. 53. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Configuring MDM integration •  Custom “tokens” can be used for different setups on the same vendor.
  54. 54. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount IBM Mobile Connect configuration •  Besided tight security you can also go a little bit loose. §  Great for migration scenarios.
  55. 55. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Available MDM integrations
  56. 56. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Summary •  MDM integration enhances the security by adding an additional layer of security. •  Different setup scenarios are available to fit your organizations needs.
  57. 57. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount 57
  58. 58. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect
  59. 59. Make Every Moment Count 2016ConnectThe Premier Social Business and Digital Experience Conference #ibmconnect
  60. 60. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
  61. 61. 2016ConnectThe Premier Social Business and Digital Experience Conference MakeEveryMomentCount Acknowledgements and Disclaimers cont. © Copyright IBM Corporation 2015. All rights reserved. •  U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. •  IBM, the IBM logo, ibm.com, IBM Domino, IBM Sametime, IBM Connections are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml “Maas360” is a trademark of Fiberlink Communications Corporation. Other company, product, or service names may be trademarks or service marks of others.

×