Mobile Device Management


Published on

Microsoft ExchangeConnections, Orlando, 2008

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Microsoft ASP.NET Connections Updates will be available at _06/ASP_Connections
  • Mobile Device Management

    1. 1. Mobile Device Management John Rhoton Hewlett Packard [email_address]
    2. 2. What is MDM? <ul><li>Automation </li></ul><ul><ul><li>User configuration </li></ul></ul><ul><ul><li>Administration </li></ul></ul><ul><li>Standardization </li></ul><ul><li>Remote Support </li></ul><ul><ul><li>OTA (Over-the-air) </li></ul></ul>
    3. 3. Agenda <ul><li>Enterprise Mobility Status </li></ul><ul><li>Enterprise Challenges </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Management </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><li>Mobile Device Management Approaches </li></ul><ul><li>Mobile Device Management Technologies </li></ul>
    4. 4. But just what is mobility ? <ul><ul><li>Devices: </li></ul></ul><ul><ul><ul><li>Mobility = Mobile phones? </li></ul></ul></ul><ul><ul><ul><li>Mobility = Smart phones? </li></ul></ul></ul><ul><ul><ul><li>Mobility = PDAs ? </li></ul></ul></ul><ul><ul><li>Wireless: </li></ul></ul><ul><ul><ul><li>Mobility = Wireless LANs? </li></ul></ul></ul><ul><ul><ul><li>Mobility = GSM/GPRS? </li></ul></ul></ul><ul><ul><li>Applications: </li></ul></ul><ul><ul><ul><li>Mobility = Form-factor adaptation? </li></ul></ul></ul><ul><ul><ul><li>Mobility = Synchronisation? </li></ul></ul></ul>
    5. 5. Mobility on the rise! YOY % shipping growth 35 30 25 20 15 10 5 0 2006-2010 Source: Gartner Dataquest, and IDC 2006 18.6% Mobile PCs 34.1% Converged Mobile Phones 5.8% Mobile Phones 3.9% Desktop PCs <ul><li>245 Million converged devices by 2010 </li></ul><ul><li>140 Million Windows Mobile devices </li></ul><ul><li>Over 3 Billion mobile subscriptions </li></ul>
    6. 6. Status of Mobility <ul><li>Components Maturing </li></ul><ul><ul><li>Exponential growth in mobile devices </li></ul></ul><ul><ul><li>Near-ubiquitous wireless access </li></ul></ul><ul><ul><li>Application mobilization accelerating </li></ul></ul><ul><li>Hype transforming into stealth </li></ul><ul><li>Enterprise adoption </li></ul><ul><ul><li>Organic </li></ul></ul><ul><ul><li>Consumer-driven </li></ul></ul>
    7. 7. What customers typically want from mobility HP Confidential - Animated (0) Legacy <ul><li>Mobile Business Applications </li></ul><ul><li>Industry specific applications (i.e. Mobile construction workforce…) </li></ul><ul><li>Field Sales Automation (SFA) </li></ul><ul><ul><li>Field Force Automation (FFA) </li></ul></ul><ul><li>Paperless Forms (Police Force…) </li></ul><ul><li>Proof of Delivery (Transport) </li></ul><ul><li>Field Service Bundle </li></ul><ul><li>Work Order Mgmt </li></ul><ul><li>Parts & Inventory tracking </li></ul><ul><li>Expense Management </li></ul><ul><li>Asset / Property Management </li></ul><ul><li>Merchandizing / FMCG Sales </li></ul><ul><li>Healthcare, Public safety </li></ul><ul><li>Inspections, Data Capture </li></ul><ul><li>Unified Communications – Fixed Mobile Convergence </li></ul><ul><li>Mobile office (Mail, PIM, Calendar) (Baseline) </li></ul><ul><li>Mobile device management (Baseline) </li></ul><ul><li>Mobile Device security (Optional) </li></ul><ul><li>Shared Mobile Device Management (Baseline) </li></ul><ul><li>Shared MDM Device security (Optional) </li></ul><ul><li>End 2 End security (authentication, encryption, protection…) </li></ul>Messaging Forms Workflow Sheets
    8. 8. Mobility: Challenges
    9. 9. Mobile Content Protection Access Control Solutions <ul><li>Native Pocket PC </li></ul><ul><li>Biometric Authentication </li></ul><ul><li>HP ProtectTools </li></ul><ul><li>Pointsec </li></ul><ul><li>Credant </li></ul><ul><li>TrustDigital </li></ul><ul><li>Utimaco </li></ul><ul><li>Bluefire </li></ul>Centralized Provisioning and Configuration
    10. 10. Bluetooth security Bluejacking Bluesnarfing PIN Attack Virus Propagation In
    11. 11. WLAN security <ul><li>Rogue Access Points </li></ul><ul><li>Decoy Access points </li></ul><ul><li>WPA-Personal </li></ul><ul><li>WPA-Enterprise </li></ul>Require Non-Trivial Client Configuration
    12. 12. Why MDM? <ul><li>Security: Ensure integrity of configuration </li></ul><ul><li>Higher ease-of-use </li></ul><ul><li>Deploying line-of-business applications </li></ul><ul><li>Lower TCO </li></ul>June 9, 2009
    13. 13. Reduction in Total Cost of Ownership Cost reduction per user per year with MDM $322 Net Reduction in TCO 11% Net Reduction in Annual Device Management Costs 32% Source : HP & Gartner Cost per User per Year MDM Benefit Device Cost $250 8% Amortized over 2 years Connectivity data $900 30% Connectivity voice $800 27% Backend/Ops $504 17% -30% -$151 Setup & operate backend mobile application, change requests Service Management $192 6% -40% -$77 Setup users, connectivity, user management, change requests User Support $312 11% -30% -$94 $2958 100% -11% -$322
    14. 14. Customer MDM Maturity Levels <ul><li>Infancy </li></ul><ul><ul><li>Inventory collection </li></ul></ul><ul><ul><li>Basic software updates </li></ul></ul><ul><li>Adolescence </li></ul><ul><ul><li>Software Updates </li></ul></ul><ul><ul><li>Configuration Control </li></ul></ul><ul><ul><li>Device Security Enforcement </li></ul></ul><ul><li>Mature </li></ul><ul><ul><li>Data publication and synchronization </li></ul></ul><ul><ul><li>Multi-platform support </li></ul></ul><ul><ul><li>Policy driven application install and update </li></ul></ul><ul><ul><li>“ OTA” startup and maintenance </li></ul></ul><ul><ul><li>Extension of Desktop Management ** </li></ul></ul>June 9, 2009
    15. 15. Different MDM Approaches <ul><li>Extension of Desktop Environment </li></ul><ul><ul><li>Altiris </li></ul></ul><ul><ul><li>Microsoft SMS </li></ul></ul><ul><ul><li>HP Client Automation </li></ul></ul><ul><li>Comprehensive Solution Suite </li></ul><ul><ul><li>Exchange 2007 </li></ul></ul><ul><ul><li>Good </li></ul></ul><ul><li>Enterprise MDM Focused </li></ul><ul><ul><li>iAnywhere Afaria </li></ul></ul><ul><ul><li>HP Enterprise Mobility Suite </li></ul></ul><ul><ul><li>Microsoft System Center Mobile Device Manager </li></ul></ul><ul><li>Carrier MDM </li></ul>June 9, 2009 <ul><ul><li>Intellisync </li></ul></ul><ul><ul><li>RIM Blackberry </li></ul></ul>
    16. 16. OMA DM Standard <ul><li>Device Management protocol: </li></ul><ul><ul><li>Defined by the Open Mobile Alliance (OMA) group </li></ul></ul><ul><ul><li>Current specification : 1.2 – April 2006 </li></ul></ul><ul><ul><li>Based on SyncML </li></ul></ul><ul><ul><li>Conceived for Carrier MDM </li></ul></ul><ul><li>Designed for management of mobile devices </li></ul><ul><ul><li>Device Provisioning (1 st time use) </li></ul></ul><ul><ul><li>Device configuration – Enabling/Disabling features </li></ul></ul><ul><ul><li>Software distribution </li></ul></ul><ul><ul><ul><ul><li>Firmware upgrade over the air (FOTA) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Firmware Update Management Object (FUMO) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Applications deployment on devices </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Software upgrades </li></ul></ul></ul></ul><ul><ul><li>Fault Management: report/ query status </li></ul></ul>
    17. 17. HP MDM Logical Topology June 9, 2009
    18. 18. Scalability: Replication & Server Farms June 9, 2009 GEO 2 CLUSTER MASTER TEST DEV GEO 1 CLUSTER <ul><li>Server Farms provide scalable capacity </li></ul><ul><li>Replication provides a logical master server, with many physical instances </li></ul><ul><li>Replication also facilitates division of ownership of functions; Multiple owners can maintain portions of the total server (eg. IT owns base configuration; Business Units own their applications & data.) </li></ul>
    19. 19. Device Management Technologies <ul><li>Afaria </li></ul><ul><ul><li>XcelleNet, Sybase, and now iAnywhere </li></ul></ul><ul><ul><li>Mobile Device Management and Mobile Security Solution </li></ul></ul><ul><ul><li>Historically market leader in Managed Mobility Solutions </li></ul></ul><ul><li>HP Enterprise Mobile Suite (EMS) </li></ul><ul><ul><li>Formerly Bitfone </li></ul></ul><ul><ul><li>OMA-DM interoperable </li></ul></ul><ul><ul><li>Heterogeneous (multi-platform) device set </li></ul></ul><ul><ul><li>Integration with OVCM (OpenView Configuration Manager) </li></ul></ul><ul><li>Microsoft SCMDM </li></ul><ul><ul><li>Compliant with OMA DM </li></ul></ul><ul><ul><li>Mobile Device Management solution (System Center family) </li></ul></ul><ul><ul><li>Based on Windows infrastructure: AD – SQL </li></ul></ul><ul><ul><li>Windows Mobile 6.1 devices only </li></ul></ul>
    20. 20. June 9, 2009 Afaria Mobile Clients Windows Laptops Java WinCE/Pocket PC Palm Blackberry Symbian Console Highlights Web Administration SNMP Alerts Console Status and Event Logs ESM Integration Enterprise Integration Microsoft SMS Software & Inventory Management Capabilities Inventory Management Software and Application Deployment Document and Content Management Process Automation Data Backup and Recovery Configuration Management Web Server Connectivity TCP/IP Wireless WWAN HTTP, HTTPS, ISA Dial-up LAN or WLAN Mobile Optimizations Compression Check-Point Restart Byte Level Differencing Segmented File Delivery Opportunistic Execution Safe File Transfer Encryption Afaria Server Features MS NT 4.0/2000/2003 Unlimited Clients Highly Scalable Device and Data Security LDAP & NT Domain User Authentication Channel Replication iAnywhere Afaria
    21. 21. Inventory June 9, 2009
    22. 22. Server “Channels” June 9, 2009
    23. 23. Channel Sets June 9, 2009
    24. 24. Script Commands June 9, 2009
    25. 25. HP Enterprise Mobility Suite WW Wireless Operator Networks HP Enterprise Devices HP Worldwide Hosting Facilities Enterprise HTTPS Internet HTTPS <ul><li>Device Support </li></ul><ul><li>S/W Maintenance </li></ul><ul><li>WW Network Support </li></ul><ul><li>FusionDM for Enterprise </li></ul><ul><li>Device Troubleshooting </li></ul><ul><li>Device Security </li></ul><ul><li>Policy Mgmt </li></ul><ul><li>Asset Mgmt </li></ul><ul><li>IT Dash Board </li></ul><ul><li>Exchange® </li></ul><ul><li>Domino ® </li></ul><ul><li>Groupwise® </li></ul><ul><li>Corporate Directory </li></ul><ul><li>Active Directory ® </li></ul><ul><li>Intranet </li></ul><ul><li>CRM </li></ul><ul><li>Application Portal </li></ul>Existing IT Systems FOR ENTERPRISE Leading OEM Device Manufacturers SMS TCP/IP SMS TCP/IP HTTPS
    26. 26. Self Care Driven
    27. 27. Use Case: Set Up My Device <ul><li>Out-of-the-box device setup </li></ul><ul><li>Employee Joe purchases a new device </li></ul><ul><ul><li>Logs into the Enterprise Self Care portal </li></ul></ul><ul><ul><li>Enters his phone number </li></ul></ul><ul><ul><li>Selects setup my device </li></ul></ul><ul><li>Joe’s email, ActiveSync, and corporate WiFi settings are automatically configured on the device </li></ul><ul><li>Automated OTA Delivery Without Cradle </li></ul><ul><li>Simple One Click Trigger for Setting Up New Device </li></ul><ul><li>Minutes to Fully Configured, Ready-to-Use Device </li></ul>
    28. 28. Use Case: Diagnose My Device <ul><li>Device Diagnostics </li></ul><ul><li>Joe’s email is not working </li></ul><ul><ul><li>Selects diagnose my device </li></ul></ul><ul><ul><li>Problem is automatically displayed </li></ul></ul><ul><ul><ul><li>Activesync settings are incorrect </li></ul></ul></ul><ul><ul><li>Selects the checkbox & presses go </li></ul></ul><ul><li>Joe’s ActiveSync settings are corrected and he is receiving his email </li></ul><ul><li>Instantly Validate All Device Settings </li></ul><ul><li>Automatically Detect Device Faults </li></ul><ul><li>OTA Push Fixes to Address Root Causes </li></ul>
    29. 29. Use Case: Update Software <ul><li>Joe needs the new VPN client </li></ul><ul><ul><li>Selects Update Software </li></ul></ul><ul><ul><li>Device inventory is remotely </li></ul></ul><ul><ul><li>List of required applications are displayed </li></ul></ul><ul><ul><li>Selects the checkbox for VPN & presses go </li></ul></ul><ul><li>VPN application is automatically installed </li></ul><ul><li>Instantly distribute corporate tools and applications and their updates OTA </li></ul><ul><li>Collect S/W Inventory of Device Fleet </li></ul><ul><li>Detect and Remove Unauthorized S/W </li></ul>
    30. 30. Use Case: Device Security <ul><li>Joe loses his device on a business trip </li></ul><ul><ul><li>Logs into the web-based application </li></ul></ul><ul><ul><li>Selects Lock & Wipe device </li></ul></ul><ul><ul><li>Remotely locks his device </li></ul></ul><ul><li>Corporate data is secure until the device is recovered </li></ul><ul><li>Remotely Lock Compromised Devices </li></ul><ul><li>Wipe All User Data OTA </li></ul><ul><li>Unlock Recovered Devices </li></ul>
    31. 31. Microsoft SCMDM Management Workload Deployment: inside firewall Network Access Workload Deployment: in DMZ Security Management <ul><li>Active Directory Domain Join </li></ul><ul><li>Policy enforcementusing Active Directory/Group Policy targeting (>125 policies) </li></ul><ul><li>Communications and camera disablement* </li></ul><ul><li>Application blacklisting and whitelisting </li></ul><ul><li>File encryption </li></ul><ul><li>Remote wipe </li></ul>Device Management <ul><li>Full OTA provisioning and bootstrapping </li></ul><ul><li>OTA Software distribution based on WSUS 3.0 </li></ul><ul><li>Inventory </li></ul><ul><li>SQL Server 2005 based reporting capabilities </li></ul><ul><li>Role based administration </li></ul><ul><li>MMC snap-ins and Powershell cmndlets </li></ul><ul><li>OMA-DM compliant </li></ul>Mobile VPN <ul><li>Machine authentication and “double envelope security” </li></ul><ul><li>Session Persistence </li></ul><ul><li>Fast Reconnect </li></ul><ul><li>Internetwork roaming </li></ul><ul><li>Standards based (IKEv2, MobIKE, IPsec tunnel mode) </li></ul>
    32. 32. Security Management Benefits <ul><li>SCMDM extends Active Directory/Group Policy to Windows Mobile </li></ul><ul><li>AD is the most widely deployed enterprise network directory worldwide </li></ul><ul><ul><li>80% + penetration in the U.S. </li></ul></ul><ul><ul><li>55% + penetration in G7 countries overall </li></ul></ul><ul><li>AD- GP is widely used by IT to configure policies for their desktops, laptops and servers </li></ul><ul><ul><li>Over 90% of Active Directory customers use Group Policy </li></ul></ul><ul><li>Over 130+ configuration settings for Windows Mobile can now be managed through Group Policy including control of Bluetooth, WIFI, SMS/MMS, IR, Camera, and POP/IMAP </li></ul><ul><li>Extensible architecture </li></ul>
    33. 33. Device Management Benefits <ul><li>Enterprise-wide OTA software distribution </li></ul><ul><ul><li>Leverages Windows Software Update Service (WSUS) 3.0 </li></ul></ul><ul><ul><ul><li>Most widely deployed Windows software update solution across organizations of all size (60%+ penetration) </li></ul></ul></ul><ul><ul><ul><li>Rich targeting and packaging capabilities required by IT departments </li></ul></ul></ul><ul><li>Rich Inventory and Reporting </li></ul><ul><ul><li>Robust hardware and software inventory capabilities </li></ul></ul><ul><ul><li>SQL Server 2005-based reporting infrastructure </li></ul></ul><ul><ul><ul><li>Highly flexible </li></ul></ul></ul><ul><ul><ul><li>Customizable </li></ul></ul></ul>
    34. 34. Secured Corporate Data Access <ul><li>Enables secure behind-the-firewall access to the corporate network and applications </li></ul><ul><ul><li>Any intranet data! (SAP, Siebel, intranet sites, SQL, etc) </li></ul></ul><ul><li>Aligns with existing remote access model for desktops/laptops and scales to a broad set of scenarios </li></ul><ul><ul><li>Thin and rich client apps </li></ul></ul><ul><ul><ul><li>Allows end-to-end security </li></ul></ul></ul><ul><ul><ul><li>Headless gateway deployed in the DMZ </li></ul></ul></ul><ul><ul><ul><li>Privacy compliance </li></ul></ul></ul>Security <ul><ul><ul><li>Use best available channel </li></ul></ul></ul><ul><ul><ul><li>Adapt to network to minimize keep alive traffic (goal) </li></ul></ul></ul>Efficiency <ul><ul><ul><li>Transparent to mobile application </li></ul></ul></ul><ul><ul><ul><li>Transparent to LOB services </li></ul></ul></ul>Extensible <ul><ul><ul><li>Always connected </li></ul></ul></ul><ul><ul><ul><li>Allows pushed technology </li></ul></ul></ul>Reliability <ul><ul><ul><li>Minimum user configuration </li></ul></ul></ul><ul><ul><ul><li>Transparent to user and to applications </li></ul></ul></ul>Simplicity DMZ Internal Corporate Site Domain Controller Mobile VPN Mobile VPN Mobile Operators Cellular Data Connection Internet WiFi Connection Mobile VPN Gateway Corporate Internal Firewall Controlled access to Internal corporate resources from the mobile devices connected via Mobile VPN Corporate External Firewall
    35. 35. <ul><li>SCMDM Architecture </li></ul>June 9, 2009 Internet DMZ Corporate Intranet Front Firewall Initial OTA Device Enrollment Mobile GW Back Firewall SSL Auth (PIN+Corp Root) SSL Machine Mutual Auth E-mail and LOB Servers SSL User- mutual Auth or Similar Console Mobile Server Back-end R/O AD WSUS Catalog Self Help Site Enrollment Service OMA Proxy CA Mobile VPN
    36. 36. Summary <ul><li>Rapid acceleration of Mobility </li></ul><ul><li>Enterprise obstacles: Manageability & Security </li></ul><ul><li>Multiple Mobile Device Management options </li></ul><ul><li>Enterprise requirements will determine optimal choice </li></ul><ul><ul><li>Platform standardization </li></ul></ul><ul><ul><li>VPN capabilities and LOB applications </li></ul></ul><ul><ul><li>OMA-DM </li></ul></ul>
    37. 37. Questions? Contact me at:
    38. 38. Your Feedback is Important <ul><li>Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk. </li></ul><ul><li>Thank you! </li></ul>