Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WSO2Con ASIA 2016: Your Path to IoT & Mobility with WSO2

1,697 views

Published on

Enterprises these days usually provide employees with devices (company owned personally enabled – COPE) or allow employees to use their own devices (bring your own device – BYOD). What many people don’t realize is that enterprise mobility goes beyond developing a few mobile apps, allowing access to emails through mobile devices and browsing web apps on mobile devices.

Every organization needs to have a clear strategy when allowing mobility in their enterprise. First and foremost, you need to create a policy around device usage in your organization. A well constructed policy helps in keeping your enterprise information safe and secure. This policy should include

Which device platforms can be used (iOS, Android, etc.)
Which versions can be used
Whether rooted or jailbroken devices can be used
Whether to allow BYOD or COPE (or both)
Whether to allow access to company resources based on connectivity, location and time
Once the policy is created, you need to identify the tools that will help you enforce it. In this session Ruwan and Dilshan will share their expert advice on how to follow a winning path to achieve enterprise mobility.

Published in: Technology

WSO2Con ASIA 2016: Your Path to IoT & Mobility with WSO2

  1. 1. WSO2 Enterprise Mobility Manager (EMM) 2.0 Dilshan Edirisuriya Senior Software Engineer WSO2
  2. 2. Agenda • Enterprise Mobile Device Management Overview • Key Challenges Faced by Organizations • Need for Mobile Device Management • EMM Architecture and Features • CDMF Architecture and Features • Demo • Platform Features
  3. 3. Enterprise Few Years Back Employees Enterprise Data Device Work • Carried out inside a place • Dependent on specific technology • Resources Within the premise Owned by enterprise Device
  4. 4. Enterprise Now Enterprise Device Data Work • Independent of place • Independent of technology • Resources Within the premise and outside Owned by enterprise and employees Data Employees
  5. 5. Challenges Enterprise Data Employees Device Data Employees working out of the office with mobile devices and cloud services to perform business tasks.
  6. 6. Challenge - Data Security How data can be compromised ? Device being lost or stolen Malicious applications stealing data Data leaks What is data ? Email message or the attachments Documents like pdf, word, excel, ppt, text files Browser accessing HTML pages with cookies Contacts, calendars and notes Application with databases Why data is sensitive ? It can be highly confidential like quotation value, salary details etc. It can have a high impact if it goes to the wrong person Who can compromise ? External Internal
  7. 7. Challenge - Monitor Devices • What to monitor (location, root check, malicious apps, bandwidth usage etc.)? • To what extent? • A threat to employee privacy?
  8. 8. Challenge - Enterprise Application Development & Management
  9. 9. Challenge - Legacy Back End System Integrations • Legacy backends are not mobile friendly. • Adheres to older protocols and standards. • Only compatible with older mobile technologies. Eg: MIDlets.
  10. 10. Why EMM? Applications Documents Emails Browsers Devices
  11. 11. Enterprise Data Employees Devices AndroidiOS Windows 8Blackberry COPE Corporate Owned Personally Enabled BYOD Bring Your Own Device Phones Tablets Laptops CYOD Choose Your Own Device Device Ownership
  12. 12. How EMM addresses Data Security • Device level • Application level
  13. 13. Data Security - Device Level Data Security Enforce Password Policy Encrypt Device Data Remote Device Management Monitor Device (location, battery) Configure device(Email, VPN) Control Device (Enable/Disable Camera) Update OS, Install & Uninstall App
  14. 14. Data Security - Application Level MAM gets you a step closer to managing what you care about MAM brings the perimeter closer to the corporate resources Data is protected Application can be controlled remotely
  15. 15. MAM Controls Application Behavior • Encrypt the data at transmit. Eg: Uses app VPN tunnel or app tunnel. • Encrypt the data at storing & decrypt only when viewing. • Two factor authentication. • Data Loss Prevention - DLP (disable cut, copy and paste). • Policy based data control, where policy can be pushed and updated.
  16. 16. Solution - Enterprise Application Development & Management Data COPE BYOD 1 3 2 4 Data Security Remote Device Management Enterprise Store
  17. 17. Decision for CIOs or IT Managers Allow mobility in my business? Allow employees to use their device ? Allow business partners, distributors to use their device ? Allow them access corporate resources? To what extent?
  18. 18. Risks vs Benefits risks benefits
  19. 19. Drafting a BYOD Policy • What devices are permitted? • Supported features and boundaries for device types. • Ownership and permissions to applications and data. • Policy violation criteria and actions. • Employee exit strategy. • Prompt for approval.
  20. 20. Enterprise Mobility Manager
  21. 21. Key Components • Connected Device Management Framework (CDMF) • Mobile Device Management (MDM) • Mobile Application Management (MAM)
  22. 22. Connected Device Management Framework
  23. 23. Connected Device Management Framework (CDMF) Cont. • Device Management • Operation Management • Application Management • Policy Management • Compliance Monitoring • Configuration Management • License Management
  24. 24. Connected Device Management Framework (CDMF) Cont. • API Management • Certificate Management • Identity Extensions • Web Application Authenticators • Notifications • User Management • Permissions
  25. 25. Connected Device Management Framework (CDMF) Cont. Devices Operations Applications Policies Monitoring Configurations Licenses API Management Certificate Management Identity Extensions Authenticators Notifications Permissions
  26. 26. Enterprise Mobility Manager Architecture
  27. 27. Notification Method - MDM Push
  28. 28. Notification Method - Local
  29. 29. Notification Method - App Push & Silent
  30. 30. Mobile Device Management Features • Self-service device enrollment and management with end-user EMM Console for iOS, Android and Windows devices. • Integrates to enterprise identity systems for device ownership: LDAP, Microsoft AD • Policy-driven device and profile management for security, data, and device features (Camera, Password Policy) • Deploy policies over-the-air (OTA).
  31. 31. Mobile Device Management Features • Compliance monitoring for applied policies on devices. • Role-based access control (RBAC) for device management. • Securely wipe enterprise configurations from Enterprise wipe. • Track locations of enrolled devices. • Retrieve device information.
  32. 32. Mobile Device Management Features • Facilitate device-owner operations such as registering and unregistering devices, installing, rating, sorting mobile apps, etc.
  33. 33. Mobile App Management • Supports App management. • App approval process through a lifecycle. • Provision and deprovisioning apps to enrolled devices. • Provision apps to enrolled devices based on roles. • Provision apps to multiple enrolled devices per user.
  34. 34. Mobile App Management • Retrieve list of apps. • Install new apps and update existing apps on iOS devices via REST APIs, enabling automation of application installation/updates for third party systems/vendors. • Install Web Clips on devices. • Enterprise App Store. • Discover mobile apps through an Enterprise App Store.
  35. 35. Mobile App Management • Self-provisioning of mobile apps to devices. • Rating and Sorting Applications.
  36. 36. Device and Data Security • Multi-tenancy to ensure data isolation across all tenants. • Enforce built-in security features of passcode and encryption. • Encryption of data storage. • Device lock and reset. • Managed APIs to perform administrative functions. • Ring and GPS to locate device remotely if lost/stolen.
  37. 37. Demo
  38. 38. Email configurations <EMM_HOME>/repository/conf/axis2/axis2.xml <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.from">cdm.wso2@gmail.com</parameter> <parameter name="mail.smtp.user">cdm.wso2@gmail.com</parameter> <parameter name="mail.smtp.password">wso21234</parameter> <parameter name="mail.smtp.host">smtp.gmail.com</parameter> <parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> </transportSender>
  39. 39. Change config.json file • <EMM_HOME>/repository/deployment/server/ jaggeryapps/emm-web-agent/config • <EMM_HOME>/repository/deployment/server/ jaggeryapps/emm/config
  40. 40. Change cdm-config.xml file • Change LBHostPortPrefix in <EMM_HOME>/ repository/conf
  41. 41. Enroll Email Dear Dilshan, You have been registered to WSO2 MDM with following credentials. Domain: Username: dilshan Password: LbmS82 Below is the link to enroll. https://192.168.1.5:9443/emm-web-agent/enrollment Best Regards, WSO2 MDM Team. http://www.wso2.com
  42. 42. Platform Features
  43. 43. iOS Features • Self-service device enrollment and management with end-user EMM Console via iOS Agent or Web interface for versions up to iOS 9 SDK. • Facilitate remote notifications via Apple Push Notification Service (APNS). • Support for iOS 9. • Device Tracking. • Configuring cellular network settings. • Device profile management.
  44. 44. iOS Features • Retrieving device info. • Device lock • Restricting device operations. • Automatic WiFi configuration. • Set up AirPlay • Set up restrictions • Enterprise WIPE • Set up APN
  45. 45. iOS Features • Setup LDAP. • Setup email accounts. • Set up CalDav • Calendar subscription • Passcode policy • Clear passcode • App installation and update • Retrieve app list
  46. 46. iOS Features • Web clip installation • Supports App management • Setup email accounts
  47. 47. Android Features • Self-service device enrollment and management with end-user EMM Console via Android Agent (Android 4.0.3 Ice Cream Sandwich MR1 up to 5.0 Lollipop). • Supports App management. • App policy compliance monitoring. • Device location tracking. • Retrieving device info. • Changing lock code.
  48. 48. Android Features • Restricting Camera. • OTA WiFi configuration. • Enterprise WIPE. • Configuring encryption settings. • Passcode policy configuration and clear passcode policy. • Device master reset • Mute device • Ring device
  49. 49. Android Features • Send messages to the device. • Install/uninstall store and enterprise applications. • Retrieve apps installed on the device. • Install web clips on the device. • Support GCM/LOCAL connectivity modes.
  50. 50. Windows Features • Self-service device enrollment and management with end-user EMM Console via Workplace (Windows 8.1). • Passcode policy • Restriction on camera. • Encryption settings • Retrieve device info. • Device Lock and Lock Reset • Ring device • Data Wipe
  51. 51. GitHub Repositories • Connected Device Management Framework https://github.com/wso2/carbon-device-mgt • Device management plugins https://github.com/wso2/carbon-device-mgt- plugins • Enterprise Mobility Manager https://github.com/wso2/product-mdm
  52. 52. Questions?
  53. 53. Thank You

×