communitake enterprise mobility: use guidelines€¦ · mobile device inventory management....
TRANSCRIPT
COMMUNITAKE ENTERPRISE
MOBILITY: USE GUIDELINES
INTRODUCTION
The CommuniTake Enterprise Mobility (CEM) solution is part of the CommuniTake Mobility solutions suite. It is aimed
at organizations that look to centrally govern their mobile device fleet and better secure wireless communications.
The CommuniTake Enterprise Mobility (CEM) solution supports the following features:
System dashboard.
Mobile device inventory management.
Grouping by organizational hierarchy.
Password policy enforcement.
Mobile applications management (Blacklist; Whitelist).
Enterprise app store.
Granular use restrictions management.
Browsing control.
Location and time driven policies.
Secure file container (SharePoint files view).
Secure messaging.
Usage monitoring and reporting.
Mobile configurations (Exchange ActiveSync; Wi-Fi; VPN).
Device branding.
Device launcher.
Device data protection: locate; lock; alarm; wipe.
Device data backup and restore (contacts and messages).
Enterprise wipe for selective business data.
Antimalware.
Self-service portal for managing data protection.
The solution can be enhanced with the following capabilities:
For commercial Android and iOS devices:
o Secure voice calls.
o Remote support for mobile devices (optional).
o Self-troubleshooting application (optional).
For the CommuniTake INTACTPHONE device running on the custom IntactOS firmware:
o All the Application Level capabilities.
o Security-rich use restrictions management.
o App permissions management.
o Internal phonebook management.
o FOTA updates.
This document provides high-level guidelines for getting familiar with the CommuniTake Enterprise Mobility solution.
The evaluation comprises the following phases:
Capacity Lead Time (Days) Est.
Defining access to the CEM solution platform as is for the evaluators
(Mobile Device Management, Mobile Application Management, Device
Care, Remote Care, and Secure Voice).
CommuniTake T
Walkthrough over the platform functionality with the evaluators
including planned roadmap.
CommuniTake T+1
Evaluators’ hands-on to gain familiarity with the platform feature-set. Prospect T+3
Evaluators’ recommendations for configurable modifications based on
business realities.
Prospect T+4
Evaluation summary and next steps. Prospect T+5
FUNCTIONAL EVALUATION GUIDELINES
ADMINISTRATION
Familiarity with the system administration can be done by the following directives:
Feature / Process Directives Page Checked?
Parent account activation. Manage users.
Accounts creation. Experience the permission scheme. 12
ENTERPRISE MOBILITY MANAGERMENT
Once you have activated your CEM account, you will be able to explore the CEM system by the following directives:
Step # Feature / Process Directives Page Checked?
1 Define system settings.
1.1 Define general settings Define the timeframes by which the system operates:
Device connection interval (Minutes).
Device Not Seen Interval (Hours).
Device SIM Change Interval (Days).
Device Client Removal Interval (Hours).
13
1.2 Define privacy settings Collect Usage Statistics.
Enable BYOD privacy.
Check Battery Level.
13
1.3 Gain iOS certificate If you intend adding iOS devices to the system, make sure to define an enterprise certificate via Apple.
14
1.4 Windows Phone readiness If you wish to enroll WP devices, we have defined a certificate for it. Once required you will have to fulfill the WP certificate process in your environment.
-
1.5 LDAP integration If you wish to operate via an LDAP server, key-in the LDAP data fields.
15
1.6 Exchange integration Define the Exchange server parameters. This operation will enable you to block device access to the
17
organizational email server.
1.7 Set the secure container The secure container supports two functions: (1) secure messaging and (2) secure access to organizational SharePoint files. If you wish to define these capabilities, make sure to check the secure messaging and key-in the SharePoint server data.
19
1.8 Policies heritance Use policies come with the default heritance mechanism between parent groups and child groups. Set the heritance by your preferences.
22
1.9 Alerts settings Define which policy deviation should generate an alert, for how long and who will receive the alert.
23
1.12 General PIN code General PIN code enables you to enroll bulk devices to a certain pre-defined group. Create such a PIN code if you wish to follow this enrollment. The user will have to be notified what is the allocated PIN code prior to the enrollment.
24
1.10 Firmware version This feature is only applicable to IntactPhone devices.
1.11 Set the antivirus behavior Scan interval (hours).
Update interval (hours).
Report if failed to update and its Grace period (Days).
Allow update on cellular network.
Scan new installed/updated apps.
AV KPI cleanup interval.
Define what will happen on virus detection.
26
2 Define organizational groups
2.1 Build the groups by which your CEM will be managed. A few considerations when defining these groups:
The groups can be automatically derived by the LDAP structure;
The groups can follow the generic organizational structure
The groups can follow your subjective perception re groups with similar use policies
41
3 Device enrollment
3.1 Enroll devices in the system by the groups. This can be done one-by-one or via bulk upload. Please note that if you set groups via the LDAP structure, you will still need to enroll devices for every group. Define access
27
to self service and secure container.
4 Policies
4.1 Set password policy Select the group.
Set the Heritance.
Minimum password length.
History length (how many passwords back to remember).
How many days between changing passwords.
Number of failed attempts before wiping the device.
How long before the device locks (seconds)
Complex.
Disk Encryption.
65
4.2 Set blacklist app policy These are prohibited apps.
You can choose from the aggregated on-device apps or manually add an app.
Select the group.
Set the heritance.
Define the apps from the list or by defining it.
Define whether to uninstall or just kill the app.
Define a password for a blacklisted app if required.
Define time and location based use.
68
4.3 Set whitelist app policy These are mandatory apps.
Select the group.
Set the Heritance.
Define the apps.
For Android/WP devices you can define the only allowed apps.
76
4.4 Set the catalog These are recommended apps.
Select the group.
Set the Heritance.
Define the apps.
78
4.5 Backup policy Select the group.
Set the Heritance.
Set the time interval and the content (note that
77
messages are not supported for iOS devices).
4.6 iOS restrictions Select the group.
Set the Heritance.
Set the restrictions.
80
4.7 Android restrictions Select the group.
Set the Heritance.
Set the restrictions.
Set whether it is password driven.
Set time and location limitation – if required.
Note that you have four sections:
The “General” is applicable to all.
“Samsung SAFE and LG Gate” – only to these devices.
“Intact Phone” applicable only to devices running the IntactOS.
“Signed devices” applicable to Samsung LG and LTC devices.
82
4.8 Browser control The browser control defines the navigation limitation for the device. You can define prohibited sites or only allowed sites.
Select the group.
Set the Heritance.
Set the restrictions.
Set time and location limitation – if required.
88
4.9 File distribution This mechanism allows performing mass file distribution to devices.
Select the group.
Define the files for distribution. Note that you actually do not have a way to verify acceptance by the device.
90
4.10 Home screen Home screen allows you to define a unified home screen across the devices.
Select the group.
Define wall paper, icons and bookmarks as required.
92
4.11 Launcher This policy allows you to limit the access of the device user to only specified services.
Select the group.
Define the home screen elements.
93
4.12 Secure Contacts Applicable only for devices running the IntactOS firmware.
95
4.13 Apps Permissions Applicable only for devices running the IntactOS firmware.
95
5 Expenses
5.1 Price plans Define the price plans by which you wish to monitor device use.
Allocate groups to the plans.
100
5.2 Usage reports Run usage reports. Note that the system should accumulate data before it can present you wish actual usage figures.
103
6 Configuration
6.1 Exchange configuration Set mass Exchange configuration as required.
Allocate groups.
108
6.2 Wi-Fi configuration Set mass Wi-Fi configuration as required.
Allocate groups.
108
6.3 VPN configuration Set mass VPN configuration as required.
Allocate groups.
109
7 Policy enforcement
7.1 Event driven enforcement Enable policy enforcement.
Define the violation events that will drive enforcement actions.
Define the enforcement actions.
97
7.2 SIM derived enforcement Enable policy enforcement.
Define the enforcement actions.
98
7.3 Admin client removal Enable policy enforcement.
Define the enforcement actions.
99
8 Dashboard
8.1 View View the device parameters and KPIs. 35
8.2 GUI arrangement Rearrange the dashboard elements by your preference. This can be done via drag-and-drop and by
38
selecting the required items for the presentation.
8.3 Drill into Click on a KPI to view the devices that consists this KPI. 38
8.4 Export Export devices data to an Excel file. 39
9 Fleet table
9.1 View data View the fleet table parameters. Select different pre-defined views.
44
9.2 Edit Edit device ownership. 51
9.3 Move Select one or more devices.
Click on move and select destination.
60
9.4 Block SharePoint Select one device.
Block SharePoint access.
60
9.5 Reset container password Select one or more devices.
Reset container password.
60
9.6 Send message Select one or more devices.
Send message.
Define whether to force show (Android).
Define whether to send via email as well.
53
9.7 Wipe Select one or more devices.
Wipe.
61
9.8 Remote control Select one device.
Click on assist.
Assume control from afar.
105
10 Data recovery – device level
10.1 Status view Select one device from the fleet table.
View the device’s KPIs.
110
10.2 Backup Select one device from the fleet table.
Define backup policy.
117
10.3 Location Select one device from the fleet table. 111
Track device location.
10.4 Security Select one device from the fleet table.
Activate security measures:
Lock device.
Clear password.
Remote wipe.
Enterprise wipe.
ActiveSync access.
Secure container access.
113
10.5 Diagnostics Select one device from the fleet table.
View the device diagnostics.
119
10.6 Applications Select one device from the fleet table.
View the on-device apps.
121
11 System users
10.1 Admin You can add system administrator with the same admin rights as you have.
Select the “Fleet” tab and then “System Users”.
Add / delete “Administrators”.
61
10.2 Sub admin You can add system administrator that can manage devices, but cannot set policies.
Select the “Fleet” tab and then “System Users”.
Add / delete “Sub Administrators”.
62
10/3 Support rep You can add system administrator that can only remote control devices for support and guidance.
Select the “Fleet” tab and then “System Users”.
Add / delete “Remote Support Users”.
63
DEVICE CARE
Familiarity with the Device Care product can be done by the following directives:
Feature / Process Directives Checked?
Install the application: Android
& iOS
Note: iOS app requires individual iTunes ID and needs to go
through the Apple registration process.
Service tests View tests; be aware of automated fixes; shift to manual fix.
Hardware tests Manual activation.
Get support – send diagnostics Notification only as this feature requires integration.
Get support – ask for a rep Client pending; sending problem description via questionnaire
(if was defined).
Get support – Remote Care Approval for the initial request by the support representative.
Resolve issues Navigate across the topics.
Antivirus (Android) Activate malware scan.
Menu - shortcuts Activate shortcuts.
Menu – check connectivity Activate connectivity check.
Menu – backup & restore Activate contacts backup to the Cloud.
Menu - settings Activate various app configurations re: tests and operation
methods.
Android vs. iOS feature set Be familiar with the differences by the solution spec doc.
UASSIST (ANDROID)
U-assist is a module within the Device Care product which allows seeking remote assistance by an already-available
contact via sending an e-mail. Familiarity with the U-assist product can be done by the following directives:
Feature / Process Directives Checked?
Install the Device Care application
Select “Get Support” and then
“Request a Contact’s Help”
Get support – request a friend’s
help
User view – request help. Ensure that a contact with e-mail is
already defined in the device requesting assistance.
Get support – request a friend help Contact view – receive the invite via e-mail and assume
control over the initiating device – after acknowledging the
remote access request.
REMOTE CARE
Remote Care is embedded in the Community Enterprise Mobility solution. Familiarity with the Remote Care application can be done by the following directives:
Feature / Process Directives Checked?
Connectivity initiation The admin always needs to be the first to initiate/request
the connection. Check a device in the Fleet table and click on
“Assist”. The device holder should approve terms of use.
Once approved, the admin has complete remote control
over the device.
Device diagnostics view View device diagnostics
Device applications view & mgmt. View; activate; deactivate; bring to the foreground
Device files view & mgmt. View; upload; download; copy; refresh
Resolution macros Activate macros
Draw on target device screen Line; ellipse; arrow; erase
Operate the target device from afar Experience full takeover
Chat Conduct chat with the target device
Facilities: balance speed and image
quality
Change image quality and session speed
Facilities: pause Pause the session
Facilities: screen capture Capture a screen image
Facilities: reconnect Reconnect after device reboot
Facilities: enlarge replica Enlarge the device screen replica