mdm solution for cisco
DESCRIPTION
Mobile Device management solutionsTRANSCRIPT
MDM SOLUTION FOR CISCO
MDM SOLUTIONSFOR CISCO
INTRODUCTION
Interest and adoption in mobile device management continues to grow at a fast rate, with companies looking for enterprise security and mobile optimization and enablement. Strong offerings go beyond policy to support enterprise mobile management.
WHAT IS MDM?
Mobile device management (MDM) is a typeof security software used by an IT department to monitor, manage and secure employees' mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization, to provide secure mobile solutions to BYOD workforce.
Mobile device management software is often combined with additional security services and tools.
Mobile Device Management (MDM) addresses the unique needs of a growing computing platform.It provides you with real management capabilities, including convenient configuration, self-service tools, and enhanced protection.It also keeps you up to date with best practices. MDM can support corporate-owned as well as personal devices, and helps support a more complex and heterogeneous environment.
WHAT IS MDM?
BRING YOUR OWN DEVICE (BYOD)Employees carry their personal Smartphones,tablets to work and need freedom to use the corporate network to check emails, contacts, calendar and business applications on the devices.
EVALUATION CONSIDERATIONS FOR SELECTING AMONG MDM VENDORS
Integration and compatibilityCapabilities and key features Management and usabilitySecurity and privacyPricing model
BENEFITS
Simplified configuration: MDM can automatically configure a bundle of settings including email, calendar, and contacts, a passcode, VPN access, and more.Valuable self-service: You can remotely erase some data or all the data from your device if it's lost or stolen.Enhanced privacy and protection: MDM provides secure access on your mobile device to non-public data. It helps you set "best practices" privacy controls on your device.
PRODUCT CAPABILITIES OF MDM
Software management This is the ability to manage and support mobile applications, data and OSs.
Network service management This is the ability to gain information off of the device that captures location, usage, and cellular and wireless LAN (WLAN) network information, using GPS technology. Network access control (NAC) features are also found here.
Hardware management Beyond basic asset management, this includes device provisioning and support.
Security management This is the enforcement and support of standard device and data security, authentication, and encryption. Application containerization, VPN and encryption software are also part of this capability.
MDM is also now available for Windows Mobile, Blackberry, iOS and Android devices.
Companies are always asking when is the right time to assess and adopt MDM.
SUPPORTED MDM SERVERS
Airwatch, Inc.Good TechnologyMobileIron, Inc.Zenprise, Inc.SAP AfariaFiberlink MaaS
COMPARISON
COMPARISONVendorAirwatch Good TechnologyFiberlink (an IBM company)MobileIronSAPProduct Name(s)AirWatch EnterpriseMobility ManagementGood for EnterpriseMaaS360 by FiberlinkMobileIronSAP AfariaPassword protectionYesYesYesYesYesPassword resetYesYesYesYesYesRemote device wipeYesYesYesYesYesSelective wipeYesYesYesYesYesRemote lockYesYesYesYesYesSet VPN, Wi-Fi, APN, proxy/gateway settingsYesYes, for iOS and for AndroidYesYesYesDisable Wi-FiYesYesYesYesYes
COMPARISONVendorAirwatch GoodTechnologyFiberlinkMobileIronSAPAutomated provisioningYesYesYesYesYesDisable cameraYesYesYesYesYesDisable BluetoothYesNoYesYesYesManage mobile-attached devices(e.g printers, scanners)Yes NoNoNoYesSupport multiple usersYesNoYesYesYesDisable carrier data connectionYes restricts data when roaming for iOSYesYesYesYes
GARTNER REPORT
According to the Gartner Report for Mobile Management Software Solutions May 2013, AirWatch and MobileIron lie in the leader quadrant having highest completeness of vision as well as ability to execute.
MDM INTEGRATION PROCESS FLOW1.The user associates a device to SSID(Service Set Identifier).2. (Optional) If the device is not registered, the user goes through the device on-boarding flow.3. Cisco ISE makes an API(Application Programming interface) call to the MDM server.4. This API call returns a list of devices for this user and the posture status for the devices.
The input parameter is the MAC address of the endpoint device.
MDM INTEGRATION PROCESS FLOW5. If the users device is not in this list, it means the deviceis not registered. Cisco ISE sends an authorization request to the NAD(Network Access Domain) to redirect to Cisco ISE. The user is presented the MDM server page.
6. Cisco ISE uses MDM to provision the device and presents an appropriate page for the user to register the device.
7. The user registers the device in the MDM server, and the MDM server redirects the request to Cisco ISE (through automatic redirection or manual browser refresh).
8. Cisco ISE queries the MDM server again for the posture status.
MDM INTEGRATION PROCESS FLOW9. If the users device is not compliant to the posture (compliance) policies configured on the MDM server, the user is notified that the device is out of compliance and must be compliant.
10. After the users device becomes compliant, the MDMserver updates the device state in its internal tables.
11. If the user refreshes the browser now, the control is transferred back to Cisco ISE.
12. Cisco ISE polls the MDM server once every four hours to get compliance information and issues Change of Authorization (CoA) appropriately.
INTEGRATING CISCO MOBILE COLLABORATION MANAGEMENT SERVICE WITH CISCO ISEThe majority of MDM features are implemented directly through the operating system (iOS only) and do not require a mobile device client application. MCMS agent is always required on Android devices. The following features require that MCMS agent be installed on the device:Jailbreak DetectionLocation Based Services
INTEGRATING CISCO MOBILE COLLABORATION MANAGEMENT SERVICE WITH CISCO ISEApplication Inventory (for blacklist, mandatory apps) Document DistributionData Usage TrackingWiFi SSID Connection TrackingAdmin to user messaging via the portal
CONFIGURE MDM POLICY
Cisco ISE allows you to configure MDM policy, based on the following attributes:DeviceRegisterStatusDeviceCompliantStatusDiskEncryptionStatusPinLockStatusJailBrokenStatus
CONFIGURE MDM POLICY
ManufacturerIMEI (International Mobile Equipment Identity)SerialNumberOsVersionPhoneNumber
Thank you!