Mobile Device Management

John Rhoton

Hewlett Packard

john.rhoton@hp.com

What is MDM?

• Automation● User configuration● Administration

• Standardization

• Remote Support● OTA (Over-the-air)

Agenda

• Enterprise Mobility Status

• Enterprise Challenges● Security● Management● Applications

• Mobile Device Management Approaches

• Mobile Device Management Technologies

But just what is mobility ?But just what is mobility ?Devices:

• Mobility = Mobile phones?• Mobility = Smart phones?• Mobility = PDAs ?

Wireless:• Mobility = Wireless LANs?• Mobility = GSM/GPRS?

Applications:• Mobility = Form-factor adaptation?• Mobility = Synchronisation?

Mobility on the rise!YO

Y

% s

hip

pin

g g

row

th

35

30

25

20

15

10

5

0

2006-2010Source: Gartner Dataquest, and IDC 2006

18.6%Mobile PCs

34.1%ConvergedMobile Phones

5.8%Mobile Phones

3.9%Desktop PCs

245 Million converged devices by 2010•140 Million Windows Mobile devices•Over 3 Billion mobile subscriptions

Status of Mobility

• Components Maturing● Exponential growth in mobile devices● Near-ubiquitous wireless access● Application mobilization accelerating

• Hype transforming into stealth

• Enterprise adoption● Organic● Consumer-driven

7 HP Confidential

What customers typically want from mobility

- Animated (0)

Legacy Legacy

Forms WorkflowSheets

Mobile Business Applications•Industry specific applications (i.e. Mobile construction workforce…)

•Field Sales Automation (SFA) •Field Force Automation (FFA)

•Paperless Forms (Police Force…)•Proof of Delivery (Transport)

•Field Service Bundle•Work Order Mgmt

•Parts & Inventory tracking•Expense Management

•Asset / Property Management•Merchandizing / FMCG Sales

•Healthcare, Public safety•Inspections, Data Capture

•Unified Communications – Fixed Mobile Convergence

•Mobile office (Mail, PIM, Calendar) (Baseline)•Mobile device management (Baseline)

•Mobile Device security (Optional)•Shared Mobile Device Management (Baseline)

•Shared MDM Device security (Optional)•End 2 End security (authentication, encryption, protection…)

Mobile Business Applications•Industry specific applications (i.e. Mobile construction workforce…)

•Field Sales Automation (SFA) •Field Force Automation (FFA)

•Paperless Forms (Police Force…)•Proof of Delivery (Transport)

•Field Service Bundle•Work Order Mgmt

•Parts & Inventory tracking•Expense Management

•Asset / Property Management•Merchandizing / FMCG Sales

•Healthcare, Public safety•Inspections, Data Capture

•Unified Communications – Fixed Mobile Convergence

•Mobile office (Mail, PIM, Calendar) (Baseline)•Mobile device management (Baseline)

•Mobile Device security (Optional)•Shared Mobile Device Management (Baseline)

•Shared MDM Device security (Optional)•End 2 End security (authentication, encryption, protection…)

Messaging

Mobility: Challenges

Mobile Content ProtectionAccess Control Solutions

• Native Pocket PC

• Biometric Authentication

• HP ProtectTools

• Pointsec

• Credant

• TrustDigital

• Utimaco

• Bluefire

Bluetooth securityIn

WLAN security• Rogue Access Points

• Decoy Access points

• WPA-Personal

• WPA-Enterprise

April 10, 2023 12

Why MDM?

• Security: Ensure integrity of configuration

• Higher ease-of-use

• Deploying line-of-business applications

• Lower TCO

Reduction in Total Cost of Ownership

Cost per User per Year

MDM Benefit

Device Cost $250 8% Amortized over 2 years

Connectivity data

$900 30%

Connectivity voice

$800 27%

Backend/Ops

$504 17% -30% -$151 Setup & operate backend mobile application, change requests

Service Management

$192 6% -40% -$77 Setup users, connectivity, user management, change requests

User Support

$312 11% -30% -$94

$2958 100% -11% -$322

Cost reduction per user per year with MDM $322Net Reduction in TCO 11%Net Reduction in Annual Device Management Costs 32%

Source: HP & Gartner

April 10, 2023 14

Customer MDM Maturity Levels• Infancy

● Inventory collection● Basic software updates

• Adolescence● Software Updates● Configuration Control● Device Security Enforcement

• Mature● Data publication and synchronization● Multi-platform support● Policy driven application install and update● “OTA” startup and maintenance● Extension of Desktop Management **

April 10, 2023 15

Different MDM Approaches• Extension of Desktop Environment

● Altiris● Microsoft SMS● HP Client Automation

• Comprehensive Solution Suite● Exchange 2007● Good

• Enterprise MDM Focused● iAnywhere Afaria● HP Enterprise Mobility Suite● Microsoft System Center Mobile Device Manager

• Carrier MDM

● Intellisync● RIM Blackberry

OMA DM Standard• Device Management protocol:

● Defined by the Open Mobile Alliance (OMA) group● Current specification : 1.2 – April 2006● Based on SyncML● Conceived for Carrier MDM

• Designed for management of mobile devices● Device Provisioning (1st time use)● Device configuration – Enabling/Disabling features● Software distribution

– Firmware upgrade over the air (FOTA)» Firmware Update Management Object (FUMO)

– Applications deployment on devices– Software upgrades

● Fault Management: report/ query status

HP MDM Logical Topology

April 10, 2023 17

Domain Licensing site

VPN orProxy orFirewall

hole

MDM Server(s) (i.e Afaria)

Authentication

Internet viaWireless Wan or Wireless

LAN Networks

Customer Enterprise Network

Neutral Zone(DMZ)

Internal WLAN or Cradle

April 10, 2023 18

Scalability: Replication & Server Farms

GEO 2 CLUSTER

MASTERTESTDEV

GEO 1 CLUSTER

•Server Farms provide scalable capacity•Replication provides a logical master server, with many physical instances•Replication also facilitates division of ownership of functions; Multiple owners can maintain portions of the total server (eg. IT owns base configuration; Business Units own their applications & data.)

Device Management Technologies• Afaria

● XcelleNet, Sybase, and now iAnywhere● Mobile Device Management and Mobile Security Solution● Historically market leader in Managed Mobility Solutions

• HP Enterprise Mobile Suite (EMS)● Formerly Bitfone● OMA-DM interoperable● Heterogeneous (multi-platform) device set● Integration with OVCM (OpenView Configuration Manager)

• Microsoft SCMDM● Compliant with OMA DM● Mobile Device Management solution (System Center family)● Based on Windows infrastructure: AD – SQL ● Windows Mobile 6.1 devices only

April 10, 2023 20

Afaria Mobile Clients

Windows LaptopsJavaWinCE/Pocket PCPalmBlackberrySymbian

Console Highlights

Web AdministrationSNMP Alerts ConsoleStatus and Event Logs

ESM IntegrationEnterprise Integration Microsoft SMS Software & Inventory

Management Capabilities

Inventory ManagementSoftware and Application DeploymentDocument and Content ManagementProcess AutomationData Backup and RecoveryConfiguration Management

Web Server

ConnectivityTCP/IPWireless WWANHTTP, HTTPS, ISADial-upLAN or WLAN

Mobile Optimizations

CompressionCheck-Point RestartByte Level DifferencingSegmented File DeliveryOpportunistic ExecutionSafe File TransferEncryption

Afaria Server Features

MS NT 4.0/2000/2003Unlimited ClientsHighly ScalableDevice and Data SecurityLDAP & NT Domain User

AuthenticationChannel Replication

iAnywhere Afaria

April 10, 2023 21

Inventory

April 10, 2023 22

Server “Channels”

April 10, 2023 23

Channel Sets

April 10, 2023 24

Script Commands

SMS

TCP/IP

WW Wireless Operator Networks

HP Enterprise Devices

SMS

TCP/IP

HP Enterprise Mobility Suite

HP Worldwide Hosting Facilities

Enterprise

HTTPS

Internet

HTTPS

• Device Support• S/W Maintenance• WW Network Support

FusionDM for Enterprise

• Device Troubleshooting• Device Security• Policy Mgmt• Asset Mgmt• IT Dash Board

• Exchange®• Domino®• Groupwise®

• Corporate Directory• Active Directory ®

• Intranet• CRM• Application Portal

Existing IT Systems

HTTPS

FOR ENTERPRISE

Leading OEM Device Manufacturers

Self Care Driven

Use Case: Set Up My Device

• Out-of-the-box device setup• Employee Joe purchases a new device

● Logs into the Enterprise Self Care portal● Enters his phone number● Selects setup my device

• Joe’s email, ActiveSync, and corporate WiFi settings are automatically configured on the device

• Automated OTA Delivery Without Cradle

• Simple One Click Trigger for Setting Up New Device

• Minutes to Fully Configured, Ready-to-Use Device

Use Case: Diagnose My Device

• Device Diagnostics• Joe’s email is not working

● Selects diagnose my device● Problem is automatically displayed

• Activesync settings are incorrect● Selects the checkbox & presses go

• Joe’s ActiveSync settings are corrected and he is receiving his email

• Instantly Validate All Device Settings• Automatically Detect Device Faults• OTA Push Fixes to Address Root

Causes

Use Case: Update Software

• Joe needs the new VPN client● Selects Update Software● Device inventory is remotely● List of required applications are

displayed● Selects the checkbox for VPN & presses

go

• VPN application is automatically installed

• Instantly distribute corporate tools and applications and their updates OTA

• Collect S/W Inventory of Device Fleet• Detect and Remove Unauthorized S/W

Use Case: Device Security

• Joe loses his device on a business trip

● Logs into the web-based application● Selects Lock & Wipe device● Remotely locks his device

• Corporate data is secure until the device is recovered

• Remotely Lock Compromised Devices

• Wipe All User Data OTA• Unlock Recovered Devices

Microsoft SCMDM

Security Security ManagementManagement

Active Directory Domain Join Policy enforcementusing Active Directory/Group Policy targeting (>125 policies)Communications and camera disablement*Application blacklisting and whitelisting File encryption Remote wipe

Device Device ManagementManagementFull OTA provisioning and bootstrapping OTA Software distribution based on WSUS 3.0Inventory SQL Server 2005 based reporting capabilities Role based administration MMC snap-ins and Powershell cmndletsOMA-DM compliant

MobileMobileVPNVPN

Machine authentication and “double envelope security”Session PersistenceFast ReconnectInternetwork roamingStandards based (IKEv2, MobIKE, IPsec tunnel mode)

Management WorkloadDeployment: inside firewall

Network Access WorkloadDeployment: in DMZ

Security Management BenefitsSCMDM extends Active Directory/Group Policy to Windows Mobile•AD is the most widely deployed enterprise network directory worldwide

● 80% + penetration in the U.S.● 55% + penetration in

G7 countries overall

•AD- GP is widely used by IT to configure policies for their desktops, laptops and servers

● Over 90% of Active Directory customers use Group Policy

•Over 130+ configuration settings for Windows Mobile can now be managed through Group Policy including control of Bluetooth, WIFI, SMS/MMS, IR, Camera, and POP/IMAP•Extensible architecture

Device Management Benefits• Enterprise-wide OTA software distribution

● Leverages Windows Software Update Service (WSUS) 3.0 • Most widely deployed Windows software update solution across organizations of all size

(60%+ penetration)

• Rich targeting and packaging capabilities required by IT departments

• Rich Inventory and Reporting● Robust hardware

and software inventory capabilities

● SQL Server 2005-based reporting infrastructure• Highly flexible

• Customizable

Allows end-to-end securityHeadless gateway deployed in the DMZPrivacy compliance

Security

Use best available channelAdapt to network to minimize keep alive traffic (goal)

Efficiency

Transparent to mobile application Transparent to LOB services

Extensible

Always connectedAllows pushed technology

Reliability

Minimum user configurationTransparent to user and to applications

Simplicity

Secured Corporate Data Access• Enables secure behind-the-firewall access to the corporate network and applications

● Any intranet data! (SAP, Siebel, intranet sites, SQL, etc)

• Aligns with existing remote access model for desktops/laptops and scales to a broad set of scenarios

● Thin and rich client apps

DMZDMZ

Internal Corporate SiteInternal Corporate SiteDomain ControllerDomain Controller

Mob

ile V

PN

Mob

ile V

PN

Mobile VPN

Mobile VPN

Mobile Operators Cellular DataMobile Operators Cellular DataConnectionConnection

Internet

WiFi ConnectionWiFi Connection

Mobile VPN GatewayMobile VPN Gateway

Corporate Internal FirewallCorporate Internal Firewall

Controlled access to InternalControlled access to Internalcorporate resources from thecorporate resources from themobile devices connected viamobile devices connected via

Mobile VPNMobile VPN

Corporate External FirewallCorporate External Firewall

Summary

• Rapid acceleration of Mobility• Enterprise obstacles: Manageability &

Security• Multiple Mobile Device Management options• Enterprise requirements will determine

optimal choice● Platform standardization● VPN capabilities and LOB applications● OMA-DM

Questions?

Contact me at: john.rhoton@hp.com

Your Feedback is Important

Please fill out a session evaluation form and either put them in the basket near

the exit or drop them off at the conference registration desk.

Thank you!