A Comparison of Protocols for Device Management and Software Updates

Size: px
Start display at page:

Download "A Comparison of Protocols for Device Management and Software Updates"

Transcription

1 B L A C K B E R R Y M 2 M S O L U T I O N S A Comparison of Protocols for Device Management and Software Updates In the last two decades, the number of connected computing devices has grown at a staggering rate. One of the biggest challenges that individuals and corporations now face is how to manage and update these devices in a secure, efficient, and convenient way. The extension of mobile communication into new industries and verticals such as the automotive industry brings new opportunities for operational efficiencies and customer satisfaction. Selecting the right protocols to manage and update software in these devices in ways that are tailored to the specific needs of the industry becomes mission critical. In this White Paper, OMA DM, BBF TR069, UPnP-DM, and BlackBerry protocols for updating and managing computing devices, for verticals such as automotive, will be compared. Security, scalability, interoperability and efficiency of each solution will be briefly considered and the rich feature set of the BlackBerry protocol will be summarized. White Paper

2 OMA DM Protocols Open Mobile Alliance (OMA) Device Management (DM) protocols include a feature for Firmware Updates that uses the Firmware Update Management Object (FUMO). We will discuss the security, scalability, and efficiency of this solution, as well as the OMA DM standards working group factors of version About SyncML and FUMO Originally designed for basic device provisioning, the OMA DM protocols have been amended to attempt to cover more requirements from the industry. The OMA DM solution is based on the Synchronization Markup Language (SyncML). Initially, SyncML wasn t under the control of the OMA organization, but SyncML was later absorbed by the OMA working groups. SyncML was designed for transmitting data elements between the client and server and has been largely unchanged for about a decade. The base DM protocols contain all of the necessary components to allow clients and servers to exchange data elements in a hierarchical tree. Each version of the DM protocol and each of the versioned management objects includes base-level features. Sessions are always initiated by the client, either as a result of a device-side condition or as a result of a server sending a push message to the client. The protocols are versioned and can be implemented by any organization. The FUMO object contains two required items: an URL to download a single firmware image, and an execute command, which signals the client to start the firmware download and update process. The firmware image can be placed directly in a data element in the FUMO tree, but this isn t typically used, except in the case of very small firmware images. All other custom features and data elements must be added as custom nodes to the DM tree. Any custom business logic associated with these custom data elements requires pre-existing server and/or client-customized support. Security Transport-layer security can be accomplished using the normal SSL and TLS cipher suites. This provides encryption, but not authentication of both endpoints. Security for OMA DM transactions is limited to username:password combinations or HMAC-MD5 for authenticity verification. The HMAC-MD5 effectiveness is highly dependent on the server and client implementations. If one or the other isn t rotating the nonce values on a prudent schedule, then the strength of the solution is drastically diminished. Moreover, not all servers and clients have implemented solid security models of the nonce rotation. Scalability The DM protocol requires that the synchronization of data elements in the DM tree be sequenced in order to ensure that all of the relevant data is on the device before certain commands are executed. These data elements can be synchronized within a single session between the client and server, but no session is guaranteed to be 100% reliable. A broken session can leave a client in an incomplete state regarding the required set of data elements that need to be synchronized. For a feature to work correctly, if there are dependencies required, each server session with a client needs to ensure the state of the DM tree. For example, if a firmware update is targeted at a specific device and there are custom nodes that contain extra data elements that aren t specified in the FUMO object, then all of the custom nodes would need to be verified, and possibly synchronized, before the FUMO EXEC command could be issued to the client. It s exactly this type of scenario that makes for complex server-scalability solutions when more than one DM server instance is required. For large device populations, it s not possible to vertically scale a single DM server high enough to handle high-transaction loads. Large-scale deployments need to be able to scale vertically, horizontally, geographically, and cost effectively. BlackBerry has recently worked with some cellular operators that have experienced DM server overloads and crashes due to normal day-to-day traffic loads that they weren t able to effectively scale for. The protocol wasn t designed for large-scale operations with high-transaction rates. Interoperability Interoperability within the DM protocol isn t guaranteed. There has been no industry-wide interoperability test session in over 4 years. Typically, OMA DM vendors try to mitigate this by including provisions in their contracts stating that they will perform interoperability testing with other vendors. Sometimes this testing includes server interoperability or client interoperability, and sometimes it requires server vendors to integrate each other s solution with their own before testing interoperability. This last case doesn t offer fully independent interoperability. In the past, the OMA DM group organized regular test fests to encourage hands-on interoperability testing. The last full multivendor test fest was May 22, 2009, which suggests that successful interoperability seems unlikely.

3 Efficiency In general, the SyncML protocol is a chatty protocol. This means that there are numerous messages sent back and forth between the client and server as part of synchronizing data elements within a tree. The SyncML protocol isn t well suited to resource-constrained environments where bandwidth and power are limited. In this context, the cellular networks are considered a resource-constrained environment. Cellular networks have limited throughput, a limited number of simultaneous data streams, and limited numbers of connected clients. There are more desirable solutions than OMA DM The OMA DM working group has acknowledged that the solution space is in need of a more efficient protocol. While there are several options being researched and proposed, nothing is finalized at the moment. Any changes would break backwards compatibility with existing protocol versions and thus all existing clients and servers will continue to rely on protocol communications. Based on the feedback from companies that have deeply invested in 1.2.1, we don t expect rapid adoption of a new version of the protocol. The OMA DM protocols are designed by committee and anyone can join the working group. As with most open standards where companies have competing interests, only the features that are the lowest common denominator are accepted by all of the parties. The FUMO feature appears to be in such a situation, as it only supports a single firmware image and an execute command. All other related business logic or data must be added in by the DM servers and DM clients; however, any custom business logic breaks the interoperability goals of DM. For more information about the OMA DM protocol, see BBF TR069 and UPnP-DM Protocols There are other protocols that are capable of remotely managing software updates for connected devices. In general, these protocols aren t designed for wirelessly connected or resource-constrained environments. Also, these protocols weren t designed for hundreds of millions of connected devices. Most of these protocols have been targeted at wired and broadband domains where bandwidth and speed are sufficiently available and the population sizes are far smaller than the millions needed by large domains. We won t discuss these protocols in detail due to their limiting design factors, but more information is available from the following resources: BBF TR069: UPnP-DM: BlackBerry Protocols About the BlackBerry Software Update Management service The Software Update Management service is a solution that is specifically designed to provide the highest levels of industry standardized security models, to support the configuration of software and delivery of updates to hundreds of millions of connected computing devices, and to provide a rich set of base features in a single protocol. The BlackBerry Software Configuration and Management protocol suite is a set of XML payloads delivered over HTTP sessions between the client and server. Sessions are always initiated by the client, either as a result of a device-side condition or as a result of a server sending a push message to the client. Compressed binary versions of the protocol are also available. The protocols are versioned and can be implemented by any organization. Additionally, the solution also provides support for OMA DM and the FUMO management object. Security Transport layer security can be accomplished by using the normal SSL and TLS cipher suites. This provides encryption, but not authentication of both endpoints. For authentication, BlackBerry supports using digital signatures or lesser-grade authentication using sets of identifiers that are unique to the endpoints. There are numerous cipher suites and bit strengths that have been standardized by the industry today. These range from vulnerable SHA-1 to common RSA to bitfriendly Elliptic Curves.

4 By default, the level of security used by the BlackBerry solution is 521 bits of elliptic curve, although other cipher suites and bit levels are available, depending on the client needs. Each transaction that a client has with the server is digitally signed using an ECDSA-521 key pair. This is the equivalent of about 16,000 bits of RSA. To put this into perspective, today most online banking transactions use a maximum of 2048 bits of RSA. By using ECDSA-521 (521 bits), not only is the cipher strength extremely strong, but it s also extremely efficient to transmit over wireless bearers. This has the benefit of consuming less bandwidth and requiring less storage space on the client device. When managing millions of devices that need to be communicated with in a short period of time, the benefit of 521 bit signatures versus 16,000 bit signatures (a 30 times reduction in bits) can be immediately appreciated in a wireless medium. The trade off is a higher computational cost to verify the signature on the client, compared to other cipher suites. BlackBerry values high security and high integrity in its solutions, especially when wireless bearers are involved in the network topology. The strength of the cipher suite must be balanced with the client needs, wireless consumption constraints, and power consumption rates. Scalability and efficiency A device management solution must be able to handle large amounts of clients and high-transaction rates. Clients can t be completely controlled to yield a perfectly uniform distribution of transactions; peaks and valleys of incoming load are inevitable. The BlackBerry solution and protocol is designed to minimize the required state management on the server side. The benefit here is that a client can connect to any server at any time anywhere in the BlackBerry Device Management cloud around the world. The server will be dynamically chosen by the BlackBerry Infrastructure only when the client initiates a session with BlackBerry. Parameters such as geographic location, server availability, and server load can be used to route clients to an appropriate server. This type of design allows for the efficient and automatic handling of incoming traffic load as necessary. The client side of this design doesn t need to have any awareness or business logic to make this feature work. Simple client designs are highly desired, as this allows server-side changes to affect behavioral changes and feature updates with little or no client changes. To support this type of server-side architecture, the entire cloud must have access to all of the data all of the time. Highly reliable and high-speed data management across the cloud is a nontrivial problem to solve, but is extremely valuable for customers with millions of computing devices to manage. Updating a firmware image isn t sufficient in today s mobile computing environments. It s not enough to manage a single firmware image that is applied homogenously to all clients with no customization or policy management. It s often desirable to have a rich set of control options when a fleet of devices needs to be modified. For example, updating the firmware for one hundred million devices as fast as possible would be an unmitigated disaster for any wireless network and all up-stream infrastructures. Some of these controls will be completely managed by the servers, but some control points need to be communicated to the clients so that they can act out the constraints and rules using local data. Every version of the BlackBerry Software Configuration and Management protocol has several control features included in them. All of the data that the client needs to know about will come in a single digitally signed response. This creates very efficient use of bandwidth, which translates to shorter transactions and faster response times to the device user. For example, a firmware update is eligible for one hundred million clients, but some clients will be told that their update also includes Priority #1 security updates, while others will be told that their updates are to be performed silently (in the background). All of the clients are also told that they will be subject to download rules based on battery levels on the device. By having all of the customizable data within the same response message, there isn t a need to have extended back and forth chatter with the server to communicate all of the related policies and controls associated with the command being executed. Splitting out the data into multiple messages leads to complex sequencing and distributed transactions that must be managed and performed by all of the servers in the cluster in order to guarantee the consistency and accuracy of the data on the device. This would make cloud-based stateless servers where clients could connect to any device in the cloud a near impossibility, and therefore would severely limit scalability and reliability. BlackBerry takes the former approach of including all of the relevant data for the command in the same single-server response to the device. If there are custom data elements above what the base features support, these data elements are also included in the single-server response.

5 Summary There are several protocol suites that are capable of managing connected devices and in particular, managing software updates for connected devices. All of the protocols that weren t designed for wirelessly connected devices or large population sizes don t meet the needs of large-scale software update solutions. The OMA DM protocols have desirable goals, but have limited security and authentication options, limited base features, chatty SyncML underpinnings, and challenging interoperability issues. These protocols are simply not as capable as BlackBerry needs them to be. The BlackBerry Software Configuration and Management protocols are designed and controlled by BlackBerry, but any vendor can implement their own client, provided that the client adheres to the protocol. For basic updates and for interoperability, the OMA DM and FUMO protocols can be suitable when it is not known which backend will be managing and updating the device, and when there is a need to support multiple backends, such as when vendors delegate software update rollouts to wireless service providers. However, in cases where an OEM requires end to end control of the rollout to its entire fleet of devices, the BlackBerry Software Configuration and Management protocols are comprised of a rich feature set above and beyond simple monolithic firmware updates. This feature set includes significantly higher security solutions, policy and control features specific to wireless networks, and highly scalable and reliable server deployment options. In a field where software updates aren t just simple monolithic images, security solutions need to live in the field for more than a decade, population sizes are in the millions, wireless awareness and control are involved, and custom work is likely needed from any vendor for any protocol for the customer needs, the best solution combines a basic interoperability with other backend services with the advanced features provided by the BlackBerry Software Updates and Management Service. The challenge in selecting the right protocol to use depends on an organization s requirements, and the complexity will vary based on those requirements. BlackBerry has designed its services and protocols to be interoperable, and can support a wide range of clients ranging in complexity from single protocols such a FUMO or BlackBerry to a more complex hybrid solution where both protocols are being used jointly. Keep your business moving: BlackBerry. All rights reserved. BlackBerry and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world.

White Paper. Enhancing Website Security with Algorithm Agility

White Paper. Enhancing Website Security with Algorithm Agility ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today

More information

Open Mobile Alliance (OMA) Device Management Overview. Peter Thompson Mark Staskauskas Qualcomm Incorporated

Open Mobile Alliance (OMA) Device Management Overview. Peter Thompson Mark Staskauskas Qualcomm Incorporated Open Mobile Alliance (OMA) Device Management Overview Peter Thompson Mark Staskauskas Qualcomm Incorporated Motivation for this Presentation Many of the features envisioned for the TR-50 Smart Device Communications

More information

HTTPS is Fast and Hassle-free with CloudFlare

HTTPS is Fast and Hassle-free with CloudFlare HTTPS is Fast and Hassle-free with CloudFlare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their

More information

Bandwidth Aggregation, Teaming and Bonding

Bandwidth Aggregation, Teaming and Bonding Bandwidth Aggregation, Teaming and Bonding The increased use of Internet sharing combined with graphically rich web sites and multimedia applications have created a virtually insatiable demand for Internet

More information

Service Overview CloudCare Online Backup

Service Overview CloudCare Online Backup Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

SiteCelerate white paper

SiteCelerate white paper SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance

More information

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc. OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256

More information

Product Overview: Software Update Management for Automotive. Wireless software update & management service for Automotive manufacturers

Product Overview: Software Update Management for Automotive. Wireless software update & management service for Automotive manufacturers B L A C K B E R R Y M 2 M S O L U T I O N S Product Overview: Software Update Management for Automotive Wireless software update & management service for Automotive manufacturers Product Overview BlackBerry

More information

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications White Paper Table of Contents Overview...3 Replication Types Supported...3 Set-up &

More information

NETWORK SECURITY Staying Ahead of the Curve

NETWORK SECURITY Staying Ahead of the Curve NETWORK SECURITY Staying Ahead of the Curve PREFACE Very few things in this world move at the pace of technology. Today s internet infrastructure offers a tremendous value proposition to those implementing

More information

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents

More information

Applying Mesh Networking to Wireless Lighting Control

Applying Mesh Networking to Wireless Lighting Control White Paper Applying Mesh Networking to Wireless Lighting Control www.daintree.net Abstract Recent advances in wireless communications standards and energy-efficient lighting equipment have made it possible

More information

Wyse Device Manager TM

Wyse Device Manager TM Wyse Device Manager TM Secure, flexible and effective thin client management software All youneed toknow.here. An introduction to Wyse Device Manager TM Minimize your desktop support costs. Maximize desktop

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

SOMA Cryptography Whitepaper

SOMA Cryptography Whitepaper SOMA Cryptography Whitepaper Draft date: Nov. 1st, 2015 Contents Overview 2 Secure Transport Layer Protocol 3 AES256 Key Generation 3 Login Data Verification 3 Secure Transport Layer Establishment 4 Data

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Managing Mobile Devices Over Cellular Data Networks

Managing Mobile Devices Over Cellular Data Networks Managing Mobile Devices Over Cellular Data Networks Best Practices Document Best Practices Document www.soti.net We Manage Mobility TABLE OF CONTENTS UNIQUE CHALLENGES OF MANAGING DEVICES OVER CELLULAR

More information

Cost Effective Deployment of VoIP Recording

Cost Effective Deployment of VoIP Recording Cost Effective Deployment of VoIP Recording Purpose This white paper discusses and explains recording of Voice over IP (VoIP) telephony traffic. How can a company deploy VoIP recording with ease and at

More information

Application Note. Onsight Connect Network Requirements v6.3

Application Note. Onsight Connect Network Requirements v6.3 Application Note Onsight Connect Network Requirements v6.3 APPLICATION NOTE... 1 ONSIGHT CONNECT NETWORK REQUIREMENTS V6.3... 1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview...

More information

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using

More information

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for IBM WebSphere Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

TOP SECRETS OF CLOUD SECURITY

TOP SECRETS OF CLOUD SECURITY TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3

More information

Cisco Application Networking for BEA WebLogic

Cisco Application Networking for BEA WebLogic Cisco Application Networking for BEA WebLogic Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Relational Databases in the Cloud

Relational Databases in the Cloud Contact Information: February 2011 zimory scale White Paper Relational Databases in the Cloud Target audience CIO/CTOs/Architects with medium to large IT installations looking to reduce IT costs by creating

More information

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA White Paper Birdstep Intelligent Mobile IP Client v2.0, Universal Edition Seamless secure mobility across all networks Copyright 2002 Birdstep Technology ASA Haakon VII's gate 5B, N-0161 Oslo, Norway Tel:

More information

Making a Case for Including WAN Optimization in your Global SharePoint Deployment

Making a Case for Including WAN Optimization in your Global SharePoint Deployment Making a Case for Including WAN Optimization in your Global SharePoint Deployment Written by: Mauro Cardarelli Mauro Cardarelli is co-author of "Essential SharePoint 2007 -Delivering High Impact Collaboration"

More information

Chapter 6 Essentials of Design and the Design Activities

Chapter 6 Essentials of Design and the Design Activities Systems Analysis and Design in a Changing World, sixth edition 6-1 Chapter 6 Essentials of Design and the Design Activities Chapter Overview There are two major themes in this chapter. The first major

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

Making the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008

Making the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008 Making the Case for Satellite: Ensuring Business Continuity and Beyond July 2008 Ensuring Business Continuity and Beyond Ensuring business continuity is a major concern of any company in today s technology

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010 S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M Bomgar Product Penetration Test September 2010 Table of Contents Introduction... 1 Executive Summary... 1 Bomgar Application Environment Overview...

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION Automated file synchronization Flexible, cloud-based administration Secure, on-premises storage EMC Solutions January 2015 Copyright 2014 EMC Corporation. All

More information

Installation and usage of SSL certificates: Your guide to getting it right

Installation and usage of SSL certificates: Your guide to getting it right Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.

More information

McAfee Agent Handler

McAfee Agent Handler McAfee Agent Handler COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Learning Management Redefined. Acadox Infrastructure & Architecture

Learning Management Redefined. Acadox Infrastructure & Architecture Learning Management Redefined Acadox Infrastructure & Architecture w w w. a c a d o x. c o m Outline Overview Application Servers Databases Storage Network Content Delivery Network (CDN) & Caching Queuing

More information

SAP HANA Cloud Integration CUSTOMER

SAP HANA Cloud Integration CUSTOMER CUSTOMER Table of Contents 1 Introduction.... 3 2 from a Bird s Eye Perspective....4 3 Integration Capabilities....5 4 Connectivity Options....7 5 Using Predefined Integration Content....8 6 Security....

More information

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS Mobilize Any Business Application. Rapidly. Securely. The Challenge Today's enterprises are increasingly leveraging mobility solutions to improve productivity, decrease response times and streamline operational

More information

Internet Content Adaptation Protocol (ICAP)

Internet Content Adaptation Protocol (ICAP) Internet Content Adaptation Protocol (ICAP) Network Appliance Version 1.01 7/30/01 Contents 1. Scope/Executive Summary 2. Introduction 3. ICAP Architecture 4. NetCache TM Deployment in Support of ICAP

More information

XMPP A Perfect Protocol for the New Era of Volunteer Cloud Computing

XMPP A Perfect Protocol for the New Era of Volunteer Cloud Computing International Journal of Computational Engineering Research Vol, 03 Issue, 10 XMPP A Perfect Protocol for the New Era of Volunteer Cloud Computing Kamlesh Lakhwani 1, Ruchika Saini 1 1 (Dept. of Computer

More information

CONTROL LEVEL NETWORK RESILIENCY USING RING TOPOLOGIES. Joseph C. Lee, Product Manager Jessica Forguites, Product Specialist

CONTROL LEVEL NETWORK RESILIENCY USING RING TOPOLOGIES. Joseph C. Lee, Product Manager Jessica Forguites, Product Specialist CONTROL LEVEL NETWORK RESILIENCY Written by: Joseph C. Lee, Product Manager Jessica Forguites, Product Specialist DANGER 65 65 65 65 65 65 65 65 EtherNet/IP 1 3 4 5 6 LINK 1 LINK MOD NET 15 14 13 1 11

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information

M2M. Machine-to-Machine Intelligence Corporation. M2M Intelligence. Architecture Overview

M2M. Machine-to-Machine Intelligence Corporation. M2M Intelligence. Architecture Overview M2M Machine-to-Machine Intelligence Corporation M2M Intelligence Architecture Overview M2M Intelligence - Essential platform for the M2M and IoT Economy Architecture Overview Revised styles and edits 6/3/2016

More information

M2M, IoT, DEVICE MANAGEMENT: ONE PROTOCOL TO RULE THEM ALL? Julien Vermillard, Sierra Wireless

M2M, IoT, DEVICE MANAGEMENT: ONE PROTOCOL TO RULE THEM ALL? Julien Vermillard, Sierra Wireless M2M, IoT, DEVICE MANAGEMENT: ONE PROTOCOL TO RULE THEM ALL? Julien Vermillard, Sierra Wireless Software Engineer at Sierra Wireless, implementing various protocols for AirVantage cloud service. Apache

More information

iphone in Business How-To Setup Guide for Users

iphone in Business How-To Setup Guide for Users iphone in Business How-To Setup Guide for Users iphone 3G is ready for business. It supports Microsoft Exchange ActiveSync, delivering push email, calendars, and contacts. And it gives mobile users secure

More information

[MS-MDM]: Mobile Device Management Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

[MS-MDM]: Mobile Device Management Protocol. Intellectual Property Rights Notice for Open Specifications Documentation [MS-MDM]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,

More information

SyncML Device Management

SyncML Device Management SyncML Device Management An overview and toolkit implementation Radu State Ph.D. The MADYNES Research Team LORIA INRIA Lorraine 615, rue du Jardin Botanique 54602 Villers-lès-Nancy France Radu.State@loria.fr

More information

WebEx Security Overview Security Documentation

WebEx Security Overview Security Documentation WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication

More information

WebStore Guide. The Uniform Solution

WebStore Guide. The Uniform Solution WebStore Guide The Uniform Solution Copyright 2009-2013 Premier Data Systems All rights reserved. This publication is protected by copyright and all rights are reserved by Premier Data Systems. It may

More information

Service Overview. Business Cloud Backup. Introduction

Service Overview. Business Cloud Backup. Introduction Service Overview Business Cloud Backup Techgate s Business Cloud Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

Database Security in Virtualization and Cloud Computing Environments

Database Security in Virtualization and Cloud Computing Environments White Paper Database Security in Virtualization and Cloud Computing Environments Three key technology challenges in protecting sensitive data Table of Contents Securing Information in Virtualization and

More information

Network Management System (NMS) FAQ

Network Management System (NMS) FAQ Network Management System (NMS) FAQ Q: How does the NMS work? A: The Cooper NMS is a powerful, flexible and highly scalable wireless and fixed network management solution for thousands of network nodes

More information

SSL BEST PRACTICES OVERVIEW

SSL BEST PRACTICES OVERVIEW SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%

More information

SummitStack in the Data Center

SummitStack in the Data Center SummitStack in the Data Center Abstract: This white paper describes the challenges in the virtualized server environment and the solution Extreme Networks offers a highly virtualized, centrally manageable

More information

2014 IBM Corporation

2014 IBM Corporation 2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session

More information

Cisco Wide Area Application Services Optimizes Application Delivery from the Cloud

Cisco Wide Area Application Services Optimizes Application Delivery from the Cloud Cisco Wide Area Application Services Optimizes Application Delivery from the Cloud What You Will Learn The adoption of cloud-based computing and applications promises to improve the agility, efficiency,

More information

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network Review questions 1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network B Local area network C Client/server

More information

Packet Level Authentication Overview

Packet Level Authentication Overview Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP 5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP With support for Cisco ACE load balancer ending, organizations need to find an alternative. Contents Introduction 3 Advanced Architecture 3 Ease of

More information

Intelligent Content Delivery Network (CDN) The New Generation of High-Quality Network

Intelligent Content Delivery Network (CDN) The New Generation of High-Quality Network White paper Intelligent Content Delivery Network (CDN) The New Generation of High-Quality Network July 2001 Executive Summary Rich media content like audio and video streaming over the Internet is becoming

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Get Control of Your Data Center. Application Delivery Controllers

Get Control of Your Data Center. Application Delivery Controllers White Paper Get Control of Your Data Center Application Delivery Controllers May 2011 Get Control of Your Data Center Access. Security. Delivery. Introduction Data center and networking technologies have

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

CTX OVERVIEW. Ucentrik CTX

CTX OVERVIEW. Ucentrik CTX CTX FACT SHEET CTX OVERVIEW CTX SDK API enables Independent Developers, VAR s & Systems Integrators and Enterprise Developer Teams to freely and openly integrate real-time audio, video and collaboration

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security

More information

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance 5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance DEPLOYMENT GUIDE Prepared by: Jim Puchbauer Coyote Point Systems Inc. The idea of load balancing

More information

5 Steps to Avoid Network Alert Overload

5 Steps to Avoid Network Alert Overload 5 Steps to Avoid Network Alert Overload By Avril Salter 1. 8 0 0. 8 1 3. 6 4 1 5 w w w. s c r i p t l o g i c. c o m / s m b I T 2011 ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic

More information

2007 Microsoft Office System Document Encryption

2007 Microsoft Office System Document Encryption 2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft

More information

Authentication is not Authorization?! And what is a "digital signature" anyway?

Authentication is not Authorization?! And what is a digital signature anyway? Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information

More information

Deploying F5 Application Ready Solutions with VMware View 4.5

Deploying F5 Application Ready Solutions with VMware View 4.5 F5 White Paper Deploying F5 Application Ready Solutions with VMware View 4.5 VMware View is the leading desktop virtualization solution built for delivering desktops as a managed service. F5 BIG IP devices

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5 bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5 2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Media Rights Management Server 1.5 Overview for Microsoft

More information

GoToMyPC Corporate Advanced Firewall Support Features

GoToMyPC Corporate Advanced Firewall Support Features F A C T S H E E T GoToMyPC Corporate Advanced Firewall Support Features Citrix GoToMyPC Corporate features Citrix Online s advanced connectivity technology. We support all of the common firewall and proxy

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

SAP Mobile Platform. SAP Mobile Platform. Cloud Performance and Scalability SAP AG or an SAP affiliate company. All rights reserved.

SAP Mobile Platform. SAP Mobile Platform. Cloud Performance and Scalability SAP AG or an SAP affiliate company. All rights reserved. SAP Mobile Platform SAP Mobile Platform Cloud Performance and Scalability Table of Contents 4 Performance Test Configurations The Test Plans 7 Performance Test Results Single-User Test Results Multiuser

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Exhibit n.2: The layers of a hierarchical network

Exhibit n.2: The layers of a hierarchical network 3. Advanced Secure Network Design 3.1 Introduction You already know that routers are probably the most critical equipment piece in today s networking. Without routers, internetwork communication would

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Masters Project Proxy SG

Masters Project Proxy SG Masters Project Proxy SG Group Members Chris Candilora Cortland Clater Eric Garner Justin Jones Blue Coat Products Proxy SG Series Blue Coat Proxy SG appliances offer a comprehensive foundation for the

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

SummitStack in the Data Center

SummitStack in the Data Center SummitStack in the Data Center Abstract: This white paper describes the challenges in the virtualized server environment and the solution that Extreme Networks offers a highly virtualized, centrally manageable

More information

New CICS support for Secure Sockets Layer

New CICS support for Secure Sockets Layer New CICS support for Secure Sockets Layer Peter Havercan, Senior CICS Developer CICS Transaction Server has had support for Secure Sockets Layer (SSL) since Version 1 Release 3, but the support has been

More information

Coyote Point Systems White Paper

Coyote Point Systems White Paper Five Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance. Coyote Point Systems White Paper Load Balancing Guide for Application Server Administrators

More information

CHAPTER 7 SUMMARY AND CONCLUSION

CHAPTER 7 SUMMARY AND CONCLUSION 179 CHAPTER 7 SUMMARY AND CONCLUSION This chapter summarizes our research achievements and conclude this thesis with discussions and interesting avenues for future exploration. The thesis describes a novel

More information

SSL Server Rating Guide

SSL Server Rating Guide SSL Server Rating Guide version 2009j (20 May 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services What You Will Learn Windows Server on WAAS reduces the cost and complexity

More information

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate

More information

Large-Scale VMS Design and Management

Large-Scale VMS Design and Management Whitepaper Large-Scale VMS Design and Management How to design and manage a video surveillance system with 100,000 highly-available cameras Prepared by: John Rasmussen, Senior Product Manager, Corporate

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

Wireless Video Best Practices Guide

Wireless Video Best Practices Guide Wireless Video Best Practices Guide Using Digital Video Manager (DVM) with the OneWireless Universal Mesh Network Authors: Annemarie Diepenbroek DVM Product Manager Soroush Amidi OneWireless Product Manager

More information

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT Version 1.3 Crown Copyright 2015 All Rights Reserved 49358431 Page 1 of 12 About this document This document describes the features, testing and deployment

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Desktop Virtualization for the Banking Industry. Resilient Desktop Virtualization for Bank Branches. A Briefing Paper

Desktop Virtualization for the Banking Industry. Resilient Desktop Virtualization for Bank Branches. A Briefing Paper Desktop Virtualization for the Banking Industry Resilient Desktop Virtualization for Bank Branches A Briefing Paper September 2012 1 Contents Introduction VERDE Cloud Branch for Branch Office Management

More information

Synchronizing and Managing Mobile Devices

Synchronizing and Managing Mobile Devices PRODUCT DATASHEET Synchronizing and Managing Mobile Devices BENEFITS Small code base enables developers to implement Device Management in memory-limited devices such as cellular phones, smart phones and

More information