Open Mobile Alliance (OMA) Device Management Overview. Peter Thompson Mark Staskauskas Qualcomm Incorporated

Open Mobile Alliance (OMA) Device Management Overview Peter Thompson Mark Staskauskas Qualcomm Incorporated

Motivation for this Presentation Many of the features envisioned for the TR-50 Smart Device Communications (SDC) system fall under basic device management functionality This presentation provides an overview of OMA Device Management, which Is designed for limited-capability devices, such as those used in Smart Device applications Is widely deployed in mobile devices such as handsets Could provide a realization for many TR-50 requirements related to device management

Overview Description of DM High Level Overview Uses and Description of DM Overview of DM Protocol Management Objects (MOs) Management Tree Tree access control via ACL Bootstrapping DM Security Recent work on extending OMA DM DM deployment and use in other SDOs Other standardized DM protocols Conclusions

High Level Overview of OMA DM Several operators and vendors realized that managing devices remotely was a difficult task, and often done in a proprietary fashion. Operators were worried about their call center costs being too high, and customers not being happy with service. Vendors were worried that they were not able to provide the operator with information about their device. They were also worried about how to update their firmware remotely. Operators and vendors got together and wrote a standard SyncML DM later OMA DM. This standard allowed operators to reduce their call center time, remotely update devices and help keep their customers happy.

Current Uses of DM OMA DM provides Provisioning Initial setting of configuration data Update of configuration data Determination of Device s DM Capabilities Standard Management Object provides information about the device Details on make, model, firmware version, etc. OMA FUMO provides Firmware Update Controls the process of firmware update via the manipulation of a Management Object Uses DM 1.2 for transport and control

Description of DM Device Management (DM) is designed to work with small mobile devices that are intermittently connected. Small footprint Small messages (compressed using WBXML or transport compression) Designed to help owners and users So they don t have to do their own system administration Users can get new services over the air Designed to help Operators and Enterprise Allow for deployment of revenue generating services OTA Increase user satisfaction Reduce service time

DM Protocol Client/Server Architecture Uses HTTP as primary transport Simple Commands Commands apply only to management tree Add, Replace, Get, Delete Basic commands for accessing or setting management information Can access single nodes or entire sub-trees Exec Special command to have the client execute some local command, such as firmware update Applied to a node in the management tree Strong Security Client and Server must be mutually authenticated on transport layer as well as application layer Over HTTP must use TLS 1.0 or SSL 3.0

OMA DM Firmware Update 1.0 OMA DM Scheduling 1.0 OMA DM Diagnostics And Monitoring OMA DM Browser Mgmt 1.0 DM Protocol OMA DM Protocol 1.2 (DM messaging, security, etc.) OMA DS Protocol 1.2 (DS messaging, security, etc.) OMA DM Representation Usage 1.2 (DM-specific annotated DTD) OMA DS Representation Usage 1.2 (DS-specific annotated DTD) OMA SyncML Representation 1.2 (Data model, DTD, etc.) WAP WSP bearer HTTP HTTPS bearer OBEX bearer SMS Notif. bearer SIP Notif. bearer

Management Objects (MO) Describe management information about an application or device parameter Server will read or write this data for provisioning MOs are contained in the Client s Management Tree Describes a minimum access level for servers Get, Write, Exec. Get is the typical value, but may be overridden by instances. Must always allow for non-standard extensions Described using the DM Device Description Framework (DDF) Contains management information in a platform neutral format Hierarchical format, similar to a file system

Example MO Firmware Update MO (FUMO)

Management Tree Platform neutral expression of management information that the client is presenting to the server. Contains management info in a platform neutral format Hierarchical format, similar to a file system Access Control Lists limits access to only authorized Servers May reflect device s real-time information, but not required Only exists to provide a neutral format between Client and Server - not mandated to exist when Client is not running Servers may create new subtrees as needed May be different trees for different servers Access for some settings may not allow other servers to see proprietary data The tree is a collection of Management Objects 3 standard objects - DMAcc, DevInfo and DevDetail Other MOs that the manufacturer supports

Standard MOs DMAcc Contains DM Account information needed to access a DM Server Server name, URL Authentication information Connection information DevInfo Contains general information about the device Device ID, Manufacturer, Model, DM Client version, and current Language DevDetail Specific details of the device Bearer details (CDMA, UMTS, etc) Tree limitations (max node name length, max node depth) Device type OEM Version of firmware, software, and hardware Support of large objects

Example Management Tree./ ---------------------- DevInfo-------\ -- DevId ( local device ID ) -- Man ( Spiffy DM Products, Inc. ) -- Mod ( Spiffy-DM-Client ) -- DmV ( 1.1 ) -- Lang ( US-en ) -- DevDetail-----\ -- URI -- MaxDepth ( 10 ) -- MaxTotLen ( 255 ) -- MaxSegLen ( 255 ) -- DevType ( Phone ) -- OEM ( Spiffy DM Products, Inc ) -- FwV ( 1.0 ) -- SWV ( 1.0 ) -- HwV ( 1.0 ) -- LrgObj ( true ) -- SyncML-------\ -- DmAcc--------\ -- TestServer---\ -- Addr ( http://www.spiffydm.com/manage ) -- AddrType ( 1 ) -- ConfRef (./SyncML/Con ) -- ServerId( spiffy ) -- ServerPW( spiffy-pword ) -- UserName ( client ) -- ClientPW ( client-pword ) -- ClientNonce ( ) -- Con

Management Tree ACLs ACL = Access Control List Each node in the Tree has an ACL Each ACL has: Server name Server rights General permissions for servers not listed Example: Add=www.sonera.fi&Delete=www.sonera.f&Replace=www.sonera.fi+Mgmt.ibm.c om&get=* Only comes into play with multiple management authorities

Security DM security Most communication requires use of a certificate as part of mutual authentication. Transport security Mutual authentication required for transports that support mutual authentication (such as HTTPS). HTTP must use either TLS 1.0 or SSL 3.0 with a set of 128 bit or greater cipher suites. Message Integrity checks SHA-1 based hash (using message and shared secret) can be used to reduce man-in-the-middle attacks. Nonces used to reduce replay attacks as well.

Bootstrapping How a device is brought from clean state to a state where it is capable to initiate a management session with a specific management authority. Previously bootstrapped devices may be further bootstrapped for additional servers. Bootstrap messages can arrive At the factory (not defined by OMA DM) Server initiated (via SMS, WAP Push, or OBEX) Smartcard initiated Information installed via smartcard is removed when the smartcard is removed

DM DDF DM DDF - Device Description Framework Provides for a means to publish capabilities of a device Intent is for manufacturers to create a device configuration document using DDF, and publish in a well-known location DDF is also used for description of MOs. Very limited subset of XML Specifically created for computer consumption Made small for limited devices

Recent OMA DM Work Items (1/2) Scheduling (OMA work item 109) A MO that will interact with a scheduling agent on the device to have DM commands occur at scheduled times. Diagnostic / Monitoring (OMA work item 116) A set of MOs that will allow a server to monitor a device s performance, diagnose problems, etc. Connectivity MO (OMA work item 123) A set of MOs that will allow for provisioning of connectivity for 3GPP, 3GPP2, and WLAN. Based upon published specifications from other SDOs. Gateway Management Object (GwMO) (OMA work item 200) Enables management of devices where there is no direct communication between DM Server and DM Client includes devices behind gateways and firewalls, and devices supporting management protocols other than OMA DM

Recent OMA DM Work Items (2/2) Smartcard Management (OMA work item 126) A set of MOs to read and write data on smart cards, as well as use some of the security functions on the smart cards. Software Component Management (OMA work item 121) A set of MOs to manage software components on devices Lock and Wipe MO (OMA work item 144) Allows for remote locking and wiping of a device (e.g. to disable a stolen device) Device Capability MO (OMA work item 139) Allows for selective enable/disable of device capabilities (such as camera)

Use of OMA DM in other SDOs 3GPP Has used OMA DM to specify management objects for IMS, H(e)NB Closed Subscriber Group (CSG) lists and Access Network Discovery and Selection Function (ANDSF) 3GPP2 CDMA Operational Parameters MO, CDMA Packet Data MO OMA Several OMA enablers have defined MOs to manage their configuration data (MMS, PoC, LOC, DS, SEC, etc.) WiMAX mo_ext_wimax-v1_0, mo_ext_wimax-supp-v1_0 Registration of MOs on the OMA website http://www.openmobilealliance.org/technical/omna/omnadm_mo-registry.aspx

Operators and DM OMA DM has been deployed by numerous mobile operators, including AT&T, BT, T-Mobile, Telefonica, Orange, TeliaSonera, Vodafone, and Telecom Italia OMA DM is present in over half of the installed base of handsets, and forecast to be in 84% of the handsets sold in 2009 (Source: Ovum)

Other Management Protocols Distributed Mgmt Task Force (DMTF) DASH Primarily used for managing computers. Also known as WS- Management. Broadband Forum TR-069 Primarily used for managing DSL modems and attached hardware. CableLabs DOCSIS Primarily used for managing cable boxes and attached hardware. OMA Client Provisioning (CP) Older protocol adopted by WAP Forum. Does not have the ability to query settings on a device. IETF Simple Network Management Protocol (SNMP) Similar to OMA DM in architecture, but designed specifically for network devices that are continuously connected to the network.

Conclusions OMA Device Management provides many of the functions needed for managing Smart Devices TR-50 should consider the use of OMA DM to meet its device management related requirements