Dell World Software User Forum 2013 December 9-12 Austin, TX SaaS Mobile Management Overview of Cloud Client Manager and integration with KACE K1000
Introducing Dell Enterprise Mobility Management Your devices, your users, your mobile strategy Complete, secure endpoint management Secure enterprise workspace on all devices Secure access to enterprise data Integrated console management User self-service Comprehensive mobile enablement Endpoint management Container management Smartphones Tablets Smartphones Cloud clients Tablets M2M Identity management Business apps and services you need Flexibility for future-proofing Laptops Desktops Laptops 2 Software
Agenda What is Cloud Client Manager? Benefits of Multi-tenant SaaS Architecture Mobility Management Capabilities (Device Mgmt focus) Integration with K1000 Q&A 3 Software
Cloud Client Manager Overview 4 Software
What is Cloud Client Manager? Manage users, devices, and their access to company assets Cloud-based, multi-tenant platform Scale low, scale high: 1-100,000 devices per tenant Pay as you go: Offered as Software as a Service (SaaS) subscription Manages wide range of devices and assets Mobile Devices, Cloud Clients, Ophelia, Applications, etc In this session we will focus on Mobile Devices (smartphones & tablets) User-centric and device-centric views with robust policy-based management Real-time alerts, events, and analytics 5 Software
Benefits of our Multi-tenant SaaS architecture Effortless, secure deployment and scalability Streamline deployments Instant online trial of your production tenant No management software required to install Scale without concern to 10K devices and beyond Remain up to date without lifting a finger Built-in security All communication secured over SSL State of the art datacenters with 24x7 manned security (physical, network, operational) Compliance & Certifications: SSAE16 SOC1 Type 2 Audited datacenter operations, US-EU & US-Switzerland Safe Harbor, PCI Level 1 Service Provider, Cloud Security Alliance- member, CIISP, CCIE, CISA certified internal auditor,etc 6 Software
Benefits of our Multi-tenant SaaS architecture (cont.) Manage users and devices from anywhere Access admin console from any device with a modern web browser and public internet access Manage devices regardless of their location (on-premise, public network, behind firewall,etc) ios devices: APNS (Apple push notification system) Other devices: Dell custom PNS implementation 7 Software
Getting a Device Under Management 8 Software
Mobile Device Support Support for management of ios and Android smartphones & tablets ios Device Requirements iphones & ipads running ios 5 & up Apple APNS certificate required Connectivity Requirements: TCP port 443 (outbound) to https://us1.cloudclientmanager.com TCP port 80 (outbound) to https://us1.cloudclientmanager.com TCP port 8443 (outbound) to us1-mdm.cloudclientmanager.com TCP port 5223 (outbound) - for Apple APNS Android Device Requirements Devices running Android OS 2.3 & up Connectivity Requirements: TCP port 443 (outbound) to https://us1.cloudclientmanager.com TCP port 1883 (outbound) to us1-pns.cloudclientmanager.com 9 Software
Creating Mobile Users Users page: Only users with Mobile User role may register devices 2 types of Mobile User accounts: 1. Local CCM Account: User information, group assignment, account status are managed locally 2. AD-Synced CCM Account User Information, group assignment, account status are imported from AD (read-only) AD-synced accounts are indicated in server with AD icon 10 Software
Creating Mobile Users Active Directory Connector On-premises application to retrieve account info from Active Directory and publish to cloud Two operation modes: 1. Bulk Import: Select AD Groups to publish users to Cloud Client Manager. Once imported into admin console, users are assigned to groups & managed locally 2. Manual AD Sync: Select/Prioritize AD Groups and import AD users into CCM. User accounts are read-only in console and are updated on subsequent syncs from AD Connector Operation mode is managed from Admin Console (Portal Admin > On-Premises) 11 Software
Mobile User Credentials Local credentials & SSO authentication Two Authentication methods supported for: Admin console login; Self-service portal login; device registration: 1. Local Credentials 3 options: A. Random per-user password B. Group-based password C. Customized per-user password 2. Domain Credentials: Single Sign-On via CCM On- Premises Gateway for domain authentication 12 Software
Mobile User Email Invitations Email invitations can be sent to simplify end-user registration Pre-defined templates Select device types to send invitation, and client/clientless (ios only) registration Select credential type (local or domain credentials) 13 Software
Device Registration Client & Clientless (ios only) device registration Client Registration (ios & Android) CCM Agent (via App Store and Google Play) CCM Account Credentials or domain credentials (SSO) Clientless Registration (ios only) Self-Service portal ios Agent - benefits: GPS location visibility Jailbreak detection Review missing mandatory apps & installed restricted apps 14 Software
Device Visibility & Real-Time Commands 15 Software
Device Management Visibility of Registered Devices Compliance Status Compliance to device management & application management policies Dashboard Alerts, User & Device details status Inventory & Status: Device Location & Mobile Carrier System Info (OS version; Serial Number; SIM info; Battery Level, etc.) Installed Apps Jailbroken/Rooted device detection Events history with audit trail 16 Software
Device Management Remote Management of Registered Devices Send Real-Time remote commands to registered devices (ios & Android): Query Device Clear Passcode Lock Device Send Message (128 characters ios requires CCM Agent) Corporate Wipe (Unregister) Factory Wipe 17 Software
Robust Policy- Based Management 18 Software
Device Policies ios & Android device policies ios Policies Device Settings: Passcode; Restrictions; Web Clips; AirPlay Devices; AirPrint Printers; Fonts; Encryption Corporate Resources: Wi-Fi; VPN; Email (EAS, IMAP, POP); Certificates; Android Policies: Device Settings: Passcode; Restrictions; Corporate Resources: Wi-Fi; VPN; Encryption; Certificates Cloud Connect / Ophelia : Mobile computing device to securely access corporate apps and content from cloud. Centrally managed by CCM, device can be locked down with enhanced policy over other Androidbased devices - e.g. Enforce device to operate in Kiosk mode PocketCloud Integration (ios & Android): Login with CCM credentials to receive RDP profiles 19 Software
Device Policies Policy Hierarchy Applications can be set at multiple levels: Global; Per-Group; Per-User; Per-Device Group/User/Device policy summary views provide clear insight into consolidated policy at each policy level 20 Software
Device Policies Policy Hierarchy Streamlined Configuration Configuration wizard streamlines configuration at every level by auto-populating inherited policies Settings configured at higher levels are shown with current configuration Indicator for policy overrides Indicator for policies configured at current level 21 Software
Device Management Mobile Application Management ios & Android Application Management Public & Enterprise app stores Mandatory App Policy ios: Support to prevent data backup and remove app if no longer managed Restricted App Policy Application policies are configured on per-group basis ios VPP support (ios 7+) 22 Software
Portal Admin Options 23 Software
Role-based Administration Create multiple administrators with full rights, read-only rights, or read-only plus custom command rights Audit log available of admin actions by name 24 Software
Subscription Insight 25 Software
Registration Restrictions 26 Software
On-premise Gateway Simple, secure connection of management console with on-premise services: Active Directory User Import (one-time bulk import, or sync ) Active Directory Single SignOn KACE K1000 inventory integration 27 Software
Inventory Sharing with KACE K1000 28 Software
How do I sign up? 29 Software
Today: Instant Trial of Cloud Client Manager 1. Cloudclientmanager.com Start a free trial! 2. Fill out form to create account 3. You are ready to log into CCM console! Note: Trial gives you access to full functionality for 14- days Coming Soon : Trial the entire Enterprise Mobility Management solution. Stay tuned for more announcements regarding CCM s role in and support of Dell s Enterprise Mobility Management solution. 30 Software
Q&A 31 Software
32 Software
Appendix 33 Software
Creating Mobile Users Local Accounts Three ways to configure a local CCM account as a Mobile User 1. Users page 2. Add Mobile User role to a Portal Administrator 3. CCM AD Connector in Bulk Import mode 34 Software
Creating Mobile Users AD-Synced Account Use AD Connector to import AD users into CCM admin console Select the AD Groups to sync with Cloud Client Manager Prioritize AD Groups (from AD Connector to manage conflicts) To update AD-synced accounts, re-publish from AD Connector User info, group assignment, account status are automatically updated & device policies are also updated 35 Software
Mobile User Credentials CCM supports local credentials and authentication via SSO 1. Local Credentials 3 options: A. Random per-user password B. Group-based password C. Customized per-user password 36 Software
Mobile User Credentials CCM supports local credentials and authentication via SSO 2. Domain Credentials Single Sign-On: CCM On-Premises Gateway configuration to support domain authentication Supported for self-service view Supported for device registration 37 Software