A Technical White Paper



Similar documents
Cisco Mobile Collaboration Management Service

Using Entrust certificates with VPN

System Center Mobile Device Manager 2008 Service Pack 1 Security Target

How Microsoft IT manages mobile device management

Mobile Device Management for CFAES

Windows Phone 8.1 in the Enterprise

Windows Phone 8.1 Mobile Device Management Overview

WINDOWS SERVER SMALL BUSINESS SOLUTIONS. Name: Marko Drev

Samsung Mobile Security

Security Considerations for DirectAccess Deployments. Whitepaper

How To Use Windows Small Business Server 2011 Essentials

Ensuring the security of your mobile business intelligence

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Wyse Device Manager TM

BENEFITS OF MOBILE DEVICE MANAGEMENT

Mobile Device Management A Functional Overview

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Maximize the Productivity of Your Help Desk With Proxy Networks Remote Support Software

Systems Manager Cloud Based Mobile Device Management

The Top 5 Federated Single Sign-On Scenarios

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

User-Centric Client Management with System Center 2012 Configuration Manager in Microsoft IT

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Enterprise Mobility as a Service

Total Enterprise Mobility. Norbert Elek

Configuring and Deploying a Private Cloud 20247C; 5 days

AVG Business SSO Connecting to Active Directory

NETWRIX ACCOUNT LOCKOUT EXAMINER

DriveLock and Windows 7

Athena Mobile Device Management from Symantec

Windows Small Business Server 2011 Premium Add-on

System Requirements for Microsoft Dynamics GP 2013

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Cortado Corporate Server

GlobalProtect Overview

Rethink Remote Access

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

Sophos Mobile Control Technical guide

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

The safer, easier way to help you pass any IT exams. Exam : Core Solutions of Microsoft SharePoint Server 2013.

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

The Essential Security Checklist. for Enterprise Endpoint Backup

Corepoint Community Exchange Features and Value - Overview

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

etoken TMS (Token Management System) Frequently Asked Questions

Good for Enterprise Good Dynamics

Configuring and Deploying a Private Cloud

Employee Active Directory Self-Service Quick Setup Guide

Course 2823B: Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008 (MS6416)

Provide access control with innovative solutions from IBM.

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

DIRECTORY PASSWORD V1.2 Quick Start Guide

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Updating Your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

When enterprise mobility strategies are discussed, security is usually one of the first topics

Deploying F5 Application Ready Solutions with VMware View 4.5

How To Manage A Mobile Device Management (Mdm) Solution

Softerra Adaxes Enterprise Directory Solution

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

PSN compliant remote access Whitepaper

Kaseya IT Automation Framework

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Introduction to the Mobile Access Gateway

Copyright 2013, 3CX Ltd.

Remote MasterMind for Mobility. Mobile Device Management Software

Fundamentals of a Windows Server Infrastructure MOC 10967

Integrating F5 Application Delivery Solutions with VMware View 4.5

HOTPin Integration Guide: DirectAccess

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Enterprise Mobility Services

McAfee Enterprise Mobility Management

PortWise 4.7. PortWise Sales FAQ. Sales FAQ & Licensing Guide

PMDP is simple to set up, start using, and maintain

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

ADDING STRONGER AUTHENTICATION for VPN Access Control

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

Business Value of Microsoft System Center 2012 Configuration Manager

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

MaaS360 Mobile Enterprise Gateway

NETWRIX IDENTITY MANAGEMENT SUITE

Transcription:

A Technical White Paper

An Introduction for Technical Audiences Abstract This white paper provides an overview of Microsoft System Center Mobile Device Manager 2008, an end-to-end solution for provisioning, securing, and managing Windows Mobile 6.1 devices in a corporate network. By focusing on the key mobile device challenges faced by IT administrators including management, control, maintenance, device security, and support this paper discusses how System Center Mobile Device Manager helps IT administrators save time and reduce costs. The paper also introduces improved features from the latest Mobile Device Manager Service Pack 1 (SP1) enhancements and provides an overview of the long-term benefits of this end-to-end mobile device management enterprise solution. Introduction to System Center Mobile Device Manager 2008 With today s mobile workforces, IT staff are required to manage an ever-expanding fleet of mobile devices and ensure that every device is authorized, has secure access and adequate permissions on the network, and does not compromise the security of corporate data. IT professionals need a flexible, end-to-end solution that helps them ease the process of securing and managing devices within a corporate network, while providing a more secure, single-point access for line-of-business (LOB) applications and corporate data. Mobile Device Manager is a comprehensive, reliable, and low-cost management solution that can be easily deployed into an enterprise s existing Microsoft infrastructure. Designed to address the three core requirements of IT professionals security, device management, and Mobile VPN Mobile Device Manager is a solution that helps administrators to efficiently address the growing need for increased security and manageability of Windows Mobile 6.1 devices within a network. Security Management Mobile Device Manager provides a security management platform for Windows Mobile 6.1 devices with more than 130 policy settings and built-in mechanisms that help prevent the misuse of corporate data. Administrators can lock down many areas of the Windows Mobile 6.1 devices, including certain communications and device functionality, while exercising significant control over the software that can be installed on devices. Device Management Mobile Device Manager is a simple and comprehensive solution for distributing software to Windows Mobile 6.1 devices and maintaining an inventory of devices in a complex organizational environment. Mobile Device Manager enables device enrollment through over-the-air (OTA) provisioning and bootstrapping. It also helps IT administrators streamline device management 2

through role-based administration, MMC snap-ins, and Microsoft Windows PowerShell commandlets. Comprehensive reporting tools within Mobile Device Manager provide IT professionals with improved visibility of devices and help reduce the cost and complexity of managing devices within a corporate network. Mobile VPN Mobile Device Manager provides a single point for security-enhanced, behind-the-firewall access to corporate data and LOB applications. With Mobile Device Manager, administrators can facilitate security through a mobile-optimized, IPsec-based Mobile VPN link. The Mobile VPN link secures wireless communications between a mobile device and corporate servers by establishing an IPsec tunnel between the device and the Gateway Server. There is no dependency or requirement for SSL encryption. However, if there is SSL-encrypted traffic from another source (such as ISA Server 2006), Mobile Device Manager s IPsec tunnel can envelop this. (See the diagram at the end of this document for details.) This combination of IPsec VPN and SSL encryption lends a definite edge over other systems that generally rely on a single security barrier. With features such as fast reconnect and session persistence, Mobile VPN helps maximize user productivity in mobile environments. Mobile Device Manager 2008 SP1 Enhancements Mobile Device Manager SP1 helps provide organizations with even greater security management and device management with performance improvements, bug fixes, and enhanced feature updates. For added device management capabilities, Mobile Device Manager SP1 now offers the following enhanced features: Windows Server 2008 Compatibility: Mobile Device Manager SP1 is designed to run against a domain/forest running Windows Server 2008 Active Directory Domain Services. Multiple Instance: Mobile Device Manager SP1 with Multiple Instance enables organizations to deploy more than one instance of Mobile Device Manager within the same Active Directory Forest, and helps support enterprises deploying more than 30,000 mobile devices within a single forest. Enrollment Auto Discovery (available at Remote Console): Mobile Device Manager SP1 eases the user enrollment experience by allowing the user to initiate the enrollment process without entering complex Fully Qualified Domain Names (FQDN) or URLs. Enrollment Auto Discovery matches the user with the correct Mobile Device Manager instance, eliminating any guesswork and mismatch. PIN Reset (available at Remote Console): Mobile Device Manager SP1 allows users to request a PIN reset on their current device, which can be initiated by the IT helpdesk or directly by the user via a Self Service Portal (SSP). If the user is unable to unlock his or her device as a result of a forgotten or lost PIN, PIN Reset gets the user back up and running in a fast and predictable manner. Performance and Scalability: Mobile Device Manager SP1 increases system/server capacity to 40,000 users from Mobile Device Manager 2008 levels. Virtualization: Mobile Device Manager SP1 has Hyper-V support using hosted Windows Server 2003 for testing purposes. 3

IT Solutions for Mobile Challenges This section of the white paper underlines the benefits of Mobile Device Manager by presenting real-life scenarios pertaining to device management, security management, and Mobile VPN. Device Management with Mobile Device Manager In an enterprise network, IT administrators often have to rely on multiple management solutions to configure, manage, track, and target mobile devices in a corporate network. System Center Mobile Device Manager allows administrators to address device management needs through a single, easy-to-use package. This reduces the cost of purchasing and maintaining a proprietary solution as well as the time spent learning it. Seamless over-the-air device enrollment. A simple, one-time device enrollment wizard results in fewer user-related logon issues, reducing the pressure on the IT helpdesk. Since Mobile Device Manager leverages Active Directory and certificate services, device enrollment and configuration is now simpler and more convenient. The new Mobile Device Manager SP1 offers Enrollment Auto Discovery, which eases the user enrollment experience and alleviates IT helpdesk pressure even more. Efficient software distribution. Mobile Device Manager distributes software and sends updates OTA, making the task of software distribution to multiple managed phones significantly easier and reducing device downtime. Simplified tracking through rich inventory and reporting. Mobile Device Manager has rich inventory and add-on reporting capabilities that provide detailed reporting of device hardware and installed software. Along with a Microsoft SQL Server based infrastructure, administrators can easily keep track of devices within the enterprise network. Delegation of tasks through role-based administration. The role-based administration capability within Mobile Device Manager lets administrators delegate tasks on the basis of functions; simplify the tracking and deployment of devices; and focus on management, inventory, and reporting. Additionally, the Mobile Device Manager Self-Help portal allows IT administrators to grant user access for basic device management functions including device wipe and creating new enrollment records reducing users reliance on the IT helpdesk. Security Management with Mobile Device Manager Since mobile devices can potentially hold confidential corporate and personal data, the loss or theft of these devices poses a significant security risk for an organization. Ensuring that every device is protected from misuse is a challenge. Mobile Device Manager diminishes the risk of a security breach with mechanisms that help provide security to sensitive data. Anti-theft mechanisms. Mobile Device Manager mitigates security risks through on-device file encryption of sensitive corporate information. When a device is lost or stolen, Mobile Device Manager allows administrators to execute a remote device wipe when the device is online and connected to the VPN, preventing the misuse of critical data. 4

Granular device control. Mobile Device Manager s robust security management platform allows administrators to lock down several areas of a Windows Mobile 6.1 device, including communications or even device functionalities like Bluetooth, SMS/MMS, WLAN, POP/IMAP, and e-mail. Application-level control. With Mobile Device Manager, administrators have significant control over Windows Mobile 6.1 devices within an enterprise by providing administrators with access to more than 130 policy settings. These policies enable mobile devices to be listed and managed, allowing control over many of the applications that users might install on their devices. Mobile VPN with Mobile Device Manager Administrators need to be certain that mobile devices connect to the corporate network over a secure connection. With the help of Mobile VPN, Mobile Device Manager ensures that Windows Mobile 6.1 device users access their corporate network (via a network service provider or a corporate Wi-Fi connection) through an encrypted link. As a result, Windows Mobile 6.1 device users gain security-enhanced, behind-the-firewall access to corporate data and LOB applications. Secure data access. Administrators are challenged with ensuring that communications between an authenticated mobile device and the corporate intranet are secure. With Mobile Device Manager, administrators can allow or deny a secure network access connection between a Windows Mobile 6.1 device and an organization s network. LOB-authenticated access. Mobile device users are often required to access an organization s LOB application servers. With Mobile Device Manager, administrators can allow or deny a secure network access connection between a Windows Mobile 6.1 device and an organization s LOB application servers. Session persistence and fast reconnect. The session persistence and fast reconnect feature in Mobile Device Manager allows users to reconnect to the corporate intranet without reauthenticating or losing session history, resulting in an increasingly seamless and trouble-free user experience. 5

System Center Mobile Device Manager A Comprehensive Mobile Device Management Solution Mobile Device Manager is a reliable, end-to-end solution that can easily scale to manage the needs of an enterprise s growing mobile workforce. Not only is it easy to deploy in an existing Windows Server infrastructure, but as an organization grows and its mobile computing needs multiply, Mobile Device Manager has the capacity to scale accordingly. This section of the white paper examines the scalable architecture of Mobile Device Manager and provides details of the Microsoft products and technology it supports. High Scalability and Availability The Mobile Device Manager architecture supports different server configurations, depending on the organization s requirements. Mobile Device Manager servers allow for flexible implementation options, where server configurations can be planned to cater to small corporate network-integrated configurations and to complex load-balanced scenarios. Reduced Pressure on IT Helpdesk Transparent processes such as device enrollment, session persistence, fast reconnect, a Self-Help portal, and Mobile Device Manager SP1 s new PIN Reset feature enable Windows Mobile 6.1 device users to self-manage many facets of their devices, resulting in reduced dependency on IT support. This frees up valuable hours for the helpdesk team, enabling them to become more responsive and efficient while resolving user issues. Greater Control of Mobile Devices Mobile Device Manager allows for an unprecedented degree of control over mobile devices and their usage through comprehensive security management policies and granular targeting of groups of users and/or devices to define and enforce IT security and management policies. Through Active Directory integration, it allows for the mobile device to be managed as a first-class citizen. Easier Deployment with Other Microsoft Products Mobile Device Manager is designed to support existing IT infrastructure in a corporate network, enabling an easier deployment. Mobile Device Manager leverages Windows Software Update Services (WSUS) 3.0 with Service Pack 1 to allow applications to be distributed to managed devices. WSUS must be installed on the DM Server prior to installing Mobile Device Manager. Mobile Device Manager leverages existing Microsoft products and services like Active Directory, Certificate Authorities, SQL Server, Internet Information Services (IIS) 6.0, and Microsoft.NET Framework version 2.0 to provide IT administrators with an easy-to-deploy management solution. In addition, Mobile Device Manager must be installed on servers running a minimum of Windows Server 2003 SP2 64-bit editions. Because of Mobile Device Manager s extensible platform, IT professionals are able to include support for any operating system feature or application through administrative (ADM) templates and the Registry Configuration Service Provider (CSP). In case of LOB application servers, Mobile Device Manager enables Windows Mobile 6.1 devices to securely access mailboxes residing on Microsoft Exchange Servers and custom Web based services hosted on application servers. 6

Summary Mobile Device Manager 2008 SP1 is a comprehensive server solution for the management of Windows Mobile 6.1 phones. It empowers IT professionals to provide highly secure data and network access for their mobile workforce and define a strong and flexible IT security policy, while retaining a high degree of control over their mobile device usage without sacrificing ease of usability. Mobile Device Manager SP1 is easy to deploy, integrate, and maintain with existing IT infrastructure and is highly scalable for efficient mobile device management and provisioning. In summary, it is the single point of management for Windows Mobile 6.1 devices in the enterprise. Resources For more information on Mobile Device Manager SP1, see www.windowsmobile.com For more information on Windows Mobile devices for business, see http://www.windowsmobile.com/business 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information