Dell World
Software User Forum 2013
December 9 - 12 | Austin, TX
Overview of Cloud Client Manager and integration
with KACE K1000
Introducing Dell Enterprise Mobility Management
Your devices, your users, your mobile strategy
• Complete, secure endpoint management • Secure enterprise workspace on all devices • Secure access to enterprise data
• Integrated console management • User self-service
• Identity management
• Business apps and services you need • Flexibility for future-proofing
Endpoint management Smartphones Tablets Cloud clients M2M Laptops Desktops Smartphones Tablets Laptops Container management
•
What is Cloud Client Manager?
•
Benefits of Multi-tenant SaaS Architecture
•
Mobility Management Capabilities (Device Mgmt focus)
•
Integration with K1000
•
Q&A
Cloud Client
5 Software
•
Cloud-based, multi-tenant platform
• Scale low, scale high: 1-100,000 devices per tenant
• Pay as you go: Offered as “Software as a Service” (SaaS) subscription
•
Manages wide range of devices and assets
• Mobile Devices, Cloud Clients, “Ophelia”, Applications, etc
• In this session we will focus on Mobile Devices (smartphones & tablets)
•
User-centric and device-centric views with robust policy-based
management
•
Real-time alerts, events, and analytics
What is Cloud Client Manager?
6 Software
•
Streamline deployments
• Instant online trial of your production tenant • No management software required to install
• Scale without concern to 10K devices and beyond • Remain up to date without lifting a finger
•
Built-in security
• All communication secured over SSL
• State of the art datacenters with 24x7 manned security (physical, network, operational)
• Compliance & Certifications:
• SSAE16 SOC1 Type 2 Audited datacenter operations, US-EU & US-Switzerland Safe Harbor, PCI Level 1 Service
Provider, Cloud Security Alliance- member, CIISP, CCIE, CISA certified internal auditor,etc
Benefits of our Multi-tenant SaaS architecture
•
Access admin console from any device with a modern web browser and
public internet access
•
Manage devices regardless of their location (on-premise, public network,
behind firewall,etc)
• iOS devices: APNS (Apple push notification system) • Other devices: Dell custom PNS implementation
Benefits of our Multi-tenant SaaS architecture (cont.)
Getting a Device
Support for management of iOS and Android smartphones & tablets
iOS Device Requirements
• iPhones & iPads running iOS 5 & up • Apple APNS certificate required • Connectivity Requirements:
• TCP port 443 (outbound) to https://us1.cloudclientmanager.com • TCP port 80 (outbound) to https://us1.cloudclientmanager.com
• TCP port 8443 (outbound) to us1-mdm.cloudclientmanager.com • TCP port 5223 (outbound) - for Apple APNS
Mobile Device Support
Android Device Requirements
• Devices running Android OS 2.3 & up • Connectivity Requirements:
• Users page: Only users with “Mobile User” role may register devices
Creating Mobile Users
• 2 types of “Mobile User” accounts:
1. Local CCM Account: User information, group assignment, account status are managed locally
2. AD-Synced CCM Account
Active Directory Connector
Creating Mobile Users
• On-premises application to retrieve account info from Active Directory and publish to cloud
• Two operation modes:
1. Bulk Import: Select AD Groups to publish users
to Cloud Client Manager. Once imported into admin console, users are assigned to groups & managed locally
2. Manual AD Sync: Select/Prioritize AD Groups
and import AD users into CCM. User accounts are read-only in console and are updated on subsequent syncs from AD Connector
Local credentials & SSO authentication
1. Local Credentials – 3 options:
A. Random per-user password
B. Group-based password
C. Customized per-user password
Mobile User Credentials
Two Authentication methods supported for: Admin console login; Self-service portal login; device registration:
2. Domain Credentials: Single Sign-On via CCM
Email invitations can be sent to simplify end-user registration
•
Pre-defined templates
• Select device types to send invitation, and client/clientless (iOS only) registration • Select credential type (local or domain credentials)
Client & Clientless (iOS only) device registration
• Client Registration (iOS & Android)
• CCM Agent (via App Store and Google Play)
• CCM Account Credentials or domain credentials (SSO)
• Clientless Registration (iOS only)
• Self-Service portal
• iOS Agent - benefits:
• GPS location visibility • Jailbreak detection
• Review missing mandatory apps & installed restricted apps
Device Visibility &
Real-Time
Visibility of Registered Devices
• Inventory & Status:
• Device Location & Mobile Carrier
• System Info (OS version; Serial Number; SIM
info; Battery Level, etc.)
• Installed Apps
• Jailbroken/Rooted device detection
• Events history with audit trail
Device Management
• Compliance Status
• Compliance to device management &
application management policies
• Dashboard Alerts, User & Device details
Remote Management of Registered Devices
•
Send Real-Time remote commands to registered devices (iOS & Android):
• Query Device • Clear Passcode • Lock Device
• Send Message (128 characters – iOS requires CCM Agent) • Corporate Wipe (Unregister)
• Factory Wipe
Robust
iOS & Android device policies
• iOS Policies
• Device Settings: Passcode; Restrictions; Web Clips; AirPlay Devices;
AirPrint Printers; Fonts; Encryption
• Corporate Resources: Wi-Fi; VPN; Email (EAS, IMAP, POP); Certificates;
• Android Policies:
• Device Settings: Passcode; Restrictions;
• Corporate Resources: Wi-Fi; VPN; Encryption; Certificates
• Cloud Connect / “Ophelia”: Mobile computing device to securely access
corporate apps and content from cloud. Centrally managed by CCM, device can be locked down with enhanced policy over other Android-based devices - e.g. Enforce device to operate in Kiosk mode
Device Policies
• PocketCloud Integration (iOS & Android):
• Login with CCM credentials to receive RDP
Policy Hierarchy
Device Policies
• Applications can be set at multiple levels:
Global; Per-Group; Per-User; Per-Device
Policy Hierarchy – Streamlined Configuration
Device Policies
• Configuration wizard streamlines configuration at every level by auto-populating inherited policies
Indicator for policies
configured at current level Indicator for policy overrides
Settings configured at higher levels are shown with current
Mobile Application Management
• iOS & Android Application Management
• Public & Enterprise app stores • Mandatory App Policy
• iOS: Support to prevent data backup and remove app if no longer managed
• Restricted App Policy
• Application policies are configured on per-group basis • iOS VPP support (iOS 7+)
•
Create multiple administrators with full rights, read-only rights, or read-only
plus custom command rights
•
Audit log available of admin actions by name
Simple, secure connection of management console with on-premise services:
•
Active Directory User Import (one-time bulk import, or “sync”)
•
Active Directory Single SignOn
•
KACE K1000 inventory integration
1.
Cloudclientmanager.com “Start a free trial!”
2.
Fill out form to create account
3.
You are ready to log into CCM console!
Note: Trial gives you access to full functionality for
14-days
Today: Instant Trial of Cloud Client Manager
Coming Soon : Trial the entire Enterprise Mobility Management solution.
Local Accounts
Creating Mobile Users
• Three ways to configure a local CCM account as a “Mobile User” 1. Users page
2. Add “Mobile User” role to a Portal Administrator
AD-Synced Account
• Use AD Connector to import AD users into CCM admin console
• Select the AD Groups to sync with Cloud Client Manager
• Prioritize AD Groups (from AD Connector to manage conflicts) • To update AD-synced accounts, re-publish from AD Connector
• User info, group assignment, account status are automatically updated & device policies are also updated
CCM supports local credentials and authentication via SSO
1.
Local Credentials – 3 options:
A. Random per-user password
B. Group-based password
C. Customized per-user password
CCM supports local credentials and authentication via SSO
2.
Domain Credentials
• Single Sign-On: CCM On-Premises Gateway configuration
to support domain authentication • Supported for self-service view • Supported for device registration
