• No results found

A Technical White Paper

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "A Technical White Paper"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)
(2)

Abstract

This white paper provides an overview of Microsoft® System Center Mobile Device Manager 2008, an end-to-end solution for provisioning, securing, and managing Windows Mobile 6.1 devices in a corporate network. By focusing on the key mobile device challenges faced by IT administrators— including management, control, maintenance, device security, and support—this paper discusses how System Center Mobile Device Manager helps IT administrators save time and reduce costs. The paper also introduces improved features from the latest Mobile Device Manager Service Pack 1

(SP1) enhancements and provides an overview of the long-term benefits of this end-to-end mobile

device management enterprise solution.

Introduction to System Center Mobile Device

Manager 2008

With today’s mobile workforces, IT staff are required to manage an ever-expanding fleet of mobile

devices and ensure that every device is authorized, has secure access and adequate permissions on the network, and does not compromise the security of corporate data. IT professionals need a

flexible, end-to-end solution that helps them ease the process of securing and managing devices

within a corporate network, while providing a more secure, single-point access for line-of-business (LOB) applications and corporate data. Mobile Device Manager is a comprehensive, reliable, and low-cost management solution that can be easily deployed into an enterprise’s existing Microsoft infrastructure. Designed to address the three core requirements of IT professionals—security, device management, and Mobile VPN—Mobile Device Manager is a solution that helps

administra-tors to efficiently address the growing need for increased security and manageability of Windows

Mobile® 6.1 devices within a network.

Security Management

Mobile Device Manager provides a security management platform for Windows Mobile 6.1 devices with more than 130 policy settings and built-in mechanisms that help prevent the misuse of corporate data. Administrators can lock down many areas of the Windows Mobile 6.1 devices,

including certain communications and device functionality, while exercising significant control over

the software that can be installed on devices.

Device Management

Mobile Device Manager is a simple and comprehensive solution for distributing software to Windows Mobile 6.1 devices and maintaining an inventory of devices in a complex organizational environment. Mobile Device Manager enables device enrollment through over-the-air (OTA)

An Introduction for Technical Audiences

(3)

through role-based administration, MMC snap-ins, and Microsoft Windows PowerShell™ com-mandlets. Comprehensive reporting tools within Mobile Device Manager provide IT professionals with improved visibility of devices and help reduce the cost and complexity of managing devices within a corporate network.

Mobile VPN

Mobile Device Manager provides a single point for security-enhanced, behind-the-firewall access

to corporate data and LOB applications. With Mobile Device Manager, administrators can facilitate security through a mobile-optimized, IPsec-based Mobile VPN link. The Mobile VPN link secures wireless communications between a mobile device and corporate servers by establishing an IPsec tunnel between the device and the Gateway Server. There is no dependency or requirement for

SSL encryption. However, if there is SSL-encrypted traffic from another source (such as ISA Server

2006), Mobile Device Manager’s IPsec tunnel can envelop this. (See the diagram at the end of this

document for details.) This combination of IPsec VPN and SSL encryption lends a definite edge over

other systems that generally rely on a single security barrier. With features such as fast reconnect and session persistence, Mobile VPN helps maximize user productivity in mobile environments.

Mobile Device Manager 2008 SP1 Enhancements

Mobile Device Manager SP1 helps provide organizations with even greater security management

and device management with performance improvements, bug fixes, and enhanced feature

updates. For added device management capabilities, Mobile Device Manager SP1 now offers the following enhanced features:

Windows Server® 2008 Compatibility: Mobile Device Manager SP1 is designed to run against a

domain/forest running Windows Server 2008 Active Directory Domain Services.

Multiple Instance: Mobile Device Manager SP1 with Multiple Instance enables organizations

to deploy more than one instance of Mobile Device Manager within the same Active Directory Forest, and helps support enterprises deploying more than 30,000 mobile devices within a single forest.

Enrollment Auto Discovery (available at Remote Console): Mobile Device Manager SP1 eases

the user enrollment experience by allowing the user to initiate the enrollment process without

entering complex Fully Qualified Domain Names (FQDN) or URLs. Enrollment Auto Discovery

matches the user with the correct Mobile Device Manager instance, eliminating any guesswork and mismatch.

PIN Reset (available at Remote Console): Mobile Device Manager SP1 allows users to request

a PIN reset on their current device, which can be initiated by the IT helpdesk or directly by the user via a Self Service Portal (SSP). If the user is unable to unlock his or her device as a result of a forgotten or lost PIN, PIN Reset gets the user back up and running in a fast and predictable manner.

Performance and Scalability: Mobile Device Manager SP1 increases system/server capacity to

40,000 users from Mobile Device Manager 2008 levels.

Virtualization: Mobile Device Manager SP1 has Hyper-V™ support using hosted Windows Server

(4)

IT Solutions for Mobile Challenges

This section of the white paper underlines the benefits of Mobile Device Manager by presenting

real-life scenarios pertaining to device management, security management, and Mobile VPN.

Device Management with Mobile Device Manager

In an enterprise network, IT administrators often have to rely on multiple management solutions to

configure, manage, track, and target mobile devices in a corporate network. System Center Mobile

Device Manager allows administrators to address device management needs through a single, easy-to-use package. This reduces the cost of purchasing and maintaining a proprietary solution as well as the time spent learning it.

Seamless over-the-air device enrollment

• . A simple, one-time device enrollment wizard

results in fewer user-related logon issues, reducing the pressure on the IT helpdesk. Since

Mobile Device Manager leverages Active Directory® and certificate services, device enrollment and configuration is now simpler and more convenient. The new Mobile Device Manager SP1

offers Enrollment Auto Discovery, which eases the user enrollment experience and alleviates IT helpdesk pressure even more.

Efficient software distribution. Mobile Device Manager distributes software and sends

updates OTA, making the task of software distribution to multiple managed phones significantly

easier and reducing device downtime.

Simplified tracking through rich inventory and reporting. Mobile Device Manager has rich inventory and add-on reporting capabilities that provide detailed reporting of device hardware and installed software. Along with a Microsoft SQL Server™–based infrastructure, administrators can easily keep track of devices within the enterprise network.

Delegation of tasks through role-based administration. The role-based administration capability within Mobile Device Manager lets administrators delegate tasks on the basis of func-tions; simplify the tracking and deployment of devices; and focus on management, inventory, and reporting. Additionally, the Mobile Device Manager Self-Help portal allows IT administra-tors to grant user access for basic device management functions—including device wipe and creating new enrollment records—reducing users’ reliance on the IT helpdesk.

Security Management with Mobile Device Manager

Since mobile devices can potentially hold confidential corporate and personal data, the loss or theft of these devices poses a significant security risk for an organization. Ensuring that every device

is protected from misuse is a challenge. Mobile Device Manager diminishes the risk of a security breach with mechanisms that help provide security to sensitive data.

Anti-theft mechanisms.

• Mobile Device Manager mitigates security risks through on-device

file encryption of sensitive corporate information. When a device is lost or stolen, Mobile Device

Manager allows administrators to execute a remote device wipe when the device is online and connected to the VPN, preventing the misuse of critical data.

(5)

Granular device control. Mobile Device Manager’s robust security management platform allows administrators to lock down several areas of a Windows Mobile 6.1 device, including communications or even device functionalities like Bluetooth, SMS/MMS, WLAN, POP/IMAP, and e-mail.

Application-level control. With Mobile Device Manager, administrators have significant

control over Windows Mobile 6.1 devices within an enterprise by providing administrators with access to more than 130 policy settings. These policies enable mobile devices to be listed and managed, allowing control over many of the applications that users might install on their devices.

Mobile VPN with Mobile Device Manager

Administrators need to be certain that mobile devices connect to the corporate network over a secure connection. With the help of Mobile VPN, Mobile Device Manager ensures that Windows Mobile 6.1 device users access their corporate network (via a network service provider or a corpo-rate Wi-Fi connection) through an encrypted link. As a result, Windows Mobile 6.1 device users gain

security-enhanced, behind-the-firewall access to corporate data and LOB applications.

Secure data access.

• Administrators are challenged with ensuring that communications between an authenticated mobile device and the corporate intranet are secure. With Mobile Device Manager, administrators can allow or deny a secure network access connection between a Windows Mobile 6.1 device and an organization’s network.

LOB-authenticated access. Mobile device users are often required to access an organization’s LOB application servers. With Mobile Device Manager, administrators can allow or deny a secure network access connection between a Windows Mobile 6.1 device and an organization’s LOB application servers.

Session persistence and fast reconnect.

• The session persistence and fast reconnect feature

in Mobile Device Manager allows users to reconnect to the corporate intranet without re-authenticating or losing session history, resulting in an increasingly seamless and trouble-free user experience.

(6)

System Center Mobile Device Manager—A

Comprehensive Mobile Device Management Solution

Mobile Device Manager is a reliable, end-to-end solution that can easily scale to manage the needs of an enterprise’s growing mobile workforce. Not only is it easy to deploy in an existing Windows Server infrastructure, but as an organization grows and its mobile computing needs multiply, Mobile Device Manager has the capacity to scale accordingly. This section of the white paper examines the scalable architecture of Mobile Device Manager and provides details of the Microsoft products and technology it supports.

High Scalability and Availability

The Mobile Device Manager architecture supports different server configurations, depending on the organization’s requirements. Mobile Device Manager servers allow for flexible implementation options, where server configurations can be planned to cater to small corporate network-integrated configurations and to complex load-balanced scenarios.

Reduced Pressure on IT Helpdesk

Transparent processes such as device enrollment, session persistence, fast reconnect, a “Self-Help” portal, and Mobile Device Manager SP1’s new PIN Reset feature enable Windows Mobile 6.1 device users to self-manage many facets of their devices, resulting in reduced dependency on IT support. This frees up valuable hours for the helpdesk team, enabling them to become more responsive and

efficient while resolving user issues.

Greater Control of Mobile Devices

Mobile Device Manager allows for an unprecedented degree of control over mobile devices and their usage through comprehensive security management policies and granular targeting of groups

of users and/or devices to define and enforce IT security and management policies. Through Active Directory integration, it allows for the mobile device to be managed as a first-class citizen.

Easier Deployment with Other Microsoft Products

Mobile Device Manager is designed to support existing IT infrastructure in a corporate network,

enabling an easier deployment. Mobile Device Manager leverages Windows Software Update Services (WSUS) 3.0 with Service Pack 1 to allow applications to be distributed to managed devices. WSUS must be installed on the DM Server prior to installing Mobile Device Manager. Mobile Device Manager leverages existing Microsoft products and services like Active Directory, Certificate

Authorities, SQL Server, Internet Information Services (IIS) 6.0, and Microsoft .NET Framework version 2.0 to provide IT administrators with an easy-to-deploy management solution. In addition, Mobile Device Manager must be installed on servers running a minimum of Windows Server 2003 SP2 64-bit editions. Because of Mobile Device Manager’s extensible platform, IT professionals are able to include support for any operating system feature or application through administrative

(ADM) templates and the Registry Configuration Service Provider (CSP).

In case of LOB application servers, Mobile Device Manager enables Windows Mobile 6.1 devices to securely access mailboxes residing on Microsoft Exchange Servers and custom Web–based services hosted on application servers.

(7)

Summary

Mobile Device Manager 2008 SP1 is a comprehensive server solution for the management of Windows Mobile 6.1 phones. It empowers IT professionals to provide highly secure data and

network access for their mobile workforce and define a strong and flexible IT security policy, while retaining a high degree of control over their mobile device usage without sacrificing ease

of usability. Mobile Device Manager SP1 is easy to deploy, integrate, and maintain with existing IT

infrastructure and is highly scalable for efficient mobile device management and provisioning. In

summary, it is the single point of management for Windows Mobile 6.1 devices in the enterprise.

Resources

For more information on Mobile Device Manager SP1, see www.windowsmobile.com

For more information on Windows Mobile devices for business, see

References

Download now ( PDF - 7 Page - 429.79 KB )

Related documents

White Paper: Managing Security on Mobile Phones

Nokia Security Service Manager (SSM) is a deployment system specifically designed to address the initial deployment, subsequent configuration management, and PKI related

Oral Health. Steps to a healthy mouth Use good oral hygiene. least twice each day with fluoride toothpaste. (ADA) Seal of Acceptance.

Treatment To maintain oral health, have regular dental and medical visits, use all prescribed medicines, and use good oral hygiene. See an oral health provider before you start

Comparative morphometry of Fasciola gigantica (Cobbold, 1855) and Fasciola hepatica (Linnaeus, 1758) coexisting in Philippine Carabao (Bubalus bubalis)

Coexisting individuals of Fasciola hepatica and Fasciola gigantica in livers of slaughtered carabaos grazed in Tacurong City, Sultan Kudarat, Mindanao, Philippines were

Dell Mobile Clinical Computing VMware View Solution. A Dell Technical White Paper

To address many of the common security pain points, Dell Mobile Clinical Computing (MCC) VMware View Solution leverages application and desktop virtualisation technology to

Microsoft Windows Server System White Paper

Network Access Protection, a platform for Microsoft® Windows Server® "Longhorn" (now in beta testing) and Windows Vista™ (now in beta testing), provides policy

Medford Housing Authority Executive Director Profile September 19, 2012

In addition, the Executive Director needs to be the public face of the MHA and become familiar with the Medford community and the regional housing and public administration community

Behavioral Functions of Stimuli Correlated with Transitions between Rich and Lean Schedules of Reinforcement

The present experiments assessed the reinforcing and aversive functions of the stimuli correlated with the transitions between rich and lean schedules using observing and

Social Capital, Well-Being, and Earnings: Theory and Evidence from Poland

Using a cross- section survey data set from the Polish “Social Diagnosis” program (2005 edition), we show that (i) bridging social capital in positively related to earnings in