CloudSync Mobile Device Management Technical Overview

(1)

CloudSync Mobile Device Management

Technical Overview

Version 1.0 CloudSync, Inc. 3103 Fife Court Denver, CO 80211 +1 (720) 221-4444 phone +1 (720) 221-2670 fax [email protected] www.cloudsync.com

(2)

CloudSync Mobile Device Management

Overview

CloudSync's Mobile Device Management software (MDM) allows you to remotely deploy software, security policies, and configurations to mobile devices such as PDA’s, smart phones, laptops, as well as to rugged, commercial data-collection devices

manufactured by Symbol, Intermec, PSC, HHP and others.

The ability to centralize the management of devices in multiple locations is essential to companies who understand the current high cost and inefficiency of end-user self-support and maintenance, an approach resulting in decreased productivity, increased security liability, and an exceptionally high cost of ownership. According to Gartner, the current total cost of ownership (TCO) for a single hand-held device is $2800 annually.

Product Options

The CloudSync server is software solution based on standard web server technology. CloudSync can be used as a “Subscription” service utilizing our servers within our data center, or installed on your servers through our “Enterprise” license.

CloudSync Modules

CloudSync offers 3 distinct modules to meet your device management needs.

1. The Device Manager is our based mobile device management product with all the features you will need to successfully manage your remote devices.

2. Remote Help Desk is dashboard solution designed to enable Help Desk organizations to quickly diagnosis and fix any issue that a user may have with their mobile device.

3. Access Control enables your to control what your users have access to on the mobile device.

Remote Help Desk Access Control Device Manager • Asset Management • File/Application Provisioning • Version Control • Performance Reporting • Time Synchronization • Remote Control • File Manager • Process Management • Messaging • Remote Reset • Policy Manager • Application Controller • Application Launcher • Desktop Replacement • Menu Bar Icons

(4)

Device Manager Module

Device Manager Features

The CloudSync Device Manager module is the core application for remotely managing your mobile devices. The Device Manager allows you to:

• View and filter your mobile devices, by location, health, groups and more • Remotely provision applications and files to your mobile device

• Receive periodic performance information from your mobile device, such as: o Running Processes / Applications

o Network configuration and status (SSID, IP’s, MAC, Access points, etc.) o Hardware and OS configuration

o Battery information o Memory usage

• Assign application packages, time zones and configurations to defined groups of devices

• Receive reports and alerts on the health and status of your mobile devices

(5)

Device Manager Architecture

With device manager, the mobile device initiates the interaction with the server utilizing standard Internet security protocols (Secure Socket Layer (SSL)) via standard Internet ports (port 443). The device in essence “pulls” required data, applications and

configurations from the CloudSync server.

CloudSync Servers Private Network Internet HTTPS (:443) _{HTTPS (:443)} HTTPS (:443)

Role Based Authentication Supports Multi-Tier Account Management

•Super Administrator •Account Administrator •Helpdesk Rep

•Account Manager All Device to Server communications

are encrypted, and transported as XML

Web Services (SOAP) over HTTPS Internet

(6)

Remote Help Desk Module

Features

The Remote Help Desk Module allows you to directly connect with the mobile device from your web-browser to perform various types of Help Desk functions such as:

• Remote Control the Mobile Device • Take a screen-shot of the mobile device • Enlarge the screen for training-purposes • Start/stop processes

• Install/Uninstall applications • Reset the mobile device (soft/hard)

• File explorer to copy, delete, download and upload files • Messaging tool to send a text message to that particular device

(7)

Remote Help Desk Architecture

To remotely manage your mobile devices they require a reachable IP address from your web-browser. If you are providing Help Desk support within your network you will more than likely have the ability to remote control and remotely access those devices (Scenario 2). However if you are providing Help Desk support out side of your network you will be required to VPN into your network to access those devices running within your corporate network (Scenario 1).

For smart phones over a cellular network, most carriers will provide a public IP address for that device, making remote access and control to that device not an issue.

Note: Having a reachable IP address is not required for the Device Manager or Access Control modules. Requires VPN or Reverse Proxy Internet Internet Port 7777, 80 or 443 (configurable) Internet Private Network

Scenario 2: Remote Management via Private Network

Scenario 1: Remote Management via Public Network (Internet)

Port 7777, 80 or 443 (configurabl

(8)

Access Control Module

Features

The Access Control module is an “end-user” administration application that provides two major services:

(1) It will lock the user out of executing “unauthorized” applications on a Windows Mobile device as specified by an administrator and …

(2) It replaces the Desktop GUI of the mobile unit with a secure “launch platform” displaying approved applications in icon form. Any “unauthorized” application that attempts to start up (either automatically or by user control) will immediately be terminated.

AppCenter can also be configured to disable the Start Menu, SIP (on screen keyboard) and Smart-Minimize from the user.

Access Control Screen Shots

[Fig. 1a – Launch screen] [Fig. 1b – With Smart Minimize hidden With Smart Minimize enabled] and Menu Bar configured]

(9)

[Administrator screen –Tools – Options –

(10)

Technical Requirements

Device Console

The CloudSync application is a web-based console accessible through any modern browser, such as Internet Explorer (5.x), Safari, Netscape (6.x), Firefox (1.x), from any internet-connected computer anywhere in the world.

Mobile Device

The CloudSync device agent will run on all Windows mobile operating systems (OS) (PPC, Windows Mobile 2002, 2003, Windows Mobile 5.0, CE.NET, Smartphone, and Windows XP). All Symbol, Intermec, PSC, Hand Held Products, Motorola LXE, etc. devices running these OS’s are supported.

The agent technology requires very little device memory and takes a very small footprint on the mobile device:

• Device Manager/Remote Help Desk: approximately 1.5 MB • Access Control: approximately 225 KB

Server*

(*Enterprise Edition only, no server requirements for Subscription Edition)

Software

The Enterprise Edition of the CloudSync server utilizes standards based web technology, which will run on either Linux or Windows servers. The application is build on the commonly referred to “LAMP” stack (for Linux) or “WAMP” stack (for Windows). We use the following technologies:

• Apache: web server • MySQL: data-base server

• PHP: for the application/scripting server

To install CloudSync it is required that Apache, MySQL and PHP be preinstalled. We recommend using the XAMPP package installer for server administrators not familiar with these technologies.

Hardware

You can install the CloudSync Enterprise Server on any flavor of server that you are partial to. The hardware configuration will vary based on your requirements for redundancy, the number of devices you are using and availability. At a minimum we recommend the following for a single server environment:

• 2GB RAM

• Pentium 4 (Dual Opteron/Xeon would be better) • 60 GB of RAM (RAID 1 would be better) • Remote backup capability

(11)

Storage requirements will vary depending on the number of devices you have, how often they communicate with the server, and the duration that you keep logs, which is

configurable.

Network

The CloudSync solution will work in wither connected, or semi-connected environments over LAN, WAN and WWAN networks via Ethernet, Active-Sync and PPP

communication.

The amount of network traffic will vary based on the number of devices you have communicating across the network to the server. If the network throughput is limited the devices can be configured to communicate at “off-times” such as early in the morning to minimize traffic.

In addition data transmissions from the server to the device can be compressed to reduce network load.

(12)

Security

Communication Security

All communications between the mobile device, the web console, and the server are encrypted using SSL certificates.

In addition CloudSync is compatible with any customer-implemented security protocol, such as LEAP, PEAP, WEP, etc. and runs nicely within any such environment.

Application Security

The mobile device can be configured so that all interactions with the device require authentication, in addition you can apply IP restrictions so only access from certain IP addresses can have control capabilities over that device.

The web console supports 3 levels of users, Account Manager, Account Administrator, and System Administrator. Each of these roles determines the level of access a user has to the systems.

For Enterprise Edition customers who wish to have single sign on capability via LDAP or Active Directory, this capability is available upon request.

CloudSync Mobile Device Management Technical Overview

CloudSync Mobile Device Management

Technical Overview

Table of Contents

CloudSync Mobile Device Management

Overview

Product Options

CloudSync Modules

Device Manager Module

Device Manager Features

Device Manager Architecture

Remote Help Desk Module

Features

Remote Help Desk Architecture

Access Control Module

Features

Access Control Screen Shots

Technical Requirements

Device Console

Mobile Device

Server*

Software

Hardware

Network

Security

Communication Security

Application Security