ibm mobile foundation pot - overview of ibm endpoint manager for mobile device presentation

© 2012 IBM Corporation

An IBM Proof of Technology

Overview of IBM Endpoint Manager for Mobile Device

© 2012 IBM Corporation

IBM Software

IBM Mobile Foundation

Build, connect, manage and secure your mobile enterprise

Includes:

• IBM Worklight V5.0

• IBM WebSphere Cast Iron

• IBM Endpoint Manager for Mobile Devices

Plus New Services Offering:

• IBM Software Services for Mobile Foundation

IBM Mobile Foundation V5.0

2

© 2012 IBM Corporation

IBM Software

Mobile device unique management & security challenges

Mobile devices

are shared more

often

Mobile devices

are used in more

locations

Mobile devices

prioritize the

user

Mobile devices

are diverse

.

Mobile devices

have multiple

personas

� Personal phones and tablets shared with family

� Enterprise tablet shared with co-workers

� Social norms of mobile apps vs. file systems

� Work tool

� Entertainment device

� Personal organization

� Security profile per persona?

� OS immaturity for enterprise mgmt

� BYOD dictates multiple OSs

� Vendor / carrier control dictates multiple OS versions

� A single location could offer public, private, and cell connections

� Anywhere, anytime

� Increasing reliance on enterprise WiFi

� Conflicts with user experience not tolerated

� OS architecture puts the user in control

� Difficult to enforce policy, app lists

3

© 2012 IBM Corporation

IBM Software

Mobile device security – the problem

• Mail / Calendar / Contacts• Access (VPN / WiFi)• Apps (app store)• Enterprise Apps

iCloud

iCloud Sync

iTunes Sync

Encryption not enforced

End User

VPN / WiFi Corporate Network Access

Mobile devices are not only computing platforms, but also communication devices, we could have:

•Potential unauthorized access (lost, stolen)

•Disabled encryption

•Insecure devices connecting to network

•Corporate data leakage

Mobile devices are not only computing platforms, but also communication devices, we could have:

•Potential unauthorized access (lost, stolen)

•Disabled encryption

•Insecure devices connecting to network

•Corporate data leakage

4

© 2012 IBM Corporation

IBM Software

Mobile device security – the solution using IEM for Mobile Device

iCloud

iCloud Sync

iTunes Sync

End User

VPN / Wi-Fi

Corporate Network Access

• Personal Mail / Calendar• Personal Apps

Corporate Profile• Enterprise Mail / Calendar• Enterprise Access (VPN/Wi-Fi)• Enterprise Apps (App store or

Custom)

Secured by IEM policy

Encryption Enabled

• Enable password policies

• Enable device encryption

• Force encrypted backup

• Disable iCloud sync

• Access to corporate email, apps, VPN, Wi-Fi contingent on policy compliance!

• Selectively wipe corporate data if employee leaves company

• Fully wipe if lost or stolen

• Enable password policies

• Enable device encryption

• Force encrypted backup

• Disable iCloud sync

• Access to corporate email, apps, VPN, Wi-Fi contingent on policy compliance!

• Selectively wipe corporate data if employee leaves company

• Fully wipe if lost or stolen

5

© 2012 IBM Corporation

IBM Software

IBM Endpoint Manager

Securitymanagement

Systemsmanagement

Commonmanagement agent

Unifiedmanagement console

Commoninfrastructure

Single server

IBM Endpoint Manager

Desktop / laptop / server endpoint Mobile endpoint Purpose-specific endpoint Cloud endpoints

6

© 2012 IBM Corporation

IBM Software

IBM Endpoint Manager for Mobile Device

� Device inventory

� Security policy mgmt

� Application mgmt

� Device config (VPN/Email/Wifi)

� Encryption mgmt

� Roaming device support

� Integration with internal systems

� Scalable/Secure solution

� Easy-to-deploy

� Multiple OS support

� Consolidated infrastructure

� Device Wipe

� Location info

� Jailbreak/Root detection

� Enterprise App store

� Self-service portal

� OS provisioning

� Patching

� Power Mgmt

Traditional Endpoint Management Mobile Device Management

7

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device functionalities

Category Endpoint Manager Capabilities

Platform Support Apple iOS, Google Android, Nokia Symbian, Windows Phone, Windows Mobile

Management Actions Selective wipe, full wipe, deny email access, remote lock, user notification, clear passcode

Application Management Application inventory, enterprise app store, whitelisting, blacklisting, Apple Volume Purchase Program (VPP)

Policy & Security Management Password policies, device encryption, jailbreak & root detection

Location Services Track devices and locate on map

Enterprise Access Management Configuration of Email, VPN, Wi-Fi

Expense Management Enable/disable voice and data roaming

8

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device management solutions

Problem Solution

How to manage employee-owned

vs. enterprise-owned assets?

Gives enterprises flexibility to use email-based mgmt

(less intrusive) or sophisticated agent-based mgmt

How to deal with lost or stolen

devices?

Password policy controls (pin length, timeout, wipe

after failed login, etc.) and remote wipe

How to deal with sensitive corporate

data on device?

Enable device encryption, selective wipe of corporate

data when employees leave company

How to control IT cost explosion

when dealing with so many devices?“Single pane of glass” to manage all devices servers/desktops/laptops/mobile devices with shared

infrastructure

How to handle rapidly changing

devices / OSes / apps / user

behavior?

Flexible Endpoint Manager platform with cloud-based

Fixlet model for rapid updates and new solution

delivery

9

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device management options

� Agent-based Management

• For iOS - Apple’s MDM APIs and profiles

• For Android/Windows Mobile – IBM Mobile Client

� Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync)• iOS• Android • Windows Phone• Windows Mobile• Symbian

10

© 2012 IBM Corporation

IBM Software

IBM Endpoint Manager for Mobile Device architecture

11

IEM Server

DB

Console / Web Reports

Relay(s)

Android

Email Server (Exchange/Lotus)

Apple

Apple Push Notification Servers

w/Email

ActiveSync

Phones / Tablets

http / 52311

http / 52311

ActiveSync / IBM Sync

https

Apple MDM Interaction

Apple Push Notification

Management Extender for (Exchange or Lotus)

http / 52311

Mgmt Extender for iOS

Apple AppAndroid App

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device enrollment - user experience

12

© 2012 IBM Corporation

IBM Software

IEM Console - mobile device management

13

© 2012 IBM Corporation

IBM Software

IEM Console - mobile device management dashboard view

14

© 2012 IBM Corporation

IBM Software

IEM Console - password policy report

15

© 2012 IBM Corporation

IBM Software

IEM Console - single device view

16

© 2012 IBM Corporation

IBM Software

IEM Console - installed applications view

17

© 2012 IBM Corporation

IBM Software

IEM Console - application management

18

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device app management – user experience

19

© 2012 IBM Corporation

IBM Software

IEM Console - security problems and non-compliance detection

20

© 2012 IBM Corporation

IBM Software

IEM for Mobile Device jailbreak notification – user experience

21

© 2012 IBM Corporation

IBM Software

IEM Console - device location tracking

View Location information is also available

22

© 2012 IBM Corporation

IBM Software

Mobile Operating System

Native Container

HTML, CSS, JavaScript

Project

TestingDesign

Debug

Source Code

Repository

Code Control Infrastructure

Back-End

Worklight Console

Device

Developer Admin User

Integration

Connecting

Monitoring

AppStore

Development

IBM Mobile Foundation solution

IEM Server

Managing

Cast Iron

23

© 2012 IBM Corporation

IBM Software

Packaging

CD (WL + EndPoint) + server install (WL + CastIron)IBM Mobile

Foundation

IBM Worklight

Enterprise edition

B2C Per App (WL + CastIron)

CD (WL) + server install (WL)Enterprise edition

Per App (WL)

Not for charge / Not for production version (delivered via DeveloperWorks)

B2CConsumer edition

Consumer edition

CD = Client DeviceWL = WorklightPer App = new PA metricEndPoint = IBM Endpoint Manager for Mobile Devices

Developer edition

IBM Endpoint for

Mobile devicesB2E CD (Tivoli)

Offering Packages Pricing metrics

24

© 2012 IBM Corporation

IBM Software

25

© 2012 IBM Corporation

IBM Software

26

We appreciate your feedback.

Please fill out the survey form in order to improve this educational event.

SIMPLIFIED CHINESEHINDI JAPANESE

ARABICRUSSIANTRADITIONAL CHINESE TAMIL THAI

FRENCH

GERMAN

ITALIAN

SPANISH

BRAZILIAN PORTUGUESE