Manage all devices - smartphones, tablets, laptops, desktops, and servers - from a single console. IBM Endpoint Manager also integrates Enterproid Divide secure container and NitroDesk TouchDown secure email technologies for separation of organizational content on BYOD and contractor devices.

1. © 2012 IBM Corporation
IBM Endpoint Manager for Mobile Devices
Product Introduction and Overview
[NAME], [TITLE]
[DATE]

2. © 2012 IBM Corporation2
Today‟s leading organizations are dealing with powerful
new technology forces
BYOD:
BYOD users expected to double by 2014 to
350 million
Security:
13 billion security events monitored per
day
13 billion
Data:
1.2 trillion gigabytes in the digital
universe.
1.2 zettabytes
Mobility:
Nearly ½ of devices accessing
applications will be mobile
1/2
350 million

3. © 2012 IBM Corporation3
IBM Endpoint Manager
Continuously monitor the health and security of all enterprise computers in real-time
via a single, policy-driven agent
Endpoints
• One infrastructure:
management
server, console, agent for
Windows, Mac, Unix, Linux,
Mobile
• Scales to 250,000 endpoints
per management server
• Robust, flexible architecture
with built-in failover
• Nearly-invisible impact to
network, endpoints
• Operates in low-bandwidth /
high-latency environments
• Physical or virtual, network or
Internet-connected
IBM Endpoint Manager
Patch
Management
Lifecycle
Management
Software Use
Analysis
Power
Management
Mobile
Devices
Security and
Compliance
Core
Protection
Desktop / laptop / server endpoint Mobile Purpose specific
Systems Management Security Management
Server
Automation

4. © 2012 IBM Corporation4
Security &
Compliance
Vulnerability Assessment
Compliance Analytics
3rd Party Endpoint
Protection Management
Patch
Management
Security Configuration
Management
Core
Protection
Anti-Malware
Firewall
Data Protection
(add-on)
Software Use
Analysis
Software Catalog
Correlation
Software Usage
Reporting
Software
Inventory
Patch
Management
Offline VM
Patching
Application
Patching
OS
Patching
Mobile
Devices
Compliance
App Mgmt
Mobile
Device Mgmt
The IBM Endpoint Manager Family
Middleware Management
Multi-Platform OS Deployment
Physical & Virtual
Server Lifecycle Management
Cross-Server Sequenced Task
Automation (e.g. Patch OS on
Server Cluster)
Server
Automation
Power
Management
Windows &
Macs
Carbon, cost
reduction reports
End-user
Dashboard
Lifecycle
Management
Software
Distribution
OS Deployment
Remote Control
Patch
Management
Basic HW &
SW Inventory
Lifecycle
Management
Starter Kit

5. © 2012 IBM Corporation5
Stores / Kiosks
WAN
Data center
Headquarters
Remote offices
Distribution center
Internet
WiFi
Airport
Hotel
Coffee shop
Home
Leased line
3G
WiFi
IBM Endpoint Manager, built on BigFix technology
Whether it’s a Mac connecting from hotel WiFi, a Windows laptop at 30K feet or a Red Hat Linux Server
in your data center, IBM Endpoint Manager has it covered. In real time, at any scale.
Satellite
Network-friendly architecture delivers
large packages without disrupting critical
business applications
Single, intelligent
agent uses <2%
CPU, <10MB RAM
Cloud-based service
continuously provides
new patch, policy
updates
Full command and
control of Internet-
connected devices
Use existing computers
as Relays to minimize
network traffic
Content Update
Service
Leased
line

6. © 2012 IBM Corporation6
IBM Endpoint Manager elements
Single server and console
• Highly secure, highly available
• Aggregates data, analyzes and reports
• Manages up to 250K endpoints per server
Flexible policy language (Fixlets)
• Thousands of out-of-the-box policies
• Best practices for operations and security
• Simple custom policy authoring
• Highly extensible/applicable across all platforms
Virtual infrastructure
• Designate IBM Endpoint Manager agent as a relay
or discovery point in minutes
• Provides built-in redundancy
• Leverages existing systems/shared infrastructure
Single intelligent agent
• Continuous self-assessment
• Continuous policy enforcement
• Minimal system impact (<2% CPU, <10MB RAM)

7. © 2012 IBM Corporation7
Device Lifecycle, Data Protection
IBM Endpoint Manager, part of the IBM Mobile Foundation
Implement BYOD with
confidence
Secure sensitive data,
regardless of device
Handle multi-platform
complexities with ease
Minimize administration costs
Endpoint Management
Systems
Management
Security
Management
Common agent
Unified console
Single mgmt
server
Managed = Secure
Desktops, Laptops
,
& Servers
Smartphones
& Tablets
Purpose-specific
Endpoints

8. © 2012 IBM Corporation8
What‟s New in Endpoint Manager for Mobile Devices
Integration with Enterproid‟s Divide container technologies for iOS and
Android
Web-based administration console for performing basic device management
tasks with role-based access control
Integration with BlackBerry Enterprise Server for integrated support of
BlackBerry v4 – v7 devices
Enhanced security with support for FIPS 140-2 encryption and bi-directional
encryption of communications with Android agent
Additional Samsung SAFE APIs for expanded management and security of
SAFE devices
SmartCloud Notes & Notes Traveler 9.0 support, including cloud and high-
availability versions
IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent
feature enhancements without the difficulty of performing upgrades

9. © 2012 IBM Corporation9
Implement BYOD With Confidence
 App container.
Deploy, manage, configure, and remove
Enterproid Divide containers to separate
personal and work environments on iOS
and Android devices
 PIM container. Separate personal and
corporate email and prevent sensitive data
from being copied into other apps with
NitroDesk TouchDown integration
 Dual-persona OS. Manage BlackBerry 10
devices, which provide a native user
experience to personal and work personas
 Extend BYOD to laptops. IBM Endpoint
Manager‟s unified device management
approach brings together
containers, smartphones, tablets, laptops,
desktops, and servers under one
infrastructure
How do I deal with the business mandate that employees be allowed to "Bring Your
Own Device"?
Manage and secure only the apps and data inside
the enterprise container, leaving users free to
control the personal side of their device with
Enterproid Divide.

10. © 2012 IBM Corporation10
Secure Sensitive Data, Regardless of the Device
 Unified compliance reporting across all
devices, including CIS Benchmarks
 Configure security settings such as
password policy, encryption, WiFi, iCloud sync
 Full wipe, remote lock, map device
location, and clear passcode options if
device is lost or stolen
 Blacklist apps and automate alerts, policy
response
 Detect jailbroken / rooted devices to notify
users, disable access
 Integrate with mobile VPN and access
management tools to ensure only compliant
devices are authorized
How do I ensure the security of mobile devices as they access more and more
sensitive systems?
Multiple user communication and alert
methods, including Google Cloud Messaging
(GCM), enables users to be part of the security
solution.

11. © 2012 IBM Corporation11
Handle Multi-Platform Complexities With Ease
 Device management via Android
agent, iOS APIs, Lotus
Traveler, Microsoft Exchange, and
Office 365
 Complete device hardware and software
inventory in near real-time
 Web reports provide at-a-glance mobile
device deployment overviews
 Pass mobile device data to network
management, service desk, asset
management, and security and compliance
systems
 Multi-tenancy support for service
providers and organizations that need to
completely separate different parts of the
organization
How do I manage an ever-expanding list of OS and hardware platforms when the user
controls what apps are loaded and the carrier controls when the OS is updated?
Better plan internal mobile projects with easy
access to near-real time data about your mobile
environment.

12. © 2012 IBM Corporation12
Minimize Administration Costs
 Multiple authenticated device
enrollment options, including LDAP/AD
integration
 Employee self-service portal to enable
employees to protect personal and
enterprise data
 Enterprise app store directs
employees to approved apps, includes
support for Apple‟s Volume Purchase
Program (Apple VPP)
 Integration with IBM Worklight for 1-
click transfer of internally-developed
mobile apps from dev to production
 A „single device view‟ enables IT
personnel to easily view device details
and take required action
How do I cost-effectively manage the sheer volume of these tiny devices with average
replacement rates of 12-18 months?
A flexible enrollment process enables organizations
to include a EULA and to collect critical device and
employee data via customizable questions

13. © 2012 IBM Corporation13
 Consolidate management of endpoints –
PCs, laptops, mobile devices
 HIPAA compliance
 Minimize on-going operational costs
 Minimize device replacement costs
Customer Needs Key Features & Outcomes
Large Healthcare Provider
 This regional healthcare provider purchased IBM
Endpoint Manager for its unified approach to endpoint
management
 1 employee is able to manage and secure 30,000 PCs
+ 4,000 mobile devices
Extending the reach of healthcare
This innovative healthcare provider in the southeastern United States is
piloting a program to improve patient outcomes by providing secure
healthcare support remotely through mobile devices, such as:
Home Health Care: iPads provided to home health care diabetes patients to
enable direct input of diagnostic data; Facetime sessions with home health
nurses reduce the need for on-site visits, which improves nurse utilization
while reducing costs
Education: iPod Touches with pre-loaded educational apps provided to
parents of babies in Neonatal Intensive Care Unit (NICU)

14. © 2012 IBM Corporation14
Endpoint Manager for Mobile Devices, Part of IBM MobileFirst
AnalyticsSecurityManagement
IBM & Partner Applications
Application Platform and Data Services
Banking Insurance Transport Telecom Government
Industry Solutions
HealthcareRetail Automotive
Application & Data Platform
Strategy&DesignServices
Development&IntegrationServices
Cloud & Managed Services
Devices Network Servers

15. © 2012 IBM Corporation15
1 Download the IBM Endpoint Manager for Mobile
Devices 30 day trial ibm.co/EndpointMgrTrial
Talk with your IBM representative or Business
Partner to find the right next step for you
2
3
Learn more:
ibm.com/mobilefirst
twitter.com/IBMMobileFirst (#IBMMobileFirst)
facebook.com/IBMMobileFirst
Three ways to get started with IBM MobileFirst

16. © 2012 IBM Corporation16
Legal Disclaimer
• © IBM Corporation 2011. All Rights Reserved.
• The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained
in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM‟s current product plans and strategy, which are
subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing
contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and
conditions of the applicable license agreement governing the use of IBM software.
• References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or
capabilities referenced in this presentation may change at any time at IBM‟s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to
future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by
you will result in any specific sales, revenue growth or other results.
• If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete:
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will
experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage
configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
• If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete:
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs
and performance characteristics may vary by customer.
• Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM
Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server).
Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your
presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in
your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International
Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
• If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete:
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other
countries.
• If you reference Java™ in the text, please mark the first use and include the following; otherwise delete:
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
• If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete:
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
• If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete:
Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States
and other countries.
• If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete:
UNIX is a registered trademark of The Open Group in the United States and other countries.
• If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete:
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of
others.
• If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta
Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration
purposes only.

17. © 2012 IBM Corporation17
BACKUP SLIDES
• Enterproid Divide details
• Additional Case Studies
• Screen shots
• Architecture diagrams

18. © 2012 IBM Corporation18
IBM Endpoint Manager + divide: Complete MDM & BYOD Solution
Dual Persona
Leverages the sophisticated policies and features
of IBM MDM and Endpoint Management
Marry full device management for enterprise-
owned devices with Divide containers for
personally-owned devices
Deploy, configure, update, and remove Divide
containers
Display individual data from devices and
integrate into overview reports
Execute basic Divide container commands
such as wipe and lock
+ +
Immediate solution for BYOD challenges
and security concerns for Mobile OS‟s
Seamless delivery: same Divide
App, binding to IBM MDM at time of
enrollment
Business Apps
IBM Endpoint Manager

19. © 2012 IBM Corporation19
19
What it organizations need for byod
Divide Container Security
Data Protection
• Device PIN/passcode
• Passcode history and complexity
• Passcode failure actions
• FIPS 140-2 validated encryption
• Full and selective device wipe
• Wipe on SIM removal/rooted
• VPN support
• S/MIME support
OTA Self-Service Provisioning
• ActiveSync email
• VPN configuration
Container Controls
• Whitelisting – application push
• Blacklisting
• Location based services
• Data leakage prevention
• URL blocking
Compliance Management and Reporting
• Device hardware
• Operating system
• Policy compliance
• Compromised device status
• Voice, Data, and SMS usage reporting

20. © 2012 IBM Corporation20
• Professional-grade email, contacts,
calendar and browser
• Data-at-rest is protected with AES 256 bit
encryption
• Data-in-motion leverages existing VPN
investments
• Secure cloud based file storage (optional)
• Separate voice and messaging
(including future 2-number UC)
• Internally developed apps uploaded and
assigned via policy – in minutes and with
no developer modifications
• Divide App security automatically
provides data-at-rest AES-256 bit
encryption
• Divide Extensions provide extraordinary
integration with 3rd party Apps and Cloud
services
GEARED FOR INNOVATION
Leveraging the App Ecosystem
STANDARD DIVIDE APPS THIRD PARTY APPS

21. © 2012 IBM Corporation21
Extensible for the future
21

22. © 2012 IBM Corporation22
22
Divide is licensed
by the user
Others licensed
by the device
1 Cisco IBSG Horizons
Study of 600 U.S. IT and
business leaders
“ By 2014, the average
number of connected
devices per knowledge
worker will reach
3.3, up from an average
of 2.8 in 2012.” 1
Licensed to scale…..cost effectively

23. © 2012 IBM Corporation23
The right solution for byod?
23
A first
generation
solution
purpose-built
for email sync
A next
generation
solution
purpose-built
for BYOD
Device
Management
X
✔
Manages the
Divide
workspace
and integrates
with IBM
Endpoint
Manager for
device MDM
Does not
integrate with
deployed
MDM
solutions
Secure
“Workspace”
✔
X
Provides a
secure
workspace
that preserves
the native iOS
and Android
user
experience
Provides an
email sandbox
with a
proprietary
user interface
Secure
VPN
✔
X
Provides VPN
connectivity
between the
workspace
and corporate
apps
No VPN
integration -
all data
traverses the
Good NOC
App
Choice
✔
X
App wrapper
technology
enables the
use of any
third party
app within the
workspace
Third-party
apps must be
modified and
recompiled
using the
Good SDK ($)
Avg TCO/
User
$$$$
$$$$
$

24. © 2012 IBM Corporation24
PCs and mobile devices have many of the same management
needs
 Device inventory
 Security policy mgmt
 Application mgmt
 Device config (VPN/Email/Wifi)
 Encryption mgmt
 Roaming device support
 Integration with internal systems
 Scalable/Secure solution
 Easy-to-deploy
 Multiple OS support
 Consolidated infrastructure
 Device Wipe
 Location info
 Jailbreak/Root detection
 Enterprise App store
 Self-service portal
 OS provisioning
 Patching
 Power Mgmt
Traditional Endpoint Management Mobile Device Management

25. © 2012 IBM Corporation25
IBM‟s CIO Office is managing 56,000+ smartphones and tablets with IBM
Endpoint Manager (60% iOS, 40% Android) and projecting 125,000 enrolled
devices by end of March
Deployment Time (days)
Mobile
Devices
Enrolled
13k devices
in first 24
hours
24k in first
month
46k in first 2.5
months
125k projected
by end of March
MDM Deployment Progress
Shared Under NDA

26. © 2012 IBM Corporation26
 Support 20,000+ mobile devices
 Corporate and employee-owned, many platforms
and OS versions
 High availability for certain devices used in the field
 Adherence to internal security policies, external
regulations
Customer Needs Key Features & Outcomes
Public Utility
 Scalability to 250,000 endpoints provides room to grow
without adding infrastructure
 Added mobile devices to existing IEM deployment in
days
 Ability to integrate with Maximo, Remedy
 Responsiveness and agility of product and product
team
Adding Mobile Devices Without Adding
Infrastructure
Serving 4.5 million customers in the southwestern region of the
United States, this electric company of 25,000 employees is a
leader in clean energy while exceeding reliability standards and
keeping consumer costs below average. They are experiencing a
migration from traditional endpoints to mobile devices.

27. © 2012 IBM Corporation27
Security & Management
Challenges
 Potential unauthorized
access (lost, stolen)
 Disabled encryption
 Insecure devices
connecting to network
 Corporate data leakage
27
• Mail / Calendar / Contacts
• Access (VPN / WiFi)
• Apps (app store)
• Enterprise Apps
iCloud
iCloud
Sync
iTunes
Sync
Encryption not enforced
End
User
VPN / WiFi Corporate
Network
Access
Managing Mobile Devices – The Problem

28. © 2012 IBM Corporation28
iCloud
iCloud
Sync
iTunes
Sync
End
User
VPN / WiFi Corporate
Network
Access
• Personal Mail / Calendar
• Personal Apps
Corporate Profile
• Enterprise Mail / Calendar
• Enterprise Access (VPN/WiFi)
• Enterprise Apps (App store or
Custom)
Secured by
BigFix policy
Encryption Enabled
Endpoint Manager for Mobile
Devices
 Enable password policies
 Enable device encryption
 Force encrypted backup
 Disable iCloud sync
 Access to corporate
email, apps, VPN, WiFi
contingent on policy
compliance!
 Selectively wipe corporate
data if employee leaves
company
 Fully wipe if lost or stolen
Managing Mobile Devices – The Solution

29. © 2012 IBM Corporation29
29
Management by Email Fully-Managed Devices
IEM Server
DB
ActiveSync
Agent Comms /
Management APIs
Consolidated Reports / Management
TEM Relay
Mgmt Extender for iOS
Lotus Traveler / Exchange
Server
ActiveSync
IBM Endpoint Manager for Mobile Devices Architecture
Apple Push
Notification Servers
Google Cloud
Messaging (optional)

30. © 2012 IBM Corporation30
Endpoint Manager for Mobile Devices Dashboard

31. © 2012 IBM Corporation31
A unified report of password policies across all mobile OS‟ makes it
easy for administrators to identify non-compliant devices

32. © 2012 IBM Corporation32
A “Single Device View” enables administrators and helpdesk
personnel to easily view device details and take required action
View Location information
is also available

33. © 2012 IBM Corporation33
Create your own Enterprise AppStore
33

34. © 2012 IBM Corporation34
A user-friendly iOS Profile Configuration Wizard exposes all of the
configuration capabilities exposed by Apple‟s MDM APIs

35. © 2012 IBM Corporation35
A flexible enrollment process can include an EULA and collect critical
device and employee data via customisable questions

36. © 2012 IBM Corporation36
Optional Authenticated Enrollment and Self Service portal

37. © 2012 IBM Corporation37
View installed apps on Android and iOS devices

38. © 2012 IBM Corporation38
IBM Endpoint Manager for Mobile Devices Architecture
TEM Server
DB
Console / Web Reports
Relay(s)
Android
Email Server
(Exchange/Lotus)
Android Apple
Apple Push
Notification Servers
w/Email
ActiveSync
Phones / Tablets
Desktops /
Laptops
Full Agents
http / 52311
http / 52311
http / 52311
ActiveSync
/ IBM Sync
https
Apple MDM
Interaction
Apple Push
Notification
Servers
Full Agents
Management Extender
for (Exchange or Lotus)
http / 52311
Mgmt
Extender
for iOS
Apple AppAndroid App
Windows, Symbian,
BlackBerry

39. © 2012 IBM Corporation39
Fast and cost-effective development, integration and management of rich, cross-
platform mobile applications
Client Challenge
Key Capabilities
Using standards-based technologies and
tools and delivering an enterprise-grade
services layer that meets the needs of
mobile employees and customers
Mobile optimised middleware
• Open approach to 3rd-party integration
• Mix native and HTML
• Strong authentication framework
• Encrypted offline availability
• Enterprise back-end connectivity
• Unified push notifications
• Data collection for analytics
• Direct updates and remote disablement
• Packaged runtime skins
IBM Worklight - Developing for multiple mobile platforms
Encrypted cache on-device
• A mechanism for
storing sensitive data on
the client side
• Encrypted - like a
security deposit box

40. © 2012 IBM Corporation40
Mobile Foundation Potential Integration Scenario
Streamlined App Deployment Workflow
Today
Endpoint Manager customers could directly import
and distribute Worklight-built apps via Enterprise
App Store, thereby improving workflow between
Development and Operations
Distribute App to
Employees
Import into Endpoint
Manager App Store
2
3
Build app in Worklight1

41. © 2012 IBM Corporation41
An Evaluators Guide is available for MDM