1. An IBM Proof of Technology
Overview of IBM Endpoint Manager for
Mobile Device
© 2012 IBM Corporation

2. IBM Software
IBM Mobile Foundation
Includes:
IBM Mobile
Foundation V5.0 • IBM Worklight V5.0
• IBM WebSphere Cast Iron
• IBM Endpoint Manager for
Mobile Devices
Plus New Services Offering:
• IBM Software Services for
Mobile Foundation
Build, connect, manage and secure
your mobile enterprise
2 © 2012 IBM Corporation

3. IBM Software
Mobile device unique management & security challenges
Mobile devices Mobile devices Mobile devices Mobile devices Mobile devices
are shared more have multiple are diverse are used in more prioritize the
often personas locations user
.
Personal phones Work tool OS immaturity A single location Conflicts with
and tablets Entertainment for enterprise could offer user experience
shared with device mgmt public, private, not tolerated
family BYOD dictates and cell OS architecture
Personal
Enterprise tablet multiple OSs connections puts the user in
organization
shared with co- Vendor / carrier Anywhere, control
Security profile
workers control dictates anytime Difficult to
per persona?
Social norms of multiple OS Increasing enforce policy,
mobile apps vs. versions reliance on app lists
file systems enterprise WiFi
3 © 2012 IBM Corporation

4. IBM Software
Mobile device security – the problem
End
User
Mobile devices are not only
computing platforms, but also
communication devices, we
could have:
• Mail / Calendar / Contacts
• Access (VPN / WiFi) •Potential unauthorized access
• Apps (app store) (lost, stolen)
• Enterprise Apps VPN / WiFi Corporate
Network •Disabled encryption
Access
Encryption not enforced •Insecure devices connecting
to network
iCloud •Corporate data leakage
iCloud
Sync
iTunes
Sync
4 © 2012 IBM Corporation

5. IBM Software
Mobile device security – the solution using IEM for Mobile Device
Secured by IEM
policy
End • Enable password policies
User
• Enable device encryption
• Force encrypted backup
• Personal Mail / Calendar
• Personal Apps
• Disable iCloud sync
Corporate Profile • Access to corporate email,
• Enterprise Mail / Calendar apps, VPN, Wi-Fi
• Enterprise Access (VPN/Wi-Fi)
VPN / Wi- Corporate contingent on policy
• Enterprise Apps (App store or compliance!
Custom) Fi Network
Access
Encryption Enabled • Selectively wipe corporate
data if employee leaves
company
iCloud
• Fully wipe if lost or stolen
iCloud
Sync
iTunes
Sync
5 © 2012 IBM Corporation

6. IBM Software
IBM Endpoint Manager
Common
management agent
Unified
Systems management console Security
management Common management
infrastructure
Single server
IBM Endpoint Manager
Desktop / laptop / server endpoint Mobile endpoint Purpose-specific endpoint Cloud endpoints
6 © 2012 IBM Corporation

7. IBM Software
IBM Endpoint Manager for Mobile Device
Traditional Endpoint Management Mobile Device Management
OS provisioning Device inventory Device Wipe
Patching Security policy mgmt Location info
Jailbreak/Root detection
Power Mgmt Application mgmt
Enterprise App store
Device config (VPN/Email/Wifi) Self-service portal
Encryption mgmt
Roaming device support
Integration with internal systems
Scalable/Secure solution
Easy-to-deploy
Multiple OS support
Consolidated infrastructure
7 © 2012 IBM Corporation

8. IBM Software
IEM for Mobile Device functionalities
Category Endpoint Manager Capabilities
Platform Support Apple iOS, Google Android, Nokia Symbian, Windows
Phone, Windows Mobile
Management Actions Selective wipe, full wipe, deny email access, remote lock,
user notification, clear passcode
Application Management Application inventory, enterprise app store, whitelisting,
blacklisting, Apple Volume Purchase Program (VPP)
Policy & Security Management Password policies, device encryption, jailbreak & root
detection
Location Services Track devices and locate on map
Enterprise Access Management Configuration of Email, VPN, Wi-Fi
Expense Management Enable/disable voice and data roaming
8 © 2012 IBM Corporation

9. IBM Software
IEM for Mobile Device management solutions
Problem Solution
How to manage employee-owned Gives enterprises flexibility to use email-based mgmt
vs. enterprise-owned assets? (less intrusive) or sophisticated agent-based mgmt
How to deal with lost or stolen Password policy controls (pin length, timeout, wipe
devices? after failed login, etc.) and remote wipe
How to deal with sensitive corporate Enable device encryption, selective wipe of corporate
data on device? data when employees leave company
How to control IT cost explosion “Single pane of glass” to manage all devices
when dealing with so many devices? servers/desktops/laptops/mobile devices with shared
infrastructure
How to handle rapidly changing Flexible Endpoint Manager platform with cloud-based
devices / OSes / apps / user Fixlet model for rapid updates and new solution
behavior? delivery
9 © 2012 IBM Corporation

10. IBM Software
IEM for Mobile Device management options
Agent-based Management
• For iOS - Apple’s MDM APIs and profiles
• For Android/Windows Mobile – IBM Mobile Client
Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync)
• iOS
• Android
• Windows Phone
• Windows Mobile
• Symbian
10 © 2012 IBM Corporation

11. IBM Software
IBM Endpoint Manager for Mobile Device architecture
Apple Push
IEM Server http / Notification Servers
52311
DB
http /
52311 Mgmt
Extender
http / for iOS
52311 Management Extender for
(Exchange or Lotus)
Apple Push
Relay(s) https
Notification
Apple MDM
Email Server Interaction
(Exchange/Lotus)
ActiveSync /
IBM Sync ActiveSync
Console / Web Reports
Android w/Ema Apple
il
Android App Apple App
Phones / Tablets
11 © 2012 IBM Corporation

12. IBM Software
IEM for Mobile Device enrollment - user experience
12 © 2012 IBM Corporation

13. IBM Software
IEM Console - mobile device management
13 © 2012 IBM Corporation

14. IBM Software
IEM Console - mobile device management dashboard view
14 © 2012 IBM Corporation

15. IBM Software
IEM Console - password policy report
15 © 2012 IBM Corporation

16. IBM Software
IEM Console - single device view
16 © 2012 IBM Corporation

17. IBM Software
IEM Console - installed applications view
17 © 2012 IBM Corporation

18. IBM Software
IEM Console - application management
18 © 2012 IBM Corporation

19. IBM Software
IEM for Mobile Device app management – user experience
19 © 2012 IBM Corporation

20. IBM Software
IEM Console - security problems and non-compliance detection
20 © 2012 IBM Corporation

21. IBM Software
IEM for Mobile Device jailbreak notification – user experience
21 © 2012 IBM Corporation

22. IBM Software
IEM Console - device location tracking
View Location information
is also available
22 © 2012 IBM Corporation

23. IBM Software
IBM Mobile Foundation solution
Back-End
Project
Device
Development
Integration
Cast Iron
Design Testing
Debug HTML, CSS, JavaScript
Native Container
Connecting
Mobile Operating
System
Code Control Infrastructure Managing
Monitoring
Source
Code IEM Server
Worklight Console AppStore
Repository
Developer Admin User
23 © 2012 IBM Corporation

24. IBM Software
Packaging
Offering Packages Pricing metrics
Enterprise edition CD (WL + EndPoint) + server install (WL + CastIron)
IBM Mobile
Foundation
Consumer edition
B2C Per App (WL + CastIron)
Enterprise edition CD (WL) + server install (WL)
IBM Worklight Consumer edition Per App (WL)
Developer edition Not for charge / Not for production version
(delivered via DeveloperWorks)
IBM Endpoint for CD (Tivoli)
B2E
Mobile devices
CD = Client Device
WL = Worklight
Per App = new PA metric
EndPoint = IBM Endpoint Manager for Mobile Devices
24 © 2012 IBM Corporation

25. IBM Software
25 © 2012 IBM Corporation

26. IBM Software
ITALIAN HINDI FRENCH JAPANESE BRAZILIAN PORTUGUESE SIMPLIFIED CHINESE
TRADITIONAL CHINESE SPANISH RUSSIAN TAMIL THAI GERMAN ARABIC
We appreciate your feedback.
Please fill out the survey form in order to improve this educational event.
26 © 2012 IBM Corporation