Water Corporation: Deploying SAP® Afaria® to Efficiently ...
Afaria 6-6fp1 More Detail
-
Upload
piyush-bhandari -
Category
Documents
-
view
114 -
download
4
Transcript of Afaria 6-6fp1 More Detail
Afaria 6.6 FP1 A closer look
Agenda
• Some more details on the new features in 6.6 & FP1
• iPhone iOS 4 MDM
• A closer look at the beta!
Afaria 6.6 & 6.6 FP1 New Features
Android Client• Inventory
• Hardware and Software inventory of devices• License Manager support for tracking software licensing
• Configuration• Configuration of WiFi settings • More to follow as OS APIs support available
• Remote Wipe/Lock/Unlock• Ability to trigger Wipe, Lock or Unlock of device from Afaria console
• Password Policies• Policy control of password enforcement, format, # failed attempts etc.
• Session Manager• Send, Get, Delete, Copy and logic commands supported within our
program space on device• Exchange Access Control
• Block email access for unmanaged devices
Afaria 6.6 & 6.6 FP1 New Features
Roaming Controls for Win-Mobile and Symbian• Windows Mobile
• Configuration manager options when roaming to• Disable data/email attachments/Afaria scheduled or manual
connections/IMAP & POP3 email when roaming• Display message to end user
• New Roaming Monitor to trigger custom actions when device roams• Symbian
• Configuration Manager options to• Disable data connections/Afaria scheduled or manual connections• Display message to end user
• New Roaming Monitor to trigger custom actions when device roams
Afaria 6.6 & 6.6 FP1 New Features
OMA DM• OMA DM policy file (DDF) import option
• Easier to support new functionality from new DDFs without building XML from scratch
Windows Mobile Management Update• Updated UI look and feel• Software Manager enhancements– More installation control options around silent install, soft reset
of device, CAB status etc.• Kill process option Server Infrastructure updates• Windows 2008 R2 64-bit server support• SQL 2008 Support• Updated installation process
iPhone Device Management
• 80% of the Fortune 100 companies in the US now actively piloting or deploying iPhone.
• In September 2009, 16% of US information workers used iPhones for work, even at the world's largest organizations.*
• By the end of 2009, Apple was estimated to have sold:– Two million iPhones to corporate accounts– Another five million iPhones were estimated to be in
mixed business use by individuals.***Forrester Blogs. Ted Schadler, January 27, 2010
** Apple Insider: http://www.appleinsider.com/articles/10/01/29/apple_to_target_ipad_at_business_users_through_new_features_sources.html
SUCCESS OF IPHONE IN THE ENTERPRISE
APPLE MDM PROTOCOL
• New MDM protocol native in iOS 4 provides enterprise-grade device management
– iOS handles all MDM requests and actions in the background using a single connection– Maintains end user experience as device is managed without user interaction after initial
provisioning– Policies installed are confirmed back to the server providing compliance assurance– Uses the Apple Push Notification Service (APNS) to deliver management to the device
• MDM Capabilities– Install/remove device configuration policies without user interaction– Query comprehensive software and hardware inventory and asset tracking information– Detect jail broken status– Remote erase, lock and clear passcode
• If MDM relationship is terminated, managed applications are disabled, configuration data is removed from the device and managed Exchange account information and data is removed
• Once a MDM relationship is established only that entity can manage the device using MDM protocol
MDM COMMUNICATION
DMZ
Provisioning Process
Ongoing Management
User Action
Provision & Send MDM PayloadProvision & Send MDM Payload
Device Association w/ServerDevice Association w/Server
Server CommunicationServer Communication
NotificationNotificationServerServerApple Push Notification
Service
Opt inOpt in
AFARIA FOR IPHONE TODAY (AFARIA 6.5 FP2)
• Basic support for iOS4 and iPhone/iPad 3.x OS
• Lockable configuration policies for OTA distribution to iPhones
• Integrated iPhone management into the Afaria console
• Trust relationship between the Afaria system and iPhones client devices to allow profiles (policies) to be set by the administrator
• Exchange Access Control support
• Remote kill for iPhone and iPad through Exchange.
• New Afaria client with jail break detection
AFARIA 6.6 FP1 KEY FEATURES FOR iOS 4
Enables the secure provisioning and management of iPhone deployments in the enterprise
Advanced Policy
ManagementEnterprise
App Deployment
Corporate Security
Accurate Asset
Tracking
Afaria Client
ENTERPRISE APPLICATION DEPLOYMENT
• Delivers enterprise in-house apps OTA, providing distribution control and reliable delivery
• Allows users to download both enterprise and suggested apps through Afaria client portal on the device
• Provides security for IT while maintaining user independence
– Enterprise apps can be managed separately from user applications
– Ability to revoke application usage remotely
• Allows authorized apps to be assigned by user groups
• Supports both 'required' and 'optional' models for package deployment
• Enables tracking and reporting of enterprise package installation
ADVANCED POLICY MANAGEMENT
Removable Policies
Remote Lock, Erase and Reset
No User Interaction
MDM Relationship
Multiple Platforms One Console
Configuration profiles can be installed and removed by the IT administrator
Native commands from the console
Deliver and remove device policies behind the scenes
Termination causes removal of managed applications Configuration data and Managed Exchange account information and data
iOS, Android, WM, Symbian, Palm and Windows
iOS 4 CONFIGURATION SETTINGSPasscode Settings WIFI Settings Restrictions Exchange
• Require Passcode• Allow Simple Value• Require Alphanumeric Value• Minimum Passcode Length• Minimum Complex Characters• Maximum Number of Failed Attempts – device is wiped• Maximum Passcode Age – in Days• Passcode Lock – in minutes
• Grace Period for device lock • Passcode History
• Service Set Identifier - SSID of the wireless network• Hidden Network• Security Type
• Password• Accepted EAP Types • EAP-FAST Protected Access
• Authentication Settings • Identity Certificate • Certificates for validating the authentication server for the Wi-Fi connection. • Trusted authentication servers • Allow Trust Exceptions
• SSID •Hidden Network • Encryption Type
• Allow Explicit Content• Allow Use of Safari• Allow Use of YouTube• Allow Use of iTunes• Allow Installing Apps• Allow Use of Camera• Allow Screen Capture• Allow Voice Dialing• Force Encrypted Backups• Allow Multiplayer Games• Set Safari Security Preferences• Force Fraud Warning• Allow Java Script• Allow Pop Ups• Accept Cookies• Allow inApp Purchaces• Content Rating• Disable Push while Roaming
• Account Name• Exchange Active Sync Host• User• Email Address• Use SSL
• Domain • Password • Credential Name• Number of Past Days to SyncUser is prompted for values not set
VPN Settings Email LDAP/CalDAV/Calendars/Web Clip
Advanced
•Connection Name• Connection Type• Server IP or Name• Account• Authentication Type• Shared Secret Entry• Send All Traffic Through VPN Setting • Proxy
VPN’s Supported• L2TP/IP• PPTP• Cisco IPSec
• Account Description• Account Type – IMAP or POP• Path Prefix• Account Name• Email Address• Mail Server and Port• Username• Use Password Authentication• Use SSL
• Incoming Username • Outgoing Username
• LDAP Connection Settings• CalDAV Connection Settings• Calendar Connection Settings• Web Clip Settings• Certificate Payload• SCEP Payload• CardDAV
• APN• AP Username• AP Password• Proxy Server and Port
Available with Afaria todayNew Configuration for iOS 4
CORPORATE SECURITY
• Devices can be locked and wiped remotely from through commands sent through the Apple push notification service
• Passcode reset commands can be sent to the device requiring a passcode change
• Policies and device configurations are reliably applied to the device with status being reported back to the server
• Enterprise application usage can be revoked
• Removing managed Exchange credentials removes account and PIM data from the device
• Able to gate access to Exchange email based upon device policy compliance, time/date of last client connection, and jailbreak
status
ASSET TRACKING• Accurate and comprehensive asset tracking provides a real
time view of current inventory and device status
• Data is easily accessed through the Afaria console
• MDM allows a queries to the device that report the following information
Device Info Network Info Applications Compliance and Security
• UDID• Device Name• iPhone OS and Build• Model Name and Number• Serial Number• Capacity and Space Available• IMEI• Device Compromised• Modem Firmware
• ICCID• BR and Wi-Fi MAC Address• Current Carrier Network• SIM Carrier Network• Carrier Settings Version• Phone Number• Data Roaming Setting (On.Off)
• Applications Installed • App ID • App Name • App Version • App and App Data Size• Provisioning Profiles
Installed • Expiry Dates
• Configuration Profile Installed
• Certificates Installed• List of All Restrictions
Enforced• Hardware Encryption
Capability• Passcode Present
AFARIA CLIENT ON THE DEVICE• Afaria client is downloadable from the App Store
• Afaria console is equipped to send a configuration message to the device to configure the client connection automatically
• Client can be manually configured on the device if required
• Client provides:– Extra jailbreak detection– App selection and download– Provides Exchange Access Control by optionally
requiring the client to connect periodically
AFARIA CONSOLE MANAGEMENT
• iPhone management is part of the Policy and Profile infrastructure
• Assign apps to profiles that are downloaded through Afaria Client
• Configuration profiles are now policies within the Afaria console – Create and edit configuration policies in the Afaria console– No longer requires iPhone Configuration Utility (iPCU)– Ability to import policies from iPCU in the event that new policies are available before they are in
Afaria
• Send OTA commands to erase, lock the device and reset pass codes using native Apple commands no longer requiring Active Sync
• View and manage iOS devices in client data views– Add, edit, delete client in standard Afaria UI
• Integrated inventory views, log data and reports displayed in data views
A CLOSER LOOK
WHY AFARIA?
Thank you