Educating MobileIron on the "NOC"

3
1 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 [email protected] Advantages of the NOC-less Architecture When BlackBerry released their first e-mail enabled device in 1999, there were significant architectural challenges to overcome. Mobile networks were not inherently reliable and were optimized for occasional data use rather than always-on connectivity. BlackBerry’s service, designed to deliver always on, push e-mail services, leveraged a unique NOC-based architecture to overcome these challenges. Using the NOC, BlackBerry maintained network connections to each carrier, allowing them to provide secure network access from corporate enterprises to mobile devices across disparate networks with varying qualities of service. Other vendors in the email mobilization market would quickly follow suit with similar models. While the NOC architecture had technological advantages for the time, it was not without fault. First, the NOC represented a single point of transit for all e-mail communications, representing concerns for both availability and security. Second, the NOC architectures presented potential issues with regard to security. And third, NOC-based solutions present significant challenges in terms of scale. Fortunately, alternatives to the NOC have since been developed and today’s mobile networks are inherently more reliable making the NOC obsolete. This whitepaper will explore the challenges that the NOC poses in the modern mobility world and new architectures that can solve these challenges. Service Reliability One challenge with NOC-based architectures is that the NOC results in a single point where all enterprise mobile traffic traverses. This poses two challenges, one of reliability and another of security. From a reliability perspective, an end user’s access to enterprise e-mail, data and applications is only as good as the NOC’s connectivity. When the NOC goes down, devices instantaneously lose connectivity to enterprise resources, even if those resources are highly available within the enterprise. In the last six years, BlackBerry’s NOC experienced seven major outages that were reported in the press. During those outages, millions of subscribers completely access to their e- mail and other services like mobile intranet access via BlackBerry Mobile Data Services (MDS) until service was restored. Next generation EMM systems do not have the same architectural constraints as previous, NOC-based systems. Because platforms like MobileIron use an application proxy to transfer data from the endpoint to the corporate resources, availability can be architected to whatever SLA the enterprise desires. Without a single point of failure as a part of the architecture, failover and availability can be handled not just across individual components (e.g. a load balancer, or a Sentry) but across entire datacenters for mission-critical deployments. NOC: Network Operations Center ( MobileIron has this confused with data center) revolutionary Another first made possible by BlackBerry The modern mobility world needs to be secure, multi-platform and easily manageable. BlackBerry does NOT rely on a single point of data transfer None of these “challenges” can be validated. We’ll #BBFactCheck each one The NOC is “mission control.” Data actually runs through data centers. All of our customers' data remained locked down and secure as we worked to restore connectivity BES10 architecture also allows for flexibility Failovers are built into the BlackBerry architecture. TO BLACKBERRY ENTERPRISE SERVICE 10 (BES10) The global BlackBerry network has 99.9% average uptime over the past four years. global infrastructure with data centers around the world

description

Today #BBFactCheck challenges MobileIron’s perception of the NOC – BlackBerry’s Network Operations Center, or the “mission control” of our infrastructure. Their white paper could use some proofreading, but it’s the inaccuracies that we’re addressing now. MobileIron is ill-informed about the benefits and capabilities of our architecture, so we’ve picked up the red pen and made some edits to their whitepaper to help set them straight. You can download a PDF copy of the whitepaper. (Click on ‘Save’ in the upper-right of the SlideShare widget, or click on the SlideShare text in bottom left in order to log-in and enable downloads). In that version, you’ll be able to click on our red text to read more about what BlackBerry really offers and how we are a better choice for customers.

Transcript of Educating MobileIron on the "NOC"

Page 1: Educating MobileIron on the "NOC"

!

1

415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 [email protected]

Advantages of the NOC-less Architecture When BlackBerry released their first e-mail enabled device in 1999, there were significant architectural challenges to overcome. Mobile networks were not inherently reliable and were optimized for occasional data use rather than always-on connectivity. BlackBerry’s service, designed to deliver always on, push e-mail services, leveraged a unique NOC-based architecture to overcome these challenges. Using the NOC, BlackBerry maintained network connections to each carrier, allowing them to provide secure network access from corporate enterprises to mobile devices across disparate networks with varying qualities of service. Other vendors in the email mobilization market would quickly follow suit with similar models. While the NOC architecture had technological advantages for the time, it was not without fault. First, the NOC represented a single point of transit for all e-mail communications, representing concerns for both availability and security. Second, the NOC architectures presented potential issues with regard to security. And third, NOC-based solutions present significant challenges in terms of scale. Fortunately, alternatives to the NOC have since been developed and today’s mobile networks are inherently more reliable making the NOC obsolete. This whitepaper will explore the challenges that the NOC poses in the modern mobility world and new architectures that can solve these challenges. Service Reliability One challenge with NOC-based architectures is that the NOC results in a single point where all enterprise mobile traffic traverses. This poses two challenges, one of reliability and another of security. From a reliability perspective, an end user’s access to enterprise e-mail, data and applications is only as good as the NOC’s connectivity. When the NOC goes down, devices instantaneously lose connectivity to enterprise resources, even if those resources are highly available within the enterprise. In the last six years, BlackBerry’s NOC experienced seven major outages that were reported in the press. During those outages, millions of subscribers completely access to their e-mail and other services like mobile intranet access via BlackBerry Mobile Data Services (MDS) until service was restored. Next generation EMM systems do not have the same architectural constraints as previous, NOC-based systems. Because platforms like MobileIron use an application proxy to transfer data from the endpoint to the corporate resources, availability can be architected to whatever SLA the enterprise desires. Without a single point of failure as a part of the architecture, failover and availability can be handled not just across individual components (e.g. a load balancer, or a Sentry) but across entire datacenters for mission-critical deployments.

NOC: Network Operations Center (MobileIron has this confused with data center)

revolutionary

Another first made possible by BlackBerry

The modern mobility world needs to be secure, multi-platform and easily manageable.

BlackBerry does NOT rely on

a single point of data transfer

None of these “challenges” can be validated. We’ll #BBFactCheck each one

The NOC is

“mission control.”

Data actually

runs through

data centers.

All of our customers' data remained locked down and secure as we worked to restore connectivity

BES10 architecture also allows for flexibility

Failovers are built into the BlackBerry architecture.

TO BLACKBERRY ENTERPRISE SERVICE 10 (BES10)

The global BlackBerry network has 99.9% average uptime over the past four years.

global infrastructure with data centers around the world

Page 2: Educating MobileIron on the "NOC"

!

2!

Figure 1: A network diagram showing Sentry architected in a cluster for high availability. This cluster could be replicated across datacenters for multi site

resiliency if desired. Data Security From a security perspective, the NOC architecture represents a single point at which traffic can be intercepted. While NOC-based vendors generally institute cryptographically secured sessions between the endpoint and the enterprise servers, there have been concerns around placement of alternate NOCs for governments to intercept device traffic and the security of these systems. With MobileIron, organizations control their data. Sessions are cryptographically secured between the endpoint and Sentry to ensure confidentiality of data between the endpoint and the device. Sessions can be also validated with the use of certificates to ensure integrity between the mobile device and the Sentry server. These two factors, combined with the lack of a central point of intercept, helps to ensure a high degree of confidentiality and integrity for mobile data sessions. Scale NOC based solutions have face significant scale challenges. BlackBerry servers have, traditionally, only been able to scale to 2000 devices per management server. Similar NOC-based architectures face the same scale challenges. While there are many ways to scale these architectures to tens of thousands of devices, these deployments end up resulting in a high degree of complexity and a high total cost of ownership. As an example, a NOC-based platform might support 35,000 within a single management domain, but might require upwards of 36 servers; one server per 1000 devices for mail relay and data transport, plus the central management console. When one adds the additional complexity of OS and database server

False. With BlackBerry, the

security of your data is always

in the control of the customer

because they are the only ones

that have access to the keys

used to protect BES traffic.

BES10 is the lowest TCO EMM solution on the market

This is false. BES10 can handle up to 100,000 devices per domain, allowing us to handle mobility needs for the biggest companies in the world.

Security-focused enterprises need an end-to-end solution, which only BlackBerry can provide.

This ensures your data is protected as it travels across carrier networks, the

internet and anywhere else.

BlackBerry also supports the use of strong VPNs as

an additional way to protect

your sensitive traffic.

Page 3: Educating MobileIron on the "NOC"

!

3!

licenses, plus physical or virtual hardware resources, the overall cost of managing a NOC-based EMM system is extraordinarily high. By comparison, a modern EMM system can be deployed either as a series of appliances, or as a cloud-based service, which reduces overall complexity. MobileIron has been built specifically to address the needs of securing and managing modern mobile devices and has no overhead from legacy architecture to contend with. Because of this, MobileIron’s management platform is able to manage not just tens of thousands, but instead 100,000 devices per appliance. MobileIron is also able to replicate the same access control and data tunneling resources as a NOC infrastructure using Sentry as an inline data proxy. Again, the lack of legacy overhead allows MobileIron Sentry to manage upwards of 10,000 simultaneous application or email sessions per appliance, compared to only a thousand or two for legacy competitors. In short, the lack of a legacy NOC to contend with affords MobileIron upwards of a 3x performance scale improvement at the management and policy layer and a 9x improvement in data traffic security over legacy, NOC-based architectures. Conclusion While NOC-based architectures solved several challenges in the early days of mobile, wireless networks have caught up in reliability, obviating the need for the NOC architecture. There are solutions today, like MobileIron, which can address the challenges posed by the NOC while still providing availability, confidentiality and integrity for mobile information.

See note on TCO above… The BlackBerry cloud offering is in market preview

BlackBerry’s network architecture was built with security in mind from the very beginning, long before MobileIron was even a company.

BlackBerry’s NOC and data center architecture beats

the competition in all three customer-based needs:

reliability, data security and scale. #BBFactCheck

This doesn’t even make sense… BlackBerry uses the AES-256 bit encryption for all data in-transit and at-rest. The BES10

architectureallows it to manage up to 20,000 simultaneous applications oremail sessions per server.

BES10 does this too!