Friendly TR-069 Device Management Solution Cloud Version
January 2016
Start
The IoT & Device Management Company
Smart Home Open Platform
Internet of Things/M2M Management
Device Management for Fixed & Mobile
Friendly Technologies Mission
www.friendly-tech.com2
Friendly Technologies is a leading provider of carrier-class device management software for IoT/M2M, Smart Home and Triple Play services. Our best-of-breed approach enables service providers to avoid device dependency and manage multiple types of devices on a single platform. Friendly’s platform enables customers to automatically connect and provision new devices, monitor QoE, configure and update firmware remotely, and streamline their support services, while its server and cloud-based solutions offer analytical insights to service providers.
Partial List of Our Customers
wwww.friendly-tech.com3
Friendly Technologies at a Glance
www.friendly-tech.com4
Software solution developer, serving Carrier and xSP market since 1997
The most installed Unified Device Management solution in the world
Focused on Device Management since 2006
Strong global network of local channels, distributors and system integrators acting as local partners
Member of Broadband Forum and Open Mobile Alliance
Offices in Israel, USA, Colombia and Ukraine
Friendly Technologies at a Glance
Friendly Technologies is a winner ofFrost & Sullivan’s 2015 Best Practices Award
for the Best Customer Value in Unified Device & Smart Home Management
Friendly Technologies Line of Products
www.friendly-tech.com6
Device ManagementTR-069, OMA-DM & SNMP device management to streamline the support of Data, VoIP and IPTV services.
Smart Home ManagementOpen platform for full Smart Home management. The solution includes management server and white label Smart Home mobile app for increased ARPU.
Internet of ThingsFriendly's Internet of Things/M2M product line is a white-label device management platform for Utilities, Health Care, Industrial M2M, Transportation & Smart City verticals. Friendly offers both management server and embedded clients.
4G LTE & WiMAX Device Management
TR-069 and OMA-DM device management to accelerate the deployment and support of fixed and mobile devices for the LTE world.
QoE MonitoringAdvanced QoE monitoring and analysis of Data, VoIP & IPTV services from the subscriber’s end.
OMA-DM Mobile Device Management
OMA-DM based mobile device management targeted to xSPs and enterprise for managing and supporting mobile devices including BYOD. The solution includes also an OMA-DM client for the BYOD market.
The Solution
www.friendly-tech.com7
Multi-Tenant Hosted / Cloud ACS solution Robust and scalable at all modules and features level Modularity and easy per -tenant adaptations and management Separation of management / monitoring and provisioning tasks Separation and easy adaptation of tenant Northbound API towards back
office applications
Friendly’s Multi-Tenant HLD Architecture
www.friendly-tech.com8
NBI/API
Admin Console
Self-SupportPortal
QoE Monitoring.
Support Center
ProvisioningPortal
Events Managt..
Friendly’s Multi-Tenant SaaS ACS
Tenant1.com
Tenant2.org
ISP “South.net”
OSS/BSS
TR-69/OMA-DM Devices
OSS/BSS
OSS/BSS
TR-69/OMA-DM Devices
TR-69/OMA-DM Devices
Friendly Technologies Architecture
www.friendly-tech.com9
ISP/Tenant A ISP/Tenant B RG/IAD / Routers /STB/IP Phones/ Smart
Phones/ Femto / MiFi / USB Dongle /
M2M/ Android Devices
RG/IAD / Routers /STB/IP Phones/ Smart
Phones/ Femto / MiFi / USB Dongle /
M2M/ Android DevicesEach tenant has a full-featured portfolio with a total separation
Association Methods
www.friendly-tech.com10
Association via Device ACS username
Association via Domain suffix towards “location” user info field at ACS Database can be performed VIA API calls
Secured isolation between Domains
Multi-level operator’s rights within each tenant
Device-to-tenant & Device-to-operator
Individual User Adaption of Views
www.friendly-tech.com11
In Call Center Portal
Per-tenant & per- username
and level display settings
Adaptation of information element box
location, contents and
technical depth
Individual Tenant & User Level
www.friendly-tech.com12
Activity and Log Action Reports
ACS Security Aspects
www.friendly-tech.com13
The Broadband Forum designed the TR-069 security model to provide a high degree of security in the interactions that use it.
The CPE WAN Management Protocol is designed to prevent tampering with the transactions that take place between a CPE and ACS, provide confidentiality for these transactions, and allow various levels of authentication.
The protocol includes additional security mechanisms associated with the optional Signed Voucher mechanism and the Signed Package Format, described in Annex C and Annex E, respectively.
General
Security Highlights of ACS Transactions
www.friendly-tech.com14
WAN- Internet or ISP VPN
domain
HTT
P/
HTT
PS
HTT
P
TR-069 Device
TR-069 Device
ACS Server
SSL Offload Device (recommended)
If the ACS URL has been specified as an HTTPS
URL, the CPE MUST establish connections to the ACS using SSL/TLS
Support for CPE authentication using
client-side certificate is OPTIONAL for both the
CPE and ACS. Such client-side certificate MUST be signed by an
appropriate chain
The “host” portion of the ACS URL is used by the CPE for validating the
certificate from the ACS when using certificate-based authentication
https://acs.friendly-tech.com:8080/ftacs-
digest/ACS
https://acs.friendly-tech.com:8080/ftacs-basic/
ACS
https://acs.friendly-tech.com:8080/ftacs-
digest/ACS
ACS to Southbound and Northbound Security
www.friendly-tech.com15
WAN- Internet or ISP VPN
domainTR-069 Device
HTTP/HTTPS security + specific URL
domain + SSL/TLS options and
additional certificate security options
Secured firewalled (application and ports ACL) and user privileged
activity lists
OSS/BSS/CRM and
web servers
Admins/CSR users
Authentication of ACS devices + ACS server
side certificate options/white-black list filters
ACS ServerWAN corporate firewall-specific
domain/protocol/ port protection
External storage devices
Friendly’s Extensive Security Measures
www.friendly-tech.com16
Friendly has introduced the following additional security enhancements to cover the main vulnerabilities stated bellow. These are explained in more detail in “Friendly’s TR69 security aspects” document.
SECURITY ZONES ACS WS authentication NBI WS obscured DB connection details encrypted Users Management Path Traversal Vulnerability
Cross Site Scripting Vulnerability Unprotected Management Interface
Vulnerability Insecure HTTP Methods
Vulnerability Insufficient Anti-Automation
Vulnerability Information Leak Vulnerability
Why Us?
www.friendly-tech.com17
Software solution developer, serving Carrier and xSP market since 1997
The most installed Unified Device Management Solution in the world
Carrier-class, scalable solution to manage millions of devices Feature-rich solution to support Any Device on Any Network
over Any Protocol Unique “Smart Layer” Technology - automated integration
and management of any types of devices without a need for manual intervention.
Fastest and easiest installation and deployment –minimum professional services required
We Are Friendly! Friendly to deploy, integrate, use (Friendly GUI) and receive professional support from
Our Call Center Portal is known to be the #1 solution in the world for dramatic reduction of operational costs ( up to 70%).
QUESTIONS TIME!
Thank You for Your Time!
Start
The IoT & Device Management Company
Smart Home Open Platform
Internet of Things/M2M Management
Device Management for Fixed & Mobile
Top Related