View
216
Download
0
Category
Tags:
Preview:
Citation preview
Use this title slide only with an image
SAP Mobile Secure Rapid Deployment Solution
Version 2, September 2014 Customer
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 2Customer
SAP Mobile Secure rapid-deployment solutionContents
Solution at a glance
Solution in detail Mobile Device and App Management – Afaria Analytics for Mobile Device & App
Management – SAP Lumira™ Content Mobile App Security – SAP Mobile App
Protection by Mocana Mobile Content Management – SAP Mobile
Documents
Package deployment
Software products and system landscape
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 3Customer
Ready to run, a solution with fixed scope, predefined services at a predictable price with the flexibility for future extension.
At-a-Glance: SAP Mobile Secure rapid-deployment solution
Consumer-grade mobile experience with compliant, multi-layered enterprise-grade security in 3 weeks!
Business Requirement Solution
What is my pain?Enabling employees to access corporate email, calendar, files and enterprise apps on mobile devices Establishing and enforcing safety and compliance of corporate devices, content, and dataUser convenience, adoption, and collaboration Cost of scaling enterprise-grade, secure mobility to employees and ecosystemCost of EMM deployment and efficient operating
Solution descriptionSecure, multi-layered protection of mobile device and app connections to corporate network, email, office functions, and digital content Remote device monitoring, managing, and remediation Regulation-compliant, self-enforcing security and privacy policies User self-services to enroll and manage devices Prescriptive guides with best practices to install and run entire Mobile Secure portfolio Consultants of SAP and its ecosystem trained and qualified to implement the software at predictable costs and provide for knowledge transfer to IT team
What are my needs?Protecting the enterprise network, corporate data, Addressing privacy concerns of employeesSupport the lines of business in deploying apps that give staff, managers, temp workers, contractors, and consumers easy, consumer-grade access to mobile enterprise applications Quick and simple go live with Enterprise Mobility Management for iOS, Android, and Windows Phone devices, and the data and apps that run on them
In scopeDeployment of Afaria 7 SP5 for mobile device and app management on premise for production in mid-sized landscape with two device types in 3 weeks, or in server farm with high availability and three device types and Lumira analytics in 5 weeksDeployment of SAP Mobile App Protection 3.0 on premise for production with three device types in 2 weeksDeployment of SAP Mobile Documents for mobile content management on premise for evaluation or production in 2 weeks Knowledge transfer of best practices to IT administrators Learn more
Overview
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 5Customer
Business challenges There is a solution
Live in 3 Weeks with Mobile Enterprise Management on Premise
Employees need to access corporate email, calendar, files and enterprise apps on mobile devices
Temp workers, contractors, suppliers, and customers may need apps with secure and compliant access to selected corporate data
Prerequisite for productivity gains from a mobile workforce is broad user adoption, which requires consumer-grade user experience while enforcing enterprise-grade security
Scaling enterprise-grade, secure mobility to employees and ecosystem at constant or decreasing costs
Deploying and operating EMM reliably at predictable, low costs
Secure, multi-layered protection of mobile device and app connections to corporate network, email, office functions, and digital content
Remote device monitoring, managing, and remediation
Regulation-compliant, self-enforcing security and privacy policies
User self-services to enroll and manage devices Prescriptive guides with best practices to install and
run the entire Mobile Secure portfolio Consultants of SAP and its ecosystem trained and
qualified to implement the software and provide for knowledge transfer to IT team
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 6Customer
Business scope
Device
Mobile Device Management
Application
Mobile Application Management
Mobile App Security
Content
Mobile Content Management
Enterprise Mobility Management System
SAP Mobile Secure rapid-deployment solution
On-Premise Hybrid
Analytics for Mobile Device and App Management
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 7Customer
Business benefits Measurable success
Benefits for you
Defined scope and rapid deployment methodology reduce your deployment and investment risk
Thorough tests ensure your solution is properly installed and configured
Proven best practices reduce your cost of operations Extensive knowledge transfer enables you to
thoroughly monitor compliance and to implement sound yet unobtrusive security policies to delight mobile users
Your corporate network and data remain protected while your user base can scale and become more productive
Deployment project in time and in budget Reduced project times compared to conventional
project methods free budget Auditable compliance of mobilized enterprise Productivity gains through mobilized staff, and
ecosystem Scalable to hundred thousands of mobile users for
Afaria and SAP Mobile Documents Self-enforcing policies on apps wrapped with Mobile
App Protection scale theoretically limitless
Solution in Detail
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 9Customer
Mobile Device and App Management - AfariaScope and benefits
For deployments to go live* on premise the package content includes:Requirements Checklist - outlines all the technical and organizational prerequisites that need to be addressed before deploying Afaria System Setup - provides step-by-step guidance on how to install and configure the Afaria platform componentsBusiness Process Configuration and Test - describes the configuration steps for the device management lifecycle such as Device Provisioning, Device Configuration, Application Onboarding, Asset Tracking, Operation and Monitoring, to Decommissioning of Devices. Validates with prepared test scenarios that the Afaria system is working correctly.
Benefits
Reduces overall deployment and investment riskEnsures that solution is properly installed and configuredEnables customers to focus on operations instead of installationProvides for operational best practices Enables end-users to enroll and manage their devices
*) Trials for evaluation available at sapmobilesecure.com
Within 3-5 weeks, SAP Services implement the scope of this item for production* purposes
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 10Customer
Key functionality
Mobile Device and App Management - AfariaIn the system
Afaria manages mobile devices throughout their lifecycle in the enterprise and apps that run on them
Install and configure Afaria platform
Onboard and secure mobile devices - corporate furnished or employee-provisioned (BYOD)
Monitor and enforce device and app compliance
Block, wipe and decommission devices
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 11Customer
Analytics for Mobile Device and App Management – Lumira ContentScope and benefits
With Lumira's powerful visualizations in real time IT administrators gain valuable insights about managed devices and their compliance for immediate response. Analytics for Mobile Device and App Management targets Afaria customers who have invested in SAP Analytics infrastructure and wish to leverage the pre-configured reporting content of this RDS.
Package content: Configuration Guide - provides instructions to import pre-configured reporting content into LumiraProcess Diagram and Test Script - contain procedures to share reports securely in the cloud for consumption on any device; analyze device compliance with selected pre-configured reports.
Leverages your prior investments in SAP Lumira Server and SAP HANA, or Lumira Cloud, or SAP BusinessObjects BI Server
Instantly visualizes compliance violations with pre-configured reports that fit any device
Expands your mobile analytics use cases to Afaria device and application management
Within 2 weeks, SAP Services implement the scope of this item for evaluation or production purposes
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 12Customer
Key functionality
Analytics for Mobile Device and App Management – Lumira ContentIn the system
Lumira visualizes compliance and business data of mobile devices managed with Afaria throughout their lifecycle in the enterprise and of the apps that run on them
Configure Lumira Server for Afaria reporting
Import pre-configured reports Share reports with selected users Analyze compliance of devices on
any device
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 13Customer
Mobile App Security – SAP Mobile App Protection by MocanaScope and benefits
IT administrators can safely extend the reach of their organization's mobile apps to users beyond the enterprise, like contractors, suppliers, temp workers, or consumers.
Package content :Configuration Guide - provides instructions to install and configure SAP Mobile App Protection by Mocana on premise, as well as app-protecting policiesProcess Diagram and Test Script - contain procedures to upload apps, wrap apps with security policies, and distribute apps.
Wraps 14 comprehensive access and data security policies into native and web apps on iOS and Android mobile applications
App-based security in seconds Accelerates deployments by separating app security
from application development Secure Mobile Web Browser with single sign-on
capabilities Adds layers of security to internal enterprise apps
where regulations like HIPAA or corporate policies require specific means of protection, e.g. encryption of data at rest and in transit for compliance with FIPS 140-2, app-specific passcodes, EULA and time frame for app use, e.g. for temp workers
Within 2 weeks, SAP Services implement the scope of this item for production* purposes
*) Trial for evaluation available at sapmobilesecure.com
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 14Customer
Key functionality
Mobile App Security – SAP Mobile App Protection by MocanaIn the system
Mobile App Protection configures and applies security policies for mobile apps on devices managed by MDM like Afaria, for additional layers of protection, or on unmanaged devices, to enforce similar policies. Wrapped apps can be deployed with MDM or Mocana catalog
Setting up Mobile App Protection Using the MAP console Applying MAP policies and uploading
apps Deploying Apps with Mocana App
Catalog Deploying Apps with MDM like Afaria
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 15Customer
Mobile Content Management – SAP Mobile DocumentsScope and benefits
With SAP Mobile Documents business users can securely share files, view documents, and present and collaborate on corporate content.
Package content:Configuration Guide - provides instructions to install and configure the SAP Mobile Documents add-on for SAP NetWeaver Java on premise, including roles, destinations, and repositories for user content, corporate content, and shared contentProcess Diagram and Test Script - contain procedures to onboard users, access content, and securely share content.
Allows users to securely access and share enterprise content online, and on the go, or access offline from any device
Integrates with open industry standard CMIS supporting content and knowledge management systems, such as SAP Knowledge Management, Microsoft SharePoint, OpenText, Alfresco, IBM
Leverages prior investments in SAP NetWeaver Portal, and CMIS-standard supporting CMS
Reduces business risks, ensures compliance, and increases employee productivity
Ensures that solution is properly installed and configured
Within 2 weeks, SAP Services implement the scope of this item for evaluation or production purposes
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 16Customer
Key functionality
Mobile Content Management – SAP Mobile DocumentsIn the system
Mobile Documents empowers users to access their business content on any device, and securely share it with collaborators within the enterprise and with business partners
IT AdminOnboard users on various device platforms
UserAccess corporate contentShare content securely
Package Deployment
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 18Customer
What’s included – Service scope
Partner’s scope of service may vary.
SAP Mobile Secure rapid-deployment solution – Service Scope
Kickoff workshop to – define requirements, – set up the project, – establish expectations
Knowledge transfer Go live support
Service
Software
Enablement
Content
RAPID DEPLOYMENT
SOLUTIONS
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 19Customer
What does SAP deliver? What do you have to do?
Partner’s scope of service may vary.
Service scopeKey deliverables
Installation check Support for Customer Selection of Options Activation of Solution and Options Confirm Activation Key User Training Assistance for Testing Assistance for Switch to Production Assistance for Go Live Support
Provide the IT infrastructure (servers) Install SAP Business Objects (if needed) Install the SAP NetWeaver Portal (if needed) Provide fixed contact people in the business and IT
departments Document Customer Options Attend Key User Training Provide Technology support Execute User Acceptance Testing Conduct end-user training Switch Solution to Production Go Live Support
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 20Customer
Integration points in scope
Integration point
From Product/ Solution
To Product/ Solution Description
Short description of integration point
From SAP product that integrates
To SAP product that integrates
Longer description of scope of integration perhaps covering business objects or data
Deployment of SAP Mobile Documents clients with MDM
SAP Mobile Documents Afaria Afaria can be used to pre-configure corporate access points. When users download client apps from the built-in Afaria app store these apps are automatically connected to the corporate network. The app “just works”.
Lumira visualization for Afaria reporting
Afaria Lumira (Server or Cloud or BI) (& MOBI)
7 pre-configured reports on devices and apps managed by Afaria, visualized with Lumira, and accessed on desktop or on mobile devices, via Lumira Cloud, Lumira Server, or via SAP BusinessObjects BI.
Wrapping of SAP BusinessObjects Mobile BI clients for iOS or Android with app-specific security and distribution with Afaria
SAP BusinessObjects Mobile BI
SAP Mobile App Protection by Mocana & Afaria
MOBI clients can be security wrapped using Mobile App Protection for elevated compliance needs. Users can download wrapped client apps from the built-in Afaria app store.
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 21Customer
Partner’s scope of service may vary.
A service scope option is a combination of scope that can be removed to reduce the service price of the rapid-deployment solution.
Service scope options
Service scope options Required Scope items / Functionality delivered
Option 1MandatoryOptionalOptional
Mobile Device and App Management – Afaria Customer-branded iOS client Reporting for Mobile Device and App Management – Lumira
Option 2n/a Mobile App Security – SAP Mobile App Protection
Option 3n/a Mobile Content Management – SAP Mobile Documents
Option 4 n/a Clinic: Mobile Security Fundamentals
The four service scope options are optional to one another. Within service scope option 2-4, “all or nothing” applies
Software Products and System Landscape
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 23Customer
Which software is used? 1/2
Product Product Version Component Comments
SAP Afaria Device and mobile App Management
SAP Afaria 7 SP5 Afaria Server
Afaria API Service
Afaria Administrator
Enrollment Server
Package Server
End User Self-Service Portal
iAnywhere SQL Anywhere Database
iAnywhere SQL Anywhere 12
Not Applicable Supported database for SAP Afaria
Microsoft SQL Server Database
One of the following:
2008 R2 Enterprise Edition
2008 R2 Standard Edition
2008 R2 Datacenter Edition
2008 SP1 Enterprise Edition
2008 SP1 Standard Edition
Not Applicable Supported database for SAP Afaria
Product Product Version Component Comments
SAP Lumira™ 1.18 for reporting on devices and apps managed with Afaria
One of the following 64-bit operating systems
Windows 7 SP1
Windows Server 2008 R2 SP1
Windows 8 / Windows 8.1
Windows Server 2012 / Windows Server 2012 R2
Free but required component to adapt reports in customer landscape. Manual data import and publication
One of the following to publish dataset
SAP Lumira™ Server 1.18, and
SAP HANA, SP08 Revision 81
Lumira Server 1.18 also requires SAL AFL Rev.81, Patch Level 2; allows for automated near real-time updates between Afaria SQL and HANA.
SAP Lumira™ Cloud
SAP BusinessObjects BI 4.0 SP7 / SP8 / SP9
SAP BusinessObjects BI 4.1 SP1 / SP2 / SP3 / SP4
For consumption on mobile device
SAP BusinessObjects Mobile (a.k.a. MOBI)
Content published with SAP Lumira via Server, Cloud or BI channel can be consumed through SAP BusinessObjects Mobile on the iPad 3 and above
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 24Customer
Which software is used? 2/2
Product Product Version Component Comments
SAP Mobile App Protection
SAP Mobile App Protection 3.0
JAVA 1.6.0
MySQL 5.5 EPEL MAP Database Server
Ruby 1.8.7 Ruby Version Manager
SQLite N/A
Bundler N/A
Phusion Passenger
Tomcat Tomcat6 MAP Web Server
Product Product Version Component Comments
SAP Mobile Documents
MCM 1.0 SP2 N/A SAP Mobile Documents add-on for SAP NetWeaver AS Java
SAP NetWeaver One of the following:
7.3 SPS 09
7.3 EhP1 SPS 05
7.4
Application Server JAVA
NW Product Description
Application Server Java Extensions
EP Core
Enterprise Portal
Note: You will find pretty good documentation on implementing SAP Mobile Documents on the SAP Community network, at scn.sap.com/community/mobile-documents.
Recommendation: SAP NetWeaver 7.4 is available for trial or full production use on the SAP Cloud Appliance library (CAL) at cal.sap.com. Use the SAP Enterprise Portal 7.4 on SAP Max DB on CAL for an easy start with implementing SAP Mobile Documents.
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 25Customer
System Landscape – Afaria On Premise Standalone
Database
Afaria Server and subcomponents
Relay Server
Apple APNS Ports 2195, 2196
Google GCM Ports 5228-5230
TinyURL; Google URL Shortener
Microsoft CA Server
80,443
DMZ Private Internet
RSOE80, 81,443
Firewall, Reverse Proxy
EUSSP
80,443
• Apple APNS
• Google GCN
• TinyURL
• Google URL Shortener
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 26Customer
80,443
System Landscape – Afaria On Premise Server Farm, HA
Database(MSCS)
EUSSP Servers
Afaria Master Server and Subcomponents
Relay ServersLoad Balancer
Load Balancer or Reverse Proxy (recommended for High Availability)
TinyURL; Google URL Shortener
Microsoft CA Server
80,443
• Apple APNS
• Google GCN
• TinyURL
• Google URL Shortener
DMZ PrivateInternet
80,443
RSOE80, 81,443
Afaria Replication Server and
Subcomponents
RSOE80, 81, 443
Apple APNS Ports 2195, 2196
Google GCM Ports 5228-5230
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 27Customer
Afaria with Lumira (deployment options, simplified view)
Database
Afaria Server and subcomponents
Relay Server
Microsoft CA Server
80,443
DMZ Private Internet
RSOE80, 81,443
Firewall, Reverse Proxy
EUSSP
80,443
Lumira Desktop
Lumira Cloud
Lumira Server
SAP Business Objects BI Server
Publish reportsImport query from Afaria‘s SQL DB manually
XOR
XOR
Automatically update SAP HANA DB from Afaria‘s SQL DB
XOR
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 28Customer
System Landscape – SAP Mobile Documents
SAP Mobile Documents Server
Firewall, Reverse Proxy
SAP NetWeaver Cloud (optional for shared documents)
<SAP NetWeaver Portal Port>
DMZ Private Internet
Backend Servers (SAP Knowledge
Management, Microsoft SharePoint, other CMIS
CMS
SAP NetWeaver Cloud Server
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 29Customer
System Landscape – SAP Mobile App Protection by Mocana
SAP MAP Server and subcomponents
Reverse Proxy, Firewall
80,443
DMZ Private Internet
Note: Only if application is distributed via SAP MAP Server otherwise no
external inbound connection is required to SAP MAP Server iOS Signing Server
(for iOS application wrapping
SAP Rapid-Deployment solutionsThe fastest way to run your business better
© 2014 SAP SE or an SAP affiliate company. All rights reserved.
Recommended