Upload
silanca
View
237
Download
2
Embed Size (px)
Citation preview
Afaria Channels
Sybase iAnywhere 移动商务王 军 [email protected]/5/3
2 – Sybase Confidential – May 3, 2023
Afaria Channels - 01
1.Channel Administration
3 – Sybase Confidential – May 3, 2023
Afaria Channels - 02
1.Channel 的类型
4 – Sybase Confidential – May 3, 2023
功能详细介绍
5 – Sybase Confidential – May 3, 2023
Software Manager
■ Distribute and support software with minimal impact to user
■ Maintain and monitor applications, supplying missing or corrupted files
■ Compressing or segmenting applications for efficient distribution over low-bandwidth connections
6 – Sybase Confidential – May 3, 2023
Software Manager...ContinuedSeamlessly distribute, install, repair and update software
Automatically checks and updates application (if necessary) during each connection
Uses all Afaria bandwidth optimizations
Package status tracking console to view status of packages
Delivery and installation options Criteria checking on disk space, memory, OS version, other applications Support for alternate distribution locations
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Software Manager
7 – Sybase Confidential – May 3, 2023
Inventory Manager
■ Detect device changes and notify administrator of changes
■ Ensure applications are current & compatible
■ Provide rule-based software distribution
■ Troubleshoot problems quickly and maintain high level of services
8 – Sybase Confidential – May 3, 2023
Inventory Manager...Continued
■ Plan for mobile system upgrades
■ Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Inventory Mgr
9 – Sybase Confidential – May 3, 2023
License Manager
■ Afaria components designed to Track installed licenses versus license purchase data License counts License expiration dates Track application usage on client machines■ Administrators can access license tracking information through Data views on the administrator console Alerts console Reports
Win32 WM Pro
WM Std
Symbian iPhone RIM Java Palm Android
License Mgr
10 – Sybase Confidential – May 3, 2023
Session Manager
■ Offers an easy-to-use graphical scripting tool that’s designed for system administrators, not programmers
■ Allows administrators to create custom task / workflow automation with point-and-click scripting interface:
Retrieves, sends, copies files
Provides conditional logic
Detects connection speed
Enables registry updates
Generates alerts and messages
Real-time business process execution
11 – Sybase Confidential – May 3, 2023
Session Manager...Continued
■ Automating data delivery and retrieval■ Pre and Post software distribution processes■ Enhancing application Self-Healing■ Enabling proactive control of devices ■ Provides information to enable better business decisions■ Maintain “desired state” system status■ Integrate with back-end applications
Win32 WM Pro WM Std Sym iPhone RIM Java Palm Android
Session Mgr
12 – Sybase Confidential – May 3, 2023
Data Security Manager—Handhelds■ Power-on password protection
Lock out after failed attempts Format and change frequency controls Disallow previously used passwords
■ Data on device encryption Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance
13 – Sybase Confidential – May 3, 2023
Data Security Manager—Handhelds...Continued
■ Custom password masks using regular expressions Administrators can build partial expression that can be combined to meet
different requirements for groups of users Test passwords against expressions in the administrative UI
■Push email Interoperability Fully interoperable with iAnywhere’s
OneBridge/Mobile Office and MS Exchange Active Sync
Receive email even when device is locked
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Data Security Mgr
14 – Sybase Confidential – May 3, 2023
Data Security Manager—Handhelds...Continued
■ Lost or Stolen Device Lockdown■ Lockdown based in invalid credentials entry or too much time passing since last
connection ■ Administrator has multiple lockdown options:
Disable, wipe or hard reset device■ Lockdown of device based on SIM change or removal■ Password Recovery■ Admin or web portal to generate temporary
password to unlock device■ Self-service password recovery option■ Device Access Control■ Block rogue devices from accessing Microsoft
Exchange Server■ White and black list windows mobile devices■ Administrator can define policies■ Executive exception policies are allowed
15 – Sybase Confidential – May 3, 2023
Data Security Manager—Handhelds...Continued
■ Data at-rest encryption for PIM data and file/folder on Symbian devices
Hard reset device and/or wipe data off external card
Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded
Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time
Uses industry standard AES encryption algorithm with a 256 bit key
16 – Sybase Confidential – May 3, 2023
Data Security Manager—Win32
■ Full disk encryption for laptops / desktops Ensures that all sensitive data is protected at all
times No reliance on users or applications to store
sensitive data in correct location Protects PC from brute-force insertion of malicious
code Supports compliance audits with predefined reports
and detailed logging■ Two layers of data protection Pre-boot authentication Full disk encryption Two factor authentication
17 – Sybase Confidential – May 3, 2023
Data Security Manager—Win32...Continued
■ Multiple User Support Securely allows numerous users per one
computer Allows administrators access to machines
without requiring the users credentials
■ Outstanding Reporting Reports the encryption status of all Security
Manager Clients that do not have a disk status of 100% encryption complete
Provides defensible reporting and logging for security audits
Detailed USB logging reporting
18 – Sybase Confidential – May 3, 2023
Data Security Manager—Win32...Continued
■ Removable Storage Media Support Can be deployed to a work group or require a
per user password Data may be shared at data owners discretion Fully encrypted
■ Unattended Reboot Allows patches and software updates to occur
off-peak when bandwidth is high, providing excellent time utilization
IT is not required to perform a reboot to complete the process
All security policies are updated at each
server connection
19 – Sybase Confidential – May 3, 2023
Configuration Manager
■ Automatically configures critical device settings
■ Verifies successful implementation of settings on mobile devices
■ Provides ease of administration and fast recovery of inadvertently modified settings
■ Enhances the user experience■ Policy-based■ Utilizes Microsoft’s CSP configuration
model on WM
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android
Configuration Mgr
20 – Sybase Confidential – May 3, 2023
Configuration Manager-Configurable Elements by Operating SystemWindows Mobile
ConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control
Camera, Microphone, Bluetooth – lock down or limit to device class
InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning
Favorites, GPRS, Networks
Roaming Controls
iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings
BlackBerrySynchronizationSecurityMessagingApplications
AndroidSecurity settingsWiFi settingsConnection Pulse
SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control
21 – Sybase Confidential – May 3, 2023
Roaming Controls■ Roaming Management that detects roaming state changes and provide administrative control of device
actions while roaming
■ Provides real time protection of roaming costs
■ Supports both Symbian and Windows Mobile
■ Allows administrators several options to disable data connections based on roaming state of the device Disable all data connections • Disable Afaria scheduled or client-initiated connections when roaming
• (Outbound connections are still available) Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)
■ Real time client monitors trigger custom actions when roaming Log event - Create custom logs for roaming events Execute program – Execute a program locally Run channel – Run an Afaria worklist Run script – Execute a customized script
■ Roaming Report Detailed report containing roaming status
22 – Sybase Confidential – May 3, 2023
Windows Mobile Application Control■ Controls both embedded (ROM-based) and installed
(RAM-based) applications
■ Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications
■ Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings
■ Tamper-resistant implementation so applications cannot simply be renamed
■ Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications
23 – Sybase Confidential – May 3, 2023
灵活的应用访问控制 操作系统上的应用 操作系统上的设置 用户安装的应用
未设置前,“内存”是可见的
“内存”不可见了( 原位于“关于”与“删除程序”之间 )
24 – Sybase Confidential – May 3, 2023
Backup Manager
■ Backup and restore mission-critical data■ Users can recover lost or corrupted data■ Backup Folders or files Schedule backup frequency Backup data store at Afaria server or file server
■ Restore is managed through centralized console■ Folders or files■ Selective or full restore
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Backup Mgr
25 – Sybase Confidential – May 3, 2023
Document Manager
■ Content publish and subscription component
■ Client-side UI allows end users to subscribe to documents
■ Channel keeps all documents on client devices up to date
■ Updates leverage byte level differencing
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Document Mgr
26 – Sybase Confidential – May 3, 2023
Patch Manager
■ Patch console provides views of new / missing patches Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches
■ Easy patch distribution to client machines One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not have
administrative privileges
■ Leverage Afaria bandwidth optimizations in patch channels Dynamic bandwidth throttling Segmented delivery Checkpoint restart
Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches
27 – Sybase Confidential – May 3, 2023
Patch Manager...Continued
■ Gives administrators control over patch deployment Provides visibility and discovers vulnerabilities
Target and schedule patch deployment
Automates patch management without user involvement
Assess severity level of patch and deploy accordingly
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Patch Mgr
28 – Sybase Confidential – May 3, 2023
Off-Line Device Monitoring• Windows Mobile and Win32:
The capability to monitor device settings/characteristics on Windows devices and trigger connections, logging or execution of local processes when characteristics change.
• Monitor Types: Battery (WM) Memory (WM) Registry (WM)
(Eg. 1) Monitor battery level, and run executable to copy key files to external card when available battery drops below xx%.
(Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Off-line Monitor
Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)
29 – Sybase Confidential – May 3, 2023
Over-the-Air Client Deployment
■ Deploys client install kits remotely Over-The-Air
■ Eliminates the need for desktop sync reducing technical support time
■ Eliminates the need to pull devices back to IT for client deployment
■ URL embedded in an SMS or email message
■ Generates administrator successfully installed reports
30 – Sybase Confidential – May 3, 2023
Remote Control
■ Expand existing management capabilities
Real-time remote control capability for Windows®-based PCs and handheld devices
Interactively train end users on new applications or troubleshoot specific devices.
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Remote Control
31 – Sybase Confidential – May 3, 2023
Remote Control Key Features■ Remote Control – superior quality supporting a large range of
platforms
■ Remote Management – computer management controlling services, registry, tasks, event log, shares and system state
■ File Transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer
■ Scripting – schedule file transfers and other operations
■ Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video
■ Multi Console session – allows a number of Console users to view and control the same Client desktop
■ Run Program – launch programs at the remote computerSupports WIFI or any cellular network (TCP/IP)
32 – Sybase Confidential – May 3, 2023
Remote Control Key Features...Continued■ Send Message – distribute popup messages in Rich Text Format which
allows links to e.g. web sites.
■ Request Help – contact the help desk via remote control and run an external application to auto-generate trouble tickets.
■ Security – local and centralized, Native NetOp, Directory Services and Windows-integrated.
■ Encryption – implemented according to the toughest industry standards.
■ Event logging – local, centralized, Windows-integrated and management-integrated.
■ Session recording – save the Client screen activities in a file for later replay.
■ Snapshot - save the current Client desktop image as a file.
33 – Sybase Confidential – May 3, 2023
Remote Control ClientsWin32 1. Listen for Console to initiate 2. Client initiate via Help Request
PPC/WM5/WM6WiFi / Cradle Private Net
1. Listen for Console to initiate2. Client initiate via Help Request
Internet / Carrier Net1. Client initiate via Help Request
34 – Sybase Confidential – May 3, 2023
Remote Control Webconnect
■ WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits.
■ Connect with help desk initiated connections over the internet without requiring holes in your firewall
35 – Sybase Confidential – May 3, 2023
Overview of Webconnect
GUEST
Connction Manager (Microsoft IIS)
ConnectionServer
WebConnect
Account data (Microsoft SQL)
HOST
Administration module
ConnectionRequest and location information
DMZ
36 – Sybase Confidential – May 3, 2023
Antivirus and Firewall Manager
■ Protects mobile devices against: Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting
■ Technology licensed from SMobile, leader in mobile Antivirus and Firewall software
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Antivirus & Firewall
Antivirus
Firewall
*WM 5,WM 6
37 – Sybase Confidential – May 3, 2023
Antivirus and Firewall Manager...Continued
■ Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc.
■ Typical threats in the wild which are classified as: Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy… Exploiting PC syncs - Crossover/Mobler… Malware crashing devices - Skulls, Fontal… Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser…
38 – Sybase Confidential – May 3, 2023
Antivirus and Firewall Manager...Continued
■ Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device
■ Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise
■ Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone
39 – Sybase Confidential – May 3, 2023
Antivirus for Handhelds
Afaria Antivirus for Handhelds
■ Compatible with all major operating systems, including Windows Mobile and Symbian devices
■ Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time
■ Industry’s only handheld antivirus to use heuristics
■ Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience.
■ Only mobile AV focused solely on mobility, not a retrofit of a desktop solution
■ Full logging of scan and detection activity all viewable by the system administrator
■ Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.
40 – Sybase Confidential – May 3, 2023
Firewall Manager for Handhelds■ IP based firewall protection based upon black list or white list filtering,
and provides both in and outbound network packet monitoring
■ Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic
■ Enables administrator to control inbound and outbound access (either denying/blocking by “blacklisting” or approving by “whitelisting”) to sites hosted by the outside world based on IP address
Employees can be restricted to access only the corporate website or certain authorized sites Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks
41 – Sybase Confidential – May 3, 2023
Afaria Firewall Manager SMS and Call Filtering
■ Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages
■ Includes tracking logs of blocked calls and messages
■ Call Filtering and MMS/SMS filtering are separately configurable
■ Primarily used to block spam sent to devices
42 – Sybase Confidential – May 3, 2023
Optimized Communications for Frontline Conditions
■ Offline processing Minimize “expensive” online
processing over bandwidth-limited networks
■ Checkpoint restart Tolerance for in-and-out of coverage
conditions
■ Compression Proprietary algorithms reduce time
required for file transfer
■ File differencing Send only needed changes within
files (Byte Level)
■ Intelligent file updates Send only files/data that need to be
updated
■ Segmented file delivery Deliver applications, data over
multiple sessions
■ Dynamic bandwidth throttling Automatically adjusting Afaria
session requirements based on network utilization
■ Opportunistic connections Execute sessions when
communication networks are available
■ Flexible packet/window size Allows administrators to “tune”
traffic to match network conditions
43 – Sybase Confidential – May 3, 2023
Access Control for Microsoft Exchange■ Block rogue devices from synchronizing with an Exchange Server
Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010 server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure
■ Administrator specified ‘security verification policy’ Define the amount of time during which a device must have connected to Afaria server
to confirm presence of Afaria client and/or security manager on the device
■ White list devices Administrators can create a ‘white list’ of devices that should always be allowed to
synchronize with Exchange, even if they fail the ‘security verification policy’
■ Black list devices Administrators can create a ‘black list’ of devices that should never be permitted to
synchronize with Exchange, even if the fail the ‘security verification policy’
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Andorid
Exchange Access Control
44 – Sybase Confidential – May 3, 2023
OMA CP
■ Symbian devices Can configure access points, browser configurations, MMS and email
configurations Devices pre-configured to accept OMA CP messages
■ Windows Mobile devices Can configure any CSP settings Devices must first be configured to accept OMA CP messages
Messages can be sent in conjunction with Afaria client install messages, or separately Support sending messages from both SMS modem and SMSC APIs available to create
self-service portal for device provisioning Optional PIN code requirement for additional security
OMA CPAbility to send OMA CP messages to Windows Mobile and Symbian devices in order to configure device settings prior to installing an Afaria client
45 – Sybase Confidential – May 3, 2023
OMA DM
■ Open Mobile Alliance Device Management (OMA DM) is an Open Mobile Alliance standard designed for management of small devices such as mobile phones and PDAs
■ Can be used for setting or getting device configuration and inventory, software install and activation, device customization, remote lock/wipe
■ Supports Symbian Devices N70, N80, N73, E65, E71 and E65 devices, and feature phones that support the OMA DM 1.2 standard.
■ Features Full OMA DM integration with the Afaria management console Device provisioning via Short Message Service (SMS) Variable substitution from external sources (e.g., LDAP server) DM Over-the-air application delivery, installation and activation Policy Editors to define desired settings for: Session Initiation Protocol (SIP),
Skinny Client Control Protocol (Cisco Call Connect), GPRS and WLAN access points, dual mode GPRS/VoIP, Free-form (XML) DM
46 – Sybase Confidential – May 3, 2023
Internationalization
■ Support for Afaria server, administrator and clients operating on a double-byte character set language system
■ Client support for: Windows Windows Mobile Symbian
■ Component support includes: Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)
■ Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean
47 – Sybase Confidential – May 3, 2023
Administration
■ Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface
■ Manage Afaria servers from any PC on the network, including virtualization technology
■ Secure access to the web console leveraging the NT security model
■ User access “rights” to the web console; role-based user access
48 – Sybase Confidential – May 3, 2023
Administration—Profile Based Management
■ Policy / profile based model for channel scheduling, monitors and assignments
■ Easier management of schedules and assignments
■ Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)
■ Improved security for channel execution
■ Schedules run only for assigned / applicable device
49 – Sybase Confidential – May 3, 2023
谢谢!