05-Afaria Channels及主要功能

Afaria Channels

Sybase iAnywhere 移动商务王军 [email protected]/5/3

2 – Sybase Confidential – May 3, 2023

Afaria Channels - 01

1.Channel Administration


Afaria Channels - 02

1.Channel 的类型


功能详细介绍


Software Manager

■ Distribute and support software with minimal impact to user

■ Maintain and monitor applications, supplying missing or corrupted files

■ Compressing or segmenting applications for efficient distribution over low-bandwidth connections


Software Manager...ContinuedSeamlessly distribute, install, repair and update software

Automatically checks and updates application (if necessary) during each connection

Uses all Afaria bandwidth optimizations

Package status tracking console to view status of packages

Delivery and installation options Criteria checking on disk space, memory, OS version, other applications Support for alternate distribution locations

Win32 WM Pro WM Std Symbian iPhone RIM Java Palm

Software Manager


Inventory Manager

■ Detect device changes and notify administrator of changes

■ Ensure applications are current & compatible

■ Provide rule-based software distribution

■ Troubleshoot problems quickly and maintain high level of services


Inventory Manager...Continued

■ Plan for mobile system upgrades

■ Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status


Inventory Mgr


License Manager

■ Afaria components designed to Track installed licenses versus license purchase data License counts License expiration dates Track application usage on client machines■ Administrators can access license tracking information through Data views on the administrator console Alerts console Reports

Win32 WM Pro

WM Std

Symbian iPhone RIM Java Palm Android

License Mgr


Session Manager

■ Offers an easy-to-use graphical scripting tool that’s designed for system administrators, not programmers

■ Allows administrators to create custom task / workflow automation with point-and-click scripting interface:

Retrieves, sends, copies files

Provides conditional logic

Detects connection speed

Enables registry updates

Generates alerts and messages

Real-time business process execution


Session Manager...Continued

■ Automating data delivery and retrieval■ Pre and Post software distribution processes■ Enhancing application Self-Healing■ Enabling proactive control of devices ■ Provides information to enable better business decisions■ Maintain “desired state” system status■ Integrate with back-end applications

Win32 WM Pro WM Std Sym iPhone RIM Java Palm Android

Session Mgr


Data Security Manager—Handhelds■ Power-on password protection

Lock out after failed attempts Format and change frequency controls Disallow previously used passwords

■ Data on device encryption Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance


Data Security Manager—Handhelds...Continued

■ Custom password masks using regular expressions Administrators can build partial expression that can be combined to meet

different requirements for groups of users Test passwords against expressions in the administrative UI

■Push email Interoperability Fully interoperable with iAnywhere’s

OneBridge/Mobile Office and MS Exchange Active Sync

Receive email even when device is locked


Data Security Mgr



■ Lost or Stolen Device Lockdown■ Lockdown based in invalid credentials entry or too much time passing since last

connection ■ Administrator has multiple lockdown options:

Disable, wipe or hard reset device■ Lockdown of device based on SIM change or removal■ Password Recovery■ Admin or web portal to generate temporary

password to unlock device■ Self-service password recovery option■ Device Access Control■ Block rogue devices from accessing Microsoft

Exchange Server■ White and black list windows mobile devices■ Administrator can define policies■ Executive exception policies are allowed



■ Data at-rest encryption for PIM data and file/folder on Symbian devices

Hard reset device and/or wipe data off external card

Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded

Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time

Uses industry standard AES encryption algorithm with a 256 bit key

http://images.google.com/imgres?imgurl=http://i32.tinypic.com/2ic6yo1.jpg&imgrefurl=http://www.mygsmindia.com/vbb/showthread.php?t=14862&usg=__6daNDKDPyjF0l4AoW8eWlDV0zIw=&h=530&w=468&sz=35&hl=en&start=1&tbnid=lZE5dlbsSM6zxM:&tbnh=132&tbnw=117&prev=/images?q=symbian+s60&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.gadgetsmonkey.com/wp-content/uploads/2007/10/samsung_i550.jpg&imgrefurl=http://www.gadgetsmonkey.com/tag/symbian/&usg=__pGt9WIwz3r85Y5N42fIsVjrS4g4=&h=388&w=450&sz=21&hl=en&start=6&tbnid=j5SEhND55ps8cM:&tbnh=110&tbnw=127&prev=/images?q=symbian+s60&gbv=2&hl=en


Data Security Manager—Win32

■ Full disk encryption for laptops / desktops Ensures that all sensitive data is protected at all

times No reliance on users or applications to store

sensitive data in correct location Protects PC from brute-force insertion of malicious

code Supports compliance audits with predefined reports

and detailed logging■ Two layers of data protection Pre-boot authentication Full disk encryption Two factor authentication


Data Security Manager—Win32...Continued

■ Multiple User Support Securely allows numerous users per one

computer Allows administrators access to machines

without requiring the users credentials

■ Outstanding Reporting Reports the encryption status of all Security

Manager Clients that do not have a disk status of 100% encryption complete

Provides defensible reporting and logging for security audits

Detailed USB logging reporting


Data Security Manager—Win32...Continued

■ Removable Storage Media Support Can be deployed to a work group or require a

per user password Data may be shared at data owners discretion Fully encrypted

■ Unattended Reboot Allows patches and software updates to occur

off-peak when bandwidth is high, providing excellent time utilization

IT is not required to perform a reboot to complete the process

All security policies are updated at each

server connection


Configuration Manager

■ Automatically configures critical device settings

■ Verifies successful implementation of settings on mobile devices

■ Provides ease of administration and fast recovery of inadvertently modified settings

■ Enhances the user experience■ Policy-based■ Utilizes Microsoft’s CSP configuration

model on WM

Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android

Configuration Mgr


Configuration Manager-Configurable Elements by Operating SystemWindows Mobile

ConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control

Camera, Microphone, Bluetooth – lock down or limit to device class

InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning

Favorites, GPRS, Networks

Roaming Controls

iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings

BlackBerrySynchronizationSecurityMessagingApplications

AndroidSecurity settingsWiFi settingsConnection Pulse

SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control


Roaming Controls■ Roaming Management that detects roaming state changes and provide administrative control of device

actions while roaming

■ Provides real time protection of roaming costs

■ Supports both Symbian and Windows Mobile

■ Allows administrators several options to disable data connections based on roaming state of the device Disable all data connections • Disable Afaria scheduled or client-initiated connections when roaming

• (Outbound connections are still available) Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)

■ Real time client monitors trigger custom actions when roaming Log event - Create custom logs for roaming events Execute program – Execute a program locally Run channel – Run an Afaria worklist Run script – Execute a customized script

■ Roaming Report Detailed report containing roaming status


Windows Mobile Application Control■ Controls both embedded (ROM-based) and installed

(RAM-based) applications

■ Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications

■ Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings

■ Tamper-resistant implementation so applications cannot simply be renamed

■ Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications


灵活的应用访问控制操作系统上的应用操作系统上的设置用户安装的应用

未设置前，“内存”是可见的

“内存”不可见了( 原位于“关于”与“删除程序”之间 )


Backup Manager

■ Backup and restore mission-critical data■ Users can recover lost or corrupted data■ Backup Folders or files Schedule backup frequency Backup data store at Afaria server or file server

■ Restore is managed through centralized console■ Folders or files■ Selective or full restore


Backup Mgr


Document Manager

■ Content publish and subscription component

■ Client-side UI allows end users to subscribe to documents

■ Channel keeps all documents on client devices up to date

■ Updates leverage byte level differencing


Document Mgr


Patch Manager

■ Patch console provides views of new / missing patches Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches

■ Easy patch distribution to client machines One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not have

administrative privileges

■ Leverage Afaria bandwidth optimizations in patch channels Dynamic bandwidth throttling Segmented delivery Checkpoint restart

Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches


Patch Manager...Continued

■ Gives administrators control over patch deployment Provides visibility and discovers vulnerabilities

Target and schedule patch deployment

Automates patch management without user involvement

Assess severity level of patch and deploy accordingly


Patch Mgr


Off-Line Device Monitoring• Windows Mobile and Win32:

The capability to monitor device settings/characteristics on Windows devices and trigger connections, logging or execution of local processes when characteristics change.

• Monitor Types: Battery (WM) Memory (WM) Registry (WM)

(Eg. 1) Monitor battery level, and run executable to copy key files to external card when available battery drops below xx%.

(Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.


Off-line Monitor

Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)


Over-the-Air Client Deployment

■ Deploys client install kits remotely Over-The-Air

■ Eliminates the need for desktop sync reducing technical support time

■ Eliminates the need to pull devices back to IT for client deployment

■ URL embedded in an SMS or email message

■ Generates administrator successfully installed reports


Remote Control

■ Expand existing management capabilities

Real-time remote control capability for Windows®-based PCs and handheld devices

Interactively train end users on new applications or troubleshoot specific devices.


Remote Control


Remote Control Key Features■ Remote Control – superior quality supporting a large range of

platforms

■ Remote Management – computer management controlling services, registry, tasks, event log, shares and system state

■ File Transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer

■ Scripting – schedule file transfers and other operations

■ Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video

■ Multi Console session – allows a number of Console users to view and control the same Client desktop

■ Run Program – launch programs at the remote computerSupports WIFI or any cellular network (TCP/IP)


Remote Control Key Features...Continued■ Send Message – distribute popup messages in Rich Text Format which

allows links to e.g. web sites.

■ Request Help – contact the help desk via remote control and run an external application to auto-generate trouble tickets.

■ Security – local and centralized, Native NetOp, Directory Services and Windows-integrated.

■ Encryption – implemented according to the toughest industry standards.

■ Event logging – local, centralized, Windows-integrated and management-integrated.

■ Session recording – save the Client screen activities in a file for later replay.

■ Snapshot - save the current Client desktop image as a file.


Remote Control ClientsWin32 1. Listen for Console to initiate 2. Client initiate via Help Request

PPC/WM5/WM6WiFi / Cradle Private Net

1. Listen for Console to initiate2. Client initiate via Help Request

Internet / Carrier Net1. Client initiate via Help Request


Remote Control Webconnect

■ WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits.

■ Connect with help desk initiated connections over the internet without requiring holes in your firewall


Overview of Webconnect

GUEST

Connction Manager (Microsoft IIS)

ConnectionServer

WebConnect

Account data (Microsoft SQL)

HOST

Administration module

ConnectionRequest and location information

DMZ


Antivirus and Firewall Manager

■ Protects mobile devices against: Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting

■ Technology licensed from SMobile, leader in mobile Antivirus and Firewall software


Antivirus & Firewall

Antivirus

Firewall

*WM 5,WM 6


Antivirus and Firewall Manager...Continued

■ Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc.

■ Typical threats in the wild which are classified as: Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy… Exploiting PC syncs - Crossover/Mobler… Malware crashing devices - Skulls, Fontal… Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser…


Antivirus and Firewall Manager...Continued

■ Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device

■ Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise

■ Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone


Antivirus for Handhelds

Afaria Antivirus for Handhelds

■ Compatible with all major operating systems, including Windows Mobile and Symbian devices

■ Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time

■ Industry’s only handheld antivirus to use heuristics

■ Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience.

■ Only mobile AV focused solely on mobility, not a retrofit of a desktop solution

■ Full logging of scan and detection activity all viewable by the system administrator

■ Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.


Firewall Manager for Handhelds■ IP based firewall protection based upon black list or white list filtering,

and provides both in and outbound network packet monitoring

■ Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic

■ Enables administrator to control inbound and outbound access (either denying/blocking by “blacklisting” or approving by “whitelisting”) to sites hosted by the outside world based on IP address

Employees can be restricted to access only the corporate website or certain authorized sites Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks


Afaria Firewall Manager SMS and Call Filtering

■ Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages

■ Includes tracking logs of blocked calls and messages

■ Call Filtering and MMS/SMS filtering are separately configurable

■ Primarily used to block spam sent to devices


Optimized Communications for Frontline Conditions

■ Offline processing Minimize “expensive” online

processing over bandwidth-limited networks

■ Checkpoint restart Tolerance for in-and-out of coverage

conditions

■ Compression Proprietary algorithms reduce time

required for file transfer

■ File differencing Send only needed changes within

files (Byte Level)

■ Intelligent file updates Send only files/data that need to be

updated

■ Segmented file delivery Deliver applications, data over

multiple sessions

■ Dynamic bandwidth throttling Automatically adjusting Afaria

session requirements based on network utilization

■ Opportunistic connections Execute sessions when

communication networks are available

■ Flexible packet/window size Allows administrators to “tune”

traffic to match network conditions


Access Control for Microsoft Exchange■ Block rogue devices from synchronizing with an Exchange Server

Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010 server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure

■ Administrator specified ‘security verification policy’ Define the amount of time during which a device must have connected to Afaria server

to confirm presence of Afaria client and/or security manager on the device

■ White list devices Administrators can create a ‘white list’ of devices that should always be allowed to

synchronize with Exchange, even if they fail the ‘security verification policy’

■ Black list devices Administrators can create a ‘black list’ of devices that should never be permitted to

synchronize with Exchange, even if the fail the ‘security verification policy’

Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Andorid

Exchange Access Control


OMA CP

■ Symbian devices Can configure access points, browser configurations, MMS and email

configurations Devices pre-configured to accept OMA CP messages

■ Windows Mobile devices Can configure any CSP settings Devices must first be configured to accept OMA CP messages

Messages can be sent in conjunction with Afaria client install messages, or separately Support sending messages from both SMS modem and SMSC APIs available to create

self-service portal for device provisioning Optional PIN code requirement for additional security

OMA CPAbility to send OMA CP messages to Windows Mobile and Symbian devices in order to configure device settings prior to installing an Afaria client


OMA DM

■ Open Mobile Alliance Device Management (OMA DM) is an Open Mobile Alliance standard designed for management of small devices such as mobile phones and PDAs

■ Can be used for setting or getting device configuration and inventory, software install and activation, device customization, remote lock/wipe

■ Supports Symbian Devices N70, N80, N73, E65, E71 and E65 devices, and feature phones that support the OMA DM 1.2 standard.

■ Features Full OMA DM integration with the Afaria management console Device provisioning via Short Message Service (SMS) Variable substitution from external sources (e.g., LDAP server) DM Over-the-air application delivery, installation and activation Policy Editors to define desired settings for: Session Initiation Protocol (SIP),

Skinny Client Control Protocol (Cisco Call Connect), GPRS and WLAN access points, dual mode GPRS/VoIP, Free-form (XML) DM


Internationalization

■ Support for Afaria server, administrator and clients operating on a double-byte character set language system

■ Client support for: Windows Windows Mobile Symbian

■ Component support includes: Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)

■ Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean


Administration

■ Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface

■ Manage Afaria servers from any PC on the network, including virtualization technology

■ Secure access to the web console leveraging the NT security model

■ User access “rights” to the web console; role-based user access


Administration—Profile Based Management

■ Policy / profile based model for channel scheduling, monitors and assignments

■ Easier management of schedules and assignments

■ Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)

■ Improved security for channel execution

■ Schedules run only for assigned / applicable device


谢谢！

Documents

05-Afaria Channels及主要功能