Mobile Device Management

Central Management of Wintel Laptop Software and Hardware in a Secure Environment

Background

Desktop Systems Council Upgraded infrastructure systems increased

flexibility offered potential for more efficient managed support using fewer resources

Software Deployment Strategies Evaluation Project

Departments became vocal about their specific business needs for mobile computing

Historical Issues Including Laptops in a Managed Environment Current Managed Environment’s Deployments &

Backups Evening/Night/Weekend Schedules Application Upgrade/Patches Software Distribution (SMS &

GPO) MS Critical Updates (WSUS) Incremental backups (TSM) Systems objects for Bare Metal Restore (TSM)

Laptops Availability Software Deployments and Backups Conferences, workshops, leaves, sabbaticals, etc.

Wireless Issues Backing up and deploying software over wireless not ideal VPN Server connection contention

Project Evaluations

Hardware Requirement Application Upgrade/Patch Solutions Current

and Future Models TSM Backup Solution VPN Contention Local Administrator Password Management

DeSC Local Administrator Password Management Background LAPM System and DeSC Clients Access to LAPM Web Application Quarterly Password Update Out of Office Laptops Best Practices Guidelines

Laptop Best Practices Guidelines1) Laptop models proposed by the DeSC Hardware Sub-committee and approved by the Desktop Systems

Council are the only notebooks allowed in the DeSC environment. The Dell Latitude D610 and D620 are currently the only authorized models.

2) It is against DeSC policy for users of DeSC machines to have access to local administrator privileges on a DeSC machine

3) The laptop will be the user’s primary machine4) User would need to have slightly higher understanding of computers and be more conscientious then the

average user, willing to be responsible for and aware of their role in ensuring their laptop is available to the network for maintenance on a daily basis.

5) For large GPO updates (Dreamweaver, Photoshop, etc) SFI laptop users on a 10mps network connection will receive notification one week before, along with the rest of users of DeSC machines, and an additional reminder on the day of the evening of a push. DeSC will request that the user leave their laptop in the office plugged in so that their laptop will received the distribution during the evening hours.

6) To reduce contention for the limited VPN server connections, the Council crafted a “Best Practices Guidelines for DeSC Laptop Network Use” document for when users are at their desk. Some of these “best practices” are:i. The Ethernet cable will be utilize for network connectivity whenever the user is at their desk.ii. Port Replicator are a strongly recommended option.

7) TSM server will be restricted from accessing Dormnet wireless subnets8) A laptop account will be moved out of the DeSC environment and to the user’s department container after

thirty (30) consecutive days of not contacting the SMS server unless an exemption has been received by and approved by the DeSC Security Sub-Committee.

9) If an employee, with a laptop which has been removed from DeSC, is away and needs the local administrator password, the SCAD/DCS member should request a department LAPM DeSC password change from DeSC or OIT Software Support and after all of their DeSC machines’ local admin passwords have updated give the previous password to user.

10) A laptop joining DeSC for any reason will require a re-image with the DeSC image to maintain the integrity and security of the DeSC environment.

11) DeSC mandates a data protection solution in case of loss or theft of a laptop participating in DeSC.12) Users and departments requesting a “Laptop in DeSC” must demonstrate that the user requires access to

university applications and has a business need for mobile computing

Outstanding Issues/Evaluations Tool to automate disabling/enabling of

wireless NIC. Managing Lost or Stolen Laptops

“LoJack” service & Hard disk wipe Encryption of data on hard drive

Vendor Evaluations Data Protection and Asset Location Services Smart Card Solutions

Proposed Timeline

December 2006-March 2007 Formal Pilot for “Wintel Laptops in DeSC”

Spring 2007 Dell Latitude D620 replacement model

Late Spring 2007 DeSC Approve Windows Laptops models

inclusion in DeSC managed environment January 2008

Vista Migration commences in DeSC managed environment

Questions

Charlayne Beavers

Princeton University

cbeavers@princeton.edu

(609) 258-6034