WSO2 Enterprise Mobility Manager (EMM) 2.0
Dilshan Edirisuriya Senior Software Engineer WSO2
Agenda
• Enterprise Mobile Device Management Overview • Key Challenges Faced by Organizations • Need for Mobile Device Management • EMM Architecture and Features • CDMF Architecture and Features • Demo • Platform Features
Enterprise Few Years Back
Employees
Enterprise
Data
Device
Work• Carried out inside a place • Dependent on specific technology • Resources Within the premise Owned by enterprise
Device
Enterprise Now
Enterprise
Device
DataWork• Independent of place • Independent of technology • Resources Within the premise and outside Owned by enterprise and employees
Data
Employees
Challenges
Enterprise
Data
Employees
Device
Data
Employees working out of the office with mobile devices and cloud services to perform business tasks.
Challenge - Data Security
How data can be compromised ? Device being lost or stolen Malicious applications stealing data Data leaks
What is data ? Email message or the attachments Documents like pdf, word, excel, ppt, text files Browser accessing HTML pages with cookies Contacts, calendars and notes Application with databases
Why data is sensitive ? It can be highly confidential like quotation value, salary details etc. It can have a high impact if it goes to the wrong person
Who can compromise ? External Internal
Challenge - Monitor Devices
• What to monitor (location, root check, malicious apps, bandwidth usage etc.)?
• To what extent? • A threat to employee privacy?
Challenge - Enterprise Application Development & Management
Challenge - Legacy Back End System Integrations
• Legacy backends are not mobile friendly. • Adheres to older protocols and standards. • Only compatible with older mobile technologies.
Eg: MIDlets.
Why EMM?
Applications
Documents Emails
Browsers Devices
Enterprise
Data
Employees
Devices
AndroidiOS Windows 8Blackberry
COPECorporate Owned
Personally Enabled
BYODBring Your
Own Device
Phones Tablets Laptops
CYODChoose Your Own Device
Device Ownership
How EMM addresses Data Security
• Device level • Application level
Data Security - Device LevelData Security Enforce Password Policy Encrypt Device Data
Remote Device Management
Monitor Device (location, battery)
Configure device(Email, VPN)
Control Device (Enable/Disable Camera)
Update OS, Install & Uninstall App
Data Security - Application Level
MAM gets you a step closer to managing what you care about MAM brings the perimeter closer to the corporate resources
Data is protected Application can be controlled remotely
MAM Controls Application Behavior
• Encrypt the data at transmit. Eg: Uses app VPN tunnel or app tunnel.
• Encrypt the data at storing & decrypt only when viewing.
• Two factor authentication. • Data Loss Prevention - DLP (disable cut, copy and
paste). • Policy based data control, where policy can be
pushed and updated.
Solution - Enterprise Application Development & Management
Data
COPE BYOD
1
32
4
Data Security
Remote Device Management
Enterprise Store
Decision for CIOs or IT Managers
Allow mobility in my business? Allow employees to use their device ? Allow business partners, distributors to use their device ? Allow them access corporate resources? To what extent?
Risks vs Benefits
risks
benefits
Drafting a BYOD Policy
• What devices are permitted? • Supported features and boundaries for device
types. • Ownership and permissions to applications and
data. • Policy violation criteria and actions. • Employee exit strategy. • Prompt for approval.
Enterprise Mobility Manager
Key Components
• Connected Device Management Framework (CDMF)
• Mobile Device Management (MDM) • Mobile Application Management (MAM)
Connected Device Management Framework
Connected Device Management Framework (CDMF) Cont.
• Device Management • Operation Management • Application Management • Policy Management • Compliance Monitoring • Configuration Management • License Management
Connected Device Management Framework (CDMF) Cont.
• API Management • Certificate Management • Identity Extensions • Web Application Authenticators • Notifications • User Management • Permissions
Connected Device Management Framework (CDMF) Cont.
Devices
Operations
ApplicationsPolicies
Monitoring
Configurations
Licenses
API Management
Certificate Management
Identity Extensions
Authenticators
Notifications
Permissions
Enterprise Mobility Manager Architecture
Notification Method - MDM Push
Notification Method - Local
Notification Method - App Push & Silent
Mobile Device Management Features
• Self-service device enrollment and management with end-user EMM Console for iOS, Android and Windows devices.
• Integrates to enterprise identity systems for device ownership: LDAP, Microsoft AD
• Policy-driven device and profile management for security, data, and device features (Camera, Password Policy)
• Deploy policies over-the-air (OTA).
Mobile Device Management Features
• Compliance monitoring for applied policies on devices.
• Role-based access control (RBAC) for device management.
• Securely wipe enterprise configurations from Enterprise wipe.
• Track locations of enrolled devices. • Retrieve device information.
Mobile Device Management Features
• Facilitate device-owner operations such as registering and unregistering devices, installing, rating, sorting mobile apps, etc.
Mobile App Management
• Supports App management. • App approval process through a lifecycle. • Provision and deprovisioning apps to enrolled
devices. • Provision apps to enrolled devices based on
roles. • Provision apps to multiple enrolled devices per
user.
Mobile App Management
• Retrieve list of apps. • Install new apps and update existing apps on iOS
devices via REST APIs, enabling automation of application installation/updates for third party systems/vendors.
• Install Web Clips on devices. • Enterprise App Store. • Discover mobile apps through an Enterprise App
Store.
Mobile App Management
• Self-provisioning of mobile apps to devices. • Rating and Sorting Applications.
Device and Data Security
• Multi-tenancy to ensure data isolation across all tenants.
• Enforce built-in security features of passcode and encryption.
• Encryption of data storage. • Device lock and reset. • Managed APIs to perform administrative functions. • Ring and GPS to locate device remotely if lost/stolen.
Demo
Email configurations
<EMM_HOME>/repository/conf/axis2/axis2.xml
<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.from">[email protected]</parameter> <parameter name="mail.smtp.user">[email protected]</parameter> <parameter name="mail.smtp.password">wso21234</parameter> <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
<parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> </transportSender>
Change config.json file
• <EMM_HOME>/repository/deployment/server/jaggeryapps/emm-web-agent/config
• <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config
Change cdm-config.xml file
• Change LBHostPortPrefix in <EMM_HOME>/repository/conf
Enroll Email
Dear Dilshan, You have been registered to WSO2 MDM with following credentials. Domain: Username: dilshan Password: LbmS82 Below is the link to enroll. https://192.168.1.5:9443/emm-web-agent/enrollment Best Regards, WSO2 MDM Team. http://www.wso2.com
Platform Features
iOS Features
• Self-service device enrollment and management with end-user EMM Console via iOS Agent or Web interface for versions up to iOS 9 SDK.
• Facilitate remote notifications via Apple Push Notification Service (APNS).
• Support for iOS 9. • Device Tracking. • Configuring cellular network settings. • Device profile management.
iOS Features
• Retrieving device info. • Device lock • Restricting device operations. • Automatic WiFi configuration. • Set up AirPlay • Set up restrictions • Enterprise WIPE • Set up APN
iOS Features
• Setup LDAP. • Setup email accounts. • Set up CalDav • Calendar subscription • Passcode policy • Clear passcode • App installation and update • Retrieve app list
iOS Features
• Web clip installation • Supports App management • Setup email accounts
Android Features
• Self-service device enrollment and management with end-user EMM Console via Android Agent (Android 4.0.3 Ice Cream Sandwich MR1 up to 5.0 Lollipop).
• Supports App management. • App policy compliance monitoring. • Device location tracking. • Retrieving device info. • Changing lock code.
Android Features
• Restricting Camera. • OTA WiFi configuration. • Enterprise WIPE. • Configuring encryption settings. • Passcode policy configuration and clear passcode policy. • Device master reset • Mute device • Ring device
Android Features
• Send messages to the device. • Install/uninstall store and enterprise
applications. • Retrieve apps installed on the device. • Install web clips on the device. • Support GCM/LOCAL connectivity modes.
Windows Features
• Self-service device enrollment and management with end-user EMM Console via Workplace (Windows 8.1).
• Passcode policy • Restriction on camera. • Encryption settings • Retrieve device info. • Device Lock and Lock Reset • Ring device • Data Wipe
GitHub Repositories
• Connected Device Management Framework https://github.com/wso2/carbon-device-mgt
• Device management plugins https://github.com/wso2/carbon-device-mgt-plugins
• Enterprise Mobility Manager https://github.com/wso2/product-mdm
Questions?
Thank You