Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 215 times |
Download: | 0 times |
Microsoft System Center Mobile Device Manager 2008 SP1: Overview Mornè Blake
Enterprise ArchitectiSolve Business SolutionsSession Code: WMB301
Customer Priorities
Key BDM Priorities
Key IT Priorities Key End User Priorities
Platform on which to build, deploy, and manage appsEnd user productivityScalable and reliable procurementMinimize support and TCO
“I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers.”
Director of business group for major manufacturer
Secure data Secure network accessManageable, scalableStandards BasedIntegrate with existing IT infrastructureTraining and support
Anytime access to corporate infoDependableSuperior productivity including unified communications
“Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework.”
VP of IT for largeWall Street bank
“Provide me with always available access to the people, information and applications I need even when I am on the go”
Sales Manager at global pharmaceutical firm
System Center Mobile Device Manager
Helps IT Pros manage Windows MobileSmartphone's in the same way as laptops and PCs
Manages security, policy, and applications for Windows Mobile phones
Provides increased access to Corporate data, applications, and servicesthrough a single point and your firewalls
Core Feature Areas
Security Management
Device Management
NetworkAccess
System Center Mobile Device Manager enables Windows Mobile phonesto be deployed and managed (device and security) like PCs and laptops
inthe IT infrastructure, providing network access to corporate data
Security Management BenefitsWindows Active Directoryuser and device membershipsAD based Group Policy targeting
130+ manageable configuration settings
(Bluetooth, Wi-Fi, SMS/MMS, IR, Camera, mail, etc.)Extensible for customer apps through custom ADM templates
Device File EncryptionRemote Device Wipe
Security Management
Device Management BenefitsEnterprise Software Distribution OTAUsing Windows Software Update Service (WSUS) 3.0
Rich inventory and reportingRobust hardware and software inventory capabilities SQL Reporting infrastructure
Device Provisioning OTA
Familiar Management ToolsMMC Snap-InsWindows PowerShellADGP, WSUS
Device Management
Role Based Administration
Allows end-to-end securityHeadless gateway deployed in the DMZStandards based (IKEv2, IPSEC tunnel)
Mobile VPN Benefits
Use best available channelAdapt, minimize keep alive trafficFast Reconnect, Session Persistence
Transparent to mobile application Transparent to LOB services
Always connectedAllows pushed technology
Minimum user configurationTransparent to user and to applications
Security
Efficiency
Extensible
Reliability
Simplicity
NetworkAccess
MDM SP1 Feature UpdatesMultiple Instances
More than one instance of MDM within the same AD Forest
Enrollment Auto Discovery
Windows Server Infrastructure
Supports deployment of more than 30,000 devices within a single forest
Enrollment server matches the user with the correct MDM instance
SP1 will run within Windows Server 2008 AD Domain and CA ServicesSupport for Hyper-V hosting MDM server roles on Windows Server 2003
Performance and Scalability
More!Self Service Portal Software Package CAB Signing WizardDevice PIN Recovery Self Service Portal
Perimeter
MDM Deployment Topology
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
Mobile VPNHTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
The Enrollment Server
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
Mobile VPNHTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Enrollment Server
LocationIntranet based (domain joined server/service)
Purpose
Other
Manage the process flow of enrollment
Create domain objects
Create certificates
Supply provisioning instructions
Best practice: protected by a Proxy (e.g., ISA)
Can co-exist on DM Server in integrated implementation
Public DNS
The Enrollment Process
Firewall Enrollment Server Active
Directory
CertificationAuthority
Negotiate SSL Root
Submit Cert Request
Receive Cert
Create Acct.
Issue Cert
Discovery
The Mobile VPN Gateway
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
Mobile VPNHTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Mobile VPN Server
LocationCorporate DMZ (remotely managed)
Purpose
Other
Enables access to corporate data and LOB resources
Assigns a stable internal IP address for the device
Authenticates incoming connections for authorized devices
Negotiates keys to encrypt traffic over the Internet
Standards Based (IPSec Tunnel Mode, MobIKE, IKEv2)
Enables fast resume/reconnect features for devices and applications
VPN Scenario: LOB Application
FW
FW
ProxyISA
LOB 2
LOB 1
Double envelope security
User Authentications:1) Certificate2) NTLM v23) Basic
Kerberos delegation
Device Management Server
Perimeter
EdgeFirewall
MobileVPNGW
BackFirewall
InitialOTA DeviceEnrollment
Internet
Mobile VPNHTTPS or HTTP
E-mailand LOBServers
EnrollmentServer
DeviceMgmtServer
Corporate Intranet
AD/DNS/CA/SQL
Self ServicePortal
Device Management Server
LocationIntranet based (domain joined server/service)
Multi-Purposed
Other
Primary administration and management point for all managed devices
Group Policy management, device software distribution, and device data wipes
Application allow/deny; Inventory and Reporting
Proxies information and commands between core Windows Servers (AD/CA) and devices
OMA-DM compliant
MDM DMServer
Group Policy
OMA Proxy Engine
SYSVOL
Group Policy Driver
Group Policy Editor
GPMC
Windows Mobile Device
MDM DB
Modeling
Results
Software Distribution
DM Server
DB
GW Server
21
1. The device is connected to the GW Server
2. The device connects to the DM Server
3. The DM Server obtains the OMA DM commands for the device
4. The DM Server offers the software packages applicable to the device;The device downloads and automatically installs the software packages
5. The device reports the result of the installation of software packagesto the DM Server
3
4 45 5
IT Infrastructure Details
RequiredWindows Server2003 SP2 64 bitSQL Server 2005Windows 2003/2008 Active DirectoryMicrosoft CAGroup PolicyWindows Mobile 6.x
OptionalExchange ServerSystem Center Operation ManagerSystems Center Configuration ManagerISA Server
MDM Foundations – Familiarity and Stability
Microsoft Systems Infrastructure
Tools
Windows ServerWindows Mobile SmartphonesIIS & SQLSQL Server Reporting Services
Certificate ServicesActive DirectorySSL and IKEWSUS
MMCADGP and RSoPGroup Policy EditorWindows Mobile SDK
Interoperability
ISA ServerExchange ServerOffice SharePoint ServerOffice Communications Server
Which Solution fits my Needs?
Security Management
Device Management
MobileVPN
SCCM 2007 SCMDM 2008Scenarios
SCCM2007 SCMDM
2008
Platforms WM 2003 to 6.x CE 4.2/5.0 WM 6.x
Exch 2007 SP1
Exchange 2007 SP1
EAS Licensees
System Center Evolution
ConfigMgr v.Next
• Retain MDM & ConfigMgr 07 DM Scenarios
• Windows Mobile and CE device mgt (based on device capability)
• For desktop, laptop, and Windows Mobile devices:• ‘Single pane of glass’ admin• Unified infrastructure
• Migration path for both products
MDM 2008 SP1Comprehensive Windows Mobile 6.x device management, enabling IT control for security, management and access.
ConfigMgr 2007Delivers proven, robust capabilities for managing your IT systems including your desktop, laptop, server, and mobile devices.
Roadmap Summary
MDM 2008 is a complete mobile solution
Great for new device rollouts where mobile applicationspolicies, and corporate network access are vital
System Center Configuration Manager 2007
Both Products are capable and adoption ready
Both Products have a roadmap toward SCCM v.Next to meet your device management needs
Great single point of management for both desktopsand Windows Mobile devices
www.microsoft.com/teched
International Content & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za
Related Content
What's New for Developers in Windows Mobile 6.5 (WMB303) Mobility Smackdown (WMB201)Real World Windows Mobile Development (WTB229)
Windows Mobile Tips and Tricks for Developers (WMB302)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.