afaria descripcion tecnica

Afaria Capabilities Mobile Device Management And Security

© 2010 SAP AG. All rights reserved. /

a

Industry AwardsIndustry Analysts

Positioned in the Leaders Quadrant for the 2009 Mobile Enterprise Application Platforms Magic Quadrant

Top ranked in Forrester Wave™ Mobile Device Management Solutions report

SAP and Sybase Together:# 1 in Mobile Enterprise Platform

2009 Award for MobileEnterprise Platforms

2009 Global ProductExcellence award for Wireless/Mobile Security Solution Customer Trust

Four 2008 Mobile StarAwards from MobileVillage®

Leader in mobile device management for the 9th year;Leader in mobile middleware for the 9th year

MDM SOTI BES


Platform View Of Mobility Across The Enterprise

Single infrastructure across the enterprise

- E-mail- PIM (Personal

Information Manager)

Collaboration Tools

- Applications- Workflows

Productivity Enhancements

- cuadros de mando

Documents

Real-Time Data Access

- Heterogeneous device support - Central management console

Mobile Device Management and Security


Afaria modules

Afaria is a modular product, with the solution being divided into a number of optional ‘Channels’, each Channel being independent of the others and being enabled or disabled based on the license key used to install the product:

Software Manager – deliver and install commercial or custom-built software packages on client devices

Inventory Manager – interrogate and report on the hardware and software resources available on client devices

Document Manager – publish and deliver groups of documents to client devices, be they text files, images, HTML web pages, etc

Configuration Manager – enable, disable and configure hardware and software elements on the client device, delivering connection settings, blacklisting applications, disabling camera and Bluetooth features, for example

Backup Manager – backup and restore specified files from the client device to a specified location on the corporate network

Session Manager – the most powerful feature of the solution, enabling automation of file distribution, directory management, registry management. I will examine this feature in more detail later

Data Protection Manager – define and enforce security settings on the client device, including power-on passwords, encryption settings. Users can be allowed a set number of attempts to enter the password correctly, after which specific events can be triggered automatically, including removal of specific PIM data and/or files and applications, or a complete device hard reset

Patch Manager – deliver operating system patches and security updates to clients automatically (Windows 32 only)


Asset Visibility• Collects a variety of hardware

and software information from remote devices

• Detect device changes, Troubleshoot issues

• Track installed licenses versus license purchase data

• License counts

• License expiration dates

• Track application usage

Asset Visibility• Collects a variety of hardware

and software information from remote devices

• Detect device changes, Troubleshoot issues

• Track installed licenses versus license purchase data

• License counts

• License expiration dates

• Track application usage

HANDHELDSPower-on password protectionData on device encryptionPush email InteroperabilityLost or Stolen Device LockdownPassword Recovery

WIN32Full disk encryption for laptops and desktopsTwo layers of data protectionPre-boot authenticationFull disk encryptionMultiple User SupportRemovable Storage Media Support

SYSTEMOTA End to End transport encryptionEnd user authentication

HANDHELDSPower-on password protectionData on device encryptionPush email InteroperabilityLost or Stolen Device LockdownPassword Recovery

WIN32Full disk encryption for laptops and desktopsTwo layers of data protectionPre-boot authenticationFull disk encryptionMultiple User SupportRemovable Storage Media Support

SYSTEMOTA End to End transport encryptionEnd user authentication

Fixes & Refreshes

in the Field

Afaria Solves The retos Of Mobile Systems Management And Security

Security and conformidad

Corporate

Policies & Standards

Visibility to Assets

and Their Usage

Limited Helpdesk

Resources

Limited Bandwidth

Skip Details

Optimized for the Mobile World

Offline processing

Checkpoint restart

Compression

File differencing

Intelligent file updates

Segmented file delivery

Dynamic Bandwidth Throttling

Opportunistic connections

Flexible packet/window size

Optimized for the Mobile World

Offline processing

Checkpoint restart

Compression

File differencing

Intelligent file updates

Segmented file delivery

Dynamic Bandwidth Throttling

Opportunistic connections

Flexible packet/window size

Remote App/OS Management

Seamlessly distribute, install, repair and update software

Create and deploy custom or adhoc fixes

Remote Patching

Maintain virus applications and definitions

Remote App/OS Management

Seamlessly distribute, install, repair and update software

Create and deploy custom or adhoc fixes

Remote Patching

Maintain virus applications and definitions

Business and Content

Easy-to-use graphical scripting tool that’s designed for system

administrators, but powerful for programmers.

Allows administrators to create custom task and workflow automation with a point-and-click

scripting interface

Maintain “desired state” system status

Integrate with back-end applications

Content publish and subscription

Business and Content

Easy-to-use graphical scripting tool that’s designed for system

administrators, but powerful for programmers.

Allows administrators to create custom task and workflow automation with a point-and-click

scripting interface

Maintain “desired state” system status

Integrate with back-end applications

Content publish and subscription Policy enforcement

Automatically enforce corporate configuration and security policies

Assure compliance to IT policies for your remote/mobile workers

Policy enforcement

Automatically enforce corporate configuration and security policies

Assure compliance to IT policies for your remote/mobile workers

Remote Assistance

Automatically enforce corporate configuration policies and assure compliance to IT policies for your remote/mobile workers

Remote Control for easy access to assist in real time

Reduce calls into support

Remote Assistance

Automatically enforce corporate configuration policies and assure compliance to IT policies for your remote/mobile workers

Remote Control for easy access to assist in real time

Reduce calls into support


Managing and Securing the Device Life Cycle

Managing And Securing The Device Lifecycle

Skip Details

Pr

ovisi

on

Decommission

Production

Provision

Manage Assign group membership and

policiesConfiguring device for connectivityOTA delivery of management clientInitial application deployment

SecureEstablish security policiesInitialize power-on passwordInstall and encrypt data on deviceInstall & configure AV, firewall,

port/peripheral controls

Provision

Manage Assign group membership and

policiesConfiguring device for connectivityOTA delivery of management clientInitial application deployment

SecureEstablish security policiesInitialize power-on passwordInstall and encrypt data on deviceInstall & configure AV, firewall,

port/peripheral controls

Production

ManageTrack asset dataUpdate/repair softwareMonitoring & self-healingMaintain/modify device & app configurationDistribute & update LOB data & filesSoftware license usage and trackingScheduled and automate activitiesRemote Control of devices

Secure Back-up device dataApply patch and security updatesEnforce security policiesMonitor/track security violations/threats Compliance activity logging

Production

ManageTrack asset dataUpdate/repair softwareMonitoring & self-healingMaintain/modify device & app configurationDistribute & update LOB data & filesSoftware license usage and trackingScheduled and automate activitiesRemote Control of devices

Secure Back-up device dataApply patch and security updatesEnforce security policiesMonitor/track security violations/threats Compliance activity logging

Decommission

SecureDisable lost/stolen device

Remote kill/lockAccess violation lock“Data fading”

Disable device, network, application access

ManageReprovision/reimage device

Replacement device-same userRepurposed device

Redeploy software assetsRestore data (after device kill)

Decommission

SecureDisable lost/stolen device

Remote kill/lockAccess violation lock“Data fading”

Disable device, network, application access

ManageReprovision/reimage device

Replacement device-same userRepurposed device

Redeploy software assetsRestore data (after device kill)


Optional Components

Logical Architecture

Devices Server and Web Management Console

Logging Database

ExchangeCertificate

Services

SMS

Gateway

Relay Server/

Reverse Proxy

Directory

Services

Deployment

Services


a

Profile

Logging and Reporting

Group 1 Group 2 Group 3

1. Create a Profile

Implementing Afaria Functionality

2. Assign Groups to Profile 3. Create Management Tasks 4. Monitor and Modify as Necessary

Management Tasks

Registry

Process

File/Folder

Window

Power

Schedule

Network

Eve

nts

Policies

Channels

Responses


Highly Scalable Architecture

Server Farms and Distributed Replication

Hundreds of concurrent connections

per server

Virtualization support

Centralized Management

Remote web based administration

Customizable permissions based

access to management tasks and data

Hostability Multi-tenanted architecture for data and task separation

Comprehensive API’s for customization and

system integration

ScalabilityHighly Scalable

Enterprise architecture for any size deployment or configuration


Comprehensive Management and Security

File Synchronization

AfariaConsole

Software

Deployment

Asset Tracking

Device SecurityProcess

Automation

Help DeskDevice BackupDevice

Configuration


Software Deployment

■ Distribute and support software for both push model (WM, Symbian, Win32, BB) and pull model (iOS, Android) with minimal impact to user

■ Seamlessly distribute, install, repair and update software Automatically checks and updates application (if necessary) during

each connection End user application portals for iOS and Android

■ Track the installation status of your packages for transparency into your mobile deployments

■ Compress or segment applications for efficient distribution over low-bandwidth connections


Asset Tracking - Inventário

■ Maintain visibility into your devices with extensive hardware and software inventory

■ Automatically detect changes on your devices and notify administrator for real time protection

■ Use exception-based reporting to maintain uniformity of install base

■ Troubleshoot problems quickly and maintain high level of service

Compliant Devices

http://www.google.com/imgres?imgurl=http://www.smartphonereviews.us/nokia-n73-music-edition.jpg&imgrefurl=http://www.smartphonereviews.us/&usg=__yvrL01jUPl_Pgol8IwDbPj7pazw=&h=500&w=500&sz=26&hl=en&start=4&zoom=1&itbs=1&tbnid=k4C1uAxXC4Yg6M:&tbnh=130&tbnw=130&prev=/images?q=symbian+60+3rd+edition&hl=en&gbv=2&tbs=isch:1

http://images.google.com/imgres?imgurl=http://images.intomobile.com/wp-content/uploads/2008/06/apple-iphone-3g.jpg&imgrefurl=http://www.intomobile.com/category/carriers/orange/page/4/&usg=__nFpthcjKEnF6NQaEdwY-JZU_gNE=&h=361&w=300&sz=52&hl=en&start=20&tbnid=qrKc9ziiWrxVWM:&tbnh=121&tbnw=101&prev=/images?q=iphone+3gs&gbv=2&hl=en

http://www.google.com/imgres?imgurl=http://www.itechnews.net/wp-content/uploads/2009/04/samsung-i7500-android-smartphone.jpg&imgrefurl=http://www.itechnews.net/2009/04/27/samsung-i7500-android-smartphone/&usg=__ksrv5RKXt8xJt0mVO2MQVYdNIYo=&h=519&w=449&sz=48&hl=en&start=108&zoom=1&itbs=1&tbnid=6Ssi7UQ9dQ779M:&tbnh=131&tbnw=113&prev=/images?q=android&start=105&hl=en&sa=N&gbv=2&ndsp=21&tbs=isch:1

http://www.google.com/imgres?imgurl=http://www.theage.com.au/ffximage/2007/03/21/palmtreo_narrowweb__300x442,0.jpg&imgrefurl=http://www.theage.com.au/news/phones-pdas/palm-unveils-a-new-foundation/2007/04/11/1175971136619.html&usg=__jKW4OMzAq3zpzDgiGQ4vtqX4Ij4=&h=442&w=300&sz=28&hl=en&start=16&zoom=1&itbs=1&tbnid=HvpPWkmWAtsb7M:&tbnh=127&tbnw=86&prev=/images?q=palm&hl=en&gbv=2&tbs=isch:1


Device Security

■ Extend corporate security policies to mobile devices Device password policy configuration Lock out after failed attempts Format and change frequency controls Disallow previously used passwords

■ Easily disable lost or stolen devices to protect corporate assets

■ On-device encryption for WM and Symbian devices Encryption of PIM data and administrator specified files/folders Uses industry standard AES encryption algorithm with a 256 bit key

■ Block rogue or non compliant devices from accessing corporate email


Process Automation

■ Easily handle non standard management tasks such as conditional file transfers, application installation, or device troubleshooting

■ Easy-to-use graphical scripting tool Designed for system administrators (not programmers) to create custom

tasks or workflows

■ Automatically deliver proactive control of devices without requiring hands-on management


Device Backup

■ Reliably backup and restore mission-critical data for easy retrieval when re-provisioning a device

■ Users can recover lost or corrupted data without requiring IT or help desk services

■ Restoration is managed through centralized console


Device Configuration

■ Easy on-boarding of end users by configuring network, security and email settings

■ Easy administration and fast recovery of user-modified settings by automatically maintaining critical device settings to IT standards

Windows MobileConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control

Camera, Microphone, Bluetooth – lock down or limit to device class

InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning

Favorites, GPRS, NetworksRoaming Controls

iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings

BlackBerrySynchronizationSecurityMessagingApplications

AndroidSecurity settingsWiFi settingsConnection Pulse

SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control


Managing iOS 4

■ Manage Device Without User Interaction Deliver and remove device policies behind the scenes through a

trusted relationship

■ Accurate and Up to Date Asset Tracking Data Device Information, Device Network Information ,Security Information, Installed Profile

List, installed 3rd party apps, certificate list, and applied restrictions

■ Enterprise App Deployment Over the Air enterprise applications delivered directly to the device

■ iPhone End User Experience Easy provisioning process Select and download suggested applications

■ Corporate Security Remotely lock and wipe device or enterprise applications and data Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance


Managing Android

■ Afaria client for Android Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection

■ Delivers enterprise in-house apps OTA to SD card in device Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking

■ Client-side portal for application selection Displays packages grouped by admin defined categories Allows for end-user selection and installation

■ Extensive hardware and software inventory collection

■ Android 2.2 Devices Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max

length, failures before wipe, etc.


Afaria Architecture


Afaria ComponentsAfaria Components

Manager Components Function

Software Manager Distribute and support software

Configuration Manager Configure device settings

Data Security Manager Encryption and data protection

Inventory Manager Hardware and software asset data

Session Manager Customizable scripting and process automation

License Manager Track installed licenses

Backup Manager Backup & restore critical data

Document Manager Subscribe and publish content to devices

Patch Manager Distribute patches to Win32 devices

Remote Control Manager

Remote control for help desk enablement

AV & Firewall Manager Antivirus and Firewall protection


Components Available by Client TypeComponents Available by Client Type

Win32 WM Pro WM Std Symbian iOS RIM Android Java Palm

Software Mgr

Inventory Mgr

License Mgr

Session Mgr Data Security Mgr Configuration Mgr

Backup Mgr

Document Mgr

Patch Mgr

Remote Control


Dev

Test

Master

Replication Traffic

Export/ImportTransmitter Farm

Mobile Devices WAN/VAN/ISP LAN

Export/Import

Reverse Proxy

ISA/Apache or

IAS Relay Server

firewall firewall

DMZ

Highly Scalable Server Farm Scenario


Highly ScalableDistributed Scenario

Router

Dev

Test

Master

NYCAfaria Server

ChicagoAfaria Server

LondonAfaria Server

Replication Traffic

Export/Import

Export/Import

Distributed Servers WAN/VAN/ISP LAN (Atlanta HQ)

Replication Traffic

Mobile Devices

Highly Scalable Distributed Scenario


Reverse Proxy

ISA/Apache or

IAS Relay Server

DMZ

TCP/IP HTTP SSL

firewall

Afaria Architecture

iPhone

firewall

DB Repository

File Systems

Directoriesand Databases

Afaria Server(s)

IIS Server

Administrative Console Browser

Windows 32

Windows Mobile / WinCE

iPad

Palm

Tablet PC

BlackBerry

Android

Symbian


Relay Server

■ Secure communications for external devices Relay Server installed in network DMZ Afaria clients connect in to the Relay Server Afaria servers connect out to the Relay Server No need to open an inbound port in the interior firewall Runs on Windows/IIS

■ Broad clients and connection support Will support connections from all Afaria client types Supports HTTP and HTTPS sessions

■ Designed for scalability and high-availability One Relay Server can support multiple servers in a farm and multiple farms Multiple Relay Servers can be configured to work together Fully compatible with load balancers for use with multiple relay servers and/or

multiple Afaria servers


System Requirements

ServerWindows Server 2003 Standard Ed R2Windows Server 2003 Standard Ed SP 1&2Windows Server 2003 Enterprise Ed R2Windows Server 2003 Enterprise Ed SP 1Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2

AdministratorWindows Server 2003 Standard Ed R2Windows Server 2003 Standard Ed SP 1&2Windows Server 2003 Enterprise Ed R2Windows Server 2003 Enterprise Ed SP 1&2Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2 Windows Server 2008 Web Server Edition R2

IIS 5.0 or 6.0ASP.NET

Database SupportSybase SQL Anywhere®[1,2] 11 Microsoft SQL Server 2008 R2 Enterprise Edition Microsoft SQL Server 2008 R2 Standard Edition Microsoft SQL Server 2008 R2 Datacenter Edition Microsoft SQL Server 2008 R2 Parallel Data Warehouse Edition Microsoft SQL Server 2008 SP1 Enterprise Edition Microsoft SQL Server 2008 SP1 Standard Edition Microsoft SQL Server 2005 Enterprise Edition (SP1, SP2, SP3) Microsoft SQL Server 2005 Standard Edition (SP1, SP2, SP3) Oracle Database 11g Release 2 Oracle Database 10g Release 2

Supported protocolsHTTP, HTTPS, XNET, XNETS

Server


System Requirements

ClientsWindows Mobile Windows Mobile 6.5 ProfessionalWindows Mobile 6.5 ClassicWindows Mobile 6.1 ProfessionalWindows Mobile 6.1 ClassicWindows Mobile 6.0 ProfessionalWindows Mobile 6.0 ClassicWindows Mobile 5.0Windows Mobile 5.0 Phone EditionWindows Mobile 2003Windows Mobile 2003 Phone EditionWindows Mobile 2003 SEWindows Mobile 2003 SE Phone EditionWindows Mobile 6.5 StandardWindows Mobile 6.1 StandardWindows Mobile 6.0 StandardWindows Mobile 5.0Palm OS Version 5.2, 5.4Symbian Version 9, 9.1, 9.2, 9.3 for Series 60 3rd Edition devicesVersion 9.4 for Series 60 5th Edition devices

Windows (Win32)Windows 7 Windows Server 2008 Windows Vista Business Windows Vista Enterprise Windows Vista Home Ultimate Windows Vista Business SP1, SP2 Windows Vista Enterprise SP1, SP2 Windows Vista Home Ultimate SP1, SP2 Windows Server 2003 SP2 Windows Server 2003 R2 SP2 Windows Server 2003 Windows XP SP2 Windows XP SP3BlackBerry J2ME version 4.2, 4.5,4.6,4.7Java Client JVM version 1.4iPhone Version 3.1, 4.0AndroidAndroid 2.0.1, 2.1, 2.2


Appendix: Component Details


Software ManagerSoftware Manager

■ Distribute and support software with minimal impact to user

■ Maintain and monitor applications, supplying missing or corrupted files

■ Compressing or segmenting applications for efficient distribution over low-bandwidth connections

The Software Manager allows the administrator to deliver pre-built application installers to client devices and run them:


Software Manager...Continued

Seamlessly distribute, install, repair and update software Automatically checks and updates application (if necessary) during

each connection Uses all Afaria bandwidth optimizations

Package status tracking console to view status of packages

Delivery and installation options Criteria checking on disk space, memory, OS version, other

applications Support for alternate distribution locations

Win32 WM Pro WM Std Symbian iPhone RIM Java Palm

Software Manager


Inventory Manager

■ Detect device changes and notify administrator of changes

■ Ensure applications are current & compatible

■ Provide rule-based software distribution

■ Troubleshoot problems quickly and maintain high level of services

alllows the administrator to define an inventory collection task on the server. Inventories can be hardware-only, or both hardware

and software


Inventory Manager...Continued

■ Plan for mobile system upgrades

■ Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status


Inventory Mgr


License Manager

■ Afaria components designed to Track installed licenses versus license purchase data License counts License expiration dates Track application usage on client machines

■ Administrators can access license tracking information through Data views on the administrator console Alerts console Reports

Win32 WM Pro

WM Std

Symbian iPhone RIM Java Palm Android

License Mgr


Session Manager

■ Offers an easy-to-use graphical scripting tool that’s designed for system administrators, not programmers

■ Allows administrators to create custom task / workflow automation with point-and-click scripting interface:

Retrieves, sends, copies files

Provides conditional logic

Detects connection speed

Enables registry updates

Generates alerts and messages

Real-time business process execution

That is the most powerful feature of the Afaria solution, and effectively all of the above Channels can be invoked for inclusion in

a Session Manager ‘worklist’, so it is the Session Manager that I shall look at in the most detail.


Session Manager...Continued

■ Automating data delivery and retrieval■ Pre and Post software distribution processes■ Enhancing application Self-Healing■ Enabling proactive control of devices ■ Provides information to enable better business decisions■ Maintain “desired state” system status■ Integrate with back-end applications

Win32 WM Pro WM Std Sym iPhone RIM Java Palm Android

Session Mgr


Data Security Manager—Handhelds

■ Power-on password protection Lock out after failed attempts Format and change frequency controls Disallow previously used passwords

■ Data on device encryption Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the

data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance


Data Security Manager—Handhelds...Continued

■ Custom password masks using regular expressions Administrators can build partial expression that can be combined to meet

different requirements for groups of users Test passwords against expressions in the administrative UI

■Push email Interoperability Fully interoperable with iAnywhere’s

OneBridge/Mobile Office and MS Exchange Active Sync

Receive email even when device is locked


Data Security Mgr



■ Lost or Stolen Device Lockdown■ Lockdown based in invalid credentials entry or too much time passing since last

connection ■ Administrator has multiple lockdown options:

Disable, wipe or hard reset device■ Lockdown of device based on SIM change or removal

■ Password Recovery■ Admin or web portal to generate temporary

password to unlock device■ Self-service password recovery option

■ Device Access Control■ Block rogue devices from accessing Microsoft

Exchange Server■ White and black list windows mobile devices■ Administrator can define policies■ Executive exception policies are allowed



■ Data at-rest encryption for PIM data and file/folder on Symbian devices

Hard reset device and/or wipe data off external card

Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded

Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time

Uses industry standard AES encryption algorithm with a 256 bit key

http://images.google.com/imgres?imgurl=http://i32.tinypic.com/2ic6yo1.jpg&imgrefurl=http://www.mygsmindia.com/vbb/showthread.php?t=14862&usg=__6daNDKDPyjF0l4AoW8eWlDV0zIw=&h=530&w=468&sz=35&hl=en&start=1&tbnid=lZE5dlbsSM6zxM:&tbnh=132&tbnw=117&prev=/images?q=symbian+s60&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.gadgetsmonkey.com/wp-content/uploads/2007/10/samsung_i550.jpg&imgrefurl=http://www.gadgetsmonkey.com/tag/symbian/&usg=__pGt9WIwz3r85Y5N42fIsVjrS4g4=&h=388&w=450&sz=21&hl=en&start=6&tbnid=j5SEhND55ps8cM:&tbnh=110&tbnw=127&prev=/images?q=symbian+s60&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.gadgetsmonkey.com/wp-content/uploads/2007/10/samsung_i550.jpg&imgrefurl=http://www.gadgetsmonkey.com/tag/symbian/&usg=__pGt9WIwz3r85Y5N42fIsVjrS4g4=&h=388&w=450&sz=21&hl=en&start=6&tbnid=j5SEhND55ps8cM:&tbnh=110&tbnw=127&prev=/images?q=symbian+s60&gbv=2&hl=en


Data Security Manager—Win32

■ Full disk encryption for laptops / desktops Ensures that all sensitive data is protected at all

times No reliance on users or applications to store

sensitive data in correct location Protects PC from brute-force insertion of

malicious code Supports compliance audits with predefined

reports and detailed logging

■ Two layers of data protection Pre-boot authentication Full disk encryption Two factor authentication


Data Security Manager—Win32...Continued

■ Multiple User Support Securely allows numerous users per one

computer Allows administrators access to machines

without requiring the users credentials

■ Outstanding Reporting Reports the encryption status of all Security

Manager Clients that do not have a disk status of 100% encryption complete

Provides defensible reporting and logging for security audits

Detailed USB logging reporting


Data Security Manager—Win32...Continued

■ Removable Storage Media Support Can be deployed to a work group or require

a per user password Data may be shared at data owners

discretion Fully encrypted

■ Unattended Reboot Allows patches and software updates to

occur off-peak when bandwidth is high, providing excellent time utilization

IT is not required to perform a reboot to complete the process

All security policies are updated at each

server connection


Configuration Manager

■ Automatically configures critical device settings

■ Verifies successful implementation of settings on mobile devices

■ Provides ease of administration and fast recovery of inadvertently modified settings

■ Enhances the user experience■ Policy-based■ Utilizes Microsoft’s CSP

configuration model on WM

Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android

Configuration Mgr


Configuration Manager-Configurable Elements by Operating System

Windows MobileConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control

Camera, Microphone, Bluetooth – lock down or limit to device class

InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning

Favorites, GPRS, Networks

Roaming Controls

iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings

BlackBerrySynchronizationSecurityMessagingApplications

AndroidSecurity settingsWiFi settingsConnection Pulse

SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control


Roaming Controls

■ Roaming Management that detects roaming state changes and provide administrative control of device actions while roaming

■ Provides real time protection of roaming costs

■ Supports both Symbian and Windows Mobile

■ Allows administrators several options to disable data connections based on roaming state of the device

Disable all data connections • Disable Afaria scheduled or client-initiated connections when roaming

• (Outbound connections are still available) Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)

■ Real time client monitors trigger custom actions when roaming Log event - Create custom logs for roaming events Execute program – Execute a program locally Run channel – Run an Afaria worklist Run script – Execute a customized script

■ Roaming Report Detailed report containing roaming status


Windows Mobile Application Control

■ Controls both embedded (ROM-based) and installed (RAM-based) applications

■ Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications

■ Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings

■ Tamper-resistant implementation so applications cannot simply be renamed

■ Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications


Backup Manager

■ Backup and restore mission-critical data■ Users can recover lost or corrupted data■ Backup

Folders or files Schedule backup frequency Backup data store at Afaria server or file server

■ Restore is managed through centralized console■ Folders or files■ Selective or full restore


Backup Mgr


Document Manager

■ Content publish and subscription component

■ Client-side UI allows end users to subscribe to documents

■ Channel keeps all documents on client devices up to date

■ Updates leverage byte level differencing


Document Mgr


Patch Manager

■ Patch console provides views of new / missing patches Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches

■ Easy patch distribution to client machines One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not

have administrative privileges

■ Leverage Afaria bandwidth optimizations in patch channels Dynamic bandwidth throttling Segmented delivery Checkpoint restart

Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches


Patch Manager...Continued

■ Gives administrators control over patch deployment

Provides visibility and discovers vulnerabilities

Target and schedule patch deployment

Automates patch management without user involvement

Assess severity level of patch and deploy accordingly


Patch Mgr


Off-Line Device Monitoring

Windows Mobile and Win32: The capability to monitor device settings/characteristics on Windows devices

and trigger connections, logging or execution of local processes when characteristics change.

Monitor Types: Battery (WM) Memory (WM) Registry (WM)

(Eg. 1) Monitor battery level, and run executable to copy key files to external card when available battery drops below xx%.

(Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.


Off-line Monitor

Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)


Remote Control

■ Expand existing management capabilities

Real-time remote control capability for Windows®-based PCs and handheld devices

Interactively train end users on new applications or troubleshoot specific devices.


Remote Control


Remote Control Key Features

■ Remote Control – superior quality supporting a large range of platforms

■ Remote Management – computer management controlling services, registry, tasks, event log, shares and system state

■ File Transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer

■ Scripting – schedule file transfers and other operations

■ Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video

■ Multi Console session – allows a number of Console users to view and control the same Client desktop

■ Run Program – launch programs at the remote computerSupports WIFI or any cellular network (TCP/IP)


Remote Control Key Features...Continued

■ Send Message – distribute popup messages in Rich Text Format which allows links to e.g. web sites.

■ Request Help – contact the help desk via remote control and run an external application to auto-generate trouble tickets.

■ Security – local and centralized, Native NetOp, Directory Services and Windows-integrated.

■ Encryption – implemented according to the toughest industry standards.

■ Event logging – local, centralized, Windows-integrated and management-integrated.

■ Session recording – save the Client screen activities in a file for later replay.

■ Snapshot - save the current Client desktop image as a file.


Remote Control ClientsRemote Control Clients

Win32 1. Listen for Console to initiate

2. Client initiate via Help Request

PPC/WM5/WM6

WiFi / Cradle Private Net

1. Listen for Console to initiate

2. Client initiate via Help Request

Internet / Carrier Net1. Client initiate via Help Request


Secure remote access and control for supporting

people on the move

Remote Control Webconnect

■ WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits.

■ Connect with help desk initiated connections over the internet without requiring holes in your firewall

Connect from anywhere – no LAN/WAN restrictions

No need for firewall or

router configuration to access the

host


Overview of Webconnect

GUEST

Connction Manager (Microsoft IIS)

ConnectionServer

WebConnect

Account data (Microsoft SQL)

HOST

Administration module

ConnectionRequest and location information

DMZ


Antivirus and Firewall Manager

■ Protects mobile devices against: Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting

■ Technology licensed from SMobile, leader in mobile Antivirus and Firewall software


Antivirus and Firewall Manager...Continued

■ Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc.

■ Typical threats in the wild which are classified as: Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy… Exploiting PC syncs - Crossover/Mobler… Malware crashing devices - Skulls, Fontal… Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser…


Antivirus and Firewall Manager...Continued

■ Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device

■ Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise

■ Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone


Antivirus for HandheldsAfaria Antivirus for Handhelds

■ Compatible with all major operating systems, including Windows Mobile and Symbian devices

■ Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time

■ Industry’s only handheld antivirus to use heuristics

■ Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience.

■ Only mobile AV focused solely on mobility, not a retrofit of a desktop solution

■ Full logging of scan and detection activity all viewable by the system administrator

■ Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.


Firewall Manager for Handhelds

■ IP based firewall protection based upon black list or white list filtering, and provides both in and outbound network packet monitoring

■ Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic

■ Enables administrator to control inbound and outbound access (either denying/blocking by “blacklisting” or approving by “whitelisting”) to sites hosted by the outside world based on IP address

Employees can be restricted to access only the corporate website or certain authorized sites

Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks


Afaria Firewall Manager SMS and Call Filtering

■ Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages

■ Includes tracking logs of blocked calls and messages

■ Call Filtering and MMS/SMS filtering are separately configurable

■ Primarily used to block spam sent to devices


Optimized Communications for Frontline ConditionsOptimized Communications for Frontline Conditions

■ Offline processing Minimize “expensive” online

processing over bandwidth-limited networks

■ Checkpoint restart Tolerance for in-and-out of

coverage conditions

■ Compression Proprietary algorithms reduce

time required for file transfer

■ File differencing Send only needed changes within

files (Byte Level)

■ Intelligent file updates Send only files/data that need to

be updated

■ Segmented file delivery Deliver applications, data over

multiple sessions

■ Dynamic bandwidth throttling Automatically adjusting Afaria

session requirements based on network utilization

■ Opportunistic connections Execute sessions when

communication networks are available

■ Flexible packet/window size Allows administrators to “tune”

traffic to match network conditions


Access Control for Microsoft Exchange

■ Block rogue devices from synchronizing with an Exchange Server Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010

server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure

■ Administrator specified ‘security verification policy’ Define the amount of time during which a device must have connected to Afaria server to

confirm presence of Afaria client and/or security manager on the device

■ White list devices Administrators can create a ‘white list’ of devices that should always be allowed to

synchronize with Exchange, even if they fail the ‘security verification policy’

■ Black list devices Administrators can create a ‘black list’ of devices that should never be permitted to

synchronize with Exchange, even if the fail the ‘security verification policy’


Mutual Certificate Authentication

■ Extending Afaria’s SSL architecture to support mutual certificate-based authentication

■ An added layer of security that is certificate based that will ensure that only properly credentialed clients can connect to a customers server

■ Administratively enabled and configured


Internationalization

■ Support for Afaria server, administrator and clients operating on a double-byte character set language system

■ Client support for: Windows Windows Mobile Symbian

■ Component support includes: Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)

■ Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean

Internationalization


Administration

■ Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface

■ Manage Afaria servers from any PC on the network, including virtualization technology

■ Secure access to the web console leveraging the NT security model

■ User access “rights” to the web console; role-based user access


Administration—Profile Based Management

■ Policy / profile based model for channel scheduling, monitors and assignments

■ Easier management of schedules and assignments

■ Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)

■ Improved security for channel execution

■ Schedules run only for assigned / applicable device

Thank You

afaria descripcion tecnica

Documents

Transcript of afaria descripcion tecnica