afaria descripcion tecnica
-
Upload
alejandro-velez-altamar -
Category
Documents
-
view
113 -
download
2
Transcript of afaria descripcion tecnica
Afaria Capabilities Mobile Device Management And Security
© 2010 SAP AG. All rights reserved. / Page 2
a
Industry AwardsIndustry Analysts
Positioned in the Leaders Quadrant for the 2009 Mobile Enterprise Application Platforms Magic Quadrant
Top ranked in Forrester Wave™ Mobile Device Management Solutions report
SAP and Sybase Together:# 1 in Mobile Enterprise Platform
2009 Award for MobileEnterprise Platforms
2009 Global ProductExcellence award for Wireless/Mobile Security Solution Customer Trust
Four 2008 Mobile StarAwards from MobileVillage®
Leader in mobile device management for the 9th year;Leader in mobile middleware for the 9th year
MDM SOTI BES
© 2010 SAP AG. All rights reserved. / Page 3
Platform View Of Mobility Across The Enterprise
Single infrastructure across the enterprise
- E-mail- PIM (Personal
Information Manager)
Collaboration Tools
- Applications- Workflows
Productivity Enhancements
- cuadros de mando
Documents
Real-Time Data Access
- Heterogeneous device support - Central management console
Mobile Device Management and Security
© 2010 SAP AG. All rights reserved. / Page 4
Afaria modules
Afaria is a modular product, with the solution being divided into a number of optional ‘Channels’, each Channel being independent of the others and being enabled or disabled based on the license key used to install the product:
Software Manager – deliver and install commercial or custom-built software packages on client devices
Inventory Manager – interrogate and report on the hardware and software resources available on client devices
Document Manager – publish and deliver groups of documents to client devices, be they text files, images, HTML web pages, etc
Configuration Manager – enable, disable and configure hardware and software elements on the client device, delivering connection settings, blacklisting applications, disabling camera and Bluetooth features, for example
Backup Manager – backup and restore specified files from the client device to a specified location on the corporate network
Session Manager – the most powerful feature of the solution, enabling automation of file distribution, directory management, registry management. I will examine this feature in more detail later
Data Protection Manager – define and enforce security settings on the client device, including power-on passwords, encryption settings. Users can be allowed a set number of attempts to enter the password correctly, after which specific events can be triggered automatically, including removal of specific PIM data and/or files and applications, or a complete device hard reset
Patch Manager – deliver operating system patches and security updates to clients automatically (Windows 32 only)
© 2010 SAP AG. All rights reserved. / Page 5
Asset Visibility• Collects a variety of hardware
and software information from remote devices
• Detect device changes, Troubleshoot issues
• Track installed licenses versus license purchase data
• License counts
• License expiration dates
• Track application usage
Asset Visibility• Collects a variety of hardware
and software information from remote devices
• Detect device changes, Troubleshoot issues
• Track installed licenses versus license purchase data
• License counts
• License expiration dates
• Track application usage
HANDHELDSPower-on password protectionData on device encryptionPush email InteroperabilityLost or Stolen Device LockdownPassword Recovery
WIN32Full disk encryption for laptops and desktopsTwo layers of data protectionPre-boot authenticationFull disk encryptionMultiple User SupportRemovable Storage Media Support
SYSTEMOTA End to End transport encryptionEnd user authentication
HANDHELDSPower-on password protectionData on device encryptionPush email InteroperabilityLost or Stolen Device LockdownPassword Recovery
WIN32Full disk encryption for laptops and desktopsTwo layers of data protectionPre-boot authenticationFull disk encryptionMultiple User SupportRemovable Storage Media Support
SYSTEMOTA End to End transport encryptionEnd user authentication
Fixes & Refreshes
in the Field
Afaria Solves The retos Of Mobile Systems Management And Security
Security and conformidad
Corporate
Policies & Standards
Visibility to Assets
and Their Usage
Limited Helpdesk
Resources
Limited Bandwidth
Skip Details
Optimized for the Mobile World
Offline processing
Checkpoint restart
Compression
File differencing
Intelligent file updates
Segmented file delivery
Dynamic Bandwidth Throttling
Opportunistic connections
Flexible packet/window size
Optimized for the Mobile World
Offline processing
Checkpoint restart
Compression
File differencing
Intelligent file updates
Segmented file delivery
Dynamic Bandwidth Throttling
Opportunistic connections
Flexible packet/window size
Remote App/OS Management
Seamlessly distribute, install, repair and update software
Create and deploy custom or adhoc fixes
Remote Patching
Maintain virus applications and definitions
Remote App/OS Management
Seamlessly distribute, install, repair and update software
Create and deploy custom or adhoc fixes
Remote Patching
Maintain virus applications and definitions
Business and Content
Easy-to-use graphical scripting tool that’s designed for system
administrators, but powerful for programmers.
Allows administrators to create custom task and workflow automation with a point-and-click
scripting interface
Maintain “desired state” system status
Integrate with back-end applications
Content publish and subscription
Business and Content
Easy-to-use graphical scripting tool that’s designed for system
administrators, but powerful for programmers.
Allows administrators to create custom task and workflow automation with a point-and-click
scripting interface
Maintain “desired state” system status
Integrate with back-end applications
Content publish and subscription Policy enforcement
Automatically enforce corporate configuration and security policies
Assure compliance to IT policies for your remote/mobile workers
Policy enforcement
Automatically enforce corporate configuration and security policies
Assure compliance to IT policies for your remote/mobile workers
Remote Assistance
Automatically enforce corporate configuration policies and assure compliance to IT policies for your remote/mobile workers
Remote Control for easy access to assist in real time
Reduce calls into support
Remote Assistance
Automatically enforce corporate configuration policies and assure compliance to IT policies for your remote/mobile workers
Remote Control for easy access to assist in real time
Reduce calls into support
© 2010 SAP AG. All rights reserved. / Page 6
Managing and Securing the Device Life Cycle
Managing And Securing The Device Lifecycle
Skip Details
Pr
ovisi
on
Decommission
Production
Provision
Manage Assign group membership and
policiesConfiguring device for connectivityOTA delivery of management clientInitial application deployment
SecureEstablish security policiesInitialize power-on passwordInstall and encrypt data on deviceInstall & configure AV, firewall,
port/peripheral controls
Provision
Manage Assign group membership and
policiesConfiguring device for connectivityOTA delivery of management clientInitial application deployment
SecureEstablish security policiesInitialize power-on passwordInstall and encrypt data on deviceInstall & configure AV, firewall,
port/peripheral controls
Production
ManageTrack asset dataUpdate/repair softwareMonitoring & self-healingMaintain/modify device & app configurationDistribute & update LOB data & filesSoftware license usage and trackingScheduled and automate activitiesRemote Control of devices
Secure Back-up device dataApply patch and security updatesEnforce security policiesMonitor/track security violations/threats Compliance activity logging
Production
ManageTrack asset dataUpdate/repair softwareMonitoring & self-healingMaintain/modify device & app configurationDistribute & update LOB data & filesSoftware license usage and trackingScheduled and automate activitiesRemote Control of devices
Secure Back-up device dataApply patch and security updatesEnforce security policiesMonitor/track security violations/threats Compliance activity logging
Decommission
SecureDisable lost/stolen device
Remote kill/lockAccess violation lock“Data fading”
Disable device, network, application access
ManageReprovision/reimage device
Replacement device-same userRepurposed device
Redeploy software assetsRestore data (after device kill)
Decommission
SecureDisable lost/stolen device
Remote kill/lockAccess violation lock“Data fading”
Disable device, network, application access
ManageReprovision/reimage device
Replacement device-same userRepurposed device
Redeploy software assetsRestore data (after device kill)
© 2010 SAP AG. All rights reserved. / Page 7
Optional Components
Logical Architecture
Devices Server and Web Management Console
Logging Database
ExchangeCertificate
Services
SMS
Gateway
Relay Server/
Reverse Proxy
Directory
Services
Deployment
Services
© 2010 SAP AG. All rights reserved. / Page 8
a
Profile
Logging and Reporting
Group 1 Group 2 Group 3
1. Create a Profile
Implementing Afaria Functionality
2. Assign Groups to Profile 3. Create Management Tasks 4. Monitor and Modify as Necessary
Management Tasks
Registry
Process
File/Folder
Window
Power
Schedule
Network
Eve
nts
Policies
Channels
Responses
© 2010 SAP AG. All rights reserved. / Page 9
Highly Scalable Architecture
Server Farms and Distributed Replication
Hundreds of concurrent connections
per server
Virtualization support
Centralized Management
Remote web based administration
Customizable permissions based
access to management tasks and data
Hostability Multi-tenanted architecture for data and task separation
Comprehensive API’s for customization and
system integration
ScalabilityHighly Scalable
Enterprise architecture for any size deployment or configuration
© 2010 SAP AG. All rights reserved. / Page 10
Comprehensive Management and Security
File Synchronization
AfariaConsole
Software
Deployment
Asset Tracking
Device SecurityProcess
Automation
Help DeskDevice BackupDevice
Configuration
© 2010 SAP AG. All rights reserved. / Page 11
Software Deployment
■ Distribute and support software for both push model (WM, Symbian, Win32, BB) and pull model (iOS, Android) with minimal impact to user
■ Seamlessly distribute, install, repair and update software Automatically checks and updates application (if necessary) during
each connection End user application portals for iOS and Android
■ Track the installation status of your packages for transparency into your mobile deployments
■ Compress or segment applications for efficient distribution over low-bandwidth connections
© 2010 SAP AG. All rights reserved. / Page 12
Asset Tracking - Inventário
■ Maintain visibility into your devices with extensive hardware and software inventory
■ Automatically detect changes on your devices and notify administrator for real time protection
■ Use exception-based reporting to maintain uniformity of install base
■ Troubleshoot problems quickly and maintain high level of service
Compliant Devices
© 2010 SAP AG. All rights reserved. / Page 13
Device Security
■ Extend corporate security policies to mobile devices Device password policy configuration Lock out after failed attempts Format and change frequency controls Disallow previously used passwords
■ Easily disable lost or stolen devices to protect corporate assets
■ On-device encryption for WM and Symbian devices Encryption of PIM data and administrator specified files/folders Uses industry standard AES encryption algorithm with a 256 bit key
■ Block rogue or non compliant devices from accessing corporate email
© 2010 SAP AG. All rights reserved. / Page 14
Process Automation
■ Easily handle non standard management tasks such as conditional file transfers, application installation, or device troubleshooting
■ Easy-to-use graphical scripting tool Designed for system administrators (not programmers) to create custom
tasks or workflows
■ Automatically deliver proactive control of devices without requiring hands-on management
© 2010 SAP AG. All rights reserved. / Page 15
Device Backup
■ Reliably backup and restore mission-critical data for easy retrieval when re-provisioning a device
■ Users can recover lost or corrupted data without requiring IT or help desk services
■ Restoration is managed through centralized console
© 2010 SAP AG. All rights reserved. / Page 16
Device Configuration
■ Easy on-boarding of end users by configuring network, security and email settings
■ Easy administration and fast recovery of user-modified settings by automatically maintaining critical device settings to IT standards
Windows MobileConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control
Camera, Microphone, Bluetooth – lock down or limit to device class
InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning
Favorites, GPRS, NetworksRoaming Controls
iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings
BlackBerrySynchronizationSecurityMessagingApplications
AndroidSecurity settingsWiFi settingsConnection Pulse
SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control
© 2010 SAP AG. All rights reserved. / Page 17
Managing iOS 4
■ Manage Device Without User Interaction Deliver and remove device policies behind the scenes through a
trusted relationship
■ Accurate and Up to Date Asset Tracking Data Device Information, Device Network Information ,Security Information, Installed Profile
List, installed 3rd party apps, certificate list, and applied restrictions
■ Enterprise App Deployment Over the Air enterprise applications delivered directly to the device
■ iPhone End User Experience Easy provisioning process Select and download suggested applications
■ Corporate Security Remotely lock and wipe device or enterprise applications and data Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance
© 2010 SAP AG. All rights reserved. / Page 18
Managing Android
■ Afaria client for Android Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection
■ Delivers enterprise in-house apps OTA to SD card in device Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking
■ Client-side portal for application selection Displays packages grouped by admin defined categories Allows for end-user selection and installation
■ Extensive hardware and software inventory collection
■ Android 2.2 Devices Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max
length, failures before wipe, etc.
© 2010 SAP AG. All rights reserved. / Page 19
Afaria Architecture
© 2010 SAP AG. All rights reserved. / Page 20
Afaria ComponentsAfaria Components
Manager Components Function
Software Manager Distribute and support software
Configuration Manager Configure device settings
Data Security Manager Encryption and data protection
Inventory Manager Hardware and software asset data
Session Manager Customizable scripting and process automation
License Manager Track installed licenses
Backup Manager Backup & restore critical data
Document Manager Subscribe and publish content to devices
Patch Manager Distribute patches to Win32 devices
Remote Control Manager
Remote control for help desk enablement
AV & Firewall Manager Antivirus and Firewall protection
© 2010 SAP AG. All rights reserved. / Page 21
Components Available by Client TypeComponents Available by Client Type
Win32 WM Pro WM Std Symbian iOS RIM Android Java Palm
Software Mgr
Inventory Mgr
License Mgr
Session Mgr Data Security Mgr Configuration Mgr
Backup Mgr
Document Mgr
Patch Mgr
Remote Control
© 2010 SAP AG. All rights reserved. / Page 22
Dev
Test
Master
Replication Traffic
Export/ImportTransmitter Farm
Mobile Devices WAN/VAN/ISP LAN
Export/Import
Reverse Proxy
ISA/Apache or
IAS Relay Server
firewall firewall
DMZ
Highly Scalable Server Farm Scenario
© 2010 SAP AG. All rights reserved. / Page 23
Highly ScalableDistributed Scenario
Router
Dev
Test
Master
NYCAfaria Server
ChicagoAfaria Server
LondonAfaria Server
Replication Traffic
Export/Import
Export/Import
Distributed Servers WAN/VAN/ISP LAN (Atlanta HQ)
Replication Traffic
Mobile Devices
Highly Scalable Distributed Scenario
© 2010 SAP AG. All rights reserved. / Page 24
Reverse Proxy
ISA/Apache or
IAS Relay Server
DMZ
TCP/IP HTTP SSL
firewall
Afaria Architecture
iPhone
firewall
DB Repository
File Systems
Directoriesand Databases
Afaria Server(s)
IIS Server
Administrative Console Browser
Windows 32
Windows Mobile / WinCE
iPad
Palm
Tablet PC
BlackBerry
Android
Symbian
© 2010 SAP AG. All rights reserved. / Page 25
Relay Server
■ Secure communications for external devices Relay Server installed in network DMZ Afaria clients connect in to the Relay Server Afaria servers connect out to the Relay Server No need to open an inbound port in the interior firewall Runs on Windows/IIS
■ Broad clients and connection support Will support connections from all Afaria client types Supports HTTP and HTTPS sessions
■ Designed for scalability and high-availability One Relay Server can support multiple servers in a farm and multiple farms Multiple Relay Servers can be configured to work together Fully compatible with load balancers for use with multiple relay servers and/or
multiple Afaria servers
© 2010 SAP AG. All rights reserved. / Page 26
System Requirements
ServerWindows Server 2003 Standard Ed R2Windows Server 2003 Standard Ed SP 1&2Windows Server 2003 Enterprise Ed R2Windows Server 2003 Enterprise Ed SP 1Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2
AdministratorWindows Server 2003 Standard Ed R2Windows Server 2003 Standard Ed SP 1&2Windows Server 2003 Enterprise Ed R2Windows Server 2003 Enterprise Ed SP 1&2Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2 Windows Server 2008 Web Server Edition R2
IIS 5.0 or 6.0ASP.NET
Database SupportSybase SQL Anywhere®[1,2] 11 Microsoft SQL Server 2008 R2 Enterprise Edition Microsoft SQL Server 2008 R2 Standard Edition Microsoft SQL Server 2008 R2 Datacenter Edition Microsoft SQL Server 2008 R2 Parallel Data Warehouse Edition Microsoft SQL Server 2008 SP1 Enterprise Edition Microsoft SQL Server 2008 SP1 Standard Edition Microsoft SQL Server 2005 Enterprise Edition (SP1, SP2, SP3) Microsoft SQL Server 2005 Standard Edition (SP1, SP2, SP3) Oracle Database 11g Release 2 Oracle Database 10g Release 2
Supported protocolsHTTP, HTTPS, XNET, XNETS
Server
© 2010 SAP AG. All rights reserved. / Page 27
System Requirements
ClientsWindows Mobile Windows Mobile 6.5 ProfessionalWindows Mobile 6.5 ClassicWindows Mobile 6.1 ProfessionalWindows Mobile 6.1 ClassicWindows Mobile 6.0 ProfessionalWindows Mobile 6.0 ClassicWindows Mobile 5.0Windows Mobile 5.0 Phone EditionWindows Mobile 2003Windows Mobile 2003 Phone EditionWindows Mobile 2003 SEWindows Mobile 2003 SE Phone EditionWindows Mobile 6.5 StandardWindows Mobile 6.1 StandardWindows Mobile 6.0 StandardWindows Mobile 5.0Palm OS Version 5.2, 5.4Symbian Version 9, 9.1, 9.2, 9.3 for Series 60 3rd Edition devicesVersion 9.4 for Series 60 5th Edition devices
Windows (Win32)Windows 7 Windows Server 2008 Windows Vista Business Windows Vista Enterprise Windows Vista Home Ultimate Windows Vista Business SP1, SP2 Windows Vista Enterprise SP1, SP2 Windows Vista Home Ultimate SP1, SP2 Windows Server 2003 SP2 Windows Server 2003 R2 SP2 Windows Server 2003 Windows XP SP2 Windows XP SP3BlackBerry J2ME version 4.2, 4.5,4.6,4.7Java Client JVM version 1.4iPhone Version 3.1, 4.0AndroidAndroid 2.0.1, 2.1, 2.2
© 2010 SAP AG. All rights reserved. / Page 28
Appendix: Component Details
© 2010 SAP AG. All rights reserved. / Page 29
Software ManagerSoftware Manager
■ Distribute and support software with minimal impact to user
■ Maintain and monitor applications, supplying missing or corrupted files
■ Compressing or segmenting applications for efficient distribution over low-bandwidth connections
The Software Manager allows the administrator to deliver pre-built application installers to client devices and run them:
© 2010 SAP AG. All rights reserved. / Page 30
Software Manager...Continued
Seamlessly distribute, install, repair and update software Automatically checks and updates application (if necessary) during
each connection Uses all Afaria bandwidth optimizations
Package status tracking console to view status of packages
Delivery and installation options Criteria checking on disk space, memory, OS version, other
applications Support for alternate distribution locations
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Software Manager
© 2010 SAP AG. All rights reserved. / Page 31
Inventory Manager
■ Detect device changes and notify administrator of changes
■ Ensure applications are current & compatible
■ Provide rule-based software distribution
■ Troubleshoot problems quickly and maintain high level of services
alllows the administrator to define an inventory collection task on the server. Inventories can be hardware-only, or both hardware
and software
© 2010 SAP AG. All rights reserved. / Page 32
Inventory Manager...Continued
■ Plan for mobile system upgrades
■ Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Inventory Mgr
© 2010 SAP AG. All rights reserved. / Page 33
License Manager
■ Afaria components designed to Track installed licenses versus license purchase data License counts License expiration dates Track application usage on client machines
■ Administrators can access license tracking information through Data views on the administrator console Alerts console Reports
Win32 WM Pro
WM Std
Symbian iPhone RIM Java Palm Android
License Mgr
© 2010 SAP AG. All rights reserved. / Page 34
Session Manager
■ Offers an easy-to-use graphical scripting tool that’s designed for system administrators, not programmers
■ Allows administrators to create custom task / workflow automation with point-and-click scripting interface:
Retrieves, sends, copies files
Provides conditional logic
Detects connection speed
Enables registry updates
Generates alerts and messages
Real-time business process execution
That is the most powerful feature of the Afaria solution, and effectively all of the above Channels can be invoked for inclusion in
a Session Manager ‘worklist’, so it is the Session Manager that I shall look at in the most detail.
© 2010 SAP AG. All rights reserved. / Page 35
Session Manager...Continued
■ Automating data delivery and retrieval■ Pre and Post software distribution processes■ Enhancing application Self-Healing■ Enabling proactive control of devices ■ Provides information to enable better business decisions■ Maintain “desired state” system status■ Integrate with back-end applications
Win32 WM Pro WM Std Sym iPhone RIM Java Palm Android
Session Mgr
© 2010 SAP AG. All rights reserved. / Page 36
Data Security Manager—Handhelds
■ Power-on password protection Lock out after failed attempts Format and change frequency controls Disallow previously used passwords
■ Data on device encryption Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the
data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance
© 2010 SAP AG. All rights reserved. / Page 37
Data Security Manager—Handhelds...Continued
■ Custom password masks using regular expressions Administrators can build partial expression that can be combined to meet
different requirements for groups of users Test passwords against expressions in the administrative UI
■Push email Interoperability Fully interoperable with iAnywhere’s
OneBridge/Mobile Office and MS Exchange Active Sync
Receive email even when device is locked
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Data Security Mgr
© 2010 SAP AG. All rights reserved. / Page 38
Data Security Manager—Handhelds...Continued
■ Lost or Stolen Device Lockdown■ Lockdown based in invalid credentials entry or too much time passing since last
connection ■ Administrator has multiple lockdown options:
Disable, wipe or hard reset device■ Lockdown of device based on SIM change or removal
■ Password Recovery■ Admin or web portal to generate temporary
password to unlock device■ Self-service password recovery option
■ Device Access Control■ Block rogue devices from accessing Microsoft
Exchange Server■ White and black list windows mobile devices■ Administrator can define policies■ Executive exception policies are allowed
© 2010 SAP AG. All rights reserved. / Page 39
Data Security Manager—Handhelds...Continued
■ Data at-rest encryption for PIM data and file/folder on Symbian devices
Hard reset device and/or wipe data off external card
Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded
Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time
Uses industry standard AES encryption algorithm with a 256 bit key
© 2010 SAP AG. All rights reserved. / Page 40
Data Security Manager—Win32
■ Full disk encryption for laptops / desktops Ensures that all sensitive data is protected at all
times No reliance on users or applications to store
sensitive data in correct location Protects PC from brute-force insertion of
malicious code Supports compliance audits with predefined
reports and detailed logging
■ Two layers of data protection Pre-boot authentication Full disk encryption Two factor authentication
© 2010 SAP AG. All rights reserved. / Page 41
Data Security Manager—Win32...Continued
■ Multiple User Support Securely allows numerous users per one
computer Allows administrators access to machines
without requiring the users credentials
■ Outstanding Reporting Reports the encryption status of all Security
Manager Clients that do not have a disk status of 100% encryption complete
Provides defensible reporting and logging for security audits
Detailed USB logging reporting
© 2010 SAP AG. All rights reserved. / Page 42
Data Security Manager—Win32...Continued
■ Removable Storage Media Support Can be deployed to a work group or require
a per user password Data may be shared at data owners
discretion Fully encrypted
■ Unattended Reboot Allows patches and software updates to
occur off-peak when bandwidth is high, providing excellent time utilization
IT is not required to perform a reboot to complete the process
All security policies are updated at each
server connection
© 2010 SAP AG. All rights reserved. / Page 43
Configuration Manager
■ Automatically configures critical device settings
■ Verifies successful implementation of settings on mobile devices
■ Provides ease of administration and fast recovery of inadvertently modified settings
■ Enhances the user experience■ Policy-based■ Utilizes Microsoft’s CSP
configuration model on WM
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android
Configuration Mgr
© 2010 SAP AG. All rights reserved. / Page 44
Configuration Manager-Configurable Elements by Operating System
Windows MobileConnectionsDeviceDNS/IPFormatsNetwork User InfoOwner InfoSoundsCustomer ConfigurationsWindows UpdatePort Control
Camera, Microphone, Bluetooth – lock down or limit to device class
InfraredWiFi RadioRemovable storage cardsUSB CommunicationsProvisioning
Favorites, GPRS, Networks
Roaming Controls
iPhonePasscode settingsWiFi settingsRestrict application usage and installationExchange setup informationVPN settingsIMAP and POP email settingsLDAP connectionsCalDav ConnectionsAPN settings
BlackBerrySynchronizationSecurityMessagingApplications
AndroidSecurity settingsWiFi settingsConnection Pulse
SymbianAccess pointsPacket dataWireless LANExchangeRoaming Control
© 2010 SAP AG. All rights reserved. / Page 45
Roaming Controls
■ Roaming Management that detects roaming state changes and provide administrative control of device actions while roaming
■ Provides real time protection of roaming costs
■ Supports both Symbian and Windows Mobile
■ Allows administrators several options to disable data connections based on roaming state of the device
Disable all data connections • Disable Afaria scheduled or client-initiated connections when roaming
• (Outbound connections are still available) Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)
■ Real time client monitors trigger custom actions when roaming Log event - Create custom logs for roaming events Execute program – Execute a program locally Run channel – Run an Afaria worklist Run script – Execute a customized script
■ Roaming Report Detailed report containing roaming status
© 2010 SAP AG. All rights reserved. / Page 46
Windows Mobile Application Control
■ Controls both embedded (ROM-based) and installed (RAM-based) applications
■ Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications
■ Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings
■ Tamper-resistant implementation so applications cannot simply be renamed
■ Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications
© 2010 SAP AG. All rights reserved. / Page 47
Backup Manager
■ Backup and restore mission-critical data■ Users can recover lost or corrupted data■ Backup
Folders or files Schedule backup frequency Backup data store at Afaria server or file server
■ Restore is managed through centralized console■ Folders or files■ Selective or full restore
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Backup Mgr
© 2010 SAP AG. All rights reserved. / Page 48
Document Manager
■ Content publish and subscription component
■ Client-side UI allows end users to subscribe to documents
■ Channel keeps all documents on client devices up to date
■ Updates leverage byte level differencing
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Document Mgr
© 2010 SAP AG. All rights reserved. / Page 49
Patch Manager
■ Patch console provides views of new / missing patches Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches
■ Easy patch distribution to client machines One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not
have administrative privileges
■ Leverage Afaria bandwidth optimizations in patch channels Dynamic bandwidth throttling Segmented delivery Checkpoint restart
Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches
© 2010 SAP AG. All rights reserved. / Page 50
Patch Manager...Continued
■ Gives administrators control over patch deployment
Provides visibility and discovers vulnerabilities
Target and schedule patch deployment
Automates patch management without user involvement
Assess severity level of patch and deploy accordingly
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Patch Mgr
© 2010 SAP AG. All rights reserved. / Page 51
Off-Line Device Monitoring
Windows Mobile and Win32: The capability to monitor device settings/characteristics on Windows devices
and trigger connections, logging or execution of local processes when characteristics change.
Monitor Types: Battery (WM) Memory (WM) Registry (WM)
(Eg. 1) Monitor battery level, and run executable to copy key files to external card when available battery drops below xx%.
(Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Off-line Monitor
Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)
© 2010 SAP AG. All rights reserved. / Page 52
Remote Control
■ Expand existing management capabilities
Real-time remote control capability for Windows®-based PCs and handheld devices
Interactively train end users on new applications or troubleshoot specific devices.
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm
Remote Control
© 2010 SAP AG. All rights reserved. / Page 53
Remote Control Key Features
■ Remote Control – superior quality supporting a large range of platforms
■ Remote Management – computer management controlling services, registry, tasks, event log, shares and system state
■ File Transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer
■ Scripting – schedule file transfers and other operations
■ Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video
■ Multi Console session – allows a number of Console users to view and control the same Client desktop
■ Run Program – launch programs at the remote computerSupports WIFI or any cellular network (TCP/IP)
© 2010 SAP AG. All rights reserved. / Page 54
Remote Control Key Features...Continued
■ Send Message – distribute popup messages in Rich Text Format which allows links to e.g. web sites.
■ Request Help – contact the help desk via remote control and run an external application to auto-generate trouble tickets.
■ Security – local and centralized, Native NetOp, Directory Services and Windows-integrated.
■ Encryption – implemented according to the toughest industry standards.
■ Event logging – local, centralized, Windows-integrated and management-integrated.
■ Session recording – save the Client screen activities in a file for later replay.
■ Snapshot - save the current Client desktop image as a file.
© 2010 SAP AG. All rights reserved. / Page 55
Remote Control ClientsRemote Control Clients
Win32 1. Listen for Console to initiate
2. Client initiate via Help Request
PPC/WM5/WM6
WiFi / Cradle Private Net
1. Listen for Console to initiate
2. Client initiate via Help Request
Internet / Carrier Net1. Client initiate via Help Request
© 2010 SAP AG. All rights reserved. / Page 56
Secure remote access and control for supporting
people on the move
Remote Control Webconnect
■ WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits.
■ Connect with help desk initiated connections over the internet without requiring holes in your firewall
Connect from anywhere – no LAN/WAN restrictions
No need for firewall or
router configuration to access the
host
© 2010 SAP AG. All rights reserved. / Page 57
Overview of Webconnect
GUEST
Connction Manager (Microsoft IIS)
ConnectionServer
WebConnect
Account data (Microsoft SQL)
HOST
Administration module
ConnectionRequest and location information
DMZ
© 2010 SAP AG. All rights reserved. / Page 58
Antivirus and Firewall Manager
■ Protects mobile devices against: Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting
■ Technology licensed from SMobile, leader in mobile Antivirus and Firewall software
© 2010 SAP AG. All rights reserved. / Page 59
Antivirus and Firewall Manager...Continued
■ Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc.
■ Typical threats in the wild which are classified as: Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy… Exploiting PC syncs - Crossover/Mobler… Malware crashing devices - Skulls, Fontal… Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser…
© 2010 SAP AG. All rights reserved. / Page 60
Antivirus and Firewall Manager...Continued
■ Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device
■ Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise
■ Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone
© 2010 SAP AG. All rights reserved. / Page 61
Antivirus for HandheldsAfaria Antivirus for Handhelds
■ Compatible with all major operating systems, including Windows Mobile and Symbian devices
■ Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time
■ Industry’s only handheld antivirus to use heuristics
■ Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience.
■ Only mobile AV focused solely on mobility, not a retrofit of a desktop solution
■ Full logging of scan and detection activity all viewable by the system administrator
■ Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.
© 2010 SAP AG. All rights reserved. / Page 62
Firewall Manager for Handhelds
■ IP based firewall protection based upon black list or white list filtering, and provides both in and outbound network packet monitoring
■ Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic
■ Enables administrator to control inbound and outbound access (either denying/blocking by “blacklisting” or approving by “whitelisting”) to sites hosted by the outside world based on IP address
Employees can be restricted to access only the corporate website or certain authorized sites
Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks
© 2010 SAP AG. All rights reserved. / Page 63
Afaria Firewall Manager SMS and Call Filtering
■ Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages
■ Includes tracking logs of blocked calls and messages
■ Call Filtering and MMS/SMS filtering are separately configurable
■ Primarily used to block spam sent to devices
© 2010 SAP AG. All rights reserved. / Page 64
Optimized Communications for Frontline ConditionsOptimized Communications for Frontline Conditions
■ Offline processing Minimize “expensive” online
processing over bandwidth-limited networks
■ Checkpoint restart Tolerance for in-and-out of
coverage conditions
■ Compression Proprietary algorithms reduce
time required for file transfer
■ File differencing Send only needed changes within
files (Byte Level)
■ Intelligent file updates Send only files/data that need to
be updated
■ Segmented file delivery Deliver applications, data over
multiple sessions
■ Dynamic bandwidth throttling Automatically adjusting Afaria
session requirements based on network utilization
■ Opportunistic connections Execute sessions when
communication networks are available
■ Flexible packet/window size Allows administrators to “tune”
traffic to match network conditions
© 2010 SAP AG. All rights reserved. / Page 65
Access Control for Microsoft Exchange
■ Block rogue devices from synchronizing with an Exchange Server Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010
server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure
■ Administrator specified ‘security verification policy’ Define the amount of time during which a device must have connected to Afaria server to
confirm presence of Afaria client and/or security manager on the device
■ White list devices Administrators can create a ‘white list’ of devices that should always be allowed to
synchronize with Exchange, even if they fail the ‘security verification policy’
■ Black list devices Administrators can create a ‘black list’ of devices that should never be permitted to
synchronize with Exchange, even if the fail the ‘security verification policy’
© 2010 SAP AG. All rights reserved. / Page 66
Mutual Certificate Authentication
■ Extending Afaria’s SSL architecture to support mutual certificate-based authentication
■ An added layer of security that is certificate based that will ensure that only properly credentialed clients can connect to a customers server
■ Administratively enabled and configured
© 2010 SAP AG. All rights reserved. / Page 67
Internationalization
■ Support for Afaria server, administrator and clients operating on a double-byte character set language system
■ Client support for: Windows Windows Mobile Symbian
■ Component support includes: Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)
■ Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean
Internationalization
© 2010 SAP AG. All rights reserved. / Page 68
Administration
■ Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface
■ Manage Afaria servers from any PC on the network, including virtualization technology
■ Secure access to the web console leveraging the NT security model
■ User access “rights” to the web console; role-based user access
© 2010 SAP AG. All rights reserved. / Page 69
Administration—Profile Based Management
■ Policy / profile based model for channel scheduling, monitors and assignments
■ Easier management of schedules and assignments
■ Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)
■ Improved security for channel execution
■ Schedules run only for assigned / applicable device
Thank You