Mobile Device Management Timothy Yager (firstname.lastname@example.org) SUNY Oswego Labman 2013 – Evergreen State College
SUNY Oswego • Located in upstate New York • ~8300 FTEs • ~6800 undergrad • Mobile devices - ~200 “lab” iPads and rising, several staff smartphones
What is MDM • Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises.” • http://en.wikipedia.org/wiki/Mobile_device_management
Why MDM and BYOD? • In corporate world, increased productivity • Access to virtual apps and data • Major security concerns for your data! • People are bringing their own devices anyway, why provide a work device? • In higher education • Meeting faculty initiatives • Student needs • It sure is trendy right now!
Why MDM for SUNY Oswego? • Pushed by CIO at the time • Based on a clear needs assessment provided by CIO • Project committee was formed • Involved user support group, IT group, telecommunications group, and networking group representatives due to broad nature of scope including: • “Corporate” and “personal” Mobile Devices (phones and tablets) • Network resources for solution • End user training and support • Server work if necessary (many solution SaaS based)
Project Timeline - 2012 • Needs assessment – January • Present needs assessment to Campus Technology Advisory Board (CTAB) Applications Subcommittee – February • Review Feedback • Announce plans to full CTAB – February • Complete research and make software recommendation – end of February • Purchase, Install, configure, deploy pilot program –March/April • Assess and deploy needed changes, move to full rollout – March/April
Project Timeline 2012 Continued • Policies and procedures done by end of semester – May • Project completion and in operating mode by summer – May • End goal was a one semester project to be ready prior to summer projects starting!
Needs Assessment • Most critical part of a Mobile Device Management Project • You must know what your intent with the solution is as it will drastically affect your decision making process • Need to consider separate needs for personally owned devices versus campus owned devices and what issues come into play • Privacy • Security • Culture of higher education • Legal concerns (state, federal, local, collegiate) • Need to separate technical concerns versus policy concerns • Do you really want to have anything to do with installing an agent on peoples’ personal devices?
SUNY Oswego Documents Review • Mobility Management Solution Needs Assessment • MDM Vendor Requirements – We used Gartner as our initial research point for finding vendors • MDM Trial Results – We went to trial with two vendors, Airwatch and Maas360 • Did a mini trial of Meraki as it is a free MDM solution, but immediately stopped testing due to functionality. Has since been purchased by Cisco but is still free, and appears to have much more extended functionality now. • A great way to get a feel for what an MDM can accomplish with little setup and no cost apart from staff time
Meraki Demonstration • Signup • http://meraki.cisco.com/products/systems-manager?ref=MVFkTc • Login • https://account.meraki.com/login/dashboard_login • Clients • GPS tracking / Applications Installed / Lock or Erase Device / Etc • Mobile, Settings • Device restrictions / Password requirements / Wifi / VPN • Apps
What we found in 2012 • We could not meet our MDM needs with an MDM Solution!! • Many required Exchange for ActiveSync, not useful for us • Vendors can only do what the APIs allow them to (see Apple) • There are many, many solutions out there and there is a lot of competition among vendors. Some died out from the time we started to the time we finished. This is likely still true today. • Mobile device “imaging” in the same vein as how we do our computer labs was not possible via an MDM solution, which was what we really wanted.
Review of project requirements • Device imaging similar to a standard computer lab • Some way to manage application purchases on an enterprise level • Configuring our campus wireless and email settings • Apple Configurator met all of these needs, and does so ~flawlessly!!!
Success! • Silver lining – Apple released Apple Configurator around March, saving our project which was going to end without success based upon our needs.
Apple Configurator • Free Apple MDM configuration tool from App Store • https://itunes.apple.com/us/app/apple-configurator/id434433123?mt=12 • Only available for installation on a Mac • Apple Configurator has a little brother called iPhone Configuration Utility which is available for PC but not nearly as robust • Will need to spend time on Apple Volume Purchase Program to get application purchasing working properly. • Will probably want to purchase a USB hub to hook up many devices at one time • Set it and forget it! • Once “images” are built, you can just click the restore button and devices are set back to their original state
Apple Configurator Notable Links • Apple App Volume Purchasing • http://www.apple.com/education/volume-purchase-program/ • Apple Configurator • http://help.apple.com/configurator/mac/1.2/ • iOSin Business • http://www.apple.com/ipad/business/it-center/
Service Level Agreement • We created an SLA for departments wishing us to image their iOS devices as well as application installing and monitoring via the Volume Purchase Program • Once signed we will manage a groups devices as specified in the SLA • Three “imaging” options • Unsupervised – We configure wireless and email only. • Supervised without application installs – We will set up wireless, email, and applications. End users will be unable to install apps. • Supervised with application installs – We will set up wireless, email, and applications. End users can install apps and are responsible for their own license tracking. • Devices can be reimaged upon request otherwise will be done over summer.
SLA Continued • Department is expected to: • Purchase applications through CTS via the Volume Purchase Program. CTS will create a departmental account for your department (email@example.com) that can be used to propagate software to devices. • Understand how to use any software purchased. • Understand any advanced device functionality required for classes. • Train students on the required functionality.
SLA Continued • Department is expected to: • Maintain inventory and replace any stolen or damaged devices as per campus inventory policies. • Consult with CTS prior to upgrading a device to newer operating systems as some functionality may break, e.g. wireless. • Maintain backups in case of data loss. • Deliver to and retrieve devices from 26 Lanigan Hall if changes or updates are needed outside of annual summer reimaging.
Where we are today • Still only using Apple Configurator, for just over a year • Meets our needs!! May not meet yours! • Have no needs or desire to review MDM solutions as Apple Configurator meets our needs. • If Android tablets became popular we would have to review options • Looking at new recommendations for personal use devices • Password requirements / Encryption / Etc. • There would be no way of enforcing these, so more of a guidelines document to protect campus resources