1 / 36

Microsoft ® System Center Mobile Device Manager 2008 SP1

Microsoft ® System Center Mobile Device Manager 2008 SP1. Chip Vollers Mobile Business Experience Marketing Sr. Product Manager, Infrastructure cvollers@microsoft.com. Agenda. Mobility Overview Worldwide Mobility Market System Center Mobile Device Manager 2008 Demo MDM SP1 Features

hector
Télécharger la présentation

Microsoft ® System Center Mobile Device Manager 2008 SP1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft® System Center Mobile Device Manager 2008 SP1 Chip Vollers Mobile Business Experience Marketing Sr. Product Manager, Infrastructure cvollers@microsoft.com

  2. Agenda • Mobility Overview • Worldwide Mobility Market • System Center Mobile Device Manager 2008 • Demo • MDM SP1 Features • Microsoft Stack Integration • Competitive Overview • Pricing and Licensing • Information & Links

  3. Mobile Devices Are Not Laptops Mobile devices… • Are more easily lost or stolen. • Require persistent connectivity. • Have capabilities driven by form factor and user interface. • Must also function as phones. • Are outside the corporate network most or all of the time.

  4. Why do DMSec and mVPN Matter for Mobility? • Proliferation of connected devices outpacing PCs • Growth of worldwide mobile workforce • Expansion of mLOB application development and usage—more mLOB users means lower cost per user and higher per user mLOB ROI • Desire for more secure network connectivity from mobile devices

  5. 34.1%ConvergedMobile Phones 3.9%Desktop PCs Mobility Drives Growth 245 Million Converged Devices by 2010 18.6%Mobile PCs 5.8%Mobile Phones Source: Gartner, Dataquest, and IDC 2006

  6. Worldwide, the mobile worker population is expectedto increase to878 million by 2009,accounting for >27%of the total global workforce. Worldwide Market Opportunity SOURCE: IDC, WW Mobile Worker Population, October 2006

  7. Balanced Market Growth Balanced growth driven by both mobile messaging and rich mobile scenarios beyond e-mail: • Corporate data access and mobile LOB grows 41% (CAGR) from CY 2006–2011. • Messaging grows 46% in the same time period. 2011 2006 Corporate data access and mLOB 31.5 MM mLOB only 0.9 MM Mobile Messaging 71.2 MM Mobile Messaging 10.7 MM Corporate data access and mobile LOB 6.2 MM mLOB only 8.3MM Note: Sizing based on support for Microsoft solutions. Source: MED Finance analysis and industry reports

  8. What is MDM?System Center Mobile Device Manager 2008 MDM helps to… • Safeguard corporate data from unauthorized access. • Reduce the cost and complexity of mobile deployments. • Maintain persistent and enhanced security for connectivity. • Simplify device management.

  9. MDM Overview MDM is a comprehensive device management solution that enables efficient control of Windows Mobile® devices. With MDM, customers can: • Set and control policies using Active Directory® and Group Policy. • Extend corporate data and line of business (LOB) applications in a security-enhanced virtual private network (VPN) environment. • Execute a remote wipe with the “always on” Mobile VPN (mVPN) if a device is lost or falls into the wrong hands. • Lock down communications and device resources for compliance and confidentiality purposes—disable Bluetooth, SMS/MMS, WLAN/Wi-Fi, Infrared, POP/IMAP e-mail, and even camera functionality. • Take advantage of advanced features including policy enforcement, inventory and reporting, and software distribution from a single point of management.

  10. What IT pains does MDM solve? How to: • Manage mobile devices like PCs on the corporate network • Manage policies and software distribution to multiple groups of users • Provision mobile devices without physically touching them • Allow more secure connectivity with single-point network access control • Allow specific business units individual control over the devices in their business unit

  11. Aligning with Customer Priorities Key BDM Priorities Key IT Priorities Key End User Priorities • Secure data and network access • Manageable, scalable IT infrastructure • Standardization vs. point solutions • Integrate and align with existing systems • Minimize training and support • “Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework”” • -VP of IT for Large Wall Street Bank • “I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers” • - Director of business group for major manufacturer • “Make it just another device on my network that I control and manage, one that’s an integral part of my existing architecture and security framework” • - VP of IT for Large Wall Street Bank • “Provide me with always available access to the people, information, and applications I need even when I am on the go” • - Sales Manager for global pharmaceutical firm • End user productivity • Scalable and reliable procurement • Minimized support costs and TCO • Secure data and network access • Manageable, scalable IT infrastructure • Standardization vs. point solutions • Integration and alignment with existing systems • Minimized training and support • Robust access to corporate info • Dependable and resilient phone experience • Superior productivity including unified communications • Anytime access to corporate info • Dependable and resilient phone experience • Superior productivity including unified communications

  12. MDM Core Feature Areas MDM enables Windows Mobile 6.1 devices to be deployed and managed like PCs and laptops in the IT infrastructure, providing them network access to corporate data and making them first-class citizens on the corporate network. Mobile VPN Security Management Device Management • Active Directory Domain Join • Policy enforcement using Active Directory and Group Policy targeting (>130 policies and settings) • Communications and camera disablement • File encryption • Application allow and deny • Remote wipe • OMA-DM compliance • Single point of management for mobile devices in enterprise • Full OTA provisioning and bootstrapping • OTA Software distribution based on WSUS 3.0 • Device data and inventory reporting • SQL Server 2005-based reporting capabilities • Role-based administration • MMC snap-ins and Powershell cmndlets • WMU on/off control • OMA-DM compliance • Machine authentication and “double envelope security” • Session persistence • Fast reconnect • Internetwork roaming • Standards support (IKEv2, IPSEC tunnel mode) Management Workload Deployment: inside firewall Network Access Workload Deployment: in DMZ

  13. Security Management Benefits • System Center Mobile Device Manager extends Active Directory/Group Policy to Windows Mobile. • Over 130 configuration settings are now managed through Group Policy including control of Bluetooth, WIFI, SMS/MMS, IR, Camera, and POP/IMAP. • Architecture is extensible.

  14. Device Management Benefits • Enterprise-wide OTA software distribution • Leverages Windows Software Update Service (WSUS) 3.0 • Most widely deployed Windows software update solution across organizations of all size (60%+ penetration) • Rich targeting and packaging capabilities required by IT departments • Rich Inventory and Reporting • Robust hardware and software inventory capabilities • SQL Server 2005–based reporting infrastructure • Highly flexible • Customizable

  15. Mobile VPN Benefits • Offers features to help secure behind-the-firewall access to the corporate network and applications. • Access data from a broad range of Intranet sites (e.g. SAP, Siebel, intranet sites, SQL Server) • Aligns with existing remote access model for desktops/laptops and scales to a broad set of scenarios. • Security • End-to-end security features • Headless gateway deployed in the DMZ • Privacy compliance • Efficiency • Reliability • Simplicity • Extensible Domain Controller Internal Corporate Site • Use best available channel • Adapt to network to minimize keep alive traffic (goal) Controlled access to Internalcorporate resources from themobile devices connected viaMobile VPN Corporate Internal Firewall • Transparent to mobile application • Transparent to LOB services Mobile VPN Gateway DMZ • Always connected • Allows pushed technology Corporate External Firewall Internet Mobile VPN • Minimum user configuration • Transparent to user and to applications Mobile VPN Mobile Operators Cellular DataConnection WiFi Connection

  16. Mobile VPN vs. Non-Mobile VPN • mVPN is bandwidth-optimized: • Less data throughput per task • More efficient use of the radio stack • Greater battery life • mVPN is connectivity-optimized: • Fast reconnect • Session persistence • mVPN is security-optimized: • “Double envelope” with SSL tunnel inside the IPSec tunnel • Standards-based: IPSec, IKEv2, MobIKE(mobility and multi-homing) Other VPN solutions today do not offer this same level of performance for mobile devices.

  17. Certificate Management/Handling MDM works closely with Active Directory and utilizes the Microsoft Certification Authority (CA). • Microsoft CA allows for standardized certificate templates. • Microsoft CA complies with widely adopted industry standards and is used for automatic certification handling by MDM. • The enterprise version of Windows Server® is needed to support the certificate templates required by AD. • Customers who currently use a third-party CA within their PKI can deploy Microsoft CA as a subordinate CA and configure to issue certificates for a specific use—in MDM’s case, client authentication for MDM-managed devices. The existing PKI can than operate normally for other purposes. • Microsoft Certification Authority is integrated with AD. Configuring the Microsoft CA as one use only will prevent unauthorized certificate issuance and misuse of this CA.

  18. Typical Deployment Topology Exchange, SharePoint, Intranet and LOB Servers IPSec Mobile VPN 128Bit SSL Tunnel SQLServer Initial OTA DeviceEnrollment via SSL SSL User Authentication MDM/SP1 Management Server MMCConsole Internet MDM/SP1Gateway Server 128bit SSL Tunnel Firewall Firewall IPSECVPN Integrated WSUS Software Management Machine Certificate Authentication for Mobile VPN 128Bit SSL Tunnel Device CertificateEnrollmentService One Time PIN for Enrollment Optional ISA orReverse Proxy MDM/SP1Enrollment Server ActiveDirectory Corporate Intranet DMZ

  19. MDM demo demo Name Title Group

  20. MDM SP1 Feature Updates Feature and capability updates with MDM SP1 include: • Multiple Instance • Supports deployments where multiple points of control are required within a single forest • Enrollment Auto Discovery • Helps eliminate guesswork and user confusion by allowing the enrollment server to match the user with the correct MDM instance • Runs with Windows Server 2008 • SP1 will run against a domain/forest running Windows Server 2008 AD Domain Services • Performance/Scalability • Increases system capacity to 40K users from MDM 2008 levels • Virtualization • Hyper-V support using hosted Windows Server 2003 for testing/trial purposes

  21. Mobile Device Manager 2008 SP1 • Unlocks Large Scale Deployments • MDM SP1 will better enable IT to manage Windows Mobile 6.1 and later devices in situations where greater scale and distributed control points are required. Mobile VPN Security Management Device Management • New • Improved self-service and helpdesk experience • Improved • Scalability and Performance • New • Multi-Instance • Support Windows Server 2008 AD • Hyper-V (2003 host) • Improved • Reporting • Scalability and Reliability • Improved • Scalability and Reliability Management Workload Deployment: inside firewall Network Access Workload Deployment: in DMZ

  22. Administrative Policies Multiple Instance Division 3 Division 1 Division 2 • Multiple Instance allows customers with multiple domains, multiple network access points, and different administrative policies to all be managed independently IT MDM Infrastructure Division 1 Users Division 3 Users Division 2 Users Active Directory Forest

  23. Microsoft Stack Utilization MDM is designed to work well with existing IT infrastructure, network directory, and services: Windows Server 2003 SP2 SQL Server 2005 Active Directory/Group Policy Windows Software Update Service (WSUS)

  24. Better Together: MDM + … Exchange 2007 = More secure mobile messaging ConfigMgr =Comprehensive client management ISA + IAG = Enhanced network security and user authentication SharePoint = Mobile access for better collaboration and teamwork System Center Mobile Device Manager 2008 works very closely with other Microsoft products to increase the productivity of mobile workforces.

  25. Segmentation & Opportunity UMM and Enterprise Customers

  26. Comprehensive Messaging and Device Management Solution • Best in class mobile messaging and PIM solution • Enhanced messaging security beyond SSL • Rich device management • Domain objects in Active Directory • Management via AD/Group Policy • Windows Mobile device management support • Best in class mobile VPN • Customized policy templates without AD schema changes • 130+ mobile policies out of the box • Software distribution via WSUS By combining Exchange 2007 SP1 with MDM, customers get the best of both worlds—best in class messaging/PIM solution and device management, security, and secure, persistent connectivity for their Windows Mobile devices.

  27. Comprehensive Device & Client Management Solution • Rich PC client and mobile device management • Domain objects in Active Directory • Management via AD/Group Policy • Windows Mobile device management support • Best-in-class mobile VPN • Customized policy templates without ADschema changes • 130+ mobile policies out of the box • Software distribution via WSUS By combining ConfigMgr with MDM, customers get the best of both worlds—feature-rich client management for their PCs and device management, security, and secure, persistent connectivity for their Windows Mobile devices.

  28. Microsoft Solution Comparison MDM complements other Microsoft DMSec solutions. * This applies to mobile device management. AD/Group Policy is supported for desktop clients. ** File inventory only.

  29. MDM: Competitive Review Exchange 2007 provides EAS statistical reporting (with basic device information). Exchange 2007 enables full OTA provisioning of EAS Client only (does not include IRM or cert-based authentication). Expected to deliver deeper integration with LDAP but not necessarily specific to AD. Middleware (i.e. Good, IMS) software only, not device firmware.

  30. License and Support Cost ComparisonFirst year investment - list price, 5K users Pricing includes Software Assurance (SA) for MDM and technical support for all solutions (MDM included in Premier). $1,038,400 $521,000 $398,500 $119,300 Good RIM Afaria MDM $207.68 per user $104.20 per user $79.70 per user $23.86 per user

  31. MDM Technical Support • Premier Field Engineering (PFE) • MDM technical specialists in Redmond and Prague • Microsoft Consulting Services (MCS) • MDM expertise in Redmond with supervision of WW team build-out • Mobility SSP team • WW solution selling expertise for MDM, Windows Mobile, and third-party mobility solutions • Product Support Services (PSS) • MVPs—mobility specialists outside Microsoft

  32. Licensing Considerations • MDM is a three server role solution: • Enrollment Server role • Device Management (DM) Server role • Gateway Server role • Roles required: • Outside the firewall, all three roles are required. • Inside the firewall (WiLAN) Gateway is optional. • Role combinations: • Enrollment and DM can be combined on one box—single server license required. • Gateway is always a stand-alone role.

  33. MDM SKU Offerings

  34. Advantage MDM: MDM combines the must-have DMSec features IT demands, low TCO, and robust Microsoft technology stack utilization.

  35. Information and Links • www.microsoft.com/systemcenter/mobile/ • www.microsoft.com/windowsmobile/en-us/business/solutions/enterprise/mobile-device-manager.mspx • http://technet.microsoft.com/windowsmobile/ • http://technet.microsoft.com/en-us/scmdm/

More Related