To ensure security and compliance, large mobile
deployments need to be supported by systems management tools. We
look at the options for businesses.
Middleware applications can play a key role in managing the
devices of a mobile workforce, automating manual IT processes and
saving time and money.
IT managers can choose from several platforms from the likes of
CA, IBM Tivoli and Microsoft, as well as tools from a growing
number of specialist service and software suppliers.
Nick McQuire, senior analyst for wireless and mobile at Yankee
Group, said large mobility deployments should be supported by
systems management tools that incorporate a range of
components.
These include software installation, inventory and updating,
hardware inventory and asset management, and back-up and restore
capabilities.
"Firms have traditionally been lax regarding inventory and asset
management of mobile devices. Because wireless devices are used for
data applications, they need to be managed like laptops rather than
cellular phones. They also need to be supported like IT assets, so
administrators need to have visibility of what hardware and
software is in the field," said McQuire.
They should also have policies for security policy management
and enforcement, remote file and policy administration, push update
capability and remote data wipe and/or device lockdown, McQuire
said.
Companies such as Intellisync, mFormation and iAnywhere offer
device and systems management tools that address some or all of
these requirements.
Analyst firm Gartner advised organisations to look at
Hewlett-Packard-owned Novadigm, Mobile Automation, Novell and
XcelleNet, as suppliers that offer mobile systems management
products that can manage laptops as well as PDAs.
Novadigm sells a product that integrates into HP's Openview
systems management software platform and is designed to manage
mobile devices, deploying software and synchronising updates to
mobile users across a number of applications and networks.
XcelleNet's Afaria supports most devices, including Symbian,
Pocket PC, Windows CE, Palm handhelds, Research in Motion's
Blackberry devices and a number of smartphones. Afaria also
includes a back-up manager designed for mobile devices.
Mobile Automation's Mobile Lifecycle Management Suite supports
Windows CE devices, Palm OS PDAs, Blackberry and some
smartphones.
However, of the larger suite suppliers, CA has one of the
broadest ranges of management software products, under its
Unicenter brand. Unicenter Software Delivery carries out automated
patch and application version management for laptops, PDAs and
mobile phones as well as desktops and servers. It uses policy-based
software distribution and allows the administrator to apply and
roll back software installations.
CA has a "content research" team which manages a central
repository of software patch information, pushing this out to the
CA Unicenter Patch Management r11 application when necessary.
To switch mobile devices off and on, as well as controlling,
viewing and modifying remote systems, CA has the Unicenter Remote
Control system. This includes tools for an administrator to
exchange files, hold interactive chat sessions, execute remote
applications, and monitor and record activities.
Asset Management is another Unicenter product, this time for
asset tracking. It does this via automated discovery, hardware
network and software inventory, configuration management, software
usage monitoring and licence management.
As well as these products, CA also has Brightstor Arcserve
Backup for Laptops & Desktops, to carry out fast automatic
back-up and restore for data on remote or mobile Windows PCs, in
the background. It can be used by IT administrators to
automatically perform back-ups when devices are connected or, more
importantly, disconnected from the network. It does this by sending
and piecing together incremental file changes, and backing up files
that are open.
"Because mobile users are not always connected to the network,
Brightstor Arcserve Backup for Laptops & Desktops can initiate
the back-up process without a network connection," said CA. "When
you connect to the network to check e-mail or use the internet it
will automatically detect TCP/IP connectivity transmitting the
back-up data to the back-up server, without interrupting your
workflow. It can also back up files that are in use."
IBM is another major management software supplier with several
tools in its Tivoli family of products for managing remote devices.
The main one is the Tivoli Configuration Manager. Like the other
management tools, it can distribute software and security patches,
manage inventory and ensure compliance across heterogeneous
computing environments. It can also determine which patches are
missing, and distribute them to the clients.
After systems have been deployed, an inventory module lets the
administrator automatically scan for and collect hardware and
software configuration information from the computers attached to
the system.
Like CA's Unicenter Software Delivery, a major benefit of IBM's
Tivoli management system is its support for multiple suppliers'
handheld devices.
Microsoft has a couple of software applications that can help to
manage mobile devices, although they are only capable of
controlling Windows CE, Pocket PC and Pocket PC Phone Edition-based
devices.
The main suite it offers is Microsoft Systems Management Server
2003 with Service Pack 1, which features change and configuration
management tools.
Microsoft has extended Systems Management Server 2003 to manage
these handheld devices via additional modules: the Operating System
Deployment Feature Pack, the Device Management Feature Pack, and
the Administration Feature Pack.
Systems Management Server 2003 includes tools to deploy
operating system images across a number of devices to manage mobile
devices, and it also has a central console for tracking and
reporting on the status of operating system deployments.
The Device Management Feature Pack can manage mobile devices as
Systems Management Server clients, in the same way that Systems
Management Server manages desktops and servers.
Like CA's discovery and asset management tools, the Device
Management Pack lets administrators perform device discovery,
collect hardware and software inventory data, and distribute
software to mobile devices. The pack can also manage settings and
password policies.
As an alternative to client-server systems from the likes of CA,
IBM and Microsoft, many organisations have adopted a server-based
computing model. This is where desktops and handheld devices are
controlled and managed centrally.
Citrix's Access Suite 4.0, (formerly Metaframe) is the main
server-based computing architecture in this area, and has its own
mobile device management features.
Access Suite has Smartaccess technology that can control remote
access to enterprise systems. The system identifies who the user
is, where they are accessing information from, and how secure the
device is.
Richard Jackson, regional managing director at Citrix, said
remote access is more than just an on/off switch. "There is no need
for a fear of losing control over who is accessing the network to
hold back the productivity benefits of flexible working. By
examining their access strategy, businesses can implement practices
that will keep data secure and control access what and from where,"
he said.
Citrix Access Suite combines Presentation Server (server
virtualisation software), Access Gateway (a secure virtual private
network appliance) and Password Manager.
As an alternative to hosting the management middleware,
organisations could also consider a managed services approach, said
McQuire.
For example, Vodafone UK launched its mFormation service with a
Vodafone-branded push e-mail service from Visto late in 2005. And
US firm Sprint launched Sprint Managed Mobility Solutions, which
included a hosted device management service based on Intellisync's
platform, in mid 2005.
"In some cases, they are the only device that remote workers
use; so if a device is lost, stolen or requires troubleshooting, it
needs immediate repair or replacement. Underestimating the
importance of mobile devices to remote employees, and not
implementing a strong management approach, will result in increased
downtime and under-utilisation of critical assets," said
McQuire.
Mobile anti-virus products
As well as selling Unicenter mobile management software, CA has
extended the anti-virus capabilities of its eTrust Antivirus
package to mobile devices.
Another dedicated mobile anti-virus product was launched by
McAfee at the 3GSM Conference in February. McAfee Virusscan Mobile
Enterprise Edition can be pre-installed on employees' mobile
devices or downloaded to devices out in the field. The software has
a 500Kbyte footprint.
Like desktop anti-virus software, it scans in the background for
viruses, Trojans and worms, monitoring e-mail, SMS and MMS content,
internet downloads and Bluetooth connections.
McAfee also sells a firewall product, McAfee Firewall
Mobile.
Why have a mobile management policy?
Middleware can be used to secure and manage mobile devices, but
without clear mobile management policies, the software will not be
effective.
David Friedlander, senior analyst at Forrester Research, said,
"Companies should have a clear, consistent, and enforced policy for
mobile device usage and security in the enterprise.
"Mobile devices are often outside the enterprise network. They
may connect over unsecured networks, or reside in a disconnected
state where they cannot easily be touched by management tools. More
sophisticated local management agents can enforce policies and
manage the device without connecting to the corporate local area
network.
"PDA operating systems are not designed with enterprise support
in mind. The devices are difficult or impossible to upgrade, and
relatively few security patches are released for the major mobile
device platforms."
In some instances, said Friedlander, executives will buy a
mobile device on expenses and connect it to their machines using
desktop synchronisation tools.
"If the company is not willing to set and enforce standards, the
costs and risks associated with the mobile device population could
quickly spiral out of control," he said.
Nick McQuire, senior analyst at Yankee Group, said, "Mobility
raises new security concerns. Small wireless devices are more prone
to loss, theft or temporary misplacement. Consequently, IT needs
the capability to remotely lock down or wipe devices clean of
sensitive data."