Mobile computing: Where are they and what are they doing?

To ensure security and compliance, large mobile deployments need to be supported by systems management tools. We look at the options for businesses.

To ensure security and compliance, large mobile deployments need to be supported by systems management tools. We look at the options for businesses.

Middleware applications can play a key role in managing the devices of a mobile workforce, automating manual IT processes and saving time and money.

IT managers can choose from several platforms from the likes of CA, IBM Tivoli and Microsoft, as well as tools from a growing number of specialist service and software suppliers.

Nick McQuire, senior analyst for wireless and mobile at Yankee Group, said large mobility deployments should be supported by systems management tools that incorporate a range of components.

These include software installation, inventory and updating, hardware inventory and asset management, and back-up and restore capabilities.

"Firms have traditionally been lax regarding inventory and asset management of mobile devices. Because wireless devices are used for data applications, they need to be managed like laptops rather than cellular phones. They also need to be supported like IT assets, so administrators need to have visibility of what hardware and software is in the field," said McQuire.

They should also have policies for security policy management and enforcement, remote file and policy administration, push update capability and remote data wipe and/or device lockdown, McQuire said.

Companies such as Intellisync, mFormation and iAnywhere offer device and systems management tools that address some or all of these requirements.

Analyst firm Gartner advised organisations to look at Hewlett-Packard-owned Novadigm, Mobile Automation, Novell and XcelleNet, as suppliers that offer mobile systems management products that can manage laptops as well as PDAs.

Novadigm sells a product that integrates into HP's Openview systems management software platform and is designed to manage mobile devices, deploying software and synchronising updates to mobile users across a number of applications and networks.

XcelleNet's Afaria supports most devices, including Symbian, Pocket PC, Windows CE, Palm handhelds, Research in Motion's  Blackberry devices and a number of smartphones. Afaria also includes a back-up manager designed for mobile devices.

Mobile Automation's Mobile Lifecycle Management Suite supports Windows CE devices, Palm OS PDAs, Blackberry and some smartphones.

However, of the larger suite suppliers, CA has one of the broadest ranges of management software products, under its Unicenter brand. Unicenter Software Delivery carries out automated patch and application version management for laptops, PDAs and mobile phones as well as desktops and servers. It uses policy-based software distribution and allows the administrator to apply and roll back software installations.

CA has a "content research" team which manages a central repository of software patch information, pushing this out to the CA Unicenter Patch Management r11 application when necessary.

To switch mobile devices off and on, as well as controlling, viewing and modifying remote systems, CA has the Unicenter Remote Control system. This includes tools for an administrator to exchange files, hold interactive chat sessions, execute remote applications, and monitor and record activities.

Asset Management is another Unicenter product, this time for asset tracking. It does this via automated discovery, hardware network and software inventory, configuration management, software usage monitoring and licence management.

As well as these products, CA also has Brightstor Arcserve Backup for Laptops & Desktops, to carry out fast automatic back-up and restore for data on remote or mobile Windows PCs, in the background. It can be used by IT administrators to automatically perform back-ups when devices are connected or, more importantly, disconnected from the network. It does this by sending and piecing together incremental file changes, and backing up files that are open.

"Because mobile users are not always connected to the network, Brightstor Arcserve Backup for Laptops & Desktops can initiate the back-up process without a network connection," said CA. "When you connect to the network to check e-mail or use the internet it will automatically detect TCP/IP connectivity transmitting the back-up data to the back-up server, without interrupting your workflow. It can also back up files that are in use."

IBM is another major management software supplier with several tools in its Tivoli family of products for managing remote devices. The main one is the Tivoli Configuration Manager. Like the other management tools, it can distribute software and security patches, manage inventory and ensure compliance across heterogeneous computing environments. It can also determine which patches are missing, and distribute them to the clients.

After systems have been deployed, an inventory module lets the administrator automatically scan for and collect hardware and software configuration information from the computers attached to the system.

Like CA's Unicenter Software Delivery, a major benefit of IBM's Tivoli management system is its support for multiple suppliers' handheld devices.

Microsoft has a couple of software applications that can help to manage mobile devices, although they are only capable of controlling Windows CE, Pocket PC and Pocket PC Phone Edition-based devices.

The main suite it offers is Microsoft Systems Management Server 2003 with Service Pack 1, which features change and configuration management tools.

Microsoft has extended Systems Management Server 2003 to manage these handheld devices via additional modules: the Operating System Deployment Feature Pack, the Device Management Feature Pack, and the Administration Feature Pack.

Systems Management Server 2003 includes tools to deploy operating system images across a number of devices to manage mobile devices, and it also has a central console for tracking and reporting on the status of operating system deployments.

The Device Management Feature Pack can manage mobile devices as Systems Management Server clients, in the same way that Systems Management Server manages desktops and servers.

Like CA's discovery and asset management tools, the Device Management Pack lets administrators perform device discovery, collect hardware and software inventory data, and distribute software to mobile devices. The pack can also manage settings and password policies.

As an alternative to client-server systems from the likes of CA, IBM and Microsoft, many organisations have adopted a server-based computing model. This is where desktops and handheld devices are controlled and managed centrally.

Citrix's Access Suite 4.0, (formerly Metaframe) is the main server-based computing architecture in this area, and has its own mobile device management features.

Access Suite has Smartaccess technology that can control remote access to enterprise systems. The system identifies who the user is, where they are accessing information from, and how secure the device is.

Richard Jackson, regional managing director at Citrix, said remote access is more than just an on/off switch. "There is no need for a fear of losing control over who is accessing the network to hold back the productivity benefits of flexible working. By examining their access strategy, businesses can implement practices that will keep data secure and control access what and from where," he said.

Citrix Access Suite combines Presentation Server (server virtualisation software), Access Gateway (a secure virtual private network appliance) and Password Manager.

As an alternative to hosting the management middleware, organisations could also consider a managed services approach, said McQuire.

For example, Vodafone UK launched its mFormation service with a Vodafone-branded push e-mail service from Visto late in 2005. And US firm Sprint launched Sprint Managed Mobility Solutions, which included a hosted device management service based on Intellisync's platform, in mid 2005.

"In some cases, they are the only device that remote workers use; so if a device is lost, stolen or requires troubleshooting, it needs immediate repair or replacement. Underestimating the importance of mobile devices to remote employees, and not implementing a strong management approach, will result in increased downtime and under-utilisation of critical assets," said McQuire.


Mobile anti-virus products

As well as selling Unicenter mobile management software, CA has extended the anti-virus capabilities of its eTrust Antivirus package to mobile devices.

Another dedicated mobile anti-virus product was launched by McAfee at the 3GSM Conference in February. McAfee Virusscan Mobile Enterprise Edition can be pre-installed on employees' mobile devices or downloaded to devices out in the field. The software has a 500Kbyte footprint.

Like desktop anti-virus software, it scans in the background for viruses, Trojans and worms, monitoring e-mail, SMS and MMS content, internet downloads and Bluetooth connections.

McAfee also sells a firewall product, McAfee Firewall Mobile.


Why have a mobile management policy?

Middleware can be used to secure and manage mobile devices, but without clear mobile management policies, the software will not be effective.

David Friedlander, senior analyst at Forrester Research, said, "Companies should have a clear, consistent, and enforced policy for mobile device usage and security in the enterprise.

"Mobile devices are often outside the enterprise network. They may connect over unsecured networks, or reside in a disconnected state where they cannot easily be touched by management tools. More sophisticated local management agents can enforce policies and manage the device without connecting to the corporate local area network.

"PDA operating systems are not designed with enterprise support in mind. The devices are difficult or impossible to upgrade, and relatively few security patches are released for the major mobile device platforms."

In some instances, said Friedlander, executives will buy a mobile device on expenses and connect it to their machines using desktop synchronisation tools.

"If the company is not willing to set and enforce standards, the costs and risks associated with the mobile device population could quickly spiral out of control," he said.

Nick McQuire, senior analyst at Yankee Group, said, "Mobility raises new security concerns. Small wireless devices are more prone to loss, theft or temporary misplacement. Consequently, IT needs the capability to remotely lock down or wipe devices clean of sensitive data."

Read more on Antivirus, firewall and IDS products