Afaria Capabilities: Mobile Device Management and Security

Afaria Capabilities
Mobile Device Management And Security
SAP and Sybase Together:
# 1 in Mobile Enterprise Platform

Industry Analysts
Positioned in the Leaders Quadrant for the 2009 Mobile Enterprise Application Platforms Magic Quadrant
Industry Awards
2009 Award for Mobile Enterprise Platforms
Leader in mobile device management for the 9th year; Leader in mobile middleware for the 9th year
2009 Global Product Excellence award for Wireless/Mobile Security Solution Customer Trust
Top ranked in Forrester Wave Mobile Device Management Solutions report
Four 2008 Mobile Star Awards from MobileVillage

MDM
SOTI BES
2010 SAP AG. All rights reserved. / Page 2
Platform View Of Mobility Across The Enterprise
Collaboration Tools
Productivity Enhancements
- Applications
-
Real-Time Data Access cuadros de mando Documents
E-mail - PIM (Personal Information Manager)

-
Workflows
Mobile Device Management and Security

- Heterogeneous device support - Central management console
Single infrastructure across the enterprise
Afaria modules
is a modular product, with the solution being divided into a number of optional Channels, each Channel being independent of the others and being enabled or disabled based on the license key used to install the product:
Afaria Software Inventory
Manager deliver and install commercial or custom-built software packages on client devices Manager interrogate and report on the hardware and software resources available on client
devices
Manager publish and deliver groups of documents to client devices, be they text files, images, HTML web pages, etc
Document
Manager enable, disable and configure hardware and software elements on the client device, delivering connection settings, blacklisting applications, disabling camera and Bluetooth features, for example
Configuration
Manager backup and restore specified files from the client device to a specified location on the corporate network
Backup
Manager the most powerful feature of the solution, enabling automation of file distribution, directory management, registry management. I will examine this feature in more detail later
Session
Protection Manager define and enforce security settings on the client device, including power-on passwords, encryption settings. Users can be allowed a set number of attempts to enter the password correctly, after which specific events can be triggered automatically, including removal of specific PIM data and/or files and applications, or a complete device hard reset
Data Patch
Manager deliver operating system patches and security updates to clients automatically (Windows 32
only)
Afaria Solves The retos Of Mobile Systems Management And Security

Remote Assistance HANDHELDS Automatically enforce
Power-on password protection corporate configuration Data on device encryption assure compliance policies and Push email Interoperability for your to IT policies Lost or Stolen Device Lockdown workers remote/mobile Password Recovery Limited Bandwidth Remote Control for easy access to assist in real time
Optimized for the Mobile World Business and Content

Easy-to-use graphical scripting Offline processing tool thats designed for system administrators, but powerful for Checkpoint restart programmers.
Security and conformidad
Reduce calls into support Full disk encryption for laptops and Collects a variety of hardware and desktops Two software data protection remote layers of information from devices Pre-boot authentication Fixes & Refreshes Detect device changes, Full disk encryption Troubleshoot in the Multiple User Support issues Field Policy enforcement Track installed licenses versus Removable Storage Media Support Automatically enforce license purchase data Visibility to Assets corporate configuration and and Their Usage SYSTEM License counts security policies OTA End to End transport Assure complianceto IT encryption License expiration dates policies foruser authentication End yourTrack application usage remote/mobile workers
Skip Details
WIN32
Asset Visibility
Limited Allows administrators to Helpdesk Compression Remote App/OS create custom task and workflow Management with a point-and-click Resources automation File differencing scripting Seamlessly distribute, install, interface
repair and update softwaredesired state Maintain Intelligent file updates system Create and deploy custom or status Segmented file fixes adhoc delivery Integrate with back-end
Remote Patching applications Dynamic Bandwidth Throttling Content publish Maintain virusCorporate andand subscription applications definitions Opportunistic connections
Policies & Standards
Flexible packet/window size
Managing And Securing The Device Lifecycle Managing and Securing
the Device Life Cycle

Production Manage
Track asset data Update/repair software Manage Decommission Monitoring & self-healing Assign group membership and Secure Maintain/modify device & apppolicies Disable lost/stolen device configuration Configuring device for connectivity Distribute & update LOB data & files Remote kill/lock client OTA delivery of management Software license usage and tracking Access violation lock Initial application deployment Data fading Scheduled and automate activities Remote Control of devices SecureDisable device, network, application Establish access policies security Secure Initialize power-on password Back-up device data Install and encrypt data on device Manage Apply patch and security updates & configure AV, firewall, Install Reprovision/reimage device Enforce security policies port/peripheral controls Replacement device-same user Monitor/track security Repurposed device Decommission violations/threats Redeploy software assets Compliance activity logging Restore data (after device kill)
Provision
Skip
Details
Logical Architecture
Devices Server and Web Management Console Logging Database
Optional Components
Certificate Services
Exchange
SMS Gateway
Relay Server/ Reverse Proxy
Directory Services
Deployment Services
Implementing Afaria Functionality

1. Create a Profile 2. Assign Groups to Profile 3. Create Management Tasks 4. Monitor and Modify as Necessary Profile
Management Tasks
Registry Process File/Folder
Policies
Responses
Events
Window
Power Schedule Network
Channels
Group 1
Group 2
Group 3
Logging and Reporting
Scalability
Highly Scalable
Enterprise architecture for any size deployment or configuration
Centralized Management
Remote web based administration Customizable permissions based access to management tasks and data
Highly Scalable Architecture

Server Farms and Distributed Replication
Hundreds of concurrent connections per server
Hostability
Multi-tenanted architecture for data and task separation Comprehensive APIs for customization and system integration
Virtualization support
Comprehensive Management and Security
Software
Device Security
Deployment
Process Automation
Asset Tracking
Afaria Console
File Synchronization
Device Backup
Device Configuration
Help Desk
Software Deployment
Distribute and support software for both push model (WM, Symbian, Win32, BB) and pull model (iOS, Android) with minimal impact to user Seamlessly distribute, install, repair and update software

Automatically checks and updates application (if necessary) during each connection End user application portals for iOS and Android
Track the installation status of your packages for transparency into your mobile deployments Compress or segment applications for efficient distribution over low-bandwidth connections
Asset Tracking - Inventrio
Maintain visibility into your devices with extensive hardware and software inventory Automatically detect changes on your devices and notify administrator for real time protection Use exception-based reporting to maintain uniformity of install base Troubleshoot problems quickly and maintain high level of service
Compliant Devices
Device Security
Extend corporate security policies to mobile devices
Device password policy configuration Lock out after failed attempts Format and change frequency controls Disallow previously used passwords
Easily disable lost or stolen devices to protect corporate assets
On-device encryption for WM and Symbian devices

Encryption of PIM data and administrator specified files/folders Uses industry standard AES encryption algorithm with a 256 bit key
Block rogue or non compliant devices from accessing corporate email
Process Automation
Easily handle non standard management tasks such as conditional file transfers, application installation, or device troubleshooting Easy-to-use graphical scripting tool
Designed for system administrators (not programmers) to create custom tasks or workflows
Automatically deliver proactive control of devices without requiring handson management
Device Backup
Reliably backup and restore mission-critical data for easy retrieval when re-provisioning a device Users can recover lost or corrupted data without requiring IT or help desk services Restoration is managed through centralized console
Device Configuration
Easy on-boarding of end users by configuring network, security and email settings Easy administration and fast recovery of user-modified settings by automatically maintaining critical device settings to IT standards
iPhone
Passcode settings WiFi settings Restrict application usage and installation Exchange setup information VPN settings IMAP and POP email settings LDAP connections CalDav Connections APN settings Connections Device DNS/IP Formats Network User Info Owner Info Sounds Customer Configurations Windows Update Port Control
Camera, Microphone, Bluetooth lock down or limit to device class
Windows Mobile
Android Security settings WiFi settings Connection Pulse
Infrared WiFi Radio Removable storage cards USB Communications Provisioning

Favorites, GPRS, Networks Roaming Controls
BlackBerry
Synchronization Security Messaging Applications
Symbian Access points Packet data Wireless LAN Exchange Roaming Control
Managing iOS 4
Manage Device Without User Interaction
Deliver and remove device policies behind the scenes through a trusted relationship
Accurate and Up to Date Asset Tracking Data
Device Information, Device Network Information ,Security Information, Installed Profile List, installed 3rd party apps, certificate list, and applied restrictions
Enterprise App Deployment
Over the Air enterprise applications delivered directly to the device
iPhone End User Experience

Easy provisioning process Select and download suggested applications
Corporate Security

Remotely lock and wipe device or enterprise applications and data

Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance
Managing Android
Afaria client for Android

Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection
Delivers enterprise in-house apps OTA to SD card in device

Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking
Client-side portal for application selection

Displays packages grouped by admin defined categories Allows for end-user selection and installation
Extensive hardware and software inventory collection Android 2.2 Devices

Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max length, failures before wipe, etc.
Afaria Architecture
Afaria Components
Manager Components
Afaria Components
Function
Distribute and support software
Configure device settings Encryption and data protection
Software Manager
Configuration Manager Data Security Manager
Inventory Manager
Session Manager License Manager
Hardware and software asset data

Customizable scripting and process automation Track installed licenses
Backup Manager
Document Manager Patch Manager Remote Control Manager AV & Firewall Manager
Backup & restore critical data

Subscribe and publish content to devices Distribute patches to Win32 devices Remote control for help desk enablement Antivirus and Firewall protection
Components Available by Client Type

Win32 WM Pro WM Std Symbian iOS
Components Available by Client Type

RIM Android Java Palm
Software Mgr Inventory Mgr License Mgr Session Mgr Data Security Mgr Configuration Mgr Backup Mgr
Document Mgr
Patch Mgr Remote Control
Highly Scalable Server Farm Scenario
Mobile Devices
WAN/VAN/ISP
DMZ
LAN
Dev
firewall
firewall Transmitter Farm

Export/Import
Test
Export/Import
Reverse Proxy ISA/Apache or IAS Relay Server

Replication Traffic
Master
Highly Scalable Highly Scalable Distributed Scenario Distributed Scenario

Mobile Devices Distributed Servers WAN/VAN/ISP LAN (Atlanta HQ)
Dev
NYC Afaria Server
Export/Import
Router Test
Export/Import
Chicago Afaria Server Master
Replication Traffic
Replication Traffic
London Afaria Server
Afaria Architecture
Windows 32 DB Repository firewall File Systems firewall
iPhone
DMZ
Windows Mobile / WinCE iPad Palm Tablet PC
Directories and Databases
Afaria Server(s)
IIS Server
BlackBerry Android
Reverse Proxy
Administrative Console Browser
ISA/Apache or IAS Relay Server
TCP/IP HTTP SSL
Symbian
Relay Server
Secure communications for external devices

Relay Server installed in network DMZ Afaria clients connect in to the Relay Server Afaria servers connect out to the Relay Server No need to open an inbound port in the interior firewall Runs on Windows/IIS
Broad clients and connection support

Will support connections from all Afaria client types Supports HTTP and HTTPS sessions
Designed for scalability and high-availability

One Relay Server can support multiple servers in a farm and multiple farms Multiple Relay Servers can be configured to work together Fully compatible with load balancers for use with multiple relay servers and/or multiple Afaria servers
System Requirements
Server
Server
Windows Server 2003 Standard Ed R2 Windows Server 2003 Standard Ed SP 1&2 Windows Server 2003 Enterprise Ed R2 Windows Server 2003 Enterprise Ed SP 1 Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2
Database Support
Sybase SQL Anywhere[1,2] 11 Microsoft SQL Server 2008 R2 Enterprise Edition Microsoft SQL Server 2008 R2 Standard Edition Microsoft SQL Server 2008 R2 Datacenter Edition Microsoft SQL Server 2008 R2 Parallel Data Warehouse Edition Microsoft SQL Server 2008 SP1 Enterprise Edition Microsoft SQL Server 2008 SP1 Standard Edition Microsoft SQL Server 2005 Enterprise Edition (SP1, SP2, SP3) Microsoft SQL Server 2005 Standard Edition (SP1, SP2, SP3) Oracle Database 11g Release 2 Oracle Database 10g Release 2
Administrator
Windows Server 2003 Standard Ed R2 Windows Server 2003 Standard Ed SP 1&2 Windows Server 2003 Enterprise Ed R2 Windows Server 2003 Enterprise Ed SP 1&2 Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2 Windows Server 2008 Web Server Edition R2 IIS 5.0 or 6.0 ASP.NET
Supported protocols
HTTP, HTTPS, XNET, XNETS
System Requirements
Clients
Windows (Win32)
Windows 7 Windows Server 2008 Windows Vista Business Windows Vista Enterprise Windows Vista Home Ultimate Windows Vista Business SP1, SP2 Windows Vista Enterprise SP1, SP2 Windows Vista Home Ultimate SP1, SP2 Windows Server 2003 SP2 Windows Server 2003 R2 SP2 Windows Server 2003 Windows XP SP2 Windows XP SP3
Windows Mobile
Windows Mobile 6.5 Professional Windows Mobile 6.5 Classic Windows Mobile 6.1 Professional Windows Mobile 6.1 Classic Windows Mobile 6.0 Professional Windows Mobile 6.0 Classic Windows Mobile 5.0 Windows Mobile 5.0 Phone Edition Windows Mobile 2003 Windows Mobile 2003 Phone Edition Windows Mobile 2003 SE Windows Mobile 2003 SE Phone Edition Windows Mobile 6.5 Standard Windows Mobile 6.1 Standard Windows Mobile 6.0 Standard Windows Mobile 5.0
BlackBerry
J2ME version 4.2, 4.5,4.6,4.7
Java Client
JVM version 1.4
Palm OS
Version 5.2, 5.4
iPhone
Version 3.1, 4.0
Symbian
Version 9, 9.1, 9.2, 9.3 for Series 60 3rd Edition devices Version 9.4 for Series 60 5th Edition devices
Android
Android 2.0.1, 2.1, 2.2
Appendix: Component Details
Software Manager
The
Software Manager
Software Manager allows the administrator to deliver pre-built application installers to client devices and run them:
Distribute and support software with minimal impact to user Maintain and monitor applications, supplying missing or corrupted files Compressing or segmenting applications for efficient distribution over low-bandwidth connections
Software Manager...Continued
Seamlessly distribute, install, repair and update software
Automatically checks and updates application (if necessary) during each connection Uses all Afaria bandwidth optimizations
Package status tracking console to view status of packages

Delivery and installation options
Criteria checking on disk space, memory, OS version, other applications Support for alternate distribution locations
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Software Manager
Inventory Manager
the administrator to define an inventory collection task on the server. Inventories can be hardware-only, or both hardware and software
alllows
Detect device changes and notify administrator of changes Ensure applications are current & compatible Provide rule-based software distribution Troubleshoot problems quickly and maintain high level of services
Inventory Manager...Continued
Plan for mobile system upgrades Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Inventory Mgr
License Manager
Afaria components designed to
Track installed licenses versus license purchase data
License counts
License expiration dates Track application usage on client machines
Administrators can access license tracking information through

Data views on the administrator console

Alerts console Reports
Win32
WM Pro
WM Std
Symbia n
iPhone
RIM
Java
Palm
Android
License Mgr
Session Manager
That
Real-time business process execution
is the most powerful feature of the Afaria solution, and effectively all of the above Channels can be invoked for inclusion in a Session Manager worklist, so it is the Session Manager that I shall look at in the most detail.
Offers an easy-to-use graphical scripting tool thats designed for system administrators, not programmers Allows administrators to create custom task / workflow automation with pointand-click scripting interface:

Retrieves, sends, copies files

Provides conditional logic Detects connection speed Enables registry updates Generates alerts and messages
Session Manager...Continued
Automating data delivery and retrieval Pre and Post software distribution processes Enhancing application Self-Healing Enabling proactive control of devices Provides information to enable better business decisions Maintain desired state system status Integrate with back-end applications
Win32
WM Pro
WM Std
Sym
iPhone
RIM
Java
Palm
Android
Session Mgr
Data Security ManagerHandhelds
Power-on password protection
Lock out after failed attempts Format and change frequency controls Disallow previously used passwords
Data on device encryption

Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance
Data Security ManagerHandhelds...Continued
Custom password masks using regular expressions
Administrators can build partial expression that can be combined to meet different requirements for groups of users Test passwords against expressions in the administrative UI
Push email Interoperability

Fully interoperable with iAnywheres OneBridge/Mobile Office and MS Exchange Active Sync Receive email even when device is locked
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Data Security Mgr
Lost or Stolen Device Lockdown
Lockdown based in invalid credentials entry or too much time passing since last connection Administrator has multiple lockdown options: Disable, wipe or hard reset device Lockdown of device based on SIM change or removal
Password Recovery
Admin or web portal to generate temporary password to unlock device Self-service password recovery option
Device Access Control
Block rogue devices from accessing Microsoft Exchange Server White and black list windows mobile devices Administrator can define policies Executive exception policies are allowed
Data at-rest encryption for PIM data and file/folder on Symbian devices
Hard reset device and/or wipe data off external card

Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded
Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time
Uses industry standard AES encryption algorithm with a 256 bit key
Data Security ManagerWin32
Full disk encryption for laptops / desktops
Ensures that all sensitive data is protected at all times No reliance on users or applications to store sensitive data in correct location Protects PC from brute-force insertion of malicious code Supports compliance audits with predefined reports and detailed logging
Two layers of data protection
Pre-boot authentication Full disk encryption Two factor authentication
Data Security ManagerWin32...Continued
Multiple User Support
Securely allows numerous users per one computer Allows administrators access to machines without requiring the users credentials
Outstanding Reporting
Reports the encryption status of all Security Manager Clients that do not have a disk status of 100% encryption complete Provides defensible reporting and logging for security audits Detailed USB logging reporting
Data Security ManagerWin32...Continued
Removable Storage Media Support
Can be deployed to a work group or require a per user password Data may be shared at data owners discretion Fully encrypted
Unattended Reboot
Allows patches and software updates to occur off-peak when bandwidth is high, providing excellent time utilization IT is not required to perform a reboot to complete the process
All security policies are updated at each server connection
Configuration Manager
Automatically configures critical device settings Verifies successful implementation of settings on mobile devices Provides ease of administration and fast recovery of inadvertently modified settings Enhances the user experience Policy-based Utilizes Microsofts CSP configuration model on WM
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android
Configuration Mgr
Configuration Manager-Configurable Elements by Operating System

Windows Mobile
Connections Device DNS/IP Formats Network User Info Owner Info Sounds Customer Configurations Windows Update Port Control
Camera, Microphone, Bluetooth lock down or limit to device class
iPhone
Passcode settings WiFi settings Restrict application usage and installation Exchange setup information VPN settings IMAP and POP email settings LDAP connections CalDav Connections APN settings
Android Security settings WiFi settings Connection Pulse
Infrared WiFi Radio Removable storage cards USB Communications Provisioning

Favorites, GPRS, Networks Roaming Controls
BlackBerry
Synchronization Security Messaging Applications
Symbian Access points Packet data Wireless LAN Exchange Roaming Control
Roaming Controls
Roaming Management that detects roaming state changes and provide administrative control of device actions while roaming Provides real time protection of roaming costs Supports both Symbian and Windows Mobile Allows administrators several options to disable data connections based on roaming state of the device

Disable all data connections Disable Afaria scheduled or client-initiated connections when roaming
(Outbound connections are still available)
Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)
Real time client monitors trigger custom actions when roaming

Log event - Create custom logs for roaming events Execute program Execute a program locally Run channel Run an Afaria worklist Run script Execute a customized script
Roaming Report
Detailed report containing roaming status
Windows Mobile Application Control

Controls both embedded (ROM-based) and installed (RAMbased) applications
Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications
Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings Tamper-resistant implementation so applications cannot simply be renamed
Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications
Backup Manager
Backup and restore mission-critical data Users can recover lost or corrupted data Backup

Folders or files Schedule backup frequency Backup data store at Afaria server or file server
Restore is managed through centralized console Folders or files Selective or full restore
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Backup Mgr
Document Manager
Content publish and subscription component
Client-side UI allows end users to subscribe to documents

Channel keeps all documents on client devices up to date Updates leverage byte level differencing
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Document Mgr
Patch Manager
Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches
Patch console provides views of new / missing patches
Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches
Easy patch distribution to client machines
One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not have administrative privileges
Leverage Afaria bandwidth optimizations in patch channels
Dynamic bandwidth throttling Segmented delivery Checkpoint restart
Patch Manager...Continued
Gives administrators control over patch deployment

Provides visibility and discovers vulnerabilities Target and schedule patch deployment Automates patch management without user involvement Assess severity level of patch and deploy accordingly
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Patch Mgr
Off-Line Device Monitoring

Windows Mobile and Win32:
The capability to monitor device settings/characteristics on Windows devices and trigger connections, logging or execution of local processes when characteristics change.
Monitor Types:

Battery (WM) Memory (WM) Registry (WM)
Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)
(Eg. 1) Monitor battery level, and run executable to copy key files to external card when
available battery drops below xx%. (Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Off-line Monitor
Remote Control
Expand existing management capabilities
Real-time remote control capability for Windows-based PCs and handheld devices Interactively train end users on new applications or troubleshoot specific devices.
Win32
WM Pro
WM Std
Symbian
iPhone
RIM
Java
Palm
Remote Control
Remote Control Key Features
Remote Control superior quality supporting a large range of platforms Remote Management computer management controlling services, registry, tasks, event log, shares and system state File Transfer split screen, copy, move, sync, clone, crash recovery and delta transfer Scripting schedule file transfers and other operations Chat, Audio Chat, Video Chat allow users to communicate in text mode or verbally supported by webcam video Multi Console session allows a number of Console users to view and control the same Client desktop Run Program launch programs at the remote computer Supports WIFI or any cellular network (TCP/IP)
Remote Control Key Features...Continued
Send Message distribute popup messages in Rich Text Format which allows links to e.g. web sites.
Request Help contact the help desk via remote control and run an external application to auto-generate trouble tickets.
Security local and centralized, Native NetOp, Directory Services and Windows-integrated.
Encryption implemented according to the toughest industry standards.

Event logging local, centralized, Windows-integrated and management-integrated. Session recording save the Client screen activities in a file for later replay. Snapshot - save the current Client desktop image as a file.
Remote Control Clients

Win32
1. Listen for Console to initiate
Remote Control Clients
2. Client initiate via Help Request
PPC/WM5/WM6 WiFi / Cradle Private Net

1. Listen for Console to initiate 2. Client initiate via Help Request
Internet / Carrier Net

1. Client initiate via Help Request
Remote Control Webconnect
WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits. Connect with help desk initiated connections over the internet without requiring holes in your firewall
No need for firewall or router configuratio n to access the host
Secure remote access and control for supporting people on the move
Connect from anywhere no LAN/WAN restrictions
Overview of Webconnect
Administration module
WebConnect
Account data (Microsoft SQL) Connction Manager (Microsoft IIS) Connection Server
DMZ
Request and location information Connection
GUEST
HOST
Antivirus and Firewall Manager
Protects mobile devices against:
Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting
Technology licensed from SMobile, leader in mobile Antivirus and Firewall software
Antivirus and Firewall Manager...Continued
Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc. Typical threats in the wild which are classified as:

Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy Exploiting PC syncs - Crossover/Mobler Malware crashing devices - Skulls, Fontal Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser
Antivirus and Firewall Manager...Continued
Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone
Antivirus for Handhelds
Afaria Antivirus for Handhelds
Compatible with all major operating systems, including Windows Mobile and Symbian devices
Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time
Industrys only handheld antivirus to use heuristics Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience. Only mobile AV focused solely on mobility, not a retrofit of a desktop solution Full logging of scan and detection activity all viewable by the system administrator Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.
Firewall Manager for Handhelds
IP based firewall protection based upon black list or white list filtering, and provides both in and outbound network packet monitoring Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic Enables administrator to control inbound and outbound access (either denying/blocking by blacklisting or approving by whitelisting) to sites hosted by the outside world based on IP address

Employees can be restricted to access only the corporate website or certain authorized sites Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks
Afaria Firewall Manager SMS and Call Filtering
Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages Includes tracking logs of blocked calls and messages Call Filtering and MMS/SMS filtering are separately configurable Primarily used to block spam sent to devices
Optimized Communications for Frontline Conditions
Optimized Communications for Frontline Conditions

Offline processing Minimize expensive online processing over bandwidth-limited networks Checkpoint restart Tolerance for in-and-out of coverage conditions Compression Proprietary algorithms reduce time required for file transfer File differencing Send only needed changes within files (Byte Level) Intelligent file updates Send only files/data that need to be updated
Segmented file delivery Deliver applications, data over multiple sessions
Dynamic bandwidth throttling
Automatically adjusting Afaria session requirements based on network utilization
Opportunistic connections
Execute sessions when communication networks are available
Flexible packet/window size
Allows administrators to tune traffic to match network conditions
Access Control for Microsoft Exchange
Block rogue devices from synchronizing with an Exchange Server
Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010 server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure
Administrator specified security verification policy
Define the amount of time during which a device must have connected to Afaria server to confirm presence of Afaria client and/or security manager on the device Administrators can create a white list of devices that should always be allowed to synchronize with Exchange, even if they fail the security verification policy Administrators can create a black list of devices that should never be permitted to synchronize with Exchange, even if the fail the security verification policy
White list devices
Black list devices
Mutual Certificate Authentication
Extending Afarias SSL architecture to support mutual certificatebased authentication
An added layer of security that is certificate based that will ensure that only properly credentialed clients can connect to a customers server
Administratively enabled and configured
Internationalization
Internationalization
Support for Afaria server, administrator and clients operating on a doublebyte character set language system Client support for:
Windows Windows Mobile Symbian
Component support includes:
Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)
Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean
Administration
Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface Manage Afaria servers from any PC on the network, including virtualization technology Secure access to the web console leveraging the NT security model User access rights to the web console; role-based user access
AdministrationProfile Based Management
Policy / profile based model for channel scheduling, monitors and assignments Easier management of schedules and assignments Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)
Improved security for channel execution

Schedules run only for assigned / applicable device
Thank You

Afaria Capabilities: Mobile Device Management and Security

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Afaria Capabilities: Mobile Device Management and Security

Uploaded by

Copyright:

Available Formats

Afaria Capabilities

Mobile Device Management And Security

SAP and Sybase Together:

# 1 in Mobile Enterprise Platform

Top ranked in Forrester Wave Mobile Device Management Solutions report

Four 2008 Mobile Star Awards from MobileVillage

2010 SAP AG. All rights reserved. / Page 2

Platform View Of Mobility Across The Enterprise

Real-Time Data Access cuadros de mando Documents

E-mail - PIM (Personal Information Manager)

Mobile Device Management and Security

Single infrastructure across the enterprise

2010 SAP AG. All rights reserved. / Page 3

2010 SAP AG. All rights reserved. / Page 4

Afaria Solves The retos Of Mobile Systems Management And Security

Optimized for the Mobile World Business and Content

Security and conformidad

Policies & Standards

Flexible packet/window size

2010 SAP AG. All rights reserved. / Page 5

Managing And Securing The Device Lifecycle Managing and Securing

the Device Life Cycle

2010 SAP AG. All rights reserved. / Page 6

Relay Server/ Reverse Proxy

2010 SAP AG. All rights reserved. / Page 7

Implementing Afaria Functionality

Logging and Reporting

2010 SAP AG. All rights reserved. / Page 8

Enterprise architecture for any size deployment or configuration

Highly Scalable Architecture

Hundreds of concurrent connections per server

2010 SAP AG. All rights reserved. / Page 9

Comprehensive Management and Security

2010 SAP AG. All rights reserved. / Page 10

2010 SAP AG. All rights reserved. / Page 11

Asset Tracking - Inventrio

2010 SAP AG. All rights reserved. / Page 12

Extend corporate security policies to mobile devices

Easily disable lost or stolen devices to protect corporate assets

On-device encryption for WM and Symbian devices

Block rogue or non compliant devices from accessing corporate email

2010 SAP AG. All rights reserved. / Page 13

Automatically deliver proactive control of devices without requiring handson management

2010 SAP AG. All rights reserved. / Page 14

2010 SAP AG. All rights reserved. / Page 15

Android Security settings WiFi settings Connection Pulse

Infrared WiFi Radio Removable storage cards USB Communications Provisioning

2010 SAP AG. All rights reserved. / Page 16

Manage Device Without User Interaction

Accurate and Up to Date Asset Tracking Data

Enterprise App Deployment

Over the Air enterprise applications delivered directly to the device

iPhone End User Experience

Easy provisioning process Select and download suggested applications

Remotely lock and wipe device or enterprise applications and data

2010 SAP AG. All rights reserved. / Page 17

Afaria client for Android

Delivers enterprise in-house apps OTA to SD card in device

Client-side portal for application selection

Extensive hardware and software inventory collection Android 2.2 Devices

2010 SAP AG. All rights reserved. / Page 18

2010 SAP AG. All rights reserved. / Page 19