Вы находитесь на странице: 1из 70

Afaria Capabilities

Mobile Device Management And Security

SAP and Sybase Together:

# 1 in Mobile Enterprise Platform


Industry Analysts
Positioned in the Leaders Quadrant for the 2009 Mobile Enterprise Application Platforms Magic Quadrant

Industry Awards
2009 Award for Mobile Enterprise Platforms

Leader in mobile device management for the 9th year; Leader in mobile middleware for the 9th year

2009 Global Product Excellence award for Wireless/Mobile Security Solution Customer Trust

Top ranked in Forrester Wave Mobile Device Management Solutions report

Four 2008 Mobile Star Awards from MobileVillage


MDM

SOTI BES

2010 SAP AG. All rights reserved. / Page 2

Platform View Of Mobility Across The Enterprise

Collaboration Tools

Productivity Enhancements
- Applications
-

Real-Time Data Access cuadros de mando Documents

E-mail - PIM (Personal Information Manager)


-

Workflows

Mobile Device Management and Security


- Heterogeneous device support - Central management console

Single infrastructure across the enterprise

2010 SAP AG. All rights reserved. / Page 3

Afaria modules
is a modular product, with the solution being divided into a number of optional Channels, each Channel being independent of the others and being enabled or disabled based on the license key used to install the product:
Afaria Software Inventory

Manager deliver and install commercial or custom-built software packages on client devices Manager interrogate and report on the hardware and software resources available on client

devices

Manager publish and deliver groups of documents to client devices, be they text files, images, HTML web pages, etc
Document

Manager enable, disable and configure hardware and software elements on the client device, delivering connection settings, blacklisting applications, disabling camera and Bluetooth features, for example
Configuration

Manager backup and restore specified files from the client device to a specified location on the corporate network
Backup

Manager the most powerful feature of the solution, enabling automation of file distribution, directory management, registry management. I will examine this feature in more detail later
Session

Protection Manager define and enforce security settings on the client device, including power-on passwords, encryption settings. Users can be allowed a set number of attempts to enter the password correctly, after which specific events can be triggered automatically, including removal of specific PIM data and/or files and applications, or a complete device hard reset
Data Patch

Manager deliver operating system patches and security updates to clients automatically (Windows 32

only)

2010 SAP AG. All rights reserved. / Page 4

Afaria Solves The retos Of Mobile Systems Management And Security


Remote Assistance HANDHELDS Automatically enforce
Power-on password protection corporate configuration Data on device encryption assure compliance policies and Push email Interoperability for your to IT policies Lost or Stolen Device Lockdown workers remote/mobile Password Recovery Limited Bandwidth Remote Control for easy access to assist in real time

Optimized for the Mobile World Business and Content


Easy-to-use graphical scripting Offline processing tool thats designed for system administrators, but powerful for Checkpoint restart programmers.

Security and conformidad

Reduce calls into support Full disk encryption for laptops and Collects a variety of hardware and desktops Two software data protection remote layers of information from devices Pre-boot authentication Fixes & Refreshes Detect device changes, Full disk encryption Troubleshoot in the Multiple User Support issues Field Policy enforcement Track installed licenses versus Removable Storage Media Support Automatically enforce license purchase data Visibility to Assets corporate configuration and and Their Usage SYSTEM License counts security policies OTA End to End transport Assure complianceto IT encryption License expiration dates policies foruser authentication End yourTrack application usage remote/mobile workers
Skip Details

WIN32

Asset Visibility

Limited Allows administrators to Helpdesk Compression Remote App/OS create custom task and workflow Management with a point-and-click Resources automation File differencing scripting Seamlessly distribute, install, interface
repair and update softwaredesired state Maintain Intelligent file updates system Create and deploy custom or status Segmented file fixes adhoc delivery Integrate with back-end

Remote Patching applications Dynamic Bandwidth Throttling Content publish Maintain virusCorporate andand subscription applications definitions Opportunistic connections

Policies & Standards

Flexible packet/window size

2010 SAP AG. All rights reserved. / Page 5

Managing And Securing The Device Lifecycle Managing and Securing

the Device Life Cycle


Production Manage
Track asset data Update/repair software Manage Decommission Monitoring & self-healing Assign group membership and Secure Maintain/modify device & apppolicies Disable lost/stolen device configuration Configuring device for connectivity Distribute & update LOB data & files Remote kill/lock client OTA delivery of management Software license usage and tracking Access violation lock Initial application deployment Data fading Scheduled and automate activities Remote Control of devices SecureDisable device, network, application Establish access policies security Secure Initialize power-on password Back-up device data Install and encrypt data on device Manage Apply patch and security updates & configure AV, firewall, Install Reprovision/reimage device Enforce security policies port/peripheral controls Replacement device-same user Monitor/track security Repurposed device Decommission violations/threats Redeploy software assets Compliance activity logging Restore data (after device kill)

Provision

Skip

Details

2010 SAP AG. All rights reserved. / Page 6

Logical Architecture
Devices Server and Web Management Console Logging Database

Optional Components

Certificate Services

Exchange

SMS Gateway

Relay Server/ Reverse Proxy

Directory Services

Deployment Services

2010 SAP AG. All rights reserved. / Page 7

Implementing Afaria Functionality


1. Create a Profile 2. Assign Groups to Profile 3. Create Management Tasks 4. Monitor and Modify as Necessary Profile
Management Tasks
Registry Process File/Folder

Policies

Responses

Events

Window
Power Schedule Network

Channels

Group 1

Group 2

Group 3

Logging and Reporting

2010 SAP AG. All rights reserved. / Page 8

Scalability

Highly Scalable

Enterprise architecture for any size deployment or configuration

Centralized Management
Remote web based administration Customizable permissions based access to management tasks and data

Highly Scalable Architecture


Server Farms and Distributed Replication

Hundreds of concurrent connections per server

Hostability
Multi-tenanted architecture for data and task separation Comprehensive APIs for customization and system integration

Virtualization support

2010 SAP AG. All rights reserved. / Page 9

Comprehensive Management and Security

Software

Device Security

Deployment

Process Automation

Asset Tracking

Afaria Console

File Synchronization

Device Backup

Device Configuration

Help Desk

2010 SAP AG. All rights reserved. / Page 10

Software Deployment

Distribute and support software for both push model (WM, Symbian, Win32, BB) and pull model (iOS, Android) with minimal impact to user Seamlessly distribute, install, repair and update software

Automatically checks and updates application (if necessary) during each connection End user application portals for iOS and Android

Track the installation status of your packages for transparency into your mobile deployments Compress or segment applications for efficient distribution over low-bandwidth connections

2010 SAP AG. All rights reserved. / Page 11

Asset Tracking - Inventrio

Maintain visibility into your devices with extensive hardware and software inventory Automatically detect changes on your devices and notify administrator for real time protection Use exception-based reporting to maintain uniformity of install base Troubleshoot problems quickly and maintain high level of service

Compliant Devices

2010 SAP AG. All rights reserved. / Page 12

Device Security

Extend corporate security policies to mobile devices

Device password policy configuration Lock out after failed attempts Format and change frequency controls Disallow previously used passwords

Easily disable lost or stolen devices to protect corporate assets

On-device encryption for WM and Symbian devices


Encryption of PIM data and administrator specified files/folders Uses industry standard AES encryption algorithm with a 256 bit key

Block rogue or non compliant devices from accessing corporate email

2010 SAP AG. All rights reserved. / Page 13

Process Automation

Easily handle non standard management tasks such as conditional file transfers, application installation, or device troubleshooting Easy-to-use graphical scripting tool

Designed for system administrators (not programmers) to create custom tasks or workflows

Automatically deliver proactive control of devices without requiring handson management

2010 SAP AG. All rights reserved. / Page 14

Device Backup

Reliably backup and restore mission-critical data for easy retrieval when re-provisioning a device Users can recover lost or corrupted data without requiring IT or help desk services Restoration is managed through centralized console

2010 SAP AG. All rights reserved. / Page 15

Device Configuration

Easy on-boarding of end users by configuring network, security and email settings Easy administration and fast recovery of user-modified settings by automatically maintaining critical device settings to IT standards
iPhone
Passcode settings WiFi settings Restrict application usage and installation Exchange setup information VPN settings IMAP and POP email settings LDAP connections CalDav Connections APN settings Connections Device DNS/IP Formats Network User Info Owner Info Sounds Customer Configurations Windows Update Port Control
Camera, Microphone, Bluetooth lock down or limit to device class

Windows Mobile

Android Security settings WiFi settings Connection Pulse

Infrared WiFi Radio Removable storage cards USB Communications Provisioning


Favorites, GPRS, Networks Roaming Controls

BlackBerry
Synchronization Security Messaging Applications

Symbian Access points Packet data Wireless LAN Exchange Roaming Control

2010 SAP AG. All rights reserved. / Page 16

Managing iOS 4

Manage Device Without User Interaction

Deliver and remove device policies behind the scenes through a trusted relationship

Accurate and Up to Date Asset Tracking Data

Device Information, Device Network Information ,Security Information, Installed Profile List, installed 3rd party apps, certificate list, and applied restrictions

Enterprise App Deployment

Over the Air enterprise applications delivered directly to the device

iPhone End User Experience


Easy provisioning process Select and download suggested applications

Corporate Security

Remotely lock and wipe device or enterprise applications and data


Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance

2010 SAP AG. All rights reserved. / Page 17

Managing Android

Afaria client for Android


Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection

Delivers enterprise in-house apps OTA to SD card in device


Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking

Client-side portal for application selection


Displays packages grouped by admin defined categories Allows for end-user selection and installation

Extensive hardware and software inventory collection Android 2.2 Devices


Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max length, failures before wipe, etc.

2010 SAP AG. All rights reserved. / Page 18

Afaria Architecture

2010 SAP AG. All rights reserved. / Page 19

Afaria Components
Manager Components

Afaria Components
Function
Distribute and support software
Configure device settings Encryption and data protection

Software Manager
Configuration Manager Data Security Manager

Inventory Manager
Session Manager License Manager

Hardware and software asset data


Customizable scripting and process automation Track installed licenses

Backup Manager
Document Manager Patch Manager Remote Control Manager AV & Firewall Manager

Backup & restore critical data


Subscribe and publish content to devices Distribute patches to Win32 devices Remote control for help desk enablement Antivirus and Firewall protection

2010 SAP AG. All rights reserved. / Page 20

Components Available by Client Type


Win32 WM Pro WM Std Symbian iOS

Components Available by Client Type


RIM Android Java Palm

Software Mgr Inventory Mgr License Mgr Session Mgr Data Security Mgr Configuration Mgr Backup Mgr

Document Mgr
Patch Mgr Remote Control

2010 SAP AG. All rights reserved. / Page 21

Highly Scalable Server Farm Scenario

Mobile Devices

WAN/VAN/ISP

DMZ

LAN
Dev

firewall

firewall Transmitter Farm


Export/Import

Test

Export/Import

Reverse Proxy ISA/Apache or IAS Relay Server


Replication Traffic

Master

2010 SAP AG. All rights reserved. / Page 22

Highly Scalable Highly Scalable Distributed Scenario Distributed Scenario


Mobile Devices Distributed Servers WAN/VAN/ISP LAN (Atlanta HQ)

Dev

NYC Afaria Server

Export/Import

Router Test

Export/Import

Chicago Afaria Server Master

Replication Traffic

Replication Traffic

London Afaria Server

2010 SAP AG. All rights reserved. / Page 23

Afaria Architecture
Windows 32 DB Repository firewall File Systems firewall

iPhone

DMZ

Windows Mobile / WinCE iPad Palm Tablet PC

Directories and Databases

Afaria Server(s)

IIS Server

BlackBerry Android

Reverse Proxy
Administrative Console Browser

ISA/Apache or IAS Relay Server

TCP/IP HTTP SSL

Symbian

2010 SAP AG. All rights reserved. / Page 24

Relay Server

Secure communications for external devices


Relay Server installed in network DMZ Afaria clients connect in to the Relay Server Afaria servers connect out to the Relay Server No need to open an inbound port in the interior firewall Runs on Windows/IIS

Broad clients and connection support


Will support connections from all Afaria client types Supports HTTP and HTTPS sessions

Designed for scalability and high-availability


One Relay Server can support multiple servers in a farm and multiple farms Multiple Relay Servers can be configured to work together Fully compatible with load balancers for use with multiple relay servers and/or multiple Afaria servers

2010 SAP AG. All rights reserved. / Page 25

System Requirements

Server
Server
Windows Server 2003 Standard Ed R2 Windows Server 2003 Standard Ed SP 1&2 Windows Server 2003 Enterprise Ed R2 Windows Server 2003 Enterprise Ed SP 1 Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2

Database Support
Sybase SQL Anywhere[1,2] 11 Microsoft SQL Server 2008 R2 Enterprise Edition Microsoft SQL Server 2008 R2 Standard Edition Microsoft SQL Server 2008 R2 Datacenter Edition Microsoft SQL Server 2008 R2 Parallel Data Warehouse Edition Microsoft SQL Server 2008 SP1 Enterprise Edition Microsoft SQL Server 2008 SP1 Standard Edition Microsoft SQL Server 2005 Enterprise Edition (SP1, SP2, SP3) Microsoft SQL Server 2005 Standard Edition (SP1, SP2, SP3) Oracle Database 11g Release 2 Oracle Database 10g Release 2

Administrator
Windows Server 2003 Standard Ed R2 Windows Server 2003 Standard Ed SP 1&2 Windows Server 2003 Enterprise Ed R2 Windows Server 2003 Enterprise Ed SP 1&2 Windows Server 2008 Standard Edition R2 Windows Server 2008 Enterprise Edition R2 Windows Server 2008 Datacenter Edition R2 Windows Server 2008 Web Server Edition R2 IIS 5.0 or 6.0 ASP.NET

Supported protocols
HTTP, HTTPS, XNET, XNETS

2010 SAP AG. All rights reserved. / Page 26

System Requirements

Clients
Windows (Win32)
Windows 7 Windows Server 2008 Windows Vista Business Windows Vista Enterprise Windows Vista Home Ultimate Windows Vista Business SP1, SP2 Windows Vista Enterprise SP1, SP2 Windows Vista Home Ultimate SP1, SP2 Windows Server 2003 SP2 Windows Server 2003 R2 SP2 Windows Server 2003 Windows XP SP2 Windows XP SP3

Windows Mobile
Windows Mobile 6.5 Professional Windows Mobile 6.5 Classic Windows Mobile 6.1 Professional Windows Mobile 6.1 Classic Windows Mobile 6.0 Professional Windows Mobile 6.0 Classic Windows Mobile 5.0 Windows Mobile 5.0 Phone Edition Windows Mobile 2003 Windows Mobile 2003 Phone Edition Windows Mobile 2003 SE Windows Mobile 2003 SE Phone Edition Windows Mobile 6.5 Standard Windows Mobile 6.1 Standard Windows Mobile 6.0 Standard Windows Mobile 5.0

BlackBerry
J2ME version 4.2, 4.5,4.6,4.7

Java Client
JVM version 1.4

Palm OS
Version 5.2, 5.4

iPhone
Version 3.1, 4.0

Symbian
Version 9, 9.1, 9.2, 9.3 for Series 60 3rd Edition devices Version 9.4 for Series 60 5th Edition devices

Android
Android 2.0.1, 2.1, 2.2

2010 SAP AG. All rights reserved. / Page 27

Appendix: Component Details

2010 SAP AG. All rights reserved. / Page 28

Software Manager
The

Software Manager

Software Manager allows the administrator to deliver pre-built application installers to client devices and run them:

Distribute and support software with minimal impact to user Maintain and monitor applications, supplying missing or corrupted files Compressing or segmenting applications for efficient distribution over low-bandwidth connections

2010 SAP AG. All rights reserved. / Page 29

Software Manager...Continued

Seamlessly distribute, install, repair and update software

Automatically checks and updates application (if necessary) during each connection Uses all Afaria bandwidth optimizations

Package status tracking console to view status of packages


Delivery and installation options

Criteria checking on disk space, memory, OS version, other applications Support for alternate distribution locations

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Software Manager

2010 SAP AG. All rights reserved. / Page 30

Inventory Manager
the administrator to define an inventory collection task on the server. Inventories can be hardware-only, or both hardware and software
alllows

Detect device changes and notify administrator of changes Ensure applications are current & compatible Provide rule-based software distribution Troubleshoot problems quickly and maintain high level of services

2010 SAP AG. All rights reserved. / Page 31

Inventory Manager...Continued

Plan for mobile system upgrades Collect data on handheld phone devices including: phone number, IMEI, IMSI, mobile operator, current network, WiFi information (WiFi enabled/disabled, MAC address, current network), Bluetooth status, Bluetooth name/address and IR status

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Inventory Mgr

2010 SAP AG. All rights reserved. / Page 32

License Manager

Afaria components designed to

Track installed licenses versus license purchase data

License counts
License expiration dates Track application usage on client machines

Administrators can access license tracking information through


Data views on the administrator console


Alerts console Reports

Win32

WM Pro

WM Std

Symbia n

iPhone

RIM

Java

Palm

Android

License Mgr

2010 SAP AG. All rights reserved. / Page 33

Session Manager
That

Real-time business process execution

is the most powerful feature of the Afaria solution, and effectively all of the above Channels can be invoked for inclusion in a Session Manager worklist, so it is the Session Manager that I shall look at in the most detail.

Offers an easy-to-use graphical scripting tool thats designed for system administrators, not programmers Allows administrators to create custom task / workflow automation with pointand-click scripting interface:

Retrieves, sends, copies files


Provides conditional logic Detects connection speed Enables registry updates Generates alerts and messages

2010 SAP AG. All rights reserved. / Page 34

Session Manager...Continued

Automating data delivery and retrieval Pre and Post software distribution processes Enhancing application Self-Healing Enabling proactive control of devices Provides information to enable better business decisions Maintain desired state system status Integrate with back-end applications

Win32

WM Pro

WM Std

Sym

iPhone

RIM

Java

Palm

Android

Session Mgr

2010 SAP AG. All rights reserved. / Page 35

Data Security ManagerHandhelds

Power-on password protection

Lock out after failed attempts Format and change frequency controls Disallow previously used passwords

Data on device encryption


Selectable data for encryption, including PIM / external media Strong encryption algorithm (Blowfish, AES, 3DES, RC2) Removable memory can only be read by the device that encrypted the data Improves performance and usability Improves battery life and power management Certified Encryption Modules - Ensures FIPS 140-2 Compliance

2010 SAP AG. All rights reserved. / Page 36

Data Security ManagerHandhelds...Continued

Custom password masks using regular expressions

Administrators can build partial expression that can be combined to meet different requirements for groups of users Test passwords against expressions in the administrative UI

Push email Interoperability


Fully interoperable with iAnywheres OneBridge/Mobile Office and MS Exchange Active Sync Receive email even when device is locked

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Data Security Mgr

2010 SAP AG. All rights reserved. / Page 37

Data Security ManagerHandhelds...Continued

Lost or Stolen Device Lockdown

Lockdown based in invalid credentials entry or too much time passing since last connection Administrator has multiple lockdown options: Disable, wipe or hard reset device Lockdown of device based on SIM change or removal

Password Recovery

Admin or web portal to generate temporary password to unlock device Self-service password recovery option

Device Access Control

Block rogue devices from accessing Microsoft Exchange Server White and black list windows mobile devices Administrator can define policies Executive exception policies are allowed

2010 SAP AG. All rights reserved. / Page 38

Data Security ManagerHandhelds...Continued

Data at-rest encryption for PIM data and file/folder on Symbian devices

Hard reset device and/or wipe data off external card


Additional password lock down options to delete encrypted data or delete specified data after failed attempts have been exceeded

Data fading options to hard reset, disable password or delete data on the device when device has not connected to Afaria within a specified time
Uses industry standard AES encryption algorithm with a 256 bit key

2010 SAP AG. All rights reserved. / Page 39

Data Security ManagerWin32

Full disk encryption for laptops / desktops

Ensures that all sensitive data is protected at all times No reliance on users or applications to store sensitive data in correct location Protects PC from brute-force insertion of malicious code Supports compliance audits with predefined reports and detailed logging

Two layers of data protection

Pre-boot authentication Full disk encryption Two factor authentication

2010 SAP AG. All rights reserved. / Page 40

Data Security ManagerWin32...Continued

Multiple User Support

Securely allows numerous users per one computer Allows administrators access to machines without requiring the users credentials

Outstanding Reporting

Reports the encryption status of all Security Manager Clients that do not have a disk status of 100% encryption complete Provides defensible reporting and logging for security audits Detailed USB logging reporting

2010 SAP AG. All rights reserved. / Page 41

Data Security ManagerWin32...Continued

Removable Storage Media Support

Can be deployed to a work group or require a per user password Data may be shared at data owners discretion Fully encrypted

Unattended Reboot

Allows patches and software updates to occur off-peak when bandwidth is high, providing excellent time utilization IT is not required to perform a reboot to complete the process

All security policies are updated at each server connection

2010 SAP AG. All rights reserved. / Page 42

Configuration Manager

Automatically configures critical device settings Verifies successful implementation of settings on mobile devices Provides ease of administration and fast recovery of inadvertently modified settings Enhances the user experience Policy-based Utilizes Microsofts CSP configuration model on WM
Win32 WM Pro WM Std Symbian iPhone RIM Java Palm Android

Configuration Mgr

2010 SAP AG. All rights reserved. / Page 43

Configuration Manager-Configurable Elements by Operating System


Windows Mobile
Connections Device DNS/IP Formats Network User Info Owner Info Sounds Customer Configurations Windows Update Port Control
Camera, Microphone, Bluetooth lock down or limit to device class

iPhone
Passcode settings WiFi settings Restrict application usage and installation Exchange setup information VPN settings IMAP and POP email settings LDAP connections CalDav Connections APN settings

Android Security settings WiFi settings Connection Pulse

Infrared WiFi Radio Removable storage cards USB Communications Provisioning


Favorites, GPRS, Networks Roaming Controls

BlackBerry
Synchronization Security Messaging Applications

Symbian Access points Packet data Wireless LAN Exchange Roaming Control

2010 SAP AG. All rights reserved. / Page 44

Roaming Controls

Roaming Management that detects roaming state changes and provide administrative control of device actions while roaming Provides real time protection of roaming costs Supports both Symbian and Windows Mobile Allows administrators several options to disable data connections based on roaming state of the device

Disable all data connections Disable Afaria scheduled or client-initiated connections when roaming
(Outbound connections are still available)

Display message on device when entering or exiting roaming state Disable email attachments (WM Only) Disable IMAP and POP3 (WM Only)

Real time client monitors trigger custom actions when roaming


Log event - Create custom logs for roaming events Execute program Execute a program locally Run channel Run an Afaria worklist Run script Execute a customized script

Roaming Report

Detailed report containing roaming status

2010 SAP AG. All rights reserved. / Page 45

Windows Mobile Application Control


Controls both embedded (ROM-based) and installed (RAMbased) applications

Controls applications access specifying the certificate used to sign the application or hash-based identification of the installed applications
Restricts access to device settings such as phone, sound, profiles, home screen, clock & alarm, connections and security settings Tamper-resistant implementation so applications cannot simply be renamed

Automatically creates library of embedded and installed applications on Afaria clients. Log attempts to access disallowed applications

2010 SAP AG. All rights reserved. / Page 46

Backup Manager

Backup and restore mission-critical data Users can recover lost or corrupted data Backup

Folders or files Schedule backup frequency Backup data store at Afaria server or file server

Restore is managed through centralized console Folders or files Selective or full restore

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Backup Mgr

2010 SAP AG. All rights reserved. / Page 47

Document Manager

Content publish and subscription component

Client-side UI allows end users to subscribe to documents


Channel keeps all documents on client devices up to date Updates leverage byte level differencing

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Document Mgr

2010 SAP AG. All rights reserved. / Page 48

Patch Manager
Leverages Microsoft patch scanning technology and patch catalogs to automatically update laptops and desktops with key security patches

Patch console provides views of new / missing patches

Automatically pulls new patch catalogs from Microsoft Scheduled scans of client machines for missing patches

Easy patch distribution to client machines

One Button patch deployment from the Afaria console Impersonation support for machines where the end user does not have administrative privileges

Leverage Afaria bandwidth optimizations in patch channels

Dynamic bandwidth throttling Segmented delivery Checkpoint restart

2010 SAP AG. All rights reserved. / Page 49

Patch Manager...Continued

Gives administrators control over patch deployment


Provides visibility and discovers vulnerabilities Target and schedule patch deployment Automates patch management without user involvement Assess severity level of patch and deploy accordingly

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Patch Mgr

2010 SAP AG. All rights reserved. / Page 50

Off-Line Device Monitoring


Windows Mobile and Win32:

The capability to monitor device settings/characteristics on Windows devices and trigger connections, logging or execution of local processes when characteristics change.

Monitor Types:

Battery (WM) Memory (WM) Registry (WM)

Storage/Directories (WM) Windows/Applications (WM) Connections (WM & Win32)

(Eg. 1) Monitor battery level, and run executable to copy key files to external card when
available battery drops below xx%. (Eg. 2) Monitor directories on external card and write log message whenever a new file is written to an external card.

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Off-line Monitor

2010 SAP AG. All rights reserved. / Page 51

Remote Control

Expand existing management capabilities

Real-time remote control capability for Windows-based PCs and handheld devices Interactively train end users on new applications or troubleshoot specific devices.

Win32

WM Pro

WM Std

Symbian

iPhone

RIM

Java

Palm

Remote Control

2010 SAP AG. All rights reserved. / Page 52

Remote Control Key Features

Remote Control superior quality supporting a large range of platforms Remote Management computer management controlling services, registry, tasks, event log, shares and system state File Transfer split screen, copy, move, sync, clone, crash recovery and delta transfer Scripting schedule file transfers and other operations Chat, Audio Chat, Video Chat allow users to communicate in text mode or verbally supported by webcam video Multi Console session allows a number of Console users to view and control the same Client desktop Run Program launch programs at the remote computer Supports WIFI or any cellular network (TCP/IP)

2010 SAP AG. All rights reserved. / Page 53

Remote Control Key Features...Continued

Send Message distribute popup messages in Rich Text Format which allows links to e.g. web sites.

Request Help contact the help desk via remote control and run an external application to auto-generate trouble tickets.
Security local and centralized, Native NetOp, Directory Services and Windows-integrated.

Encryption implemented according to the toughest industry standards.


Event logging local, centralized, Windows-integrated and management-integrated. Session recording save the Client screen activities in a file for later replay. Snapshot - save the current Client desktop image as a file.

2010 SAP AG. All rights reserved. / Page 54

Remote Control Clients


Win32
1. Listen for Console to initiate

Remote Control Clients

2. Client initiate via Help Request

PPC/WM5/WM6 WiFi / Cradle Private Net


1. Listen for Console to initiate 2. Client initiate via Help Request

Internet / Carrier Net


1. Client initiate via Help Request

2010 SAP AG. All rights reserved. / Page 55

Remote Control Webconnect

WebConnect, side-steps firewalls, proxies and routers. Now you can offer your company world-class support from anywhere and avoid costly deskside visits. Connect with help desk initiated connections over the internet without requiring holes in your firewall
No need for firewall or router configuratio n to access the host
Secure remote access and control for supporting people on the move

Connect from anywhere no LAN/WAN restrictions

2010 SAP AG. All rights reserved. / Page 56

Overview of Webconnect
Administration module

WebConnect
Account data (Microsoft SQL) Connction Manager (Microsoft IIS) Connection Server

DMZ
Request and location information Connection

GUEST
HOST

2010 SAP AG. All rights reserved. / Page 57

Antivirus and Firewall Manager

Protects mobile devices against:

Malware and Viruses Intrusion by using an IP based firewall Unwanted SMS or phone calls by blacklisting

Technology licensed from SMobile, leader in mobile Antivirus and Firewall software

2010 SAP AG. All rights reserved. / Page 58

Antivirus and Firewall Manager...Continued

Mobile viruses and malware can propagate through multiple mechanisms, including email attachments, Bluetooth or Infrared file transfer channels, SMS links, MMS attachments, etc. Typical threats in the wild which are classified as:

Malware for profit - FlexiSpy/MobiSpy Bluetooth exploits - Cabir/Bluesnarfing Backdoor Trojans - Brador/BBProxy Exploiting PC syncs - Crossover/Mobler Malware crashing devices - Skulls, Fontal Mobile IP - P2P Worms SMS and MMS dialer Trojans -CommWarrior/RedBrowser

2010 SAP AG. All rights reserved. / Page 59

Antivirus and Firewall Manager...Continued

Identity theft attacks where personal information such as customer names, street addresses, credit card information and other sensitive corporate data is stolen off of a mobile device Unauthorized device usage, where an infected device can trigger unauthorized mobile payments, unauthorized purchases or extraneous data connections, resulting in fraudulent charges or excessive data or minute usage which would lead to large monthly billing and additional cost to the enterprise Snoopware , mobile malware that is capable of stealthily and remotely monitoring activities on mobile devices. Includes voice calls, messages, e-mails, and remote activation of functions such as a microphone

2010 SAP AG. All rights reserved. / Page 60

Antivirus for Handhelds

Afaria Antivirus for Handhelds

Compatible with all major operating systems, including Windows Mobile and Symbian devices

Background scans of all files received via SMS, MMS, Bluetooth, WiFi, infrared, or desktop sync in real time
Industrys only handheld antivirus to use heuristics Based upon an independent study Afaria outperforms the competition in CPU calculation, CPU performance, user performance, write access, read access, and bitmap drawing which all equates to better handset performance and better user experience. Only mobile AV focused solely on mobility, not a retrofit of a desktop solution Full logging of scan and detection activity all viewable by the system administrator Remotely invoke device scans, updates, policy changes and reports on device activity from a single management console.

2010 SAP AG. All rights reserved. / Page 61

Firewall Manager for Handhelds

IP based firewall protection based upon black list or white list filtering, and provides both in and outbound network packet monitoring Monitors GPRS, EDGE, CDMA, WIFI and phone to PC traffic Enables administrator to control inbound and outbound access (either denying/blocking by blacklisting or approving by whitelisting) to sites hosted by the outside world based on IP address

Employees can be restricted to access only the corporate website or certain authorized sites Only allow Line of Business applications to communicate through the network Blocking a particular port when utilizing a VOIP application Protect against IP based intrusion attacks

2010 SAP AG. All rights reserved. / Page 62

Afaria Firewall Manager SMS and Call Filtering

Allows administrators and users to establish a customized blacklist to block incoming SMS, MMS and/or calls from selected contacts or unwanted calls/messages Includes tracking logs of blocked calls and messages Call Filtering and MMS/SMS filtering are separately configurable Primarily used to block spam sent to devices

2010 SAP AG. All rights reserved. / Page 63

Optimized Communications for Frontline Conditions

Optimized Communications for Frontline Conditions


Offline processing Minimize expensive online processing over bandwidth-limited networks Checkpoint restart Tolerance for in-and-out of coverage conditions Compression Proprietary algorithms reduce time required for file transfer File differencing Send only needed changes within files (Byte Level) Intelligent file updates Send only files/data that need to be updated

Segmented file delivery Deliver applications, data over multiple sessions

Dynamic bandwidth throttling

Automatically adjusting Afaria session requirements based on network utilization

Opportunistic connections

Execute sessions when communication networks are available

Flexible packet/window size

Allows administrators to tune traffic to match network conditions

2010 SAP AG. All rights reserved. / Page 64

Access Control for Microsoft Exchange

Block rogue devices from synchronizing with an Exchange Server

Afaria Access Control ISAPI filter installs on a Microsoft Exchange 2003 through 2010 server. Works with Afaria server to deny sync requests to handheld devices that are not properly managed and/or secure

Administrator specified security verification policy

Define the amount of time during which a device must have connected to Afaria server to confirm presence of Afaria client and/or security manager on the device Administrators can create a white list of devices that should always be allowed to synchronize with Exchange, even if they fail the security verification policy Administrators can create a black list of devices that should never be permitted to synchronize with Exchange, even if the fail the security verification policy

White list devices

Black list devices

2010 SAP AG. All rights reserved. / Page 65

Mutual Certificate Authentication

Extending Afarias SSL architecture to support mutual certificatebased authentication

An added layer of security that is certificate based that will ensure that only properly credentialed clients can connect to a customers server
Administratively enabled and configured

2010 SAP AG. All rights reserved. / Page 66

Internationalization

Internationalization

Support for Afaria server, administrator and clients operating on a doublebyte character set language system Client support for:

Windows Windows Mobile Symbian

Component support includes:

Configuration Manager Session Manager Inventory Manager Security Manager (for WM devices)

Localized Windows Mobile client UI available for Simplified Chinese, Traditional Chinese and Korean

2010 SAP AG. All rights reserved. / Page 67

Administration

Web-based administrative console built on .NET framework with all the functionality of a full Graphical User Interface Manage Afaria servers from any PC on the network, including virtualization technology Secure access to the web console leveraging the NT security model User access rights to the web console; role-based user access

2010 SAP AG. All rights reserved. / Page 68

AdministrationProfile Based Management

Policy / profile based model for channel scheduling, monitors and assignments Easier management of schedules and assignments Consolidated administrator view of schedules/monitors and channels assigned to a particular device (or group)

Improved security for channel execution


Schedules run only for assigned / applicable device

2010 SAP AG. All rights reserved. / Page 69

Thank You