Part1: MDM-Assess, Identify and Get Started…

Without any adieu and to put down all that I have in my head right now, let me get started right away 🙂
 
In general, there are very limited resources related to an MDM solution online. Most of the vendor related documents are not available publicly, you get access to them by registration with one of them. Having said that, I would like to share my experience with design and deployment of an on-premise MDM deployment i.e. Airwatch. I would try to keep this series as general as possible, however will be specific in terms of examples to Airwatch only. 
Key requirements for a MDM deployment & use-case in any organisation:
# Corporate Device Security and Control
# Data Protection, Control and Integrity
# Email Security and Encryption (This can be optional for many organisations who already have Email proxy server in-place, so may not add the email secure gateway feature available with MDM. Other ways to deal with this is to either route all email traffic via MDM Email gateway (proxy) or create a (OU) policy on your directory services environment to route mobile device email (incoming/outgoing) traffic via MDM email gateway. This may be an additional administrative tasks and time-consuming depending on your organisation’s security, network and other stakeholders’ agreement/approval).
Assess, Identify & Categorise the environment:
# Number of Users and categorise them based on Organisational Structure/Hierarchy
# Number of Devices which may include Corporate- Dedicated, Corporate-Shared and/or Employee-Owned (BYOD)
# Number of Users with Corporate Email Accounts (mostly this will be same as number of users)
# Understand Organisational Hierarchy/structure and document your MDM deployment accordingly. Keep in mind to simplify and less-complex while creating MDM organisational groups.
# Types of Mobile platforms to be considered as part of the corporate standards – Windows Mobile, iOS and/or Android are the primary and commonly-used platforms in large corporate environment.
# Types of Mobile Device Make & Model (importantly, ensure your MDM vendor supports these models/Version etc.) such as Samsung Samsung (Samsung for Enterprise – SAFE)
# Existing Blackberry environment – plan and decide on the approach to either integrate with your new MDM solution, run it in parallel/isolated or phase-out and roll-out the MDM as your primary mobility solution.
Basic Principle/Best Practices:
# As with any deployments – keep the environment as simple as possible.
# Create less number of user categories/profiles  in terms of their access level, restrictions and compliance rules.
# Leverage by creating custom user groups within MDM admin console to delegate and administer user-level access.
# Ensure Policies are applied at the root level and avoid applying sub-policies.
# Create less number of custom (within MDM Admin Console) or directory (e.g. AD) to avoid complexities.
# Always a good practice to use the latest Device Make and Model, OEM versions (e.g. Samsung SAFE v4.0+, Knox, iPhone5/iOS v7.0+ etc.)
# Good to list/document the limitations of your MDM solution. (This may be limited from vendor documentation but you are going to find few to considerable limitations post production and over a period of time). Mostly the responses to this limitation may be either supported in the next release, work in progress or may not be supported by OEM/MDM)
Design of User/Device Profiles – Categorization and Restriction-levels:
# Email and Device Passcode profiles ideally should be same across the organisation. This policy is important from the first level of security perspective. This is like the main entrance of your house. Device Passcode is the gate of your premises and Email security is like the door to your house. Then you have all locks and checks within your house (MDeviceM/MContentM/MAppM so on so forth)
# High means Highest Security and Control. It is like All Block and Open upon request/business justification.
# Medium means Basic/Core Security plus the MAM-level control
# Low means All Open Except Email/Passcode policies in-place
Below is an sample Profile table which one can use to chalk out the approach for their deployment in terms of security, restrictions, Email, Application and Data:
 
Next Part:
In my next part of the MDM series, I’ll cover the design/deployment phase and explain the functions of each feature, components of the solution. I haven’t decided on the number of parts to this series but will know as I write along the way. 
Architecture (Components, server/network/database requirements)
Organisation/User Group Management
Profile Management
Application Management (Public/Internal)
Advertisements

About cloudray

Predominantly based around Virtualization, but will include other technology related information and anything else I find interesting and feel the need to share with you. I also use this Blog as both a place to store useful information that I think that will come in handy to me at some point in the future, and also a place to help aid my learning. I find a great way to learn about something is to research about it and then write it up in my own words. I'm Pushpal Ray, from India. As a certified VCP3/4/5 professional, I am currently working as an Independent Consultant. Over 10 years of IT-industry experience, currently focused around the Desktop Virtualization(End-User Computing). I also have extensive experience in Windows Administration, Datacenter Migration, Workload profiling & benchmarking. At my leisure, I enjoy hiking, running, photography, spend hours in my fav coffee shop & spend quality time with my wife. Occasionally, catch up with few friends for a drink!
This entry was posted in MDM, Mobility and tagged . Bookmark the permalink.

One Response to Part1: MDM-Assess, Identify and Get Started…

  1. Pingback: Part 2 : MDM Plan, Design and Implement | cloudray

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s