Lawrence Livermore National Laboratory Lee Neely CISSP, MSP ISSO LLNL-PRES-412835 Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344 iPhone vs. BlackBerry: young upstart meets old standard June 2, 2009
13
Embed
Lawrence Livermore National Laboratory Lee Neely CISSP, MSP ISSO LLNL-PRES-412835 Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Lawrence Livermore National Laboratory
Lee NeelyCISSP, MSP ISSO
LLNL-PRES-412835
Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551
This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344
iPhone vs. BlackBerry:young upstart meets old standard
June 2, 2009
2LLNL-PRES-412835
Lawrence Livermore National Laboratory
Why are we here?
LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production Claims were made the iPhone can be implemented for
“free” Rumors of using personally owned iPhones doing LLNL
work
3LLNL-PRES-412835
Lawrence Livermore National Laboratory
Examine the devices
Basic assumptions• Corporate email/VPN pre-exists• ActiveSync/Exchange on internal network• Blackberry Enterprise Server (BES) can reach
Internet• Not looking at “illegal” device configurations
What to look at:• Device focus• Device startup• Device configuration status• Device security settings
4LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Focus
BlackBerry “Corporate” device Many security features Business applications –
new app store released Optimized for centralized
management Runs device specific
software CDMA/GSM/Wi-Fi Verizon/AT&T/Sprint/etc.
iPhone “Consumer” device Nominal security Lots of “new and cool”
apps Optimized for individual
management Runs a version of Mac
OS X GSM/Wi-Fi AT&T service only
5LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Startup – minimal impact
BlackBerry Use Blackberry Internet
Service (BIS) to get mail to device – user configures
If using Wi-Fi, use VPN to reach corporate apps
Time• Per device – ten minutes• Pre-setup – nominal
iPhone Configure built-in VPN to
access corporate network (Configuration can be sent to device)
Device accesses existing services – user configures• ActiveSync if Exchange• POP/IMAP services if using• Web Applications
Time • Per device – ten minutes• Pre-setup – configuration setting
file (optional)
6LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Startup – “full” corporate integration
BlackBerry Install and configure BES Enterprise Activate device
• Email/Calendar/etc. configured
• Applications pushed/white listed
Corporate application access depends on MDS
Time• Per device – enterprise
activation time (5-20 minutes)• Pre-setup – BES
iPhone Create configuration w/iPhone
Configuration Utility (ICU) and deploy to secure web server in DMZ
Edit iPhone policies in Exchange (optional)
Install and configure ActiveSync in DMZ
User finalizes configuration (Username/Passwords)
Time • Per device – “two” minutes• Pre-setup – configuration,
ActiveSync, etc.
7LLNL-PRES-412835
Lawrence Livermore National Laboratory
Simplified Infrastructure: Exchange access
8LLNL-PRES-412835
Lawrence Livermore National Laboratory
Simplified Infrastructure: Application access
9LLNL-PRES-412835
Lawrence Livermore National Laboratory
Where does that leave you?
BlackBerry Managed when
connected to BES – which is full time
Continuous user content push
Immediate access to corporate applications
Security policies “permanent”
iPhone Managed when it can
reach ActiveSync (VPN, DMZ, or hole in firewall.)
User content updates only when it can reach ActiveSync – DMZ solves
Access to corporate applications when VPN connected.
Settings can be removed – deletion removes data
10LLNL-PRES-412835
Lawrence Livermore National Laboratory
Security Features
Function BlackBerry iPhoneSecure Contents Content Encryption (memory card separate) Need application e.g.: Sybase iAnywhere
Mobile Office Suite
Security Configuration store BES Exchange Policies/iPhone Configuration Utility (ICU)
Communication Model Device connects to RIM then to BES, BES is corporate gateway.
Device connects to ActiveSync over VPN and/or Internet. VPN for corporate apps