Mornè Blake Enterprise Architect iSolve Business Solutions Session Code: WMB301.

Microsoft System Center Mobile Device Manager 2008 SP1: Overview Mornè Blake

Enterprise ArchitectiSolve Business SolutionsSession Code: WMB301

Customer Priorities

Key BDM Priorities

Key IT Priorities Key End User Priorities

Platform on which to build, deploy, and manage appsEnd user productivityScalable and reliable procurementMinimize support and TCO

“I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers.”

Director of business group for major manufacturer

Secure data Secure network accessManageable, scalableStandards BasedIntegrate with existing IT infrastructureTraining and support

Anytime access to corporate infoDependableSuperior productivity including unified communications

“Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework.”

VP of IT for largeWall Street bank

“Provide me with always available access to the people, information and applications I need even when I am on the go”

Sales Manager at global pharmaceutical firm

System Center Mobile Device Manager

Helps IT Pros manage Windows MobileSmartphone's in the same way as laptops and PCs

Manages security, policy, and applications for Windows Mobile phones

Provides increased access to Corporate data, applications, and servicesthrough a single point and your firewalls

Core Feature Areas

Security Management

Device Management

NetworkAccess

System Center Mobile Device Manager enables Windows Mobile phonesto be deployed and managed (device and security) like PCs and laptops

inthe IT infrastructure, providing network access to corporate data

Security Management BenefitsWindows Active Directoryuser and device membershipsAD based Group Policy targeting

130+ manageable configuration settings

(Bluetooth, Wi-Fi, SMS/MMS, IR, Camera, mail, etc.)Extensible for customer apps through custom ADM templates

Device File EncryptionRemote Device Wipe

Security Management

Device Management BenefitsEnterprise Software Distribution OTAUsing Windows Software Update Service (WSUS) 3.0

Rich inventory and reportingRobust hardware and software inventory capabilities SQL Reporting infrastructure

Device Provisioning OTA

Familiar Management ToolsMMC Snap-InsWindows PowerShellADGP, WSUS

Device Management

Role Based Administration

Allows end-to-end securityHeadless gateway deployed in the DMZStandards based (IKEv2, IPSEC tunnel)

Mobile VPN Benefits

Use best available channelAdapt, minimize keep alive trafficFast Reconnect, Session Persistence

Transparent to mobile application Transparent to LOB services

Always connectedAllows pushed technology

Minimum user configurationTransparent to user and to applications

Security

Efficiency

Extensible

Reliability

Simplicity

NetworkAccess

MDM SP1 Feature UpdatesMultiple Instances

More than one instance of MDM within the same AD Forest

Enrollment Auto Discovery

Windows Server Infrastructure

Supports deployment of more than 30,000 devices within a single forest

Enrollment server matches the user with the correct MDM instance

SP1 will run within Windows Server 2008 AD Domain and CA ServicesSupport for Hyper-V hosting MDM server roles on Windows Server 2003

Performance and Scalability

More!Self Service Portal Software Package CAB Signing WizardDevice PIN Recovery Self Service Portal

Perimeter

MDM Deployment Topology

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

Mobile VPNHTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

The Enrollment Server

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

Mobile VPNHTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Enrollment Server

LocationIntranet based (domain joined server/service)

Purpose

Other

Manage the process flow of enrollment

Create domain objects

Create certificates

Supply provisioning instructions

Best practice: protected by a Proxy (e.g., ISA)

Can co-exist on DM Server in integrated implementation

Public DNS

The Enrollment Process

Firewall Enrollment Server Active

Directory

CertificationAuthority

Negotiate SSL Root

Submit Cert Request

Receive Cert

Create Acct.

Issue Cert

Discovery

SCMDM Device EnrollmentMorne BlakeEnterprise Architect

Demo

The Mobile VPN Gateway

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

Mobile VPNHTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Mobile VPN Server

LocationCorporate DMZ (remotely managed)

Purpose

Other

Enables access to corporate data and LOB resources

Assigns a stable internal IP address for the device

Authenticates incoming connections for authorized devices

Negotiates keys to encrypt traffic over the Internet

Standards Based (IPSec Tunnel Mode, MobIKE, IKEv2)

Enables fast resume/reconnect features for devices and applications

VPN Scenario: LOB Application

FW

FW

ProxyISA

LOB 2

LOB 1

Double envelope security

User Authentications:1) Certificate2) NTLM v23) Basic

Kerberos delegation

Accessing Corporate ApplicationsMorne BlakeEnterprise Architect

Demo

Device Management Server

Perimeter

EdgeFirewall

MobileVPNGW

BackFirewall

InitialOTA DeviceEnrollment

Internet

Mobile VPNHTTPS or HTTP

E-mailand LOBServers

EnrollmentServer

DeviceMgmtServer

Corporate Intranet

AD/DNS/CA/SQL

Self ServicePortal

Device Management Server

LocationIntranet based (domain joined server/service)

Multi-Purposed

Other

Primary administration and management point for all managed devices

Group Policy management, device software distribution, and device data wipes

Application allow/deny; Inventory and Reporting

Proxies information and commands between core Windows Servers (AD/CA) and devices

OMA-DM compliant

SCMDM Device Management Server ConsoleMorne BlakeEnterprise Architect

Demo

MDM DMServer

Group Policy

OMA Proxy Engine

SYSVOL

Group Policy Driver

Group Policy Editor

GPMC

Windows Mobile Device

MDM DB

Modeling

Results

SCMDM Software DistributionMorne BlakeEnterprise Architect

Demo

Software Distribution

DM Server

DB

GW Server

21

1. The device is connected to the GW Server

2. The device connects to the DM Server

3. The DM Server obtains the OMA DM commands for the device

4. The DM Server offers the software packages applicable to the device;The device downloads and automatically installs the software packages

5. The device reports the result of the installation of software packagesto the DM Server

3

4 45 5

Creating a SCMDM Software PackageMorne BlakeEnterprise Architect

Demo

IT Infrastructure Details

RequiredWindows Server2003 SP2 64 bitSQL Server 2005Windows 2003/2008 Active DirectoryMicrosoft CAGroup PolicyWindows Mobile 6.x

OptionalExchange ServerSystem Center Operation ManagerSystems Center Configuration ManagerISA Server

MDM Foundations – Familiarity and Stability

Microsoft Systems Infrastructure

Tools

Windows ServerWindows Mobile SmartphonesIIS & SQLSQL Server Reporting Services

Certificate ServicesActive DirectorySSL and IKEWSUS

MMCADGP and RSoPGroup Policy EditorWindows Mobile SDK

Interoperability

ISA ServerExchange ServerOffice SharePoint ServerOffice Communications Server

Which Solution fits my Needs?

Security Management

Device Management

MobileVPN

SCCM 2007 SCMDM 2008Scenarios

SCCM2007 SCMDM

2008

Platforms WM 2003 to 6.x CE 4.2/5.0 WM 6.x

Exch 2007 SP1

Exchange 2007 SP1

EAS Licensees

System Center Evolution

ConfigMgr v.Next

• Retain MDM & ConfigMgr 07 DM Scenarios

• Windows Mobile and CE device mgt (based on device capability)

• For desktop, laptop, and Windows Mobile devices:• ‘Single pane of glass’ admin• Unified infrastructure

• Migration path for both products

MDM 2008 SP1Comprehensive Windows Mobile 6.x device management, enabling IT control for security, management and access.

ConfigMgr 2007Delivers proven, robust capabilities for managing your IT systems including your desktop, laptop, server, and mobile devices.

Roadmap Summary

MDM 2008 is a complete mobile solution

Great for new device rollouts where mobile applicationspolicies, and corporate network access are vital

System Center Configuration Manager 2007

Both Products are capable and adoption ready

Both Products have a roadmap toward SCCM v.Next to meet your device management needs

Great single point of management for both desktopsand Windows Mobile devices

question & answer

www.microsoft.com/teched

International Content & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

Related Content

What's New for Developers in Windows Mobile 6.5 (WMB303) Mobility Smackdown (WMB201)Real World Windows Mobile Development (WTB229)

Windows Mobile Tips and Tricks for Developers (WMB302)

Track Resources

Resource 1

Resource 2

Resource 3

Resource 4

Complete a session evaluation and enter to win!

10 pairs of MP3 sunglasses to be won

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.