Managing iOS and Android Devices with ZENworks Lecture · Copying all or part of this manual, or dist ributing such copies, is strictly prohibited. To report suspected copying, please

www.novel l .comNovell Training Services

AT T L I V E 2 0 1 2 L A S V E G A S

Managing iOS and Android Devices with ZENworksLecture

Z E N 1 0

Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.

Copying all or part of this manual, or distributing such copies, is strictly prohibited.To report suspected copying, please call 1-800-PIRATES.

Version 12

Legal NoticesNovell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc.

404 Wyman Street, Suite 500

Waltham, MA 02451

U.S.A.

www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see the Novell Documentation Web page (http://www.novell.com/documentation).

Novell TrademarksFor Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html).

Third-Party MaterialsAll third-party trademarks are the property of their respective owners.


http://www.novell.com/info/exports/

http://www.novell.com/company/legal/patents/

http://www.novell.com/documentation

http://www.novell.com/company/legal/trademarks/tmlist.html

Managing iOS and Android with ZENworks

Jason BlackettSenior Product [email protected]


mailto:[email protected]

© Novell, Inc. All rights reserved.2

Agenda

• Introducing ZENworks Mobile Management

• Planning your deployment

• Deploying ZENworks Mobile Management

• Administering ZENworks Mobile Management


Introducing ZENworks Mobile Management



Mobile Device Management Drivers

Inventory ManagementBeyond basic inventory management, this includes provisioning and support.

Application Management*The ability to manage and support mobile applications, including deploy, install, update, delete or block.

Policy ManagementDevelop, control and operations of enterprise mobile policy.

Security ManagementThe enforcement of standard device security, authentication and encryption.

Compliance ManagementAdministrators have rules and requirements they must comply with.

Smartphones

forTablets

Specialty Handhelds



Market Trends

Proliferation of Bring-Your-Own-Device

RIM/BlackBerry rapidly losing market share

Android gaining market share

Apple holding steady

iPad dominate tablet in the enterprise

Increase of mobile device business applications

Enterprises want single endpoint management solution

Tablets are replacing textbooks



Introducing ZENworks Mobile Management

• ZENworks Mobile Management is a Novell product that provides management capabilities for iOS, Android, Windows Mobile, Symbian, and other ActiveSync based operating systems

• This course examines how to use ZENworks Mobile Management to manage iOS and Android mobile devices



ZMMSupport for Multiple Device

Platforms

Centralized Management and

Monitoring Dashboard

Security and Policies on Corporate or Employee Owned

Devices

Compliance Management and Alert Notification

Real Time Device Information and

Statistics

Application Management and

File Sharing

Asset Tracking and Location

Report Generation

End User Self Service Portal

On-Premise or On-Demand Single

or Multi-tenant

ZENworks Mobile Management Capabilities

7

● Report Generation


Planning your Deployment



Sample ZENworks Mobile Management Deployment

9 • Click to edit the outline text format (24pt)– Second Outline Level (20pt)– Third Outline Level (16pt)

– Fourth Outline Level (14pt)

– Fifth Outline Level (12pt)



System Requirements

• ZENworks Mobile Management Server– Windows 2003 SP2 – Windows 2008 or 2008 R2

• Database Server– MS SQL 2008 Express Edition (embedded option for small

deployments)– MS SQL 2008 / 2008 R2 Standard or Enterprise for larger

deployments

• Management Console– Web browser with Adobe Flash plugin installed

10



Information Gathering

• What types of devices do you need to support?• How many devices do you expect to support?• What LDAP, AD, and SMTP servers will be used?• Do you need/want SCEP support for iOS? If so what’s the SCEP server and enrollment URLs / challenge strings

• Will you be using ZENworks Mobile Management as an ActiveSync proxy?

• Does the company already have an iTunes account for generating an APNS certificate?

11



System Performance

• System Requirements

• Adjust the PoolThreadLimit in the Registry to be 2x the total number of devices

• Configure a Web Garden

Minimum Requirement ServersSingle core 1.60 GHz CPU 1 GB RAM 40 GB HD 300 devices per box

Mid-range ServersQuad core 2.13 GHz CPU 4 GB RAM 80 GB HD

2000 devices per box

High-end ServersDual Quad Core 2.80 GHz CPU 8 GB RAM

160 GB HD

4000 devices per box


Deploying ZENworks Mobile Management



Pre-Install Steps• Install Internet Information Server

• Create SSL certificates and ensure you can establish an SSL session to the server

• Create APNS certificate

• Enable 32-bit ISAPI support if you are on a 64-bit platform

• Install MS SQL on database server unless you are using the embedded verison

• Ensure firewall configuration is configured appropraitely

• Ensure devices can access the MDM server from the Internet

• Install SQL client on MDM server if SQL server is remote

14



Install Steps• Execute the database installer to populate the database

• Once the database is setup, then run the management server setup

• After the setup launch the management console from https://<zmm server>/dashboard

• Setup the basic LDAP, ActiveSync, default policy suite, default connection schedule

• Check for updates and apply the latest if there are any

15


Administering ZENworks Mobile Management



Organizational Configuration

• Administrative LDAP Servers– Can be used when adding users or administrators– Can be used to retrieve custom fields into custom columns

• Active Sync Servers– ActiveSync servers that will be used for authentication and

PIM sync

• SMTP Servers– Used for sending email notifications from the system

17



Organizational Administrators

• Administrators can authenticate via LDAP password or local password

• ZENworks Mobile Management provides three roles by default

– Full Administrator– Support Administrator– Restricted Administrator

• You can also create custom roles– Done via the database today via a SQL INSERT command– Document included with the course materials

18



Certificate Configuration

• APNS Certificate– Recommend applying cert prior to deploying many users because of additional avoidable steps.

– Ability to view additional device statistics.– Ability to view a list of installed configuration profiles.

– Ability to silently update or remove configuration profiles that are managed by NMDM.

– Ability to use Selective Wipe to wipe only the mail, calendar, and contact data that is managed by NMDM.

– Ability to Lock Device.

– Ability to Clear Passcode.

– Ability to Push Mobile Apps.

• Signing Certificate– Signs the iOS profiles so that iOS knows they came from a trusted source

19



Organizational Configuration

• Group Emailing– Allows you to send email to groups of users based on

attributes in the database– Allows you to review emails previously sent

• Custom Columns– Provides the ability to have additional data displayed on the

user in the console

20



iOS Corporate Resources

• Allows you to define pre-configured settings to be deployed to iOS devices, including:

– Mail Servers– Exchange Servers– LDAP Servers– SCEP Servers– Wi-Fi Networks– VPNs– CalDAV Servers– CardDAV Servers

21



Connection Schedules

• Defines how frequently a device checks in with the MDM server

• The more frequent the check-in the greater the impact on battery life and data usage

• Allows you to define Peak and Non-Peak hours• Allows you to control different schedules for Peak and Non-Peak hours

22



Policy Suites

• A policy suite is a collection of mobile device management settings

• Settings can be common or device platform specific• Capabilities available are typically based on the capabilities exposed by the platform vendor

• A given user has a default Policy Suite that will be automatically assigned to every device they enroll

• A given device has exactly one effective Policy Suite at any given time

• A default policy suite can be assigned in the system so that all users/devices default to using that suite

23



Mobile Applications

• Mobile applications allow you to create a “corporate mobile app store”

• Mobile apps can contain links to publicly available applications or applications you store in the ZENworks Mobile Management system

• For iOS app store applications you can also associate redemption codes that should be used when installing the application from the app store

• With iOS 5.x and higher you can also push mobile applications to the device as well as pull from the mobile apps page of the agent

• Policy suites dictate which applications are available or pushed



File Sharing

• File sharing allows you to create a simple set of folders and files that can be accessed by your mobile devices

• Policy suite is used to define which files a given device has access to

25



Enrollment

• Steps to trusted internal CA if needed (iOS only)– If you are using a certificate issued by a CA not trusted by iOS out of the

box, export the CA certificate as a .cer– Open the .cer on the iOS device and install the profile to trust the

certificate

• Enrollment steps– Install ZENworks Mobile Management application from the iOS App

Store or Google Play/Market– Enter username, password, ActiveSync domain, and mdm server info for

hands-off enrollment– Uses your ActiveSync credentials for authentication

– Enter username, password, and mdm server info if not using hands-off enrollment

– Uses locally defined user name and password

26



TouchDown Enrollment

• On Android if you want a secure sandbox for corporate PIM data, we suggest using TouchDown

– A robust ActiveSync client available in Google Play/Market– Provides additional capabilities above the default applications

• After enrolling, you can configure ZMM to automatically enroll TouchDown if present, or you can enroll after by initiating enrollment from the ZMM agent application

27



ActiveSync Only Devices

• ZMM also provides management of any ActiveSync device

– Only provides ActiveSync proxy to your ActiveSync server– Allows you to see all of your devices in a common console– Allows you to manage ActiveSync policies via a common

interface– When ActiveSync devices connect through the proxy, the ActiveSync policy

portion of the response is replaced with the ZMM ActiveSync policy

28



Reporting

• Allows you to run many key reports• Currently provides canned reports only• Also provides a drillable dashboard• Long term goal is to provide integration with ZRS for extensive custom reporting

29



End User Self Service Portal

• The end user self service portal is accessible at https://<zmm server>

• Uses the same authentication used for enrollment• Provides the ability to

– Locate the device– Lock the device– Wipe the device– Clear passcode– Manage certificates– Set recovery password

30



Compliance Management

• Compliance Management allows you to configure rules in your system that you devices must meet/abide by in order to have access to corporate resources. These rules include:

– Access policies– Conditions on a given device that are important to the security of the device

– Examples– TouchDown version– SIM removed– Time between connection to server– Policy out of date

– Device restrictions– Device type (Android, iOS, Blackberry, etc)

– Jailbroken

– Passcode requirements (iOS only)

– Model, OS, Carrier

31




• When a device becomes restricted due to compliance rules you can configure what happens when the rule is violated

– When a violation occurs you can – Restrict access to specific resources

– ActiveSync– Shared Files– Mobile Apps– Corporate iOS resources

– Notify an administrator in the console

– Notify the user that violated the policy via email

– Notify a user via email

• Restrictions can be applied globally or per violation type

32




• Compliance Management Reporting– A set of canned reports exists for determining compliance

events in the system– Reports available are:– Access Policy Violations

– Device Restrictions by User

– Exceptions by User

– Resource Restrictions by User

– Users by Exception

33



Auditing

• ZENworks Mobile Management audits any change made in the management console

– Provides the following information– Admin that made the change

– IP address they were at

– A summary of the change

– The ability to view specifics about the change that was made in a given policy

34


Q&A

35



Labs

• Configure LDAP Server• Configure ActiveSync Server• Configure Hands-off Enrollment• Enroll Android Devices• Create Mobile Apps• Create Shared Files• Create Policy Suites• Configure Compliance Management• Enroll TouchDown• Run Reports and View Data

36


Documents

Managing iOS and Android Devices with ZENworks Lecture · Copying all or part of this manual, or dist ributing such copies, is strictly prohibited. To report suspected copying, please