Friendly Technologies- Cloud-Based TR-069 Device Management Suite

Friendly TR-069 Device Management Solution Cloud Version

January 2016

Start

The IoT & Device Management Company

Smart Home Open Platform

Internet of Things/M2M Management

Device Management for Fixed & Mobile

Friendly Technologies Mission

www.friendly-tech.com2

Friendly Technologies is a leading provider of carrier-class device management software for IoT/M2M, Smart Home and Triple Play services. Our best-of-breed approach enables service providers to avoid device dependency and manage multiple types of devices on a single platform. Friendly’s platform enables customers to automatically connect and provision new devices, monitor QoE, configure and update firmware remotely, and streamline their support services, while its server and cloud-based solutions offer analytical insights to service providers.

Partial List of Our Customers

wwww.friendly-tech.com3

Friendly Technologies at a Glance


Software solution developer, serving Carrier and xSP market since 1997

The most installed Unified Device Management solution in the world

Focused on Device Management since 2006

Strong global network of local channels, distributors and system integrators acting as local partners

Member of Broadband Forum and Open Mobile Alliance

Offices in Israel, USA, Colombia and Ukraine

Friendly Technologies at a Glance

Friendly Technologies is a winner ofFrost & Sullivan’s 2015 Best Practices Award

for the Best Customer Value in Unified Device & Smart Home Management

Friendly Technologies Line of Products


Device ManagementTR-069, OMA-DM & SNMP device management to streamline the support of Data, VoIP and IPTV services.

Smart Home ManagementOpen platform for full Smart Home management. The solution includes management server and white label Smart Home mobile app for increased ARPU.

Internet of ThingsFriendly's Internet of Things/M2M product line is a white-label device management platform for Utilities, Health Care, Industrial M2M, Transportation & Smart City verticals. Friendly offers both management server and embedded clients.

4G LTE & WiMAX Device Management

TR-069 and OMA-DM device management to accelerate the deployment and support of fixed and mobile devices for the LTE world.

QoE MonitoringAdvanced QoE monitoring and analysis of Data, VoIP & IPTV services from the subscriber’s end.

OMA-DM Mobile Device Management

OMA-DM based mobile device management targeted to xSPs and enterprise for managing and supporting mobile devices including BYOD. The solution includes also an OMA-DM client for the BYOD market.

The Solution


Multi-Tenant Hosted / Cloud ACS solution Robust and scalable at all modules and features level Modularity and easy per -tenant adaptations and management Separation of management / monitoring and provisioning tasks Separation and easy adaptation of tenant Northbound API towards back

office applications

Friendly’s Multi-Tenant HLD Architecture


NBI/API

Admin Console

Self-SupportPortal

QoE Monitoring.

Support Center

ProvisioningPortal

Events Managt..

Friendly’s Multi-Tenant SaaS ACS

Tenant1.com

Tenant2.org

ISP “South.net”

OSS/BSS

TR-69/OMA-DM Devices

OSS/BSS

OSS/BSS



Friendly Technologies Architecture


ISP/Tenant A ISP/Tenant B RG/IAD / Routers /STB/IP Phones/ Smart

Phones/ Femto / MiFi / USB Dongle /

M2M/ Android Devices

RG/IAD / Routers /STB/IP Phones/ Smart

Phones/ Femto / MiFi / USB Dongle /

M2M/ Android DevicesEach tenant has a full-featured portfolio with a total separation

Association Methods


Association via Device ACS username

Association via Domain suffix towards “location” user info field at ACS Database can be performed VIA API calls

Secured isolation between Domains

Multi-level operator’s rights within each tenant

Device-to-tenant & Device-to-operator

Individual User Adaption of Views


In Call Center Portal

Per-tenant & per- username

and level display settings

Adaptation of information element box

location, contents and

technical depth

Individual Tenant & User Level


Activity and Log Action Reports

ACS Security Aspects


The Broadband Forum designed the TR-069 security model to provide a high degree of security in the interactions that use it.

The CPE WAN Management Protocol is designed to prevent tampering with the transactions that take place between a CPE and ACS, provide confidentiality for these transactions, and allow various levels of authentication.

The protocol includes additional security mechanisms associated with the optional Signed Voucher mechanism and the Signed Package Format, described in Annex C and Annex E, respectively.

General

Security Highlights of ACS Transactions


WAN- Internet or ISP VPN

domain

HTT

P/

HTT

PS

HTT

P

TR-069 Device

TR-069 Device

ACS Server

SSL Offload Device (recommended)

If the ACS URL has been specified as an HTTPS

URL, the CPE MUST establish connections to the ACS using SSL/TLS

Support for CPE authentication using

client-side certificate is OPTIONAL for both the

CPE and ACS. Such client-side certificate MUST be signed by an

appropriate chain

The “host” portion of the ACS URL is used by the CPE for validating the

certificate from the ACS when using certificate-based authentication

https://acs.friendly-tech.com:8080/ftacs-

digest/ACS

https://acs.friendly-tech.com:8080/ftacs-basic/

ACS

https://acs.friendly-tech.com:8080/ftacs-

digest/ACS

ACS to Southbound and Northbound Security


WAN- Internet or ISP VPN

domainTR-069 Device

HTTP/HTTPS security + specific URL

domain + SSL/TLS options and

additional certificate security options

Secured firewalled (application and ports ACL) and user privileged

activity lists

OSS/BSS/CRM and

web servers

Admins/CSR users

Authentication of ACS devices + ACS server

side certificate options/white-black list filters

ACS ServerWAN corporate firewall-specific

domain/protocol/ port protection

External storage devices

Friendly’s Extensive Security Measures


Friendly has introduced the following additional security enhancements to cover the main vulnerabilities stated bellow. These are explained in more detail in “Friendly’s TR69 security aspects” document.

SECURITY ZONES ACS WS authentication NBI WS obscured DB connection details encrypted Users Management Path Traversal Vulnerability

Cross Site Scripting Vulnerability Unprotected Management Interface

Vulnerability Insecure HTTP Methods

Vulnerability Insufficient Anti-Automation

Vulnerability Information Leak Vulnerability

Why Us?


Software solution developer, serving Carrier and xSP market since 1997

The most installed Unified Device Management Solution in the world

Carrier-class, scalable solution to manage millions of devices Feature-rich solution to support Any Device on Any Network

over Any Protocol Unique “Smart Layer” Technology - automated integration

and management of any types of devices without a need for manual intervention.

Fastest and easiest installation and deployment –minimum professional services required

We Are Friendly! Friendly to deploy, integrate, use (Friendly GUI) and receive professional support from

Our Call Center Portal is known to be the #1 solution in the world for dramatic reduction of operational costs ( up to 70%).

QUESTIONS TIME!

Thank You for Your Time!

Start

The IoT & Device Management Company

Smart Home Open Platform

Internet of Things/M2M Management

Device Management for Fixed & Mobile