BlackBerry Forums Support Community

Closed Thread
Thread Tools
Old 08-18-2010, 11:31 AM   #1
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post What is your company doing about MDM?

Please Login to Remove!

So as we all move forward in this mixed Mobile Device world, what steps are your companies taking to ensure that every device is complaint with current company acceptable use policies? I know that there are a few software developers out there that promise great things on Mobile Device Management(MDM), but is anyone using them? Mobile Iron, Tangoe MDM, Zenprise, Trust Digital?

It appears that in a recent converstion with our Tech Rep at Cisco, that us as administrators are all standing around scratching our heads trying to figure out how we can incorporate all of these fantastic devices into our environment. How can we determine the actual security of such devices and be able to ensure data integrity across all platforms?

As we all know the customer base drives our world. So when the customer is the CEO with a new iPhone, we have to figure out how to make it work. What are you doing in your company?
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 08-18-2010, 12:34 PM   #2
BlackBerry Extraordinaire
CanuckBB's Avatar
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183

2 words. BB and BES.

If you are a publicly traded company, You can explain to the CEO that the iPhone will likely not meet audit requirements.

And the customer base does not drive our world. Corporate policies drive our world. I'll deploy any device that does not contravene corporate policies.

Last edited by CanuckBB; 08-18-2010 at 12:35 PM..
Old 08-18-2010, 12:42 PM   #3
Grumpy Moderator
NJBlackBerry's Avatar
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: SGS7
Carrier: Verizon
Posts: 27,948

That doesn't hold water anymore.
The CEO and auditors want BlackBerrys and BES and iPhones and iPads.
You can do secure mobile device management and if you think your employees don't already have multiple devices, you are wrong.

Secure your ActiveSync environment. Discuss availability of secure VPN tunnels with your VPN environment. Write processes and proceudres around what is and is not allowed. Push down equivalent security policies to all devices.

It can (and must) be done right.
Old 08-18-2010, 07:34 PM   #4
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268

Originally Posted by NJBlackBerry View Post
It can (and must) be done right.
Absolutely. The next question is: What policy's will you enforce or apply to these handhelds? Active sync is great, but it is not robust enough to mimic BES. Not without a third party software. Are you enforcing password rules?

One thing we found works better with Active sync, is to set the password attempts to 6 instead of 10. Apple has written there software that after 5 attempts, it disables the device for 1 minute, then 5, then 15, then 30, then 1 hour, then wipes it, if you leave the password attempts at 10. So by decreasing it to 6 now you will have the device wiped in 60 minutes not 2 hours.

Enforce encryption on the device. I know that the device is encrypted, but the data transmission must be as well.

Also WHY OH WHY would you EVER put more than one Exchange account on a device?

Your policy's must be comprehensive donxxx8217;t leave any room for error. Your users must know that the device will be bricked at any point for any reason. So they are required to do backups on their own devices. Release your company of the financial liability that comes from having iTunes loaded on a company PC.

Also if your company is considering allowing personally owned devices to connect to company resources check your computer usage policy. See what can or should be allowed on a personal phone with company info. Determine whether or not your company is going to pay for the personxxx8217;s data package. Most carriers up charge to have enterprise email.

When looking at VPN or Citrix, know the cost. Do you have enough licenses to cover all of the new connections?

Know how to use the iPhone configuration utility. It is a free download. The problem with the native utility is that to put it on a phone, the phone has to be physically connected to the PC with the policy.

You may also want to consider a product for email like GOOD. It will sandbox the application and when you wipe email off, it doesnxxx8217;t touch personal info. It will also do a check for a compromised device and allow you to use the iPhone config tool to put a policy on that will configure things like VPN or recommend apps for download.

Also we all need to find a way to check for hacked (jailbroken), etc. devices.

Beware of vendors hawking really cool apps that connect to the web or require you to put a hole in your firewall to work. It seems that the vendors havenxxx8217;t figured it out either.

Remember we are all in this changing environment together and we too must adapt or get left behind.

P.S. I get my new torch tomorrow for testing..
Your profession is not what brings home your paycheck. It is what you were put on earth to do.

Last edited by b52junebug; 08-18-2010 at 07:37 PM..
Old 09-20-2010, 01:31 PM   #5
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268

Here is what I received from our Apple rep:
Mobile Device Management (MDM) - Third Party Solutions

iPhone and iPad both support Mobile Device Management, giving businesses the ability to manage scaled deployments of iPhone/iPad across their organizations. These Mobile Device Management capabilities are built upon existing iOS technologies like Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service and can be integrated with in-house or third-party server solutions. This gives IT departments the ability to securely enroll iPhone/iPad in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed iPhone/iPad devices.

Here is a list of third party mobile device management companies (in alphabetical order):

AirWatch - AirWatch is a Web-based Solution with Multi-tenant Architecture

John Marshall
[email address]

Good - Good on iPhone, iPad, and iPod Touch

DC Cashman
[email address]

Mobile Iron - iPhone Security & iPhone Management Solution | MobileIron

Mike Leigh
[email address]

Sybase (SAP) - Sybase iPhone Enterprise Solutions - Mobile Device Management Application & Software - Sybase Inc

Chuck Vertrees
[email address]

Tangoe - Enable the Potential of your Smartphone Infrastructure | Software

Tiffany Benson
[email address]

Trust Digital (McAfee and Intel) - Enterprise Mobility Management EMM | Device Agent | Trust Digital

Sandrine Goodman
[email address]

Zenprise - Zenprise

Kelly Thayer
[email address]

Here is a summary of the capabilities of the iOS 4 MDM APIs (enhanced now with Query and silent OTA Management capabilities):

• Enrollment - user authentication, certificate enrollment, device configuration
• Configuration of settings - accounts, policies, restrictions and other settings
• Queries - device information, network, compliance, security, applications
• Management - remote wipe, remote lock, clear passcode, configuration/provisioning profiles

Capabilities are further outlined in this document:
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 09-27-2010, 12:11 PM   #6
BlackBerry God
penguin3107's Avatar
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701

Ixxx8217;m surprised BoxTone isnxxx8217;t in this list too. From what I have seen, all of the vendors in this list do not have access to the iOS4 APIs. IIRC AirWatch and Trust do xxx8230; the Webinar Zen just did didnxxx8217;t showcase anything iOS4 specific so I doubt they have access xxx8230; and Good hasnxxx8217;t shown anything iOS4 specific either.
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
Old 10-01-2010, 03:49 PM   #7
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268

So would you all entertain a solution that was built to encompass all of the OS's/device types? What would you look for?
Would you like the program to be as user friendly as possible with sync to the device password? In other words would you like a secure app, with device password authentication? You can require a password on the iphone/droid, but if you are using something like Good, you still have to put in a password to get into email. So now its not the same experience as Active Sync.

Would you want one console to administer that pushes out your policy and translates it to whatever platform the user has?

Would you want an approval process built into it that would add people to your console, then allow them to self enroll?

Would you want your users to have to connect to VPN for all web traffic, so that they are restricted by your firewall rules?

How are you going to limit hourly employees from accessing email after their work hours?

Would you want the console to have roles, like BES? Would you have this console be web based like BES? Would you want it to integrate into your BES management? So it would be a one stop shop for management?

Would you like to have your own app store, where your users could go out and pick up recommended apps?

What is your wish list for Mobile Device Management?
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 10-26-2010, 04:58 PM   #8
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268

I have a webex with Zenprise tomorrow. Will let you know what they say. They claim to be able to do selective wipes, Remote control for win & android not apple, jailbreak/Rooting detection.

They have also changed their pricing structure to per device not per mailbox. So I will let you all know how it goes.
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 11-17-2010, 06:00 PM   #9
Thumbs Must Hurt
Join Date: Jun 2008
Model: 9810
Carrier: AT&T
Posts: 130
Default Re: What is your company doing about MDM?

We are actually looking at both Mobile Iron and Airwatch as our MDM solution for other smartphones. MDM from these companies have come a long way in the last 3 months. I don't think it will ever replace the BES but it finally has the flexibility to comply with our policies.
Old 12-14-2010, 09:04 PM   #10
New Member
Join Date: Nov 2010
Model: storm
Carrier: sprint
Posts: 1
Default Re: What is your company doing about MDM?

What I have seen is that if you plan to manage Blackberry devices in the enterprise and manage iPhone in the enterprise, using a software like AirWatch is the best solution. I especially like the insight they have into working with Apple products like the iPad.
Old 12-20-2010, 07:39 PM   #11
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
Carrier: Rogers
Posts: 205
Default Re: What is your company doing about MDM?

We've got a whopping two Apple devices in our organization now, though neither of them have any sort of enterprise access on them at the moment, so there are no policies in place for the devices. They are just toys at the moment until we figure out if there will be future adoption or not.

As it stands, our iPad may go the way of the Dodo if the Playbook ends up being half of what RIM says it will be.

So far, the only thing I've really had to deal with has been BES. Since our organization has used Blackberry exclusively for close to a decade now.

If we DO end up continuing to adopt non-BB devices.... Then I will need to look into some of these solutions myself.
BES Admin
Network Engineer
Blackberry user since 2001.
Old 04-15-2011, 05:24 PM   #12
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Default Re: What is your company doing about MDM?

FYI, Airwatch was purchased by Motorola.. So expect the same sort of assimilation of their product as many other Moto purchased companies....
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 04-16-2011, 12:05 AM   #13
Latino Hasta La Muerte
rambo47's Avatar
Join Date: Jan 2005
Location: Denville, NJ.
Model: 9370
Carrier: Verizon
Posts: 9,063
Default Re: What is your company doing about MDM?

Originally Posted by b52junebug View Post
FYI, Airwatch was purchased by Motorola.. So expect the same sort of assimilation of their product as many other Moto purchased companies....
That doesn't exactly fill me with warm and fuzzy feelings.
Old 04-25-2011, 01:43 PM   #14
New Member
Join Date: Apr 2011
Model: 9300
Carrier: AT&T
Posts: 1


Last edited by dubzga; 04-25-2011 at 01:46 PM..
Old 04-25-2011, 03:25 PM   #15
Knows Where the Search Button Is
Join Date: Jan 2006
Model: 9780
Carrier: Rogers
Posts: 32
Default Re: What is your company doing about MDM?

check out Trellia Networks for MDM solution
Old 04-25-2011, 06:34 PM   #16
New Member
Join Date: Apr 2011
Model: 9800
Carrier: AT&T
Posts: 1
Default Re: What is your company doing about MDM?

This is a response from the AirWatch PR team. AirWatch has not been purchased by Motorola. The company is privately held and 100% funded by its executive leadership team. AirWatch has been recently recognized by Gartner as a leader in mobile device management software. AirWatch has a global presence with over 1000 customers. AirWatch will be exhibiting at BlackBerry World in Orlando May 3-5 and Interop in Las Vegas May 8-12.

Please contact AirWatch if you have any questions.
866.501.7705 | [email address] |
Old 04-28-2011, 11:37 PM   #17
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Default Re: What is your company doing about MDM?

Thank you Airwatch for clearing that up. I just assumed when the Motorola rep said it, well... you know how that goes.. I wonder who they did purchase though?
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 04-28-2011, 11:39 PM   #18
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Default Re: What is your company doing about MDM?

We did go with MobileIron though after looking at all of the different solutions. They fit our needs better than anyone else we looked into.
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Old 06-09-2011, 02:31 AM   #19
New Member
Join Date: Jun 2011
Model: Bold
Carrier: Telstra
Posts: 1
Default Re: What is your company doing about MDM?

I think b52junebug may have confused Good with Air-Watch. Good was purchased by Motorola a few years back. They did nothing with it then sold it again.
If you are wanting the same level of security as BES, Good is probably the only option right now in the MDM market. Like BES they don't use active sync and go via a NOC.
Old 06-09-2011, 06:28 PM   #20
Talking BlackBerry Encyclopedia
b52junebug's Avatar
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Default Re: What is your company doing about MDM?

Originally Posted by rRamjet View Post
I think b52junebug may have confused Good with Air-Watch. Good was purchased by Motorola a few years back. They did nothing with it then sold it again.
Actually no, it wasnt Good that the Moto rep was talking about. It was a dedicated MDM solution. I am VERY familiar with the Good Technology Woes.. Been there done that.

You are correct in talking about the fact that Good sandboxes the experience, however the biggest complaint is that because it is sandboxed, it decreases the user experience. So you have to ask, Security or Mulitple logins, other issues with having a Sandboxed solution.
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Closed Thread

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Johnson Controls Metasys M4-CVM03050-0P picture

Johnson Controls Metasys M4-CVM03050-0P





Johnson Controls MS-NCE2566-0 Metasys Network Control Engine picture

Johnson Controls MS-NCE2566-0 Metasys Network Control Engine


Johnson Controls Metasys AP-VMA1440-0 VAV Modular Controller - VMA 1440 picture

Johnson Controls Metasys AP-VMA1440-0 VAV Modular Controller - VMA 1440





Johnson Controls MS-FEC1621-0 Programmable Controller - FEC 1621 - Metasys 1611 picture

Johnson Controls MS-FEC1621-0 Programmable Controller - FEC 1621 - Metasys 1611


Copyright © 2004-2016
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.