An introduction to Enterprise mobility


Enterprise mobility is an essential part of an organization that needs to manage and monitor the devices that are either owned by the organization or brought into the organization by employees and other parties. Since the popularity of smart devices increases day by day and employees prefer to use their personal devices to do official work; managing devices that are getting connected to an organization becomes critical.


Example: EMM for a College or a University

Let's straight away jump into an example to find out the usage of an EMM. Let's imagine a college or a university where the students bring in their phones or tablets. In order to use these devices inside the college without violating college rules, administration needs to have a way to gain some control over these devices, so that they can manage and monitor these devices. Therefore, when a student brings a device, he has to enroll his device to the EMM of the college. He can enroll his device to EMM by entering his student credentials which is used to connect to any other system of the college. When the student is enrolled to the system, administration may need to install some essential application to the device of the student such as acalendar app, study resources management app, note taking app and, etc.  These can be defined in EMM as a policy.

What is a Policy?

A policy in EMM is one or more operations that has to be applied on a device and needs to make sure throughout the time the device is connected to EMM these operations are applied. In contrast, an operation is a one time operation such as sending a message to a student’s device by a teacher. Sending a message doesn't need to be done multiple times. But if the camera of a student’s device needs to be disabled at all times, this is a policy where it has a rule and EMM needs to monitor the state of the rule applied on devices and make sure it adheres to the policy and in case it doesn't, actions need to be taken.

Going back to the scenario where a set of applications need to be installed on a device and WiFi configurations has to be pushed, is kind an operation that can be defined in EMM as global policies so that any enrolled devices will get these applications and configurations. On the other hand there might be some applications that only need to be installed on certain devices. For example an HRM app that only needs to be installed only on devices of staff members can be defined in EMM as a role based policy.  WSO2 EMM also supports numerous other operations that can be used in many other scenarios. Reading through this article, you might have noticed two distinct words used throughout; devices and apps.  These two entities are the two fundamental building blocks of an EMM. Device side of the story is called Mobile device management(MDM) and the application side is called Mobile application management(MAM). In WSO2 EMM these two component are packed together although it is possible to deploy that as two different instances where MDM part remains as EMM and MAM is separated out as the WSO2 app manager.

So what benefits are there to an organization by implementing an EMM?

Employees can use their personal devices at work making it easier for them to use it since there is no learning time involved and for an organisation, which reduces the initial cost involving buying new devices. Improve security of corporate data since policies can be set on devices to minimize resources misuse and can monitor device details such as memory, location, apps, etc and use a data analytic product such as WSO2 BAM or WSO2 CEP to take decisions and find trends and patterns.

WSO2 EMM can be thought of a product having 3 clear layers. At the very bottom it has WSO2 carbon framework which provides all the security, clustering, governance, statistics and many other reusable components. On top of carbon, CDMF framework is built which act as as core where different types of devices can be plugged in. It provides common feature to device management such as policy management,  monitoring and enrollment or device, remotely install and manage corporate apps on devices and restrict unwanted apps.

EMM High level architecture
Although the use case discussed in the example focuses on an implementation at a college or a university EMM has many other applications. The most obvious one would be to manage devices of employees of an organisation. More specific use case would be an insurance company where insurance agents are given devices and the organization can see if the agent has visited a customer or not by monitoring his GPS location through EMM. Another use case would be a parental control system where parents can see where their children are at a given time and block unwanted games or other apps on their devices. EMM can be used in many other scenarios in more creative fashion and it is up to the imagination of the organization that deploys it to find the correct use cases.

Comments

Post a Comment

Popular posts from this blog

MDM vendor singing and MDM APNS certificate generation for WSO2 Iot server

Image
When we look at how Apple has created the device management protocol for iOS devices, one thing that we notice is they have tried to make the process as secure as possible. In this article, we will look at what is the MDM APNS certificate and how we can generate and use them. When managing iOS devices, the device management commands are typically executed by a native client available in the iOS operating system itself. When a device management server needs to send a command to this client, the command has to be sent though Apple APNS server. However, since these commands are executed by the operating system it self, using a general APNS certificate, does not make sense. Therefore Apple has made it mandatory that the device management servers use a special MDM APNS certificate when sending commands to a device. These certificates expire annually and the admins have to renew then annually. MDM APNS certificate generation is bit of a complex process and to make things simpler, I ha
Read more

Android device owner concepts

Image
With Android 5.0, Google has introduced Device owner and device profile concepts to make android enterprise ready. Device owner app is an application with special privileges to perform task such as monitor and manage settings and other privileged tasks. This means in a literal sense,the devices ownership is given to the organization managing it making the device owner concept ideal for COPE scenario. Once the device ownership is assigned to an app, in order to remove it, the device needs to be factory reseted, for example in a situation where the device needs to be given to a different user.  When the device ownership is given to a specific app, the app gets access to a set of Android APIs that are only available to device owner app. These APIs are not available to regular Android apps. At a given time there can only be one device owner app in a device, which prevents another device owner app overriding the policies enforced by the first device owner app.  The service app prov
Read more

[APIM] Send emails to users upon self-sign up aproval

When using the self sign up of WSO2 API manager, the user needs to wait for the admin to approve their signup request. However when the admin approves/rejects the request, users may like to receive an email with the status of the approval. This can be achieved by the extension points provided by APIM. In this article we will consider how this can be achieved, First step is to set up the user sign up work flow as described in the documentation[1]. After following the documentation, you should be able to self sign up and attach a workflow to the to the self sign up process. After self signup, you can login to the admin portal of APIM and approve or reject a request to sign up. This portal can be address through https://HOSTNAME :PORT /admin for example https://10.100.9.174:9443/admin Next we need to extend from UserSignUpWSWorkflowExecutor of APIM and write your own logic to send out an email. In this case, we have overriden the complete method of UserSignUpWSWorkflowExecutor. In the
Read more