Mobile Device Management - a blog

evasiveabstractedMobile - Wireless

Dec 14, 2013 (3 years and 7 months ago)

752 views

Mobile
Device
Management

Timothy Yager (timothy.yager@oswego.edu)

SUNY Oswego

Labman

2013


Evergreen State College

SUNY Oswego


Located in upstate New York


~
8300 FTEs


~6800
undergrad


Mobile devices
-

~200 “lab” iPads and
rising, several staff smartphones


What is MDM


Mobile Device Management

(
MDM
) software
secures, monitors, manages
and supports mobile devices deployed across mobile operators, service
providers and enterprises
.”


http://
en.wikipedia.org/wiki/Mobile_device_management


Why MDM and BYOD?


In corporate world, increased productivity


Access to virtual apps and data


Major security concerns for your data!


People are bringing their own devices anyway, why provide a work device?


In higher education


Meeting faculty initiatives


Student needs


It sure is trendy right now!


Why MDM for SUNY Oswego?


Pushed by CIO at the time


Based on a clear needs assessment provided by CIO


Project committee was formed


Involved user support group, IT group, telecommunications group, and
networking group representatives due to broad nature of scope including:


“Corporate” and “personal” Mobile Devices (phones and tablets)


Network resources for solution


End user training and support


Server work if necessary (many solution
SaaS

based)


Project Timeline
-

2012


Needs assessment


January


Present needs assessment to Campus Technology Advisory Board (CTAB)
Applications Subcommittee


February


Review Feedback


Announce plans to full CTAB


February


Complete research and make software recommendation


end of
February


Purchase, Install, configure, deploy pilot program

March/April


Assess and deploy
needed
changes, move to full rollout


March/April


Project Timeline 2012 Continued


Policies and procedures done
by end of semester


May


Project completion and in operating mode by
summer


May



End goal was a one semester project to be ready prior to summer projects
starting!


Needs Assessment


Most critical part of a Mobile Device Management Project


You must know what your intent with the solution is as it will drastically affect
your decision making process


Need to consider separate needs for personally owned devices versus
campus owned devices and what issues come into play


Privacy


Security


Culture of higher education


Legal concerns (state, federal, local, collegiate)


Need to separate technical concerns versus policy concerns


Do you really want to have anything to do with installing an agent on peoples’
personal devices?

SUNY Oswego Documents Review


Mobility Management Solution Needs Assessment


MDM Vendor Requirements


We used Gartner as our initial research point
for finding vendors


MDM Trial Results


We went to trial with two vendors,
Airwatch

and
Maas360


Did a mini trial of
Meraki

as it is a free MDM solution, but immediately
stopped testing due to functionality. Has since been purchased by Cisco
but is still free, and appears to have much more extended functionality
now.


A great way to get a feel for what an MDM can accomplish with little setup and
no cost apart from staff time


Meraki

Demonstration


Signup


http
://meraki.cisco.com/products/systems
-
manager?ref=MVFkTc


Login


https
://
account.meraki.com/login/dashboard_login


Clients


GPS tracking / Applications Installed / Lock or Erase Device /
Etc


Mobile, Settings


Device restrictions / Password requirements /
Wifi

/ VPN


Apps

What we found in 2012


We could not meet our MDM needs with an MDM Solution!!


Many required Exchange for ActiveSync, not useful for us


Vendors can only do what the APIs allow them to (see Apple)


There are many, many solutions out there and there is a lot of competition
among vendors. Some died out from the time we started to the time we
finished. This is likely still true today.


Mobile device “imaging” in the same vein as how we do our computer
labs was not possible via an MDM solution, which was what we really
wanted.



Review of project requirements


Device imaging similar to a standard computer lab


Some way to manage application purchases on an enterprise level


Configuring our campus wireless and email settings




Apple Configurator met all of these needs, and does so ~flawlessly!!!

Success!


Silver lining


Apple released Apple Configurator around March, saving our
project which was going to end without success based upon our needs.


Apple Configurator


Free Apple MDM configuration tool from App Store


https://
itunes.apple.com/us/app/apple
-
configurator/id434433123?mt=12


Only available for installation on a Mac


Apple Configurator has a little brother called iPhone Configuration Utility which is
available for PC but not nearly as robust


Will need to spend time on Apple Volume Purchase Program to get application
purchasing working properly.


Will probably want to purchase a USB hub to hook up many devices at one time


Set it and forget it!


Once “images” are built, you can just click the restore button and devices are set back
to their original state

Apple Configurator Notable Links


Apple App Volume Purchasing


http://www.apple.com/education/volume
-
purchase
-
program
/


Apple
Configurator


http://
help.apple.com/configurator/mac/1.2/


iOS

in Business


http://www.apple.com/ipad/business/it
-
center
/



Service Level Agreement


We created an SLA for departments wishing us to image their
iOS

devices
as well as application installing and monitoring via the Volume Purchase
Program


Once signed we will manage a groups devices as specified in the SLA


Three “imaging” options


Unsupervised


We configure wireless and email only.


Supervised without application installs


We will set up wireless, email, and
applications. End users will be unable to install apps.


Supervised with application installs


We will set up wireless, email, and
applications. End users can install apps and are responsible for their own license
tracking.


Devices can be reimaged upon request otherwise will be done over
summer.


SLA Continued


Department is expected to:


Purchase applications through CTS via the Volume Purchase Program.
CTS
will create a
departmental account for your department (vppdepartment@oswego.edu) that can
be used to propagate software to devices.


Understand how to use any software purchased.


Understand any advanced device functionality required for classes.


Train students on the required functionality.

SLA Continued


Department is expected to:


Maintain
inventory and replace any stolen or damaged devices as per campus
inventory policies.


Consult with CTS prior to upgrading a device to newer operating systems as some
functionality may break, e.g. wireless.


Maintain backups in case of data loss.


Deliver to and retrieve devices from 26
Lanigan

Hall if changes or updates are
needed outside of annual summer reimaging.

Where we are today


Still only using Apple Configurator, for just over a year


Meets our needs!! May not meet yours!


Have no needs or desire to review MDM solutions as Apple Configurator
meets our needs.


If Android tablets became popular we would have to review options


Looking at new recommendations for personal use devices


Password requirements / Encryption / Etc.


There would be no way of enforcing these, so more of a guidelines document to
protect campus resources

Questions?