International Journal Of Computer Science And Applications .
International Journal Of Computer Science And ApplicationsAvailable at: www.researchpublications.orgVol. 6, No.2, Apr 2013ISSN: 0974-1011 (Open Access)Mobile Device ManagementA Functional OverviewGopal Tatte#1, Dr. G. R. Bamnote#21#ME 1st Yr. Department of Computer Science and Engineering, Sant Gadge Baba Amravati UniversityProf Ram Meghe Institute of Technology and Research, Badnera, Amravati 444701, Maharashtra, India1gmtatte@yahoo.comHead of Department of Computer Science and Engineering, Sant Gadge Baba Amravati UniversityProf Ram Meghe Institute of Technology and Research, Badnera, Amravati 444701, Maharashtra, India2grbamnote@rediffmail.com2#Abstract— Mobile devices are fast evolving and becoming moreand more powerful in performance and more convenient tohandle with their small form factor (SFF). With these advantagesit is fast becoming a preferred device of choice for conductingenterprise functions. Bring your device (BYOD) is a classicexample of acceptance by Enterprises to these SFF devices asstandard tool for Enterprise functions. With these new devicescomes a new challenge of managing these devices in Enterprisenetworks and applying or ensuring same level of safety andrestraints as was applicable to standard enterprisedesktops/notebooks. This paper talks about a genericarchitectural model and core components of Mobile DeviceManagement solution as applied by enterprises to handle theseSFF devices in enterprise network.and more use cases where enterprise provided handheld devices need to be carried in open fieldsoutside enterprise’s controlled networks creatingserious data and security threats. Significant CPUpower, SFF, Intelligent Wireless, and Capacity ofbroadband networks and abundance of appsavailability is a strong convergence for an alwaysconnected always on workforce, all in turn forcingneed for MDM solutions as an integral part of anyEnterprise’s network policies.II. CORE FUNCTIONSKeywords— Mobility, Device Management, MDM, BYOD, SFF,Mobile Network, SCMDMI. INTRODUCTIONThere are three core areas of functionality thatshould be integral to any comprehensive mobilemanagement solution:MDM (Mobile Device Management) is a wide Enableumbrella acronym that covers whole array of Securemobility management and security tools. These can Managebe deployed in a premises-based configuration or asa hosted service, managed or otherwise. PrimaryThis should be implemented in a process that isobjective of these tools is to provide with asimpleand efficient for both IT managers g devices, to apply policies mobile users:related to usage, and distribution/managing apps. Enable - Device Identification:[2] Provision,With Significant CPU power and processingthe device for use in the corporatecapacities, new age smart phones are stronglyenvironment. This includes providing accessestablishing themselves as a strong alternative forto key corporate assets, like email, calendars,cumbersome desktop devices at enterprises. Withcritical mobile applications, documents andmore and more people bringing in these small formmedia content Devices can be either managedfactors (SFF) devices to work, Enterprises arei.e. registered with MDM tool as knownforced to think of these devices as preferred tool fordevice with proper authentication andtheir employees. Also with increasing adaptation ofprovisioning to enterprise network, or rougeautomation in enterprise businesses there is morei.e. unknown or un registered devicesNCAICN-2013, PRMITR,Badnera319
International Journal Of Computer Science And ApplicationsAvailable at: www.researchpublications.org Secure - Device Connection:[2] Secure thedevice and the data that is stored on it andpasses through it. Activate appropriatepassword and access controls, and maintainseparation of corporate data from personaldata. For MDM controller/gateway to talk todevice or for device to talk to MDMcontroller, there has to be a connectionmechanism. This mechanism is typicallyprovided through VPN over Wifi wherein allnetwork traffic from cellular wireless widearea networkDevice Management:[2] Manage all devicescentrally with real-time access to inventory,configuration and help desk functions. Getprioritized critical information through alertsand notifications that can be fully integratedinto enterprise workflow solutions. It’stypically performed by pushing group policiesafter collecting info from the device. Thesegroup policies can enable disable any devicecapability for eg. Switching off the cameraonce device enters a restricted zoneVol. 6, No.2, Apr 2013Fig. 1 A high level depiction of a typical MDM solution with its corecomponents. [1]A. Gateway ServerIt’s located in DMZ or screened subnet ofenterprise network. It provides the way in toEnterprise network for managed device's sessionsand provides way out for network and devicemanagement communication. It provides III. CORE COMPONENTSBased on the core functions we'd typically havethree main components to any MDM solution Gateway ServerDevice Enrolment ServerDevice Management ServerISSN: 0974-1011 (Open Access)Authenticates incoming connection forauthorized devicesAllocates a stable IP address for the device toenable Direct Push updates and supportapplication persistenceEnables fast resume and reconnect features fordevices and applicationsNegotiates keys to encrypt traffic over theInternetFollowing illustration shows thearchitecture of MDM Gateway ServerdetailedAdditionally there would be some DB servers,Domain Controllers, Certificate Servers, LOBServers etc. based on the nature of actual enterprisenetwork. But above three would be where most ofthe action takes place from MDM perspective.Following picture depicts high level overview ofthese components, and how they work with existinginfrastructureNCAICN-2013, PRMITR,Badnera320
International Journal Of Computer Science And ApplicationsAvailable at: www.researchpublications.orgFig. 2 Architecture of MDM Gateway Server [1]Gateway Server is the pivotal access point formanaged devices. Typically, this server is installedin your perimeter network where a defence-in-depthapproach helps protect the network security of yourenterprise. MDM Gateway Server is a stand-alonegateway that faces the Internet from inside theperimeter network. Typically, it is not domainjoined and shares no accounts or passwords withyour enterprise domain. It does not directly useActive Directory Domain Service, NTLM, orKerberos access to authenticate devices becausethese would require Mobile Device Manager(MDM) Gateway Server to be domain-joined or tostore domain credentials.Vol. 6, No.2, Apr 2013ISSN: 0974-1011 (Open Access)MDM Device Management Server through the usualmechanisms and then retrieves the command.5)Mobile VPN driver: The Mobile VPN drivermanages network communications with the device. It checksthat data coming from the device is valid and that the devicehas a valid IPsec Security Association (SA). If the connectionis valid, the data is forwarded. If the connection is not valid,the data is discarded or is moved up the network stack to theMobile VPN policy engine to negotiate a new connection.B. Enrolment ServerEnrolment Server provides the services that arerequired to enable a Windows Mobile powereddevice to join the managed device environment.The following illustration shows the architectureof MDM Enrolment Server.MDM Gateway Server authenticates incomingconnection requests by using an offline certificateevaluation process that queries the device machinecertificate. It allows an end-to-end SSL session tobe maintained between the client application andMDM application servers.MDM Gateway Server has the followingcomponents [1]:1)Certificate store: MDM uses machine certificates toauthenticate Windows Mobile powered devices and MDMGateway Server and MDM Device Management Server.These certificates are stored in the Windows Certificate Store.2)MDM VPN agent: The virtual private network (VPN)agent handles communications between MDM DeviceManagement Server and MDM Gateway Server. For MDMGateway Server, the MDM Gateway Server cannot startcommunication with servers in the company network. Forimproved security, the MDM VPN agent does not startconnections to MDM Device Management Server.3)Mobile VPN policy engine: This componentestablishes and manages the IPsec tunnel to and from thedevice. It works with the Mobile VPN driver in thenetworking stack to enable the Mobile VPN client to establishauthenticated and encrypted communications over the mobileoperator network or through a Wi-Fi network.4)MDM Alerter agent: The Alerter agent notifies thedevice that pending Open Mobile Alliance DeviceManagement (OMA DM) commands are waiting, such as adevice wipe. The Alerter agent then notifies the device to startan OMA session. The managed device communicates withFig. 3 Architecture of MDM Enrolment Server [1]The MDM Enrolment Server has the followingcomponents: [1]1)Administration services: This collection of Webservices is functionally similar to the administration serviceson MDM Device Management Server. Because the EnrolmentWeb service uses TCP port 443, the Administration Servicesuses other TCP ports that the administrator can configure.2)Enrolment Web service: Internet InformationServices (IIS) hosts this Web service that manages incomingrequests from Mobile devices to enrol in the managedinfrastructure. After the Enrolment Web service receives arequest, the service manages later communications with theMobile device until it becomes a domain-joined manageddevice. Then, MDM Gateway Server handles thecommunications.3)Enrolment service: This Windows service handles allcommunications to enterprises Active Directory DomainService and PKI infrastructure. Enrolment Server provides aprotected over the air (OTA) process to request and retrieveNCAICN-2013, PRMITR,Badnera321
International Journal Of Computer Science And ApplicationsAvailable at: www.researchpublications.orgcertificates for devices. To help protect against maliciousattacks, MDM Enrolment Server may use shared-secretencryption to perform protected enrolment over non secureconnections, such as public General Packet Radio Service(GPRS), or other mobile data networks. This lets users enroltheir device without having to cradle it and without havingphysical access to the enterprise network.C. Device Management ServerVol. 6, No.2, Apr 2013ISSN: 0974-1011 (Open Access)MDM Device Management Server has thefollowing components: [1]1)Administration services: These Web services managethe administration tasks received from Mobile DeviceManager (MDM) Console. When commands are received, therelevant service translates them into OMA DM tasks and thenstores them in the relevant MDM database.2)OMA service: This Web service works as an OMAproxy and enables the managed device to use OMA DM tocommunicate with MDM. This method provides more securecommunication with systems in your enterprise network. TheOMA service converts tasks from the MDM database intoOMA DM commands and then sends them to the manageddevice for execution. When the device has completed thecommands, the OMA service updates the database with thedevice status.Device Management Server provides the cture servers and services of an enterprisewith MDM Gateway Server in the perimeternetwork. MDM Device Management Servertransforms protocols that are used within enterpriseto Open Mobile Alliance Device ManagementThis service supports load balance arrays of(OMA DM). This enables to manage Mobile MDM Device Management Server that provides adevices in a manner similar to how we manage scalable architecture. You can use an appliance orportable and desktop computers for an enterprise.the native Windows Network Load Balancer(WNLB) capability to load balance these arrays.Device management includes the following tasks:3)MDM software distribution: This service provides Application distributionthe interface to Windows Server Update Services (WSUS). Group Policy applicationAll external communications use the standard WSUSinterfaces. Therefore, no update to the WSUS servers is Firmware inventoryrequired. Device wipe4)Group Policy service: This service communicatesThe following illustration shows the detailed with the Group Policy service on your enterprise domaincontrollers. This service determines the Resultant Set ofarchitecture of MDM Device Management Server.Policies (RSOP) from the Active Directory Domain Servicefor each device object in the domain. The service translatesGroup Policy settings into tasks and then stores them in theMDM database. The OMA service processes them and appliesthem to a device the next time that the device connects.5)Remote Wipe service: This service manages thecommand to wipe data from a managed device. This service isnotified when a device has been wiped or the wipe commandhas expired. The service then does several things:Fig. 4 Architecture of MDM Device Management Server [1] It communicates with a domain controller to removethe Active Directory Domain Service object for thedevice. It communicates with the MDM Enrolment Server torevoke the device certificate and delete its accountfrom Active Directory. It updates MDM Gateway Server and databases so thatthe device cannot connect to the system by using itsprevious credentials. The device can complete theenrolment process again if it has to re-join themanaged environment.NCAICN-2013, PRMITR,Badnera322
International Journal Of Computer Science And ApplicationsAvailable at: www.researchpublications.org6)Gateway Central Manager (GCM) service: Thisservice helps overcome the difficulty of configuring acomputer that is running MDM Gateway Server in theperimeter network in a more secure manner. The GCM servicecommunicates configuration changes and updates to MDMGateway Server. This communication is pushed through anSSL connection from MDM Device Management Server onthe enterprise network to the management IIS instance onMDM Gateway Server.Vol. 6, No.2, Apr 2013ISSN: 0974-1011 (Open Access)ACKNOWLEDGMENTI’d like to thank Dr. G. R. Bamnote (DeanFaculty of Computer Science and Engineering SantGadge Baba Amravati University, Head MEComputer Science and Engineering DepartmentPRMITR Badnera, Amravati) for his guidance andsupport in preparing this paper.IV. STANDARDSTypical MDM is based on several open industrystandards for mobile devices TCP/IP Open Mobile Alliance Device Management(OMA DM) IPsec and Internet Key Exchange ProtocolVersion 2 (IKEv2) IKEv2 Mobility and Multihoming (MOBIKE)protocol Software Component Management ure Guide for System Center MDM, Microsoft CorporationThe 2011 Mobile Device Management Challenge - Defusing MobileAnarchy in the Enterprise, Robin Layland and Joanie WexterBest Practices: Extending Enterprise Applications to Mobile Devices –The Architecture Journal, Kulathumani HariharanOMA Web site: r the Internet Engineering Task Force (IETF) specification, seeMobile IPv6 Operation with IKEv2 and the revised IPsec Architecture,at this IETF Web site: http://www.ietf.org/NCAICN-2013, PRMITR,Badnera323
MDM (Mobile Device Management) is a wide umbrella acronym that covers whole array of mobility management and security tools. These can be deployed in a premises-based configuration or as a hosted service, managed or otherwise. Primary . Enable
This handbook supplement applies to students entering the fourth year of their degree in Computer Science, Mathematics & Computer Science or Computer Science . Undergraduate Course Handbook 1.2 Mathematics & Computer Science The Department of Computer Science offers the following joint degrees with the Department of Mathematics: BA .
1 Forensic Science International: Genetics 4.604 2 International Journal of Legal Medicine 2.714 3 Forensic Science International 2.140 4 Regulatory Toxicology and Pharmacology 2.031 5 Forensic Science, Medicine, & Pathology 1.983 6 Science & Justice 1.417 7 Legal Medicine 1.238 8 Journal of Forensic Sciences 1.160 2008: 1.367 2009: 2.421
Trends in the State of Computer Science in U.S. K-12 Schools 2016 Table of Contents Executive Summary 3 Introduction 5 Value of Computer Science in Schools 6 Opportunities to Learn Computer Science 9 Perceptions of Computer Science 14 Challenges and Opportunities for Computer Science in K-12
Introduction to Computer Science I Course Overview Computer Science 111 Boston University Welcome to CS 111! Computer science is not so much the science of computers as it is the science of solving pro
Computer Science Teachers Association, Cyber Innovation Center, and National Math and Science Initiative have answered the call by organizing states, districts, and the computer science education community to develop conceptual guidelines for computer science education. The K-12 Computer Science Framework was developed for -12 Computer Science
[ ] International Journal of Mechanical Engineering and Research (HY) Rs. 3500.00 [ ] International Journal of Mechanical and Material Sciences Research (HY) Rs. 3500.00 [ ] International Journal of Material Sciences and Technology (HY) Rs. 3500.00 [ ] International Journal of Advanced Mechanical Engineering (HY) Rs. 3500.00
Anatomy of a journal 1. Introduction This short activity will walk you through the different elements which form a Journal. Learning outcomes By the end of the activity you will be able to: Understand what an academic journal is Identify a journal article inside a journal Understand what a peer reviewed journal is 2. What is a journal? Firstly, let's look at a description of a .
excess returns over the risk-free rate of each portfolio, and the excess returns of the long- . Journal of Financial Economics, Journal of Financial Markets Journal of Financial Economics. Journal of Financial Economics. Journal of Financial Economics Journal of Financial Economics Journal of Financial Economics Journal of Financial Economics .
