mobile device management timothy yager ([email protected]) suny oswego labman 2013 –...
TRANSCRIPT
Mobile Device ManagementTimothy Yager ([email protected])
SUNY Oswego
Labman 2013 – Evergreen State College
SUNY Oswego
Located in upstate New York ~8300 FTEs ~6800 undergrad Mobile devices - ~200 “lab” iPads and
rising, several staff smartphones
What is MDM
Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises.”
http://en.wikipedia.org/wiki/Mobile_device_management
Why MDM and BYOD?
In corporate world, increased productivity
Access to virtual apps and data
Major security concerns for your data!
People are bringing their own devices anyway, why provide a work device?
In higher education
Meeting faculty initiatives
Student needs
It sure is trendy right now!
Why MDM for SUNY Oswego?
Pushed by CIO at the time
Based on a clear needs assessment provided by CIO
Project committee was formed
Involved user support group, IT group, telecommunications group, and networking group representatives due to broad nature of scope including:
“Corporate” and “personal” Mobile Devices (phones and tablets)
Network resources for solution
End user training and support
Server work if necessary (many solution SaaS based)
Project Timeline - 2012
Needs assessment – January
Present needs assessment to Campus Technology Advisory Board (CTAB) Applications Subcommittee – February
Review Feedback
Announce plans to full CTAB – February
Complete research and make software recommendation – end of February
Purchase, Install, configure, deploy pilot program –March/April
Assess and deploy needed changes, move to full rollout – March/April
Project Timeline 2012 Continued
Policies and procedures done by end of semester – May
Project completion and in operating mode by summer – May
End goal was a one semester project to be ready prior to summer projects starting!
Needs Assessment Most critical part of a Mobile Device Management Project
You must know what your intent with the solution is as it will drastically affect your decision making process
Need to consider separate needs for personally owned devices versus campus owned devices and what issues come into play
Privacy
Security
Culture of higher education
Legal concerns (state, federal, local, collegiate)
Need to separate technical concerns versus policy concerns
Do you really want to have anything to do with installing an agent on peoples’ personal devices?
SUNY Oswego Documents Review
Mobility Management Solution Needs Assessment
MDM Vendor Requirements – We used Gartner as our initial research point for finding vendors
MDM Trial Results – We went to trial with two vendors, Airwatch and Maas360
Did a mini trial of Meraki as it is a free MDM solution, but immediately stopped testing due to functionality. Has since been purchased by Cisco but is still free, and appears to have much more extended functionality now.
A great way to get a feel for what an MDM can accomplish with little setup and no cost apart from staff time
Meraki Demonstration
Signup
http://meraki.cisco.com/products/systems-manager?ref=MVFkTc
Login
https://account.meraki.com/login/dashboard_login
Clients
GPS tracking / Applications Installed / Lock or Erase Device / Etc
Mobile, Settings
Device restrictions / Password requirements / Wifi / VPN
Apps
What we found in 2012
We could not meet our MDM needs with an MDM Solution!!
Many required Exchange for ActiveSync, not useful for us
Vendors can only do what the APIs allow them to (see Apple)
There are many, many solutions out there and there is a lot of competition among vendors. Some died out from the time we started to the time we finished. This is likely still true today.
Mobile device “imaging” in the same vein as how we do our computer labs was not possible via an MDM solution, which was what we really wanted.
Review of project requirements
Device imaging similar to a standard computer lab
Some way to manage application purchases on an enterprise level
Configuring our campus wireless and email settings
Apple Configurator met all of these needs, and does so ~flawlessly!!!
Success! Silver lining – Apple released Apple Configurator around March, saving
our project which was going to end without success based upon our needs.
Apple Configurator
Free Apple MDM configuration tool from App Store
https://itunes.apple.com/us/app/apple-configurator/id434433123?mt=12
Only available for installation on a Mac
Apple Configurator has a little brother called iPhone Configuration Utility which is available for PC but not nearly as robust
Will need to spend time on Apple Volume Purchase Program to get application purchasing working properly.
Will probably want to purchase a USB hub to hook up many devices at one time
Set it and forget it!
Once “images” are built, you can just click the restore button and devices are set back to their original state
Apple Configurator Notable Links
Apple App Volume Purchasing
http://www.apple.com/education/volume-purchase-program/
Apple Configurator
http://help.apple.com/configurator/mac/1.2/
iOS in Business
http://www.apple.com/ipad/business/it-center/
Service Level Agreement We created an SLA for departments wishing us to image their iOS
devices as well as application installing and monitoring via the Volume Purchase Program
Once signed we will manage a groups devices as specified in the SLA
Three “imaging” options
Unsupervised – We configure wireless and email only.
Supervised without application installs – We will set up wireless, email, and applications. End users will be unable to install apps.
Supervised with application installs – We will set up wireless, email, and applications. End users can install apps and are responsible for their own license tracking.
Devices can be reimaged upon request otherwise will be done over summer.
SLA Continued Department is expected to:
Purchase applications through CTS via the Volume Purchase Program. CTS will create a departmental account for your department ([email protected]) that can be used to propagate software to devices.
Understand how to use any software purchased.
Understand any advanced device functionality required for classes.
Train students on the required functionality.
SLA Continued
Department is expected to:
Maintain inventory and replace any stolen or damaged devices as per campus inventory policies.
Consult with CTS prior to upgrading a device to newer operating systems as some functionality may break, e.g. wireless.
Maintain backups in case of data loss.
Deliver to and retrieve devices from 26 Lanigan Hall if changes or updates are needed outside of annual summer reimaging.
Where we are today
Still only using Apple Configurator, for just over a year
Meets our needs!! May not meet yours!
Have no needs or desire to review MDM solutions as Apple Configurator meets our needs.
If Android tablets became popular we would have to review options
Looking at new recommendations for personal use devices
Password requirements / Encryption / Etc.
There would be no way of enforcing these, so more of a guidelines document to protect campus resources
Questions?