Mobile Device ManagementTimothy Yager (timothy.yager@oswego.edu)

SUNY Oswego

Labman 2013 – Evergreen State College

SUNY Oswego

Located in upstate New York ~8300 FTEs ~6800 undergrad Mobile devices - ~200 “lab” iPads and

rising, several staff smartphones

What is MDM

Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises.”

http://en.wikipedia.org/wiki/Mobile_device_management

Why MDM and BYOD?

In corporate world, increased productivity

Access to virtual apps and data

Major security concerns for your data!

People are bringing their own devices anyway, why provide a work device?

In higher education

Meeting faculty initiatives

Student needs

It sure is trendy right now!

Why MDM for SUNY Oswego?

Pushed by CIO at the time

Based on a clear needs assessment provided by CIO

Project committee was formed

Involved user support group, IT group, telecommunications group, and networking group representatives due to broad nature of scope including:

“Corporate” and “personal” Mobile Devices (phones and tablets)

Network resources for solution

End user training and support

Server work if necessary (many solution SaaS based)

Project Timeline - 2012

Needs assessment – January

Present needs assessment to Campus Technology Advisory Board (CTAB) Applications Subcommittee – February

Review Feedback

Announce plans to full CTAB – February

Complete research and make software recommendation – end of February

Purchase, Install, configure, deploy pilot program –March/April

Assess and deploy needed changes, move to full rollout – March/April

Project Timeline 2012 Continued

Policies and procedures done by end of semester – May

Project completion and in operating mode by summer – May

End goal was a one semester project to be ready prior to summer projects starting!

Needs Assessment Most critical part of a Mobile Device Management Project

You must know what your intent with the solution is as it will drastically affect your decision making process

Need to consider separate needs for personally owned devices versus campus owned devices and what issues come into play

Privacy

Security

Culture of higher education

Legal concerns (state, federal, local, collegiate)

Need to separate technical concerns versus policy concerns

Do you really want to have anything to do with installing an agent on peoples’ personal devices?

SUNY Oswego Documents Review

Mobility Management Solution Needs Assessment

MDM Vendor Requirements – We used Gartner as our initial research point for finding vendors

MDM Trial Results – We went to trial with two vendors, Airwatch and Maas360

Did a mini trial of Meraki as it is a free MDM solution, but immediately stopped testing due to functionality. Has since been purchased by Cisco but is still free, and appears to have much more extended functionality now.

A great way to get a feel for what an MDM can accomplish with little setup and no cost apart from staff time

Meraki Demonstration

Signup

http://meraki.cisco.com/products/systems-manager?ref=MVFkTc

Login

https://account.meraki.com/login/dashboard_login

Clients

GPS tracking / Applications Installed / Lock or Erase Device / Etc

Mobile, Settings

Device restrictions / Password requirements / Wifi / VPN

Apps

What we found in 2012

We could not meet our MDM needs with an MDM Solution!!

Many required Exchange for ActiveSync, not useful for us

Vendors can only do what the APIs allow them to (see Apple)

There are many, many solutions out there and there is a lot of competition among vendors. Some died out from the time we started to the time we finished. This is likely still true today.

Mobile device “imaging” in the same vein as how we do our computer labs was not possible via an MDM solution, which was what we really wanted.

Review of project requirements

Device imaging similar to a standard computer lab

Some way to manage application purchases on an enterprise level

Configuring our campus wireless and email settings

Apple Configurator met all of these needs, and does so ~flawlessly!!!

Success! Silver lining – Apple released Apple Configurator around March, saving

our project which was going to end without success based upon our needs.

Apple Configurator

Free Apple MDM configuration tool from App Store

https://itunes.apple.com/us/app/apple-configurator/id434433123?mt=12

Only available for installation on a Mac

Apple Configurator has a little brother called iPhone Configuration Utility which is available for PC but not nearly as robust

Will need to spend time on Apple Volume Purchase Program to get application purchasing working properly.

Will probably want to purchase a USB hub to hook up many devices at one time

Set it and forget it!

Once “images” are built, you can just click the restore button and devices are set back to their original state

Apple Configurator Notable Links

Apple App Volume Purchasing

http://www.apple.com/education/volume-purchase-program/

Apple Configurator

http://help.apple.com/configurator/mac/1.2/

iOS in Business

http://www.apple.com/ipad/business/it-center/

Service Level Agreement We created an SLA for departments wishing us to image their iOS

devices as well as application installing and monitoring via the Volume Purchase Program

Once signed we will manage a groups devices as specified in the SLA

Three “imaging” options

Unsupervised – We configure wireless and email only.

Supervised without application installs – We will set up wireless, email, and applications. End users will be unable to install apps.

Supervised with application installs – We will set up wireless, email, and applications. End users can install apps and are responsible for their own license tracking.

Devices can be reimaged upon request otherwise will be done over summer.

SLA Continued Department is expected to:

Purchase applications through CTS via the Volume Purchase Program. CTS will create a departmental account for your department (vppdepartment@oswego.edu) that can be used to propagate software to devices.

Understand how to use any software purchased.

Understand any advanced device functionality required for classes.

Train students on the required functionality.

SLA Continued

Department is expected to:

Maintain inventory and replace any stolen or damaged devices as per campus inventory policies.

Consult with CTS prior to upgrading a device to newer operating systems as some functionality may break, e.g. wireless.

Maintain backups in case of data loss.

Deliver to and retrieve devices from 26 Lanigan Hall if changes or updates are needed outside of annual summer reimaging.

Where we are today

Still only using Apple Configurator, for just over a year

Meets our needs!! May not meet yours!

Have no needs or desire to review MDM solutions as Apple Configurator meets our needs.

If Android tablets became popular we would have to review options

Looking at new recommendations for personal use devices

Password requirements / Encryption / Etc.

There would be no way of enforcing these, so more of a guidelines document to protect campus resources

Questions?