Category Archives: Mobility

Touch Down features and overview

Mobility March 20, 2015 Leave a comment

Basically it is difficult for an admin to track and secure the EAS connected android ,IOS and windows devices  if there is no MDM solution in place.

Its always better to have a tight security when the email services are extended and used outside our organization firewall.

In this article we will have an overview of touch down features and functionality.

Touch Down was developed by a company called Nitro Desk initially and later Symantec acquired nitro desk.

Touch Down had been a personal favorite Exchange client for most of the people because it offers more features at affordable cost.

Key Features 

 

1) NitroDesk’s Touchdown application  separates corporate data from personal data on a mobile device using a secure container. By having this option we have a secured way of preserving the corporate date in mobile devices and an option to wipe only the corporate information rather than performing a factory reset.

2) Touch Down uses advanced AES-256 and SSL encryption by which it supports IRMS as well as DLP and the data in transit will be always secure.

To download and configure touchdown follow the below steps

Lets take an example of configuring them in IOS device

To download TouchDown from the App Store, 

  1. On your device, go to the App Store.
  2. Tap Search, tap the search field and enter NitroDesk, then tap Search.
  3. Navigate to TouchDown.

This will open the product information screen.

  1. Tap the price, then tap Buy Now.

If you already purchased the app, you won’t be charged if you download it again.

Configuring TouchDown

You must have the following information before you can configure TouchDown.

USERNAME Desired username

DOMAIN : Specify your domain

EMAIL: Specify your email ID

PASSWORD This is the password you use to connect your mailbox to your Microsoft® Exchange server. Note that if your password changes or expires, it will not be updated automatically in TouchDown. You must manually update it in TouchDown.

SERVER : Specify the activesync url

SERVER CERTIFICATES : use this option if you have a certificate based authentication for secure ssl.

When you launch TouchDown for the first time, the following screen will appear.

T1

Enter the Email Address and Password.

T2

NOTE: If you turn Enable Logging to On, it logs recent activities in TouchDown and is a helpful troubleshooting tool. You can email the log to iossupport@nitrodesk.com for help in troubleshooting the problem you may be having with the application.

If you choose manual configuration the following information needs to be filled

T3

 

NOTE: If your password changes or expires, it will not be updated automatically in TouchDown. You must manually update it in TouchDown.

T4

The following menu is available when you select a message.

DELETE will delete the email from TouchDown.

MOVE will open up a list of folders to select where to move the email.

MARK will allow you to do the following with the email:

  • Mark Read/Unread
  • Flag
  • Flag Complete
  • Clear Flag
  • Tags

JUNK moves the email to the Junk folder.

CLEAR removes the checkbox from the email so it’s no longer selected.

The following menu options are  available with an email open through touchdown.

SECURITY lets you view the security for that email.

ATTACHMENTS shows if there is an attachment.

RECIPIENTS lists the recipients for the email.

CATEGORIZE allows you to add a category or create a new category for the message.

REPLY will reply to sender. See “Compose Email” on page 9 for information on using the formatting toolbar and how to edit your signature.

MOVE will open up a list of folders to select where to move the email.

DELETE will delete the email from TouchDown.

FLAG flags the email for follow up.

NEW will bring up the compose email screen to create a new email.

Touch Down supports Remote Wipe of exchange data when connecting to an exchange  2007,2010 and 2013 server via ActiveSync mode, and when PUSH is enabled Remote wipe is instantaneous as long as push is active. If push is not active, and you are polling, the wipe will happen only at the next poll interval

Below is the procedure to perform remote wipe from owa

Click Options on the top right corner of owa and select see all options
Select Mobile devices or phones on the left side
Select the device you want to wipe and click the Remote Wipe Data

Now after performing this action what are all the data that are wiped ?

Touch Down wipes the  database stored on the device.
All data under the /NitroDesk/ folder under the SD card (this is where attachments are downloaded, and databases and backups are stored)
Note : Touch Down does NOT reset the phone to factory defaults (no app can do that on Android)

There is another feature called User-Initiated Wipe

This is a feature in Touch Down where a user can cause a remote wipe by sending an email to themselves using a specially crafted subject line.

To set this up

  1. Go to Touchdown Settings, to the Advanced tab
  2. Press Remote Kill button
  3. Type in a secret code, e.g.: SECRETCODE
  4. Press OK, and provide your exchange password to confirm
  5. Press Save in the settings screen

 

At this point Touch Down is ready for a remote kill. From this point, if Touch Down receives an email with the subject line containing TDKILL: SECRETCODE anywhere in it, all the corporate data will be deleted. Since this can be quite an inconvenience if you did not intend it, make sure no one else knows about the kill code you have set.

Overall I  find this app to be user friendly, more secure communication to exchange server ,affordable cost  and no complications of setup required since we don’t require a server setup and we can integrate this app easily with an MDM solution.

Thanks

Sathish Veerapandian

MVP – Exchange Server

Good for Enterprise Overview and Introduction

Good For Enterprise, Mobility April 4, 2014 Leave a comment

Good for Enterprise™, is a Good Technology product offered from AT&T.

Provides wireless synchronization  of corporate emails  outside the network.

Compatible with  Android, IOS , Windows phone and palm mobiles.

Users can access and send  their emails on the go through encrypted security without any data leakage.

Good works with integration of Exchange server through an service account authenticated.

Good for Enterprise further integrates with Good-secured apps such as Good Share™ and Good Connect™ to extend desk-based collaboration to mobile devices, increasing user efficiency and productivity outside of the office through ssl.

Good for Enterprise is built on Good’s next-gen containerization, which enables secure data sharing between Good-secured apps as well as app-level encryption independent of the device used In the event a device is lost or stolen, business data can be wiped or locked without impacting personal data

For example, IT can prevent employees from opening files in unsecured apps, backing up business data to personal cloud-based services, or copying and pasting business content into consumer apps or personal email.

 

Data transmitted over the air, and at rest on devices is secured with industry-leading FIPS-validated AES encryption. There is no need to change firewall settings or set up new inbound connections—all Good servers are deployed behind the firewall with a secure outbound connection using standard port 443. More importantly, Good’s Network Operations Center verifies device compliance before devices are allowed to connect to Good’s inside-the-firewall server.

 

Below table explains the complete feature of the Good  compatible with the various versions of Devices.

Image

Good Enterprise Administration

Good for Enterprise helps accelerate mobility adoption by including integrated device and application management capabilities, giving you complete control over your mobile deployment.

From a central, web-based console, you have full visibility of your entire device fleet. You can provision new devices; enforce security policies, and remote wipe enterprise data or the entire device from a single location.

 

Good Architecture

Image

 

Good for Enterprise provides automatic synchronization of email, calendar, and contacts, notes the user’s Microsoft Exchange Server account and iOS, Android, Windows Mobile, Palm, or Nokia handheld.

Good Mobile Messaging Server software monitors the user’s Exchange account and forwards all account activity to the user’s handheld via the Network Operations Center and your wireless network.

 

Image

Similarly, changes made at the handheld travel over the wireless network, and are returned from the Network Operations Center to Exchange via Good Mobile Messaging Server. The email arrives at both the user’s desktop and handheld, available to be read, forwarded, and replied to from either location.

A user can have his/her Outlook account synchronized to multiple handhelds

 

In a simple way lets have a look at the below example

There are 2 users User A and User B

User A has mobile account configured with Good

When user A sends email to User B mailbox below is the transaction result

Scenario 1:

User A sends email from mobile -> mail goes through wireless N\w -> Mail reaches Good operations Center -> Reaches our corporate firewall -> updates Good Messaging server -> Reaches MIcrosoft Exchange -> Finally reaches users outlook

Scenario 2:

When User B sends email from his outlook to User A

User B sends email from OUtlook -> Mail goes to Microsoft Exchange -> Reaches Onpremise Good Messaging Server -> Goes through internet -> Updates the Good Operations centre

More Similar it uses the same concept of RIM  in BlackBerry Enterprise Servers.

Multiple Exchange and Good Mobile Messaging Servers

Image

 

Good Mobile Messaging Server can maintain user accounts on multiple Exchange servers.

Good Mobile Control Server uses the Exchange Global Address List (GAL) to list, monitor, and manage handheld users across sites. The console is used to assign handhelds to users and to monitor and manage Good Mobile Messaging Servers.

If you have thousands of handheld users, you may need to install additional Good Mobile Messaging Servers to handle the synchronization tasks. Each new Good Mobile Messaging Server will need to be installed on a separate machine

When configuring Good Mobile Messaging Server to connect with an Exchange Server, the speed of the network connection must be a sustained minimum rate of at least 100Mb/s

In the next coming mobility  blog i will further discuss about the installation of the GOOD Enterprise Servers in the Exchange 2010/2013 Environment.

 

Mobile Iron Overview

Mobile Iron, Mobility March 31, 2014 1 Comment

About Mobile Iron

The company Mobile Iron Inc., is headquartered in California

The company was founded by Ajay Mishra, Suresh Batchu and Bob Tinker, 2007. Tinker is current  president and CEO of the company, Batchu is CTO.

 

What do they do?

They are the Manufacturer of solutions for Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) for the management of mobile devices such as smartphones and tablet computers as well as the content and software distribution for these devices across the Messaging enterprise of an organization.

 

What is Mobile Device management (MDM)?

 Mobile Device Management is a term used in information technology and stands for the centralized management of mobile devices such as smartphones, sub-notebooks , PDAs or tablet computer by one or more administrators with the aid of software. The management refers to the inventory of hardware in organizations that software and data distribution, and the protection of data on these devices. Because these devices via cellular / WLAN contact with the company network, and problems of wireless management must are dissolved.

 

What is Enterprise Mobility Management (EMM)?

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context. This is an emerging discipline within the enterprise that has become increasingly important over the past few years as more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace.

The main challenges of determining the right enterprise mobility strategy for an organization is to relate the available mobile IT to the overall purpose of the work conducted, to determine how closely the business process should be aligned to the mobile IT, and how to support mobile workers when they are using these devices in the workplace.

 

Confused about MDM and EMM?

Let’s compare the difference between MDM and EMM.

 

MDM – Is used for managing the software installed on the mobile devices and if any new mobile devices trying to activate it checks whether it meets the MDM policy configured. It has the list of permissible and non-permissible software’s/applications that can be used in the corporate mobile devices.

EMM – Is used to add/ remove users in Mobile Iron.

This MDM feature in Mobile iron can be administered and monitored in 3 ways.

 

VSP (Virtual Smart Phones)

Sentry Servers

Atlas servers

 

What is VSP?

The Mobile Iron Virtual Smartphone Platform (“VSP”) is the central hub of the Mobile Iron solution. It may be deployed as a physical hardware appliance or as a virtual appliance using VMware ESX or Hyper-V. The VSP interfaces with the Mobile Iron application and enterprise resources such as LDAP, Exchange ActiveSync, certificate authorities.

So in a simple term it is just acts as an interface between mobile iron server and Microsoft Exchange. Nothing more involved in VSP apart from interface.

 

What is Mobile Iron Sentry?

Mobile Iron Centry provides access control for email. Sentry connects to Microsoft ActiveSync-enabled email systems such as Microsoft Exchange, IBM Lotus Notes, Google Gmail, and Microsoft Office 365. Like the VSP, it may be deployed as a physical hardware appliance or a virtual appliance using VMware ESX. Mobile Iron Sentry is included in the Mobile Iron Advanced Management package, though the hardware appliance is sold separately.

 

In a Simple term Mobile Iron Centry acts as a security control and gives access control, authentication to connect to any messaging servers and access the data from them. So centry authenticates and connects to the messaging platforms whereas VSP is just an interface.

 

How to access VSPhttps://serverfqdn/admin

What is Atlas?

Mobile Iron Atlas is an advanced management and reporting console that provides highly scalable administration, reporting, monitoring, and troubleshooting across the Mobile IT lifecycle. Atlas collects information on device and application metrics and status, identifies potential issues, and provides actionable insights that enable an administrator to assess critical information and apply corrective steps. Atlas is a part of the Mobile Iron Advanced Mobile Management product.

Below screenshots are examples of Atlas consoles

Image

Image

 

Administration part in Mobile Iron:

Issues related to the Mobile Iron VSP can be separated into two categories:

Admin Portal

System Manager

Admin Portal

Helps in user reporting user deleting mobile iron profile, user deleting mobile iron app, unable to download mobile iron app. 99 percent In Most cases device needs to be retired and reregistered from Mobile Iron.

System Manager

After installation, most configuration tasks are performed in the System Manager portion of the Mobile Iron Admin Portal. The System Manager enables you to: Complete the configuration steps necessary to implement the Mobile Iron VSP, manage basic network settings established during installation, manage how Mobile Iron fits into your infrastructure, upgrade the VSP, troubleshoot VSP issues and perform basic maintenance tasks.

So we do not need to have access system manager always especially for Help-desk team as it has all the configuration change that needs to be done which will not be required for user management tasks.

BlackBerry Server Migration Planning

Mobility December 6, 2013 Comments: 2

In this article we will be looking on how to Migrate from BES 4.0 to 5.0.

Below are the few technologies which have been improved much in BES 5.0.4 compared to earlier versions.

Advanced security features enhanced

BlackBerry Enterprise Server ensures sensitive information is transmitted in a highly protected environment.

Customizable user permissions increased

With over 500 IT policies and BlackBerry Balance technology, administrators can manage user settings, control groups and wirelessly adjust security levels and capabilities.

Stable Remote device management

Track and manage smart phones remotely, without interrupting business

 Designed to meet the needs of enterprise and government, BlackBerry® Enterprise Server is for organizations that have an on premise email server and require a high level of IT control.

BlackBerry Enterprise Server can be run in environments alongside BlackBerry® Enterprise Server Express for organizations that only have a subset of users that require advanced IT management.

Includes BlackBerry® Balance™ technology to enable employees’ BlackBerry smart phones to be used for business and personal use without compromise.

 

 Premigration Checklist

 

Infrastructure Network latency: Ensure there is no network latency in the environment.

Messaging Server/Service Location: Make sure the Messaging server is located in the same AD site.

Service accounts: Ensure the service accounts going to be used for BB account has full domain admin rights

LDAP (Kerberos) : Check for any LDAP errors by running DCDIAG

Microsoft SQL Server database mirroring: Plan accordingly whether we need db mirroring or it can run with the same setup or not according to the environment.

System Requirements

 

Image

Supported Environments

Image

Preparing the source domain for migration process

Image

Preparing the destination domain for migration process

Image

 

Steps to use BET Tool for Migration.

You can use the BlackBerry® Enterprise Transporter to move one or more user accounts from one BlackBerry Domain to a different Blackberry Domain

You can use the BlackBerry Enterprise Transporter when your organization upgrades the BlackBerry® Enterprise Server and you want to create a new BlackBerry Domain, or if you need to move user accounts between BlackBerry Domain instances. For example, if you want to upgrade your organization’s BlackBerry Enterprise Server from version 4.0 SP7 to version 5.0, you can create a separate Blackberry Domain version 5.0 and use the BlackBerry Enterprise Transporter to move your organization’s user accounts to the new Blackberry Configuration Database. You can also use the BlackBerry Enterprise Transporter to move user accounts from a production Blackberry Domain to a test BlackBerry Domain and back.

When you run the BlackBerry Enterprise Transporter, users do not need to delete BlackBerry device data or reactivate their Blackberry devices, if the BlackBerry Enterprise Transporter supports the BlackBerry® Device Software version that they are using. The destination BlackBerry Enterprise Server resends service books, and the BlackBerry devices can start receiving new messages after the BlackBerry devices receive the service books. Synchronization of organizer data and calendar information over the wireless network might occur after the migration process completes.

BET works in 2 modes

Live

 BES instances in both BB Domain instances must use different SRP IDs.

Move user accounts when the BES instances in both the destination BB Domain and the source BB Domain are running.

Bulk

 During the migration process BB Enterprise Server instances in both the source and the destination domains must be turned off.

 In the destination BB Domain, BB Administration Service must be running.

 During the migration process, based on the source BB server, the BB Enterprise Transporter searches the source BB Configuration Database for all user accounts that are associated with the BB Enterprise Server, and moves them.

 Configure the destination BB Enterprise Server instances to use the same

     SRP IDs that the source BB Enterprise Server instances use.

Advantages of BET tool During Migration

Users do not need to delete BB device data or reactivate their BB.

 The destination BB Enterprise Server resends service books, and the BB devices can start receiving new messages after the BB devices receive the service books.

 Synchronization of organizer data and calendar information over the wireless network might occur after the migration process completes.

Preview user move to check for potential errors

Image

Below steps need to be done for the data that is not migrated

Image

BB Enterprise Transporter (BET) performs two validations

Global Validation

 BAS is installed in destination BB Domain.

Sends a test BB Administration Service command to verify that the BB Administration  Service is available and can respond.

User Validation

 User account is associated with a valid email address.

 Account does exist in the source BB Domain and does not exist in the destination BB Domain.

 IT Policy can be applied to the BB Smartphone.

BB device is running an unspecified version of the BB Device Software

BB device is operating on BB Device Software version 4.0.2, and less the ITPolicyKeyMapping table does not exist.

BB device is operating on BB Device Software version 4.3.0

Preparing the move user accounts with the BB Enterprise Transporter:

Create the manifest file.

1. Configure the source and destination BB Configuration Database instances.

2. Configure the default settings for user accounts in the destination BB Domain.

3. Selecting the user accounts to move to the destination BB Domain or select all user accounts associated with a source BB Enterprise Server.

4. Move the user accounts

 

 

Installing the BB Enterprise Transporter

1. Create a folder to store the BB Enterprise Transporter files.

2. In a browser, visit na.BB.com/eng/support/server_resourcekit.jsp.

3. Download the BB Enterprise Transporter installation package.

4. Extract the contents of the installation package to the folder that you created.

5. Double-click the brk-bbenterprisetransporter.msi file.

6. Complete the instructions on the screen

Image

Image

Create a Manifest file in xml

 

Image

Configure the source database

Image

Configure Destination database

Image

Verify the server names and database click on details to choose users for migration

Image

Click on find users choose users and done

Image

Verify the user list and click on done

Image

Click on Preview to validate the user

Image

Image

Migration Progress and completion

Image

Image

Checklist to be performed before Migration

  Backup current environment.

  Confirm pre-requisites.

  Start BB Enterprise Server setup application on a new server.

  Create new BB Configuration Database.

  Restart server & Complete configuration.

  Recreate IT Policy and Software Configurations in BES 5.0 environment.

  Shutdown services on BB Enterprise Server 4.x.

  Start the BAS service on BB Enterprise Server 5.0. Move users with BET (bulk mode)

Conclusion

 

BES 5.0 infrastructure can be deployed independent of already existing BES 4.X deployment.

•Separate BB configuration database created for BES 5.0 environment.

•IT Policy(s), Application Control Policy(s), and Software Configurations are created and validated in BES 5.0 environment.

•BB User(s) is migrated using the BB Enterprise Transport (BET) Tool Live mode or Bulk mode.

• We can view, but not change, the properties of previous versions of the BB MDS Integration Service, BB MDS Connection Service, and BB Collaboration Service from BAS.

  •  Before you try to move the user accounts, upgrade the source BB Enterprise Server for Microsoft Exchange to version 4.1 SP6 MR5 or later.
%d bloggers like this: