MOBILE SOLUTIONS

Increasing staff productivity while lowering costs tied to this growing enterprise resource

CDW REFERENCE GUIDE JULY 2013 | 800.800.4239 | CDW.COM/MOBILITYGUIDE MOBILE SOLUTIONS REFERENCE GUIDE | July | 2013 800.800.4239 | CDW.COM/MOBILITYGUIDE WHAT’S INSIDE: Making it easy to fi nd out what’s new >>>

3 CHAPTER 1: Mobile Strategies: Architecture for Success • Building a Secure Foundation • How to Approach BYOD? • A Roadmap to Success • Operations Monitoring and Reporting

7 CHAPTER 2: Policy & Planning for Mobility • Data Access Policy • Device Policies • Network Strategy

10 CHAPTER 3: Getting a Handle on Hardware • Diff erent Workers, Diff erent Devices • Device Categories • Features and Options • Choosing a Carrier

22 CHAPTER 4: Managing the Mobile Fleet • Acquiring Mobile Devices • Mobile Device Management • Expense and Telecom Management • Security and Mobile Devices 26 CHAPTER 5: All About the Apps 29 THE NETWORK: • Application Stores • Mobile Application Management CONNECTING • Security and Apps ALL THE DOTS 29 CHAPTER 6: Th e Network: Connecting All the Dots • Assessment and Planning FOR MORE • Controller-based Management INFORMATION and Monitoring ON MOBILE • Mobile VPNs SOLUTIONS, VISIT • Cloud and the Mobile Network CDW.COM/MOBILITY • Security and the Network

33 CHAPTER 7: Providing a Helping Hand • Help Desk Options GET M.CDW.COM ON THE GO • Warranty Services M.CDW.COM is now available anywhere with our new • MDM Customization Services mobile-friendly website or download the CDW app for your iPhone from the App Store. 35 INDEX GET IT at M.CDW.COM

WHAT IS A CDW REFERENCE GUIDE? At CDW, we’re committed to getting you everything you need to make the right purchasing decisions — from products and services to information about the latest technology. Our Reference Guides are designed to provide an in-depth look at topics that relate directly to the IT challenges you face. Consider them an extension of your account manager’s knowledge and expertise. We hope you fi nd this guide to be a useful resource. CHAPTER ONE

Building a Secure Foundation How to Approach BYOD? A Roadmap to Success Operations Monitoring and Reporting

MOBILE STRATEGIES: ARCHITECTURE FOR SUCCESS

igital technology continues to in more situations and time frames A productive mobile Dinnovate. Mobile devices and that suit them — often speeding the infrastructure supporting them communication and the delivery of program starts with have ushered in a third wave of end- work. Th e new generation of mobile holistic research user computing. First, the desktop PC endpoints enables each function revolutionized who could use computers within a private- or public-sector and planning. (nearly everyone). Next, the notebook organization to combine unifi ed PC demonstrated where computing communications, enterprise applications could take place (nearly anywhere). and data access, and domain-specifi c Now, mobile devices are making applications into one device. computing completely ubiquitous. It wasn’t long ago that the idea of Technological advances have enabled mobile devices as full-access network mobility and mobile solutions. But endpoints was, to say the least, a the reason mobility has truly taken novelty. If an IT team considered the hold lies in its power to transform notion, it faced numerous obstacles, the organization it serves. Mobile such as a lack of global wireless endpoints and the infrastructure bandwidth, few tools for porting supporting them not only off er the enterprise apps to small screens potential to reduce computing costs, atop unfamiliar operating systems they also off er the potential for and immature policy development making the entire organization more surrounding the adoption of super- effi cient. Mobile endpoints keep getting portable devices. Plus, IT and lighter and more capable — whether compliance staff s faced additional tricky smartphones, tablets or any of several challenges around how to maintain classes of portable PCs and systems. cybersecurity and mitigate the risk With always-on, always-connected inherent in lost or stolen devices. devices, workers can remain productive All those hurdles have been overcome. >

3 CHAPTER ONE

Mobile endpoints and the components with the proliferation of BlackBerry from selecting and provisioning needed to support them at an enterprise handhelds. Th e email system associated devices to eventually deactivating level have matured. What’s required with the devices used native encryption, them. But security thinking also must for success with enterprise mobile making it safe for widespread use. encompass the wired and wireless solutions is the right level of enterprise Eventually, the device market networks that portable and mobile commitment coupled with a sound became more diff use, with user demand devices access, access and identity policy, strategy and execution plan. driving a growing variety of devices management controls, and policies and Th is reference guide lays out a roadmap and OSs. As workers increasingly training for users and technologists. to help with each of those items. sought to use their personal devices In fact, security integration on the job, CIOs and CISOs feared continues to be one of the main Building a Secure Foundation bleed-through from personal apps and technical challenges in rolling out Security must undergird any mobility data that shared memory and storage and managing an enterprise mobility solution. When mobility strategies with organizational information. solution. Th at’s why it’s important to started to become something distinct But these fears were addressed. Th e view mobility holistically, rather than from those governing telework, and swift evolution of mobile architectures as a series of siloed technologies. the bring-your-own-device (BYOD) and tools available for managing wireless Many organizations start with trend began to take hold, many CIOs devices has made those problems a device-centric view and work and chief information security offi cers largely avoidable or manageable. outward — from the apps and data (CISOs) focused almost exclusively on Security in the increasingly common to the device ports, and then fi nally the devices themselves. Th at’s because any-device environment derives from to wireless and wired networks. for many, the most basic enterprise embedding security best practices in all Th is approach has one advantage: It app, email, was fi rst rendered mobile phases of the mobile-wireless lifecycle, acknowledges and compensates for

IS BYOD RIGHT FOR YOUR ORGANIZATION?

Th e following questions can help determine if a bring-your-own-device initiative is right for the organization.

 Who or which functions will be entitled (or  Is the IT organization prepared to support BYOD? required) to participate in the BYOD program? Depending on the specifi c device policy, the Keep in mind, the desire of workers to technology team will have to support new OSs, have cool devices doesn’t necessarily apps and hardware confi gurations. It may have align with organizational needs. to set up a user self-provisioning app site as well.

 What will the cost trade-off s look like?  Which devices are the organization willing For instance, some devices that workers to support in terms of OSs and models? want to use likely will function as their Apple iOS devices all look alike in terms of only endpoint. Others may also need an support, but Android comes in many fl avors. organization-supplied desktop or notebook  What are the physical security and computer. Th e number of devices will aff ect cybersecurity changes that will be required? software licensing, IT support and acquisition budgets. Th e various voice and data plan Th e parameters of the existing security options also must fi gure into cost strategies. program and how the IT team monitors user security networkwide will need to be reviewed and possibly enhanced.

4 CDW.COM/MOBILITYGUIDE | 800.800.4239

the fact that mobility and wireless access pretty much obliterate the classic enterprise perimeter, once easily guarded by a fi rewall.

How to Approach BYOD? Few questions have produced as much debate and angst as the BYOD model. In trying to fashion a BYOD policy, an organization confronts the proverbial onion. As decision-makers look deeper into the question, fresh questions arise. Still, the principle of using personal devices for professional purposes has become well established in the minds of workers, whether in sales, marketing, engineering or fi nance. Th erefore, in designing a mobility framework, organizations should at least consider various approaches to BYOD as part of their overall solution. Th e IT department will have • Mobile device management (MDM), start to utilize multiple wireless devices to evaluate the two basic BYOD either hosted on premises or as in the workplace. Network upgrades may approaches: organization-issued a cloud service, and security as need to encompass not only the wireless devices authorized for personal use, and a managed service using leading segments but also the core network. worker-purchased devices approved vendors such as AirWatch, Additionally, because it is relatively and confi gured for enterprise use. MobileIron, MaaS360 by Fiberlink, easy to unify communication channels While most organizations currently McAfee and Symantec on mobile devices, users might also conceptualize BYOD initiatives as • Application management, including drive up bandwidth demands through programs that involve smartphones and setup, license management and apps such as video conferencing. Th e tablets, a few are extending this thinking operation of an in-house app store use of a forward-looking roadmap to BYOC, or “bring your own computer.” • Data center and network helps defi ne such issues and then optimization to handle anticipated plan for changes accordingly. A Roadmap to Success growth in bandwidth and storage Similarly, security and endpoint Enterprise mobility is a state of being, requirements caused by the protection challenges are also but it’s also a measurable, repeatable infl ux of new wireless devices surmountable with proper planning process. Approaching mobility from • Help desk and warranty services, and use of the latest techniques in a lifecycle standpoint will help an plus monitoring of wireless containerization and dual-identity organization focus on optimizing each plan usage and carrier billing device confi guration. But strategizing stage of the process. Having some (based on knowledge-driven for mobility must include modeling of guidance on what to expect at the advice on adjusting plans to the ways that enterprise apps and data diff erent points of the mobility lifecycle achieve the most effi ciencies) potentially can be compromised. Again, a is valuable for planning purposes. Such Whether contracting with a vendor or roadmap approach off ers a way to make a roadmap should cover the following: keeping the initiative in-house, using a sure all security bases are covered. • Planning and policy development, holistic roadmap approach also benefi ts from device selection through the IT team by identifying potential Operations Monitoring eventual deactivation, including roadblocks that can stymie a mobility and Reporting which types of workers most implementation. For example, traffi c can An eff ective enterprise mobility benefi t from a BYOD program overwhelm the network as many users solution requires ongoing knowledge of

5 CHAPTER ONE

how all of its elements are performing and whether users and devices are conforming to policy. MDM systems are key here, providing knowledge that falls into three main buckets: whether endpoints are policy-compliant with THE respect to permissible apps and usage; how networks and wireless plans are PORTAL being used; whether devices and use conform to security requirements. PREMISE Th e ability to manage and control apps is foundational to successfully overseeing mobile devices and their performance. Th e app portal or download site is For any organization with more rights, meaning users can’t essential to maintaining policies. than a few people, workers load personal or other third- An emerging subfunction of MDM, know where to go for certain party software or patches. mobile application management needs, such as human resources (MAM), ensures that downloaded Mobile devices require a slightly or business travel services. apps are equipped with security diff erent model of software Th at’s because those functions add-ons such as “wrappers” that distribution, more in line with have their own operations. But, can isolate them and their associated the way consumer apps install increasingly, those functions data from the other contents of a on devices — that is, wirelessly, are also becoming self-service. device. Th is works in reverse as well, after accessing a download so that if an onboard app needs to be Th is approach is taking hold in IT site. Following this model, remotely wiped, the MDM solution can with mobility solutions centers organizations are building accomplish this without necessarily on web portals that workers can their own portals from which obliterating the user’s personal data. visit to onboard devices, obtain their users can obtain apps to An organization can exercise wireless services, download apps provision either to their own or signifi cant cost control if it monitors and receive support services. to enterprise-issued devices. wireless usage per device, workgroup and department. By analyzing this For desktop and notebook CDW can customize and operate information (such as who or what systems, software distribution a portal as a service. Keep in mind apps tap extensive bandwidth, where generally takes place by simply that a portal must do more than and when certain wireless use is burning each system’s hard simply off er apps. It must also heavy and how allotted minutes are drive with a standard enterprise enforce policies that classify who consumed) the IT team can adjust image. Distribution occurs either can download particular apps. apps, services and the network to through the Ethernet network or Some organizations choose to provide for optimal and effi cient use. deskside using a master DVD. On the security front, users off er a range of popular outside and administrators both have Vendors also deliver computers apps, such as Evernote or Skype, responsibilities. Users must set already loaded with the partly as a convenience to users strong passwords, avoid any attempts multiple confi gurations for and partly in an attempt to at installing prohibited apps and an organization’s various standardize apps on workers’ immediately report lost or stolen departments and users. devices. Portal communications devices. Th e IT staff must, based on To conform to enterprise run in two directions, so that the MDM-generated reports, be sure the cybersecurity policies, IT group can receive information latest updates and security patches confi gurations typically from devices as well as push are in place for apps and OSs. „ don’t provide administrative apps and updates to them.

6 CHAPTER TWO

Data Access Policy Device Policies Network Strategy

POLICY & PLANNING FOR MOBILITY

xciting though the mobility smartphones. Th is isn’t surprising, An eff ective E revolution may be, private- and given that nearly two decades have public-sector organizations must be passed since the BlackBerry debuted program hinges careful to plan and establish the right and email went mobile. What has on understanding policies before launching a mobile changed rapidly in recent years is the program. It’s important to establish use of mobile devices for accessing the current with users the notion that the fun productivity and mission apps and data. infrastructure and and games they might indulge in with At the most fundamental level, the crafting a plan to personally owned devices are distinct data access policy must establish from the use of the devices on the job. whether the organization allows achieve mission- At the same time, well-plotted work data on personal devices, or driven goals. and well-executed policies can personal information on enterprise- enhance users’ work experience, distributed devices. Th e decision spurring collaboration, creating a depends on whether it can be done highly reliable network and providing safely, and that in turn depends on device performance that allows whether containerization software fl exibility in how, when and where is installed that sequesters diff erent users work. Policies also ensure classes of data from one another. that the organization’s data and Some solutions take this separation business processes remain secure down to the chip level, requiring while enhancing the service being reboots with separate logins to delivered to customers and other toggle between enterprise and end users through mobility. personal device “personalities.” Th e new BlackBerry Z10 supports Data Access Policy dual personalities running Today, nearly every organization simultaneously, accessed by certain has at least some workers using motions on the touch screen. >

7 CHAPTER TWO

Another option is to split app access On the other hand, it’s unlikely • Procedures for lost or stolen from data storage, so that no enterprise that a single type of device will be devices: Th e policy needs to data is ever stored on a device. In eff ect suitable for everyone. Traveling detail the steps that must take the mobile endpoint becomes a wireless staff , fi eld workers, receptionists, place should a user suspect that a thin client or terminal. Conversely, a tech support teams, fi nancial staff , device is irretrievably misplaced, containerized setup can let devices teleworkers — the list goes on — all including procedures for temporarily store data, with the proviso that the have requirements unique to their locking the device as well as organization confers on its IT shop the jobs. For that reason, an organization wiping all or part of its contents. means and authority to remotely wipe a will need to base its approved device device should that become necessary. list on a review of the services that Network Strategy It’s also possible to confi gure various devices will support. Upgrading the enterprise network devices so that specifi ed data cannot Whether to adopt a BYOD approach or will ensure that devices and apps be copied to other apps, such as supply all devices will also aff ect policy. perform well and that mobile workers Evernote or Dropbox, or copied or Th e IT and management teams will are productive — justifying the forwarded in any manner. In short, have to determine the level of support organization’s mobility investment. data access necessary to performance needed for mobile devices, whether It’s critical that network optimization of work must be accompanied by owned by users or by the organization. is not an afterthought because the policies — and then enforced in Th e options run the gamut: complete addition of mobile devices will burden confi gurations — to protect the data. support for all devices, support only the network. Once mobile-enabled, for an organization’s apps — and staff will more readily use bandwidth- Device Policies sometimes, no support. Few choose hungry apps. Without attention to Carefully crafted device policies the last option, because with support wireless segments, network service form a foundation for enterprise comes buy-in from users as well as overall may begin to degrade. mobility solutions. Having the right enhanced ability to enforce polices. To plan for the eff ects on network devices used correctly simply makes Some other items to cover include: traffi c, the IT department fi rst mobility work for both users and the IT • Passwords and certifi cates: For should conduct a survey of planned department that must administer them. example, passwords should have uses for mobile devices. Once this Th e policy should start with device a minimum level of strength and information has been gathered, the selection itself. Too much latitude should be changed regularly. team can conduct a site survey of the in allowable devices can complicate • Prohibited uses: Th e policy should existing network infrastructure. administration with multiple OSs and state clearly what uses are not Virtually all mobile devices have manufacturers. Popular collaboration allowed on mobile devices. Wi-Fi capability. Cellular carriers’ apps work on all three mainstream • Geographic restrictions: Using data plans favor the use of Wi-Fi in OSs — iOS, Android and Windows. But a technique called geo-fencing, two ways. Th ey don’t count data over porting custom enterprise apps to any device functionality can be limited to Wi-Fi against monthly data limits. Th e of these OSs may represent a cost prescribed locations, the monitoring carriers presume that uploads and the organization doesn’t want to take of which employs the devices’ downloads over Wi-Fi will ultimately on. Plus, many device control apps are own location services capability. use the organization’s (or the public specifi c to certain OSs and can therefore Certain apps may be allowed at Wi-Fi provider’s) wired infrastructure be a driver in setting device policies. the organization’s offi ces. as the primary data access means, so

DATA ACCESS MUST BE ACCOMPANIED BY POLICIES AND THEN ENFORCED IN CONFIGURATIONS TO PROTECT DATA.

8 CDW.COM/MOBILITYGUIDE | 800.800.4239

THE CYBERSECURITY FRONTIER? As organizations increase their use of In planning the security policy, also consider: mobile operating systems, the more Two-factor authentication: Th is will prevent likely these OSs will become malware access should a device fall into the wrong hands. targets. Th e Android OS market in Th e second factor, after a password, can be a particular has seen an biometric or a one-time-use password issued by exponential rise in malware. a security server delivered via text message. But to some degree, all mobile devices are Remote access: Th e ability to remotely access a susceptible to tampering and attack. One new device lets the IT team push security services hack method unique to mobile devices is a variant to devices so that all users remain compliant of email phishing — text phishing, in which with security policies. It also provides the ability dangerous links are embedded in SMS messages. to wipe a device in the event of loss or theft. For these reasons, organizations need Strict prohibition against jailbreaking: special mobile security policies to protect A jailbroken device (one that has been made enterprise assets against this new potential open to another carrier’s network) automatically vector of attack and data loss . nullifi es security controls. Th ankfully, an MDM Th e security policy should ensure that all devices tool can alert the IT team or security operations use mobile virtual private networks (VPNs) to center should a user jailbreak a device. access apps and data, and that no device without containerization (to separate enterprise and personal data) is allowed access in the fi rst place.

the data usage is already paid for. the quality of the expected traffi c. networks in the same way cellular Plus, the carriers sometimes Beyond sheer capacity, to fully carriers are adapting theirs. Namely, throttle down the cellular bandwidth support mobile apps, the wireless LAN the networks must become less available to piggish apps, so must also have app-awareness and focused on packet traffi c and more performance is worse for a given the ability to prioritize simultaneous focused on app performance. app on cellular than over Wi-Fi. traffi c. Th is allows latency-sensitive Optimizing networks for mobility All of this means, in addition to apps such as Voice over IP (VoIP) to requires ensuring the core network having policies that encourage the receive priority over apps such as meets four qualifi cations: use of Wi-Fi whenever possible for text messaging or email. It may be 1. A uniform user experience, cost and performance reasons, the necessary to upgrade the switching whether workers access resources IT department needs to give major and routing infrastructure to handle wirelessly or when plugged in attention to wireless infrastructure. both the volume and type of traffi c. 2. A unifi ed and fl attened (two- Th e site survey (along with a rough But here’s the crux of mobility: tier versus three) wireless idea of how many devices the IT team Boosting Wi-Fi capacity will buy LAN (WLAN) and core estimates will be in use at any given nothing if an organization fails to network architecture time) will likely reveal a need for expand the wired back end leading to 3. Orchestrated management more access points, some of which the data center. Continuous mobile to lessen the administrative may require more power than an connectivity requires high performance burden of provisioning users Ethernet cable can provide, or may at both the edge (the wireless LAN) 4. A routing and switching require two Ethernet connections. and the core (the wired network). infrastructure with quality-of- It’s also necessary to understand To accommodate the increase service capabilities suffi cient the mix of apps that will use the in traffi c resulting from mobility, to manage collaboration and network to gain understanding of organizations must adapt their geo-location-rich mobile apps „

9 CHAPTER THREE

Different Workers, Different Devices Device Categories Features and Options Choosing a Carrier

GETTING A HANDLE ON HARDWARE

here are so many mobile need at least two devices. For example, With a myriad of Tdevice options that choosing they might use an ultralight PC for or approving devices for users can enterprise apps and a smartphone for choices, the key is seem overwhelming at the start. email and telephony. Th e larger device selecting devices Ultimately, no single mobile device fi ts may be accompanied by a docking that meet both end- every worker and every use case. station or port connection for use Rather than starting with devices, with a standard monitor and keyboard user needs and it’s more useful to begin with the when in the offi ce, and it should have an organizational goals. users and their tasks. And the fi rst Ethernet port for when it is docked. question is: What will each core group Another common group is onsite but of workers do on a mobile basis? In highly mobile workers. Th ey typically this way, strategy will lead the device spend their time in the same location, selection and not the other way around. but don’t sit too long at a desk. Th ese jobs cover a diverse range of functions Diff erent Workers, such as IT, healthcare, construction, Diff erent Devices warehouse operations and food service. Some use cases are more obvious Workers in such positions need than others. Offi ce workers such persistent connectivity in a highly as sales and business development portable device, with a battery that people, marketing, fi nance and will stay charged through the length of accounting need access to multiple a shift. Th at’s why a growing number apps when in mobile mode. Th ey of organizations, particularly in retail, typically need devices that can present hospitality and food service, are putting materials or view and manipulate enterprise apps on tablets. Workers spreadsheets and documents. can then interact with people and apps, Th ese workers can range from entry- driving up both productivity and service. level to executive, and they likely will Field workers such as onsite customer

10 CDW.COM/MOBILITYGUIDE | 800.800.4239

installation and service representatives, storage of up to 128 gigabytes. Th ey capability. Th e Microsoft Surface delivery drivers, law enforcement are capable of running enterprise provides another approach. With its offi cers, inspectors and case workers apps, but they are only productive if 10.6-inch screen and running Windows 8, have device needs similar to those of the app interface has been optimized the Surface comes in two tablet formats mobile workers. But in addition to Wi-Fi for a small screen. Still, most workers (one being lighter and thinner; the other connectivity, they also tend to need who have to access data while on being heavier, faster and thicker with cellular service to transmit data from the move now have a smartphone more storage), which plug into a thin wherever they are, instantaneously. in addition to one of the following. keyboard that doubles as a cover. Often they are capturing sensitive or personal data, so apps may need to Tablets Netbooks be confi gured to not store data on the Th ese ultraportable devices Th ese mini-notebooks, from device. But at the same time, these tend to use the same OS and chip manufacturers such as Asus, HP and users might need additional storage architecture as their smartphone brand Lenovo, continue to hold their niche to handle local versions of codes, counterparts. It’s worth noting that in the marketplace. At $300 to $500, regulations and technical manuals. Th e some manufacturers, such as Microsoft they are low-cost devices designed choice of tablet or notebook will depend and Apple, have been converging their for basic offi ce productivity apps and partly on the input requirements. Are desktop and mobile OSs over time. email. Because these devices have these users checking off boxes in forms Tablets typically lack telephone conventional keyboards, use mice and or fi ling detailed text reports, which capability because of their size, with have displays up to 11 inches, they can would require a physical keyboard? screens in the 6- to 9-inch range, be ideal for teleworkers, offi ce workers After establishing each worker’s use making them awkward to use as a who travel occasionally or fi eld workers. case, the IT staff can then take the next phone held to the ear. But they can step: choosing the right device and OS. be equipped with Skype or similar apps for simple video conferencing Device Categories exchanges, and most of the latest It wasn’t all that long ago that tablets have front-facing cameras computers came in two basic styles: for full-fl edged video conferencing. clunky desktop and hefty portable. Tablets also have solid-state Desktop systems have evolved, disk drives, with capacities of up to but today’s incredible variety of 256GB. Smartphones and tablets, portable computing devices (with with no more than a fourth of regularly dropping prices) means the storage capacity of standard most workers have more than one. notebooks with terabyte drives, Here is a quick overview of are designed to work in conjunction current mobile device options, with data center or cloud storage. categorized by screen size. Th e largest smartphones, such as the Samsung Galaxy Note III with a 6.3-inch Smartphones screen, are getting close in size to the Although these are the smallest, smallest tablets, such as the Galaxy smartphones in some ways sparked the Tab with a 7.7-inch screen. Because mobile revolution. Th ese are essentially they are functionally similar, it becomes pocket-size computers equipped with a matter of user preference and use telecommunications. Th ey typically case whether to have one or both. have touch screens and either virtual or physical keyboards, and screens that Hybrid PC-tablets measure up to 5 inches diagonally. With touch screens, these “tweeners” Most smartphones use a descendent come in several styles. Among them of the original ARM reduced instruction is the highly ruggedized Panasonic set chip available from several Toughbook, heavy but weatherproof manufacturers, and have solid-state and drop-proof, with stylus input >

11 CHAPTER THREE

Ultrabooks Unlike ultrabooks, standard notebooks techniques and provisioning devices Th ese are full-size (11- to 15-inch) typically have built-in optical drives with available power-saving apps. notebook PCs that are substantially and multiple USB and other ports. Bluetooth: Th is feature remains lighter and thinner than standard Mainstream prices run from about $350 an important option for all types of notebooks. Apple pioneered the form to more than $1,500. By comparison, workers so they can use wireless factor with its MacBook Air, but now ultrabooks can run up to $2,000. headsets and portable keyboards. several manufacturers make ultrabooks. It is becoming less important for Th ey diff er from standard notebooks Features and Options printing as more organizations in having a metal shell that’s lighter While screen size tends to defi ne adopt mobile print solutions based but also more expensive to produce mobile device types, it also aff ects on Wi-Fi and cellular connectivity than plastic. Th e devices weigh the suitability for various tasks. through secure cloud services. between 2 and 4 pounds. Th ey have Many universal communication tasks Built-in cameras: Th ese devices fast processors, solid-state drives work fi ne on the smallest of screens, have largely replaced the need for up to 256GB and battery life of up to including email, one-to-one video many fi eld workers and offi ce workers 7 hours. Many feature long standby conferencing and messaging. to carry a separate digital camera. battery life (days or weeks as opposed Productivity apps may run on Front-facing cameras, including to hours) for instant- or always-on use. smartphones, but it’s not an eff ective those on notebooks and netbooks, Ultrabooks are popular with experience. Tablets, with nearly are required in enterprises that use traveling offi ce workers because they full-size keyboards, are somewhat video conferencing as part of their UC are lightweight. Th ey feature high- better, but the lack of mouse mobility off erings. HD video capability is defi nition displays and often high- support can make navigating some a nice-to-have feature for many offi ce quality sound suitable for presentations documents tricky. On the other hand, workers but could be critical for staff without external speakers. tablets are practically ideal when in the fi eld who gather video for needs it comes to form and data entry. as diverse as processing insurance Notebooks For example, offi ce workers handling claims or analyzing crime scenes. Notebook sales have exceeded or creating PowerPoint, Excel or Word Browser quality: Th e diff erences desktop sales for some time now, since documents will benefi t from larger between diff erent browsers on mobile catching up with them in performance. screens (9 inches at a minimum) with devices have narrowed. Browsers Full-range suppliers such as HP and a mouse and keyboard (or touchpad bundled with smartphones and Lenovo off er machines with screens and keyboard). For those who work tablets are optimized for each OS. that measure up to 17 inches diagonally, with engineering drawings, large So the choice might come down to with the fastest available processors maps, graphics or web design, the which browser the organization’s and graphics accelerators, coupled bigger the screen, the better. enterprise apps mainly use. with memory capacities of up to 16GB Other factors to consider include Connectivity options: Mobile devices and rotating hard drives of up to 1TB. the following: have a variety of connectivity options, Standard notebooks, although Battery life: Th is feature varies, ranging from Wi-Fi only (which might be heavy (weighing as much as 6 pounds) even on a single machine, depending suitable for mobile workers on a campus) compared with ultrabooks, are high on how it is used. It’s most critical to to 4G cellular. If offi ce and fi eld workers performers that can handle pretty much fi eld workers who may have diffi culty use high-bandwidth apps, 4G is a smart any computing task. Some models accessing AC outlets. Consider option now that the major carriers have have solid-state drives of up to 180GB. training users in battery conservation rolled out this capability. No Ethernet

MANY UNIVERSAL COMMUNICATION TASKS WORK FINE ON THE SMALLEST OF SCREENS, INCLUDING EMAIL, ONE-TO-ONE VIDEO CONFERENCING AND MESSAGING.

12 CDW.COM/MOBILITYGUIDE | 800.800.4239

adapters exist for iOS devices, although For international mobile travelers, Carriers off er much more fl exibility USB-to-Ethernet adapters may work devices using the Global System in voice and data plans for businesses, for a few other brands. A simpler for Mobile (GSM) Communications government, education and other solution for offi ce workers is to add a will have an easier time in Europe. institutions than they do for individuals Wi-Fi device to their offi ce LAN outlets. Th at’s the technology AT&T and and very small businesses. Th is is T-Mobile use. Verizon uses Code why it’s necessary to aggregate Choosing a Carrier Division Multiple Access for its 3G expected use of both voice and data, Broadband coverage in the United network, as does Sprint. CDMA by department or workgroup, or for States is continuously improving. is also found in parts of Asia. individual locations, before beginning But selecting a carrier is largely a In the past year, Apple, BlackBerry’s negotiations. Once underway, the matter of ensuring the organization Research In Motion and Samsung have organization must monitor actual use has coverage wherever its workers introduced a fl eet of new phones with so that it can adjust plans as needed. roam. In practice, most enterprises 4G LTE technology. Th e benefi ts of Don’t overlook bidirectional use two or more carriers, both for 4G speeds accrue when transmitting data in calculating data volumes coverage and for negotiating leverage. video or other large fi les. It’s still either. Also, don’t forget to consider Simple though that may sound, carrier possible to acquire 3G smartphones, services that users tend to use and selection is anything but once the IT and and some models include free plans. that can also drive cost, namely text network staff gets into the details of an But, it is important to note that not messaging and roaming charges. organization’s unique requirements. every user may need a smartphone. Customer service should also fi gure Another selection criterion is Very inexpensive phones can handle into the selection. Large organizations whether the carrier off ers devices email, text messaging and photo can insist on specifi c, assigned that the organization wants to gathering for workers who do not need individuals to help troubleshoot issues. procure. Verizon and AT&T support mobile access to enterprise apps. Th e service-level agreement (SLA) iOS, Android, Windows and BlackBerry Th ere are even specialized phone should detail support specifi cs. „ devices. In April 2013, T-Mobile devices. For example, there are Motorola added iPhones for the fi rst time. rugged phones with barcode readers, A third consideration is the physical keyboards and SIM cards network technology the carrier uses. for conversion to international use.

THE SECURITY DILEMMA In the early days of bring your own Devices should be encryption-enabled and capable device, when it was basically just of compartmentalizing enterprise applications and an idea, many large organizations data (to keep it separate from the user’s personal rejected BYOD programs out of contents) by using individual app containers or a hand because of security concerns secure folder for all organizational apps. An MDM associated with adopting consumer program will let the IT department ensure that devices. Th e exception tended to be each user employs strong passwords, both to BlackBerry devices because they had onboard access the device itself and to tap enterprise apps. email encryption and secure private networking It’s important, however, to set security policies for the transmission of email worldwide. before instituting BYOD. Th ese policies should Now mobile device security is a matter of prohibit jailbreaking or rooting and any other organizing the available security technologies unsafe practices, such as use of consumer cloud and making sure they work in conjunction with backup for the organization’s data and use of one another. Th is implies restricting device consumer data-sharing apps for the same data. choices to those that support such technologies.

13 WE GET MOBILE DEVICE MANAGEMENT

MANAGING RISK WITH MDM

n a 2011 IDC study, IT decision- When evaluating a mobile device I makers report that, on average, management solution, you’ll want to 34 percent of their employees examine your existing resources, policies, access business applications compliance and security to see how a from smartphones. But 69 percent solution needs to fi t in. You’ll likely need of employees surveyed indicated that one that provides quick, easy ways for they use their smartphones for business employees to get access to business activities. Why the discrepancy? Th e applications. You’ll have to fi gure out what diff erence is likely because many kinds of analytics and reporting options % 33 employees are bringing their own you’ll need. And that’s just the start: there devices to work, for work, whether are many other factors to consider as it’s formally permitted or not. you begin navigating your MDM options. Th e issue is not so much whether a With all of the diff erent variables, device is company issued or property it can seem daunting to choose a of the employee — it’s the fact that IT right-fi t solution for your unique % may be in the dark about who is using needs. Th ere’s a sea of mobile device mobile devices to access company management vendors that approach 33 data. Th ese portable devices can more the discipline in diff erent ways. But you PERCENTAGE OF easily be lost or stolen (relative to don’t have to do it alone. CDW can help. ORGANIZATIONS notebooks and especially desktops), can CDW has partnerships with the leaders ENGAGING IN “BRING link into private networks and perhaps in mobile device management. We’ll assist can even store sensitive information. you with selecting the best products for YOUR OWN DEVICE” Consequently, organizations need to your ever-changing mobile needs. Based INITIATIVES THAT manage devices, regardless of where on our deep expertise in this solution SAY THEY ARE they come from, and keep information area, our solution architects ask a series NOT COMPLETELY out of the hands of the wrong user. of questions that help uncover your CONFIDENT THEY To get in front of this unmanaged MDM requirements. Whether you turn to ARE EFFECTIVELY access to corporate information and us for an end-to-end services solution regain control of the mobile Wild or just a little extra help choosing the MANAGING RISKS. West, more and more organizations right solution, you’ll have experienced,

Source: 10 Lessons Learned From Early Adopters of Mobile are turning to mobile device knowledgeable professionals to Device Management Solutions, Forrester, September 2011 Reported by cmswire.com management (MDM) solutions. support you the entire way.

14 CDW.COM/MOBILITYGUIDE | 800.800.4239

76% PERCENTAGE OF

AirWatch provides a complete Enterprise Mobility Management (EMM) solution. Th e ORGANIZATIONS solution enables you to quickly enroll devices in your environment, confi gure and update SURVEYED THAT device settings over-the-air, securely distribute corporate content and resources and support personal devices accessing your corporate network, email and apps. ALLOW WORKERS TO USE PERSONAL MOBILE DEVICES FOR WORK RELATED TASKS.

Source: CDW IT Monitor, January 2012 Th e MobileIron Mobile IT platform secures and manages apps, docs and devices for global organizations. It supports both corporate-liable and individual-liable devices, off ering true multi-OS management across the leading mobile OS platforms. MobileIron is available as both an on-premises system through the MobileIron VSP and a cloud MOBILE DEVICE service through the MobileIron Connected Cloud. MANAGEMENT It’s easy to get overwhelmed when you’re dealing with your CDW.com/blackberry organization’s multiple mobile devices. Th at’s why we off er you Th e end-to-end BlackBerry solution helps workforces meet even the most rigorous more than just the products. We expectations — all on a wireless platform that has received security accreditations off er you the people and the plan globally. to turn them into real solutions. Th e BlackBerry product line includes the award-winning BlackBerry smartphone, software for businesses and accessories. BlackBerry products and services are used by Th e breadth and depth of our millions of customers around the world to stay connected to the people and content that product and service off erings are matter most throughout their day. extensive. And with decades of experience, our solution architects can help develop a plan that’s both manageable and practical.

MaaS360 is one of the fastest ways to enable mobile security for devices, applications and documents with real-time visibility, monitoring and automated enforcement from a secure, multitenant cloud platform. When securing your Mobile IT environment can’t wait, when you need launch-day support for new mobile OS platform releases and rolling updates, and when you demand a trusted provider of secure cloud mobility services for almost a decade, MaaS360 can deliver your solution right now.

LEARN MORE ABOUT MOBILE DEVICE MANAGEMENT AT CDW.COM/MOBILITY

15 WE GET ACTIVATION AND CONFIGURATION

PROCURE AND PROVISION FROM ANY CARRIER

DW partners off er a wide variety Selection: Depending on your C of carrier-agnostic technology organization’s policy, employees can options to ensure network access select from a full scope of mobile devices control, compliance, internal risk ranging from smartphones to tablets minimization, management and to notebooks from any manufacturer. support. Our account managers Cross-Carrier Activation: and solution architects will help you Activate devices with the carrier 95% pinpoint the roadmap for each vendor of your choice, and track expenses option, determining and prioritizing the and usage consistently across each right solution for your organization. carrier and every usage plan. % With the CDW Mobility Management Confi guration: Confi gure user 95 OF Portal, a cobranded procurement portal, profi les, geofencing, time-based ORGANIZATIONS you can manage all of the strategic profi les, account access, applications ALLOW and tactical components associated and content on each and every device. STAFF-OWNED with a successful procurement and Additionally, CDW will manage device SMARTPHONES provisioning program. Our automated kitting with company-specifi c literature AND TABLETS. process allows employees to order for end users, as well as laser etching for from a predefi ned catalog of mobile company logos and personalization. devices and accessories, perform Deployment and Delivery: No matter upgrades or make changes to how large or dispersed your organization, % 21 existing services — all in accordance our deployment professionals ensure with your governance policy. your mobile devices are carefully % Th e portal provides access to: loaded, tested and delivered to the ONLY 21 OF • Customized carrier inventory, appropriate users as well as provide ORGANIZATIONS contract terms ongoing support upon deployment. WILL INCREASE • Integrates into other INTERNAL STAFF procurement tools Your Trusted Advisor TO SUPPORT • Pre-approved ordering With a dedicated account team MORE END- simplifi es process and help desk, CDW off ers a single • Carrier negotiated discounts point of accountability and support USER DEVICES. • Real-time order status, for all of your mobility needs. Contact

Source: Cisco, IBSG Horizon Study, May 2012 ticket histories your CDW account manager or visit Source: Building the Case for a BYOD Program, Forrester Research, Inc, October 2012 • Management reports CDW.com/mobility to learn more.

16 CDW.COM/MOBILITYGUIDE | 800.800.4239

64% OF ORGANIZATIONS Sprint mobility solutions integrate wireless into your enterprise communications, ARE FOCUSED allowing complete productivity, tighter cost control and greater call redundancy and coverage. Your employees will be accessible and effi cient, since their desk calls can be ON BOLSTERING routed to their mobile phones, and you’ll lower costs by reducing PRIs, minimizing trunks MOBILITY SUPPORT and eliminating desks for the highly mobile. FOR EMPLOYEES, PARTNERS AND CUSTOMERS. Source: Benchmarking Your Enterprise Mobile Device Operations Initiatives and Plans, Forrester Research, Inc, October 2012.

Th e business with the best technology rules. Learn how Verizon Wireless provides powerful mobility communications solutions so you PORTAL POWER can maximize opportunities and own your market. Keep your business team productive and their mobile devices connected at all times with an always-accessible shared Th e CDW Mobility Management Internet connection from Verizon Wireless. Contact your CDW Mobile Wireless Specialist Portal and its related services for details, activation and support. are designed to be a custom administrative portal to help you manage security policies and compliance across your mobile user base. Featuring procurement and provisioning from any carrier, mobile expense

Mobility is transforming the way we work. Advances in wireless technology and smart management tools, and MDM devices are enabling organizations of every size to compress information latency and and BYOD support, the portal turn location-specifi c knowledge into an operational advantage. When enabled by creates a foundation for driving aff ordable and reliable mobile solutions, organizations can improve performance in cost control, speed and process quality. productivity and innovation With a fast mobile broadband network and a wide variety of mobile devices and through mobile applications. applications, AT&T can help you mobilize your business and change the way you perform functions.

Keep your organization and employees connected with the latest in mobility technology and services from T-Mobile. With advanced smartphone products and T-mobile’s account management tools, staying on top of your work and your budget has never been easier. CDW off ers T-Mobile’s latest hardware products and can even handle activation.

THERE’S MORE TO CDW TOTAL MOBILITY MANAGEMENT THAN OUR PORTAL. LEARN MORE ABOUT WHAT WE HAVE TO OFFER AT CDW.COM/MOBILITY

17 WE GET CONFIGURATION SERVICES

PRECONFIGURED I.T. SOLUTIONS SAVE YOU TIME AND MONEY

CDW Fast, Accurate and Convenient desktop PCs, notebooks, printers, With CDW’s confi guration services, smartphones and mobile carts. CONFIGURES you get the right solution to fi t your • Software Confi guration | Simplify OVER needs — right away. CDW’s highly trained, software deployment by having industry-certifi ed technicians build us install your operating system 800,000 solutions to your exact specifi cations, software and applications — and quickly and accurately, without confi gure the settings to your exact DEVICES delaying shipment. In fact, CDW can requirements — all prior to shipping. 800,000 EVERY YEAR usually install hardware and software, • Custom Imaging | We can test the installation and ship your preload your custom images onto order the same day it is placed. your systems so that all personal No downtime, no wasted resources settings, software and hardware and no need to hire outside consultants are ready for deployment when the o one likes to sacrifi ce productivity mean you save time and money — equipment arrives at your door. Nby taking talented in-house plus you enjoy faster deployment • Asset Management | Keeping IT staff away from mission-critical because your solution arrives fully track of your IT infrastructure projects to load software on new loaded and ready to be installed. can be a diffi cult endeavor; our PCs, tweak systems to conform to customized asset tagging makes network standards, or repackage A Full Spectrum of it simple. We can label every piece defective equipment to return Confi guration Services of hardware with a unique asset to the technology provider. CDW can partner with you to manage number, which can be easily tracked Instead, imagine being able to your IT implementation starting on online in your Account Center. open your delivery and unwrap day one and continuing throughout the “perfect” technology solution, the lifecycle of your technology CDW Delivers the Right already preconfi gured to your exact equipment. Our complete range of Confi gurations, Right to Your Door specifi cations and ready to plug and play. confi guration services include: Free up your IT resources — rely Th at’s exactly what happens when • Hardware Confi guration | We on CDW to make sure your new you rely on our Confi guration Services to can install the key components you technology is ready to go when it help you build a preconfi gured solution in need: memory, hard drives, ROM arrives at your door. Ask your account our state-of-the-art, ISO 9001:2000– drives, NIC cards, modems, video manager how CDW’s Confi guration certifi ed Confi guration Center. cards and other peripherals into your Services can make life easier for you.

18 CDW.COM/MOBILITYGUIDE | 800.800.4239

CDW.com/asus

Advanced ASUS design and engineering create extra-stylish and ultrathin artistic notebooks measuring under 1" in profi le to deliver a balance of advanced and powerful BY 2015, THERE WILL features, premium materials, artistic designs and great freedom of mobility. BE AN ESTIMATED 15 BILLION MOBILE DEVICES. CDW.com/lenovo Source: Cisco, Visual Networking (Index Forecast), June 2012.

Enter Lenovo. Th e Th ink brand is world-renowned for its security as well as reliability, durability, mobility and manageability. Lenovo has a full suite of products for all businesses CDW CONFIGURATION and organizations. From notebooks and tablets with innovative touch screens for on-the-go professionals. For more information log on to cdw.com/Lenovo TODAY. CENTER — GREAT NEWS FOR I.T. CDW’s Confi guration Center is one of the most advanced technology

CDW.com/hp confi guration centers in North America. With over 50,000 square feet of space in two cities, CDW, From powerful and secure notebooks to convertible tablet PCs, HP off ers a wide range can customize, confi gure, install of mobility solutions designed to keep businesses and organizations moving. Stay and implement technology connected anywhere with HP’s extensive wireless connectivity options and keep data products for just about every secure using HP ProtectTools security software. kind of network. So when you order from CDW, you get products confi gured the way you want them and ready to integrate into your CDW.com/samsung enterprise, right out of the box.

Samsung notebooks are made to fi t you and off er a wide range of mobility options to help meet all types of daily computing needs. Samsung’s notebook line off er the latest technology including Intel Core family processors and numerous confi guration options. Samsung’s netbook and tablet products off er an ultraportable option without sacrifi cing performance.

LEARN MORE AT CDW.COM/CONFIGURATION

19 WE GET APPLICATION MANAGEMENT

INITIALIZE THE RIGHT PLAN

anaging a growing number of environments and remote control to take Mmobile devices — and the apps over devices and see what users see. they contain — can be a daunting task. Today, workers are using their Mobile Application Management own phones to manage their work. MAM is a necessary component of an Th at means you have to manage a MDM solution. You should prepare for variety of operating systems. And a future mobile requirements by adopting growing number of mobile applications. technologies with strong application In addition, you have to off er mobile management and security features. An end users applications like email, MAM solution can also allow you to create calendars and contacts, not to mention, a secure container for organizational collaboration and social apps. And data and applications while sectioning now sales, CRM and HR apps have off sensitive information from the rest to be available too. Add these to the of the device’s operating system. personal applications on your team’s % devices, and you’ll fi nd that keeping Enterprise App Stores track of things can get a little hairy. Many organizations are deploying 82 Th e good news is, there’s an enterprise application storefronts to increasing number of sophisticated provide team members with access mobile management and security to a user-specifi c catalogue of mobile solutions that can help you keep tabs applications. Th ese internal app stores on your applications. Choosing the right are managed by MDM software and solution can help deliver applications provide a single point of distribution. version control while providing Th ese internal stores also allow for purchasing storefronts and security. managing the distribution of diff erent app THE PERCENTAGE versions based on specifi c department OF INFORMATION Mobile Device Management (MDM) needs. Access controls tied to your MDM provides over-the-air organization’s policies can simplify both WORKERS WHO confi guration tools to help administer and application and content distribution. CHOOSE THEIR OWN control device settings. It also provides Your CDW account manager and SMARTPHONES a real-time inventory of installed solution architects are ready to assist FOR WORK. applications and security confi guration. you with every phase of choosing And, troubleshooting and intelligence and leveraging the right mobile Source: Survey Staff s to Target Mobility Improvements, Forrester Report, April 25, 2012 enable staff to manage mobile solution for your IT environment.

20 CDW.COM/MOBILITYGUIDE | 800.800.4239

76.9 BILLION MOBILE APPS ARE EXPECTED TO Force.com is the cloud platform for creating and deploying social, mobile and real- time custom business apps for the social enterprise. Force.com apps extend to every BE DOWNLOADED department and employee, and can be built quickly and easily. Because there are no BY 2014. servers or software to buy or manage, companies can focus solely on building apps that include built-in social and mobile functionality, business processes, reporting and search. Source: IDC, Th e Applifi cation of Everything, 2010

MOBILE APP CDW.com/sap MANAGEMENT Notebooks. Smartphones. Tablets. SAP Afaria brings its device and application management solution to the cloud, providing It seems like every day there are a low-cost, high-returns model for deploying comprehensive enterprise mobile more and more mobile devices to strategy. You will get the app management, multi-OS and BYOD fl exibility that every business needs without losing robust on-premises features such as no-touch application keep track of. And with each of management, access to real-time analytics and centralized administration. those devices comes a diff erent operating system. Each using their own version of an application. So various users in various

CDW.com/trendmicro departments are using multiple versions of the same app. It sounds confusing because it is. You need a Trend Micro suggests companies embrace BYOD and consumerization with a strategy way to get a handle on the growing to reduce security risks, fi nancial exposure and management chaos. Th is strategy helps IT balance the risk against the benefi ts of consumerization with a solutions complexity. Putting a mobile infrastructure and BYOD program to help IT: Regain visibility and control by managing application management solution company data and limiting liabilities on personal devices, share corporate data in place can help you get control of confi dently with secure access, backup and fi le sharing, and protect data wherever it goes with context-aware security. your organization’s various apps. It also enables a more collaborative and productive workforce.

AirWatch provides a complete Enterprise Mobility Management (EMM) solution. Th e solution enables you to quickly enroll devices in your environment, confi gure and update device settings over-the-air, securely distribute corporate content and resources and support personal devices accessing your corporate network, email and apps.

SEE HOW WE CAN HELP YOU GET A HANDLE ON ALL OF IT AT CDW.COM/MOBILITY

21 CHAPTER FOUR

Acquiring Mobile Devices Mobile Device Management Expense and Telecom Management Security and Mobile Devices

MANAGING THE MOBILE FLEET

hat enterprise resource to critical information resources. IT departments Wplanning became to logistics Th erefore, the IT team must execute for large enterprise operations, mobile mobile device procurement carefully need to apply a device management is becoming for and in a manner that allows secure lifecycle approach to eff ective enterprise mobility use. device confi guration and tracking. administering mobile Today, IT departments are deploying MDM programs to acquire, issue, Mobile Device Management devices, starting provision and track users’ devices. Th e Choosing an MDM solution can with procurement. fi rst link in this management chain present a bigger challenge than choosing is acquiring the devices. the mobile devices themselves. As the mobility market has exploded, Acquiring Mobile Devices so has the sheer quantity of MDM Consumer demand has been the software from both startups and primary driver of mobile and portable established enterprise providers. computing device adoption in the Basically, MDM maintains awareness workplace. Although manufacturers of mobile devices and how they are continue to market these devices mainly being used. But more than that, it gives as consumer items, an organization the IT department the capability of doesn’t have to acquire them that way. distributing software to devices and of Th e price tag for an individual device disabling or wiping devices remotely may be small and inexpensive relative to should the need arise. MDM provides the a desktop computer or large peripheral, operational manifestation of mobility but when acquiring them by the policies, including those covering BYOD hundreds or thousands, mobile devices and cybersecurity. Most MDM packages represent a substantial investment. provide the IT team access to a solution’s More important, they are productivity functions through a web browser. tools in the hands of users and gateways Th e MDM solution should cover the

22 CDW.COM/MOBILITYGUIDE | 800.800.4239

DEVICE ACQUISITION FROM CDW

Th e major carriers off er enterprisewide, self-service Workers can easily add options, such as extra device ordering by an organization’s workers. CDW memory, if they anticipate using apps or can go one step further and customize the acquisition accessories that wouldn’t ordinarily be supplied process in ways that carriers may not be geared to do. by the organization — just as if they walked into a carrier’s store. Th e enterprise can maintain a CDW, for example, off ers comprehensive chain of custody for ensuring security and access services for device procurement and lifecycle controls. Digital ID certifi cates can be properly loaded management. As it does for other computing before devices actually get into users’ hands. resources, it will create an online procurement portal that covers multiple carriers, which Th e IT department should acquire organization- simplifi es administration for organizations. issued smartphones and tablets the same way it does desktops and other technology devices — that By entrusting procurement portal operations to a is, preburned with the enterprise software loaded, third party, the enterprise’s IT department can also be and affi xed with an asset code. CDW can perform less concerned about nonstandard or special orders these and other services, such as etching devices that typically require more time and resources. with the customer’s logo, at any of several secure, Plus, this approach can also support BYOD programs. ISO 9000–compliant confi guration centers. Users can log in to the portal regardless of whether they or the enterprise’s is paying for the device. By having BYOD workers purchase their devices this way, both they and the organization benefi t.

mobility lifecycle, from provisioning the ability to selectively wipe to remove typically off er multitenant cloud through deactivation of devices, while enterprise (but not personal) data or iterations in secure facilities. controlling app distribution and security the ability to disable memory cards. Whether to go with per-user or when devices are in use. Preferably, a Th e IT department may need to notify per-device licensing depends on the single MDM solution can encompass users that if the MDM agent detects any number of devices the organization the OSs for all devices used within an blacklisted apps, either the device won’t anticipates each user will carry. With organization — Android, BlackBerry, be allowed or the app will be removed. a high percentage of offi ce workers, iOS and Windows 8 at a minimum — When licensing MDM solutions, there more people are likely to have as leading packages from AirWatch, are two other basic decisions to be multiple devices, favoring a per-user MaaS360 and Citrix’s new XenMobile do. made: whether to go with a cloud or on- arrangement. But with mobile and fi eld BYOD creates special MDM demands, premises implementation, and whether to workers, who are more likely to have a and vendors have responded. Devices license on a per-user or per-device basis. single tablet or ultrabook, a per-device may come to the enterprise already If the organization anticipates a great license might be more economical. containing a user’s personal apps. Th e deal of customization or if total control is organization’s BYOD policy must protect to remain in the IT department, then an Expense and Telecom the individual’s data and privacy, as well on-premises setup may be preferred. Management as the enterprise network and data. Cloud service might be the optimal End-to-end management of a To support BYOD, an MDM approach for rapid deployment and mobility solution would be incomplete solution must, upon enrollment but fast scaling. AirWatch, for example, can without a clear and ongoing picture of before granting a device network handle more than 100,000 enterprise telecom expenses: voice minutes, data login privileges, download the devices. Th e cloud option may also usage and roaming. Plans vary, as do containerization app and other be more convenient for multiple- user behaviors. By actively monitoring protective measures. Th e tools include location organizations. MDM providers and continuously adjusting service, >

23 CHAPTER FOUR

Even so, with planning and MUST-HAVE MDM FUNCTIONS proper use of available tools, the IT department can establish FUNCTION WHAT IT DOES strong security for mobile workers and their devices. Enrollment/ Enrollment of mobile devices and It starts with understanding two authentication authentication using Active Directory principles. First, security eff orts or other credentials (MDM solutions need to be directed more at data often use a standard known as Simple and enterprise apps than at devices Certifi cate Enrollment Protocol themselves. Second, mobile devices to issue digital certifi cates.) require a diff erent approach to security than do desktop systems on a LAN. App provisioning Provision of devices with enterprise or Mobile devices tend to be always departmental software apps, including connected, must be reached wirelessly email and other collaboration tools, and need diff erent confi gurations along with confi guration for functions than their PC counterparts. such as contacts and calendaring A fundamental fi rst step is defi ning a policy regarding whether to store Security Enforcement of security policies (See the enterprise data on mobile devices. sidebar Why Jailbreaking Must Be Barred Many IT departments architect later in this chapter for more information.) systems such that certain classes of data cannot be stored locally after Remote management Remote diagnosis of problems and being used by an app. Coupled with access the ability to fi nd missing devices strong access controls, this approach through geo-location services ensures that if a device is lost or General management Privacy setting, software usage and license stolen, no unauthenticated user can monitoring, as well as the maintenance easily gain access, even if app icons of app whitelists and blacklists are visible on the device’s screen. But that alone doesn’t equal a Enterprise data A dashboard providing enterprisewide comprehensive security approach. usage data and audit reporting Users’ contact and calendar data, while less sensitive than other information that may be on the device temporarily, an enterprise can maximize its return and program and fi nance managers can also lead to problems if it falls into on telecommunications investments. — basically, anyone who oversees the wrong hands. Th erefore, at the Comprehensive MDM packages include expenses. Dashboards can ingest least, all device confi gurations should an expense management module, but carrier invoices for examination, as include lockout features. In some cases, there are also point products for the well as analytics. An organization it may be necessary to also enable iris express purpose of tracking costs. A will want to be able to aggregate or facial recognition as authentication third option comes from the carriers usage and expense data, and also drill mechanisms if the devices allow. themselves, who off er expense tracking down to individual devices if patterns All devices with onboard encryption and management as a service. indicate excessive or rogue usage. should have it enabled. Apple iOS and Because rates depend on volume, the newest versions of the Google an organization will want to match Security and Mobile Devices Android OS rely on strong Advanced a rate plan with each user’s or user Security is an important issue, Encryption Standard techniques. group’s actual consumption. At the particularly when cybersecurity threats For practical purposes, the AES same time, managers will want to limit against organizations come increasingly algorithm is uncrackable, but devices consumption to reasonable levels. from sophisticated groups who are are still vulnerable because of weak Expense management is best unifi ed pursuing theft of fi nancial or intellectual passwords and users’ susceptibility in a dashboard accessible by the IT team property rather than making mischief. to phishing attacks that ask for

24 CDW.COM/MOBILITYGUIDE | 800.800.4239

for smartphones and tablets) and one- EXPENSE time, random passwords generated by a remote server and sent via text MANAGEMENT message or viewed within an app. FROM CDW Finally, containerization is also critical and is becoming a de facto Some organizations choose standard for protecting enterprise to outsource expense data on mobile devices. It’s a way to administration to third parties. isolate enterprise apps and data on a CDW off ers this service as part device from a user’s personal material. of its mobility solution. Our Th e MDM solution can be confi gured experts focus on expenses to remotely erase selected data fi les — specifi cally, deciphering while leaving personal data intact. WHY and interpreting trends in Containerization takes three basic complex and highly detailed forms: JAILBREAKING carrier invoices. Th e CDW • Sandboxing: An encrypted MUST BE team will pinpoint areas for folder is created within a savings, ranging from reining device’s memory, into which the BARRED in users to negotiating lower organization’s apps and data fi t. rates for high-volume data • App-wrapping: Each app, along Although hackers have or voice usage based on a with associated data, receives fi gured out how to separate particular group’s needs. its own encrypted zone. smartphones from their native • Virtualization: By installing networks, so-called jailbreaking a hypervisor on the device, (iOS) and rooting (Android) personal or account information. all of the enterprise material pose serious security threats. Organizations’ principal tools against is, in eff ect, combined into Any mobile security policy such weaknesses are awareness a logical second device. must disallow these actions. campaigns and user training. Geo-fencing, yet another emerging Th e carrier associated with the Another key security layer, besides security technique, disables apps phone is an integral part of the on-device encryption, is the use of or whole devices if they leave (or data exchange between the mobile virtual private networks. VPNs enter) defi ned locations. Geo- phone and the organization’s establish a trusted, encrypted data fencing relies on smart devices’ network. Th erefore, channel between device and enterprise built-in Global Positioning System unauthorized switching of core networks over the Internet. programs. For example, a hotel chain carriers could disable the First used mainly by fi eld and mobile might want to disable apps used for workers, mobile VPN software is guest services once the user takes ability of enterprise servers fi nding its way onto the notebooks a tablet off the hotel property. to identify and authenticate and mobile devices of offi ce workers. Mobile devices have demonstrated a device. It could also allow Workers can use standard VPNs for vulnerability to malware, and instances side-loading, which is the remote login from a fi xed location, of mobile malware are rising rapidly. It installation of unregistered whether wired or wireless. But may arrive via phishing email and texts, or unlicensed software. mobile VPNs don’t time out or or through rogue apps or websites. QR Th e leading MDM packages codes also have become sources of disconnect if a user moves from can detect jailbroken phones, one wireless network to another. malware. Th e major antivirus makers wipe their contents and bar Consider two-factor authentication now off er specifi c mobility suites them from accessing the for users logging in via mobile VPNs that include antivirus software for organization’s network. (or any VPN, for that matter). Th e mobile OSs. Th ese suites sometimes options for the second factor include come bundled in deployment and biometrics (although biometric readers monitoring packages that perform are more readily available for PCs than as security-oriented MDMs. „

25 CHAPTER FIVE

Application Stores Mobile Application Management Security and Apps

ALL ABOUT THE APPS

he purpose of any computer, Th e choice of which apps to put Enterprise Twhether a smartphone or a on which devices depends mainly on supercomputer, is to run software. the type of work to be done on each applications are Mobile devices and their stand-alone device. Offi ce workers may need the full taking up a growing operating systems have brought bundle so they can read (and perhaps a renewed focus to applications. edit) documents. Mobile workers, who area of the mobile Today, organizations need to think might also have a cubicle and offi ce management through their app choices. somewhere, often can make do with dashboard. For an end-to-end mobility solution, the mission-specifi c apps in addition to IT management must choose the apps the communication and collaboration that will be part of the enterprise bundle programs. Field workers, in addition to as well as those that will be used only by their mission-specifi c apps, will likely specifi c users or groups of users. Th at’s need the collaboration apps and utilities. why apps fall into two general categories: Th e IT team can simplify • Enterprisewide: Th ese apps are used administration and provisioning by universally: email, offi ce productivity creating a single enterprise image tools, web browsers, social media containing everything except the interfaces and collaboration tools mission-specifi c apps. Each user such as SharePoint or Salesforce.com. would then choose from the app Also, the organization may include repository, with access based on role. utilities such as security, calendaring, Th e need to develop custom apps contact lists and photo libraries. for internal use has been decreasing • Mission-specifi c: Th ese apps, rapidly as the major software makers commercial or custom-developed, continue to develop mobile versions of serve a subset of users for a even complex software packages. For particular function, such as public-facing apps, not having mobile engineering or fi nance. versions creates a distinct competitive

26 CDW.COM/MOBILITYGUIDE | 800.800.4239

disadvantage for corporations and can refl ect poorly on government and MOBILE APP MANAGEMENT FUNCTIONS other public-serving organizations. For internal custom apps, not having a FUNCTION WHAT IT DOES mobile version can limit the utility (and therefore the ROI) of a mobility solution. Wrapping Secures third-party or in-house But a mobile app should not be apps by wrapping them in individual developed as a separate entity from the logical containers that prevent data web app being replicated for customers’ exfi ltration or interaction with blacklisted or constituents mobile devices. Instead, or even other whitelisted apps an organization should use an impending Delivery Automates confi guration, maintenance mobile rollout to modernize applications and updating, and maintains role- so they are endpoint-agnostic and based app bundles for diff erent types optimized for the unpredictable of workers who provision their own performance of public networks outside of the organization’s control. devices — in eff ect, orchestrating the pushing of apps to users once they log Application Stores in and authenticate their devices Self-service has spread to so many Store and remote Changes controls, removes and spheres, it’s almost hard to recall life management adds apps to the online library, and before people booked their own travel or removes apps remotely from devices paid their water bills online. In enterprise if the user has changed roles life, workers routinely encounter self- service apps for human resources, Authentication Controls downloads and users’ individual fi nancial and health benefi ts. And because and reporting app collections by authenticating nearly everyone is accustomed to users and devices, and generates downloading apps from popular online reports on downloads and usage stores, many organizations are deploying branded app stores so that workers can self-provision their mobile devices. Some MDM solution providers include app store modules, or an organization keep track of software licenses, and is for the security or fi nancial staff can use stand-alone tools to construct it must limit downloading of some to conduct periodic audits of the in- a store. Th e app store itself can work apps only to authorized users. house app store to ensure compliance via the web on desktop and notebook Managing licenses is critical so that the with all licensing agreements. systems or wirelessly on mobile devices. IT department can avoid underlicensing, How does an organization decide Users can download apps to their PCs and which can expose the organization to whether to establish a public-facing app then add them to mobile devices when payments and punitive fi nes from a store? Countless retail, transportation, they next sync, or they can load them license audit. A best practice, therefore, nonprofi t and educational organizations directly onto mobile devices wirelessly. > An enterprise app store should include a wide range of whitelisted companion apps that may also exist at consumer app DEVICE PROVISIONING stores. Th at will provide a convenience FROM CDW to users and help them avoid rogue apps, and it will ensure that the IT shop can CDW can deliver devices with provisioning tailored log the apps on each worker’s device. to each worker. Users simply take the device from But distinct diff erences exist its box, do an initial login to enroll and download their between public and private app identity certifi cates — and they are ready to go. stores. An organization’s store must

27 CHAPTER FIVE

off er mobile apps from their websites, Security and Apps Android apps because of the multiple but far fewer make them available at Safe mobility calls for a layered manufacturers of Android hardware — places such as the Apple App Store approach to security. To secure apps, the are susceptible to malware threats. or the Android Market. Th e decision IT team fi rst must make sure the devices App infections may come in via mobile depends on a combination of how themselves are handled securely. web browsers or links in phishing email many apps the organization off ers and An organization needs, at minimum, and texts. Th ey may come from apps whether revenue from commercial to take four actions should a device fall downloaded from unauthorized sites. apps will be enough to justify the out of security compliance. Th e MDM Occasionally, malware comes in by infrastructure to support the store. solution should warn the administrator, way of bugs exploited in the software send a message to the user with controlling the baseband cellular Mobile Application Management the action that must be taken, block communications processor on a device. An app store or download web page is the user’s access to email or other Mitigating these threats requires only one component in an organization’s enterprise apps until the situation is containerizing organizational apps mobile app management strategy. MAM remedied, and if necessary, remove or creating logical sandboxes on is emerging as a separate category of the organization’s apps and data. user devices and preventing cell- software alongside MDM, although the Plus, the IT department should wall crossover of personal data. major MDM vendors currently include have policies in place that enforce Security best practices MAM capabilities in their off erings. the use of strong passwords and should also take into account the But MAM is gaining prominence as device encryption. always-present threat of lost or mobile use continues to grow, because Still, a number of threats can stolen devices. Remote wiping of organizations have begun to realize that place apps at risk. All mobile apps enterprise apps and data should be app management is distinct from (even to some degree — but especially a fi rst — and not last — resort. „ if highly similar to) device management. Full-featured MAM solutions let an organization build an app store and equip it with device enrollment and HOW TO MANAGE certifi cate-issuing functions. Th e MULTIPLE EMAIL ACCOUNTS MAM also serves as the repository Most users have at least two email accounts, one for work and one for for app-use policies and as a mechanism for the IT department to personal messaging. But many people have more than two. Th e maintain whitelists and blacklists. security challenge becomes how to separate the organization’s email, Mobile apps have their own lifecycles, with its confi dential attachments, from someone’s Gmail or Internet distinct from the devices they run service provider accounts . on. MDM focuses on devices and Best practices for protecting enterprise email and its associated data their access to enterprise data; MAM include requiring device encryption before letting users access focuses on internally developed apps work email. being valuable intellectual property. Because each instance of a third-party Here are three other steps to take: app potentially represents a license, 1 Set the MAM program to prevent attachments from being opened each download must be logged and in unauthorized apps or by apps outside the container or sandbox. registered with the organization’s Also establish the reverse condition: No personal email or software asset management system. In addition to securing and pushing attachments may be opened in secured, organizational apps. apps to devices, most MAM programs 2 Disable the ability to copy and paste among email accounts also have a reach-back function to and to forward messages out of the enterprise account or into report on app usage, to fetch updates it from personal accounts. and apply them to apps, and to maintain confi gurations. MAM solutions also 3 Extend these restrictions to photos, links, fi les and attachments deliver analytics about whether and in workers’ personal social media accounts. how individual workers use given apps.

28 CHAPTER SIX

Assessment and Planning Controller-based Management and Monitoring Mobile VPNs Cloud and the Mobile Network Security and the Network

THE NETWORK: CONNECTING ALL THE DOTS

he enterprise network simultaneous access. In some Within the T supports all activities within situations, it’s wise to deploy two an organization. After spending two WLANs, one for the organization’s infrastructure, decades building out and optimizing own use and one for public use. Th at’s the rollout of an LANs and backhaul wired networks, one way of ensuring needed quality of IT staff s are turning serious attention service for both as well as adequate enterprise mobility to wireless LANs onsite and within security for enterprise data assets. solution requires a buildings. Th e rise of mobile computing Mobility support means thorough review of is driving WLAN investment, just as deployment of the 802.11n standard, WLAN technology is gaining speed. with a path toward upgrading to network services. 802.11ac (still to be fi nalized). Th e Assessment and Planning Wireless N standard tops out at a Early enterprise WLANs were theoretical rate of 600 megabits per confi ned to conference rooms and visitor second, while 11ac tops out at 1 gigabit areas, mainly for the use of guests with per second in multilink situations Wi-Fi–equipped notebooks. Now, most and many times that for a single users’ devices have wireless receivers. link. So far,802.11ac functionality Offi ce workers are less cubicle- is being slowly added to devices. bound. And organizations serving Before conducting a network site the public directly have a twofold survey, the IT and network teams will need for more wireless bandwidth. need an idea of anticipated upload Customers expect Wi-Fi, and more and download volumes, together apps depend on roaming workers with with a clear idea of the application wireless devices, typically tablets. mix to be supported on the WLAN. Th e result is a need for blanket For example, heavy streaming video coverage with suffi cient bandwidth or VoIP will require a hardier network to accommodate all devices requiring than one devoted mostly to email. >

29 CHAPTER SIX

Th e site survey should take into location in these types of environments. PLACEMENT OF account physical barriers, such as Wireless equipment manufacturers ACCESS POINTS kitchens or copy centers built in the such as Cisco Systems, along with WILL DEPEND middle of otherwise open fl oor space, third-party service providers, off er as well as stairwells, alcoves, furniture network planning and design services ON ANTENNA and so forth. Placement of access for their customers. Th is includes how VECTORS AND points (APs) will depend on antenna to confi gure and integrate a controller THROW DISTANCE, vectors and throw distance, and on so the IT shop can monitor what’s going the availability of Ethernet cabling on within the WLAN infrastructure. AND ON THE and possibly AC power. Assuming the AVAILABILITY location has at least fi rst-generation Controller-based Management OF ETHERNET Wi-Fi coverage already in place, the and Monitoring site survey should include a walkabout A wireless LAN controller lies CABLING AND to measure current signal strength. between the wireless APs and the POSSIBLY AC Organizations that have multiple backbone network. It enables the buildings at a single location or buildings network administrator to issue fi rmware POWER. with courtyards, patios or plazas where and security updates to the APs and people might work will need special to monitor the performance of the attention. Th e IT team will have to set WLAN. Th e controller enforces access signal coverage to avoid bleeding into and security policies with support for nearby public areas. Even on password- authentication processes and encryption. protected networks, best practice Th ere are two chief benefi ts of these dictates not broadcasting AP existence specialized appliances. Th ey ensure but still ensuring seamless coverage performance levels and availability of for workers moving from location to WLANs, and they simplify administration

30 CDW.COM/MOBILITYGUIDE | 800.800.4239

of WLAN installations that tend to grow in complexity as they scale for an increasing number of users. TIPS FOR Controllers typically take the form of a 1U or 2U rack or stand-alone TRAFFIC OPTIMIZATION appliance that plugs into the main switch chassis. High-end, enterprise- Getting the most from a wireless use and giving higher priority grade controllers, such as the Cisco LAN infrastructure starts with to types that can’t withstand 8500, can handle up to 6,000 APs understanding the traffi c on latency. Th erefore, adjusting and 64,000 clients representing one it. Some traffi c, particularly for video QoS may cause large or hundreds of small WLANs. streaming video, can quickly slight delays in the delivery Smaller controllers also come in blade consume most of the bandwidth of other types of traffi c. form factors for installation directly if not managed appropriately. in a switch cage. Some organizations But users are less likely to notice use multiple controllers, one each for Besides sheer byte volume, it’s those delays than if their video data, multimedia and guest traffi c. also helpful to understand the appears jittery or keeps stopping Newer controller models are nature of traffi c directionality. and starting. Achieving optimized for mobility — Brocade even For example, here are two optimum performance calls its devices “mobility controllers.” typical patterns: typically requires an iterative WLAN controllers support multiple process of data analysis • Video surveillance has and simultaneous VPN sessions. of apps and use patterns, numerous endpoints gathering Features also include roaming followed by adjustments in data and sending traffi c to from AP to AP without repeated the WLAN and policy settings, just a few others. Live digital reauthorization for a given user, which and then another round of playback is the opposite: a ensures fewer work interruptions. testing and analysis. Newer controllers also provide plenty few servers transmitting of headroom, with 10Gbps connections to many endpoints. Th ese IT departments can enhance between the controller and the are both multicast uses, but throughput on 802.11n WLANs backplane or WAN links, which helps under diff erent models. by using multiple-input, avoid degradation in WLAN traffi c rates. multiple-output technology. • Desktop collaboration occurs Controllers also monitor the APs, In some access points, MIMO under a many-to-many model, sensing if one fails and providing instant requires auxiliary power but usually at much smaller switchover to the nearest working one, beyond what is available data volumes than video. while sending an alert to the controller over the Ethernet cable, but web interface. Plus, they encompass Diff erent apps also have it raises the signal-to-noise location services that use third-party varying latency and packet- ratio, leaving more bandwidth software to help the IT team keep track loss tolerances. High-defi nition available for useful purposes. of mobile endpoints using 802.11 or telepresence is very sensitive Finally, don’t overlook radio frequency ID (RFID) technology. among video apps, but video multimedia extensions A second type of WLAN controller on demand is not as sensitive to the Wi-Fi protocol that is designed for branch offi ces. Under to these issues. Email, text prioritize Voice over IP these circumstances, the local messaging and data have higher and video. However, when APs connect to a WAN link at the tolerance for temporary glitches. organization’s data center via the employing them, be sure to controller. Should the WAN link fail, Most network switches reserve some bandwidth for local WLAN traffi c would continue. support quality of service by other apps under the “best- sensing the type of traffi c in eff ort” delivery category. Mobile VPNs If an organization wants its mobile workers to be as productive as

31 CHAPTER SIX

possible, it must equip them with motion could use a standard VPN, no longer off er shrink-wrapped mobile VPNs. Because it is encrypted, but it would require constantly or locally hosted versions. the connection between the device reestablishing the tunnel connection Th e organization is more likely to and the network acts logically as a and reauthentication, which is a drag host mission-critical apps or those private link, even though it actually on productivity and counter to the that directly aff ect customers and runs over the public Internet. idea of true mobility. Along the same constituents in private clouds – in their Mobile VPNs diff er from fi xed VPNs in lines, a mobile VPN can remain in own data centers. that they remain open as the endpoint operation on a notebook PC even if the Access gateways, such as Citrix moves from network to network. machine goes into sleep mode. Th is is Access Gateway and Microsoft Forefront Th e device (and the user operating important if a user needs to save battery Unifi ed Access Gateway, manage users’ it) can move among segments of a power during a work interruption. connections to remote resources. (Th e WLAN or between a WLAN and the Some solutions combine IPsec, term access gateway can also refer to cellular network. Remote or point- from which they derive the encryption products that control communications to-point VPN sessions terminate capabilities, with a mobile VPN among servers and storage.) Th ey let the if the device moves out of range of engineered to virtualize the IP addresses administrator set policies for remote and the WLAN segment through which so they don’t appear to change. mobile access at the application level. it made its initial connection. Th is approach can be awkward. Regular IP security (IPsec) and A better choice is a purpose-built Security and the Network browser-based Secure Sockets mobile VPN client. Th ese work at No organization should be running Layer (SSL) VPNs that serve Layer 4 of the network protocol stack, any security protocol on its WLANs that remote users well can’t tolerate enabling them to enforce security at predates the 256-bit Wi-Fi Protected the constant changes in bandwidth the application Layer 7 and the network Access 2 encryption standard. It’s that mobile devices encounter. Layer 3. Th e tech specifi cs can be a bit worth checking for old APs that might Th e distinction between “remote” complicated, so it is worth the time to have been overlooked by previous and “mobile” is an important one test mobile VPN client software in the updates and that use only the weaker to understand. In theory, a user in organization’s own environment. Wired Equivalency Privacy standard. Don’t overlook teleworkers who Cloud and the Mobile Network use their home routers to access the Organizations can look at how organization’s assets. Th ey should hide mobility and cloud computing interact their networks by turning off the identifi er in two ways. As described in Chapter broadcast, changing the default identifi er 4, enterprise mobility management and making sure encryption is enabled. can itself be a cloud application. Th is For use of public Wi-Fi hotspots, approach eases scaling up of mobile which typically send warning deployments in part by doing away messages that they are open and with separate management consoles unencrypted, use the MDM program for each type of device or OS. to verify that workers’ mobile devices But what about accessing cloud- default to encryption mode and use hosted enterprise IT resources using of VPNs when in these areas. CASE STUDY mobile devices? Many organizations While it can be discussed at many are using a combination of public levels, managing network security is WIRELESS and private clouds. In a typical setup, often a matter of layering in the basics: TOUCHDOWN they may use public, multitenant • Ensure all endpoints have the clouds for noncore apps. latest OS versions and patches. Learn how a premiere football Th e solutions provider NetApp • Use the newest encryption standards stadium upgraded its wireless defi nes these apps, such as email, on APs and enforce strong passwords. network to meet the mobile offi ce productivity or order entry, as • Use endpoint antivirus tools. needs of spectators: important but nondiff erentiators for • Maintain fi rewalls so that they CDW.com/mobilityguide1 an organization. Some are inherently are loaded with the latest cloud apps, and manufacturers threat signatures. „

32 CHAPTER SEVEN

Help Desk Options Warranty Services MDM Customization Services

PROVIDING A HELPING HAND

obile devices ultimately are they have purchased and set up to Along with hardware Mcomputers, and all computers meet their personal preferences. and software have support needs. Even so, based on the established and software Th ese devices have characteristics mobile policy, the IT team will need considerations, that require the specialized expertise of to be prepared to meet users’ needs the tech team, and possibly specialized and provide the expected support. organizations training and support for users. Given the broad adoption embracing mobility Th erefore, to help ensure the success of of mobile computing, wireless must also think a mobility rollout or an update to mobile infrastructure providers such as services, the IT team should include Cisco Systems off er certifi cation for through support planning for support from the beginning. supporting wireless technologies. implications. In addition to preparing the support Help Desk Options team, providing intuitive self-help will Any new device rollout will incur minimize help desk calls. Available an initial increase in help desk calls apps can provide help through FAQ or trouble tickets. Users might have documents and access to users of the concerns or issues when setting same devices or apps. Detailed online preferences on the devices, for walkthroughs of how to set up and instance, or when syncing them provision devices can also minimize the with desktop or enterprise services. number of people who need to escalate Some users might be unfamiliar with support to a trouble ticket or phone call. touch-screen devices or with the For app support, an organization mobile versions of enterprise apps. can establish a two-pronged strategy. For some organizations, the support First, it can provide tutorials and requirements are a chief reason other self-help options for common they opt for a BYOD program: Users commercial apps that have been made are likely to be familiar with devices available through an internal app store. >

33 CHAPTER SEVEN

Th at way, the organization can devote more IT resources to the support of WARRANTY SUPPORT FROM CDW enterprise and mission-critical apps, It’s possible to offl oad the administrative headaches of device whether commercial or customized. return, provisioning of replacements and getting devices back Clearly, a key question then into users’ hands. CDW, under its Total Mobility Management becomes whether to use staff services, can manage standard warranties for whatever devices an for help desk services or to organization issues. In addition, these services can be augmented outsource that requirement. Using staff lets the organization with options such as 24-hour emergency device replacement. choose its own people. But it’s also easy to underestimate the added load that a mobility deployment premises or use a cloud service, must have the capability of extending can create for the IT staff , given it also must decide whether its services to BYOD systems. When users devices that may be unfamiliar, the tech staff will run the program enroll their devices, they invoke policies burgeoning number of apps and the or whether to have a third party according to the MDM settings. In that wireless mesh infrastructure that remotely manage the MDM service. way, the devices’ security features and also requires monitoring and repair. Th e size of (and demands on) the other confi gurations are visible to the Outsourcing can be more economical IT team will be a factor. Considering IT team through the MDM interface. „ because of the economies of scale the amount of confi guration and the enterprise can leverage through monitoring involved with MDM, a service provider. By fashioning it might prove benefi cial to take an SLA that covers products and the managed services route. expected response times, the IT MDM as a managed service includes staff will not be adversely aff ected confi guration of security and wireless REMOTELY should support demands spike. access policies; setting, issuing and MANAGED MDM: Th e more sophisticated third-party tracking security certifi cates; and providers use data analytics based on creating individual and group profi les. CDW AT YOUR their experience with a wide range of It’s diffi cult to separate operational SERVICE devices and apps. By monitoring the control of the MDM from other As part of CDW’s Total Mobility organization’s mobile services and provisioning services and policy Management services, organizations comparing that against its data, the management because these are can opt for remotely managed mobile provider can quickly resolve problems as embodied in the MDM setup. Plus, device management services. they arise, as well as make adjustments the parameters constantly change on the fl y and notify the organization to meet evolving operational CDW works directly with multiple about the need for possible changes requirements. By engaging a partners who provide MDM solutions as well as with a wide range of before a service hiccup occurs. vendor to manage acquisition, carriers, alleviating the day-to-day provisioning and troubleshooting, an mobile administrative burdens on Warranty Services organization can streamline mobility an organization’s IT department. Manufacturers off er standard deployment and lifecycle support. warranties on mobile devices that Th e MDM solution’s delivery Some of the services off ered include: generally run from 90 days to 12 months, services can also include app and • Self-service procurement portal depending on the device and the related update pushes to devices • Help desk and remote MDM support manufacturer. Standard phone support from the organization’s secure portal. plans also vary, but generally run as Th ese MAM confi gurations, a subset • Expense management long as the parts and labor warranties. of MDM, are set to ensure each Visit CDW.com/mobility for more user’s device receives the correct information on our remotely MDM Customization Services collection of apps according to the managed MDM solutions Once the IT team has decided established user or group profi le. whether to host an MDM system on To be complete, an MDM system

34 Disclaimer Th e terms and conditions of product sales are limited to those contained on CDW’s website at CDW.com. Notice of objection to and rejec- tion of any additional or diff erent terms in any form delivered by customer is hereby given. For all products, services and off ers, CDW® reserves the right to make adjustments due to changing market conditions, product/service discontinuation, manufacturer price changes, errors in advertisements and other extenuat- ing circumstances. CDW®, CDW•G® and The Right Technology. Right Away.® are registered trademarks of CDW LLC. PEOPLE WHO GET IT™ Index is a trademark of CDW LLC. All other trademarks and registered trademarks are the sole property of their respective owners. CDW and the Circle of Service logo are registered trademarks of CDW LLC. Intel Trademark Acknowledgement: Celeron, Celeron Inside, Centrino, Centrino Inside, Core Inside, Intel, Intel Logo, Intel Atom, App categories ...... 26-27 Mobile device management (MDM) ...... 4, 9, Intel Atom Inside, Intel Core, Intel Inside, Intel 13, 22-25, 27, 28, 32, 34 Inside Logo, Intel Viiv, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, Ultrabook, Viiv Application portal/store ...... 6, 23, 34 Inside, vPro Inside, Xeon and Xeon Inside are Mobility roadmap ...... 5 trademarks of Intel Corporation in the U.S. and Bring your own device (BYOD) ...... 4-5, other countries. Intel’s processor ratings are not a measure of system performance. For more 8, 13, 22-23, 33-34 Netbooks ...... 11 information please see intel.com/go/rating. AMD Trademark Acknowledgement: AMD, the Carrier choice ...... 13 Network strategy...... 8-9 AMD Arrow, AMD Opteron, AMD Phenom, AMD Athlon, AMD Turion, AMD Sempron, AMD Geode, Cool ‘n’ Quiet and PowerNow! and combina- Cloud computing ...... 5, 11, 12, 13, 23, 32 Notebooks ...... 12 tions thereof are trademarks of Advanced Micro Devices, Inc. HP Smart Buy: HP Smart Buy Containerization ...... 5, 7, 9, 23, 25 Security, app...... 28 savings refl ected in advertised price. HP Smart Buy savings is based on a comparison of the HP Smart Buy price versus the standard list price Data access policy ...... 7-8 Security, mobile ...... 4-5, 9, 13, 24-25 of an identical product. Savings may vary based on channel and/or direct standard pricing. Th is document may not be reproduced or distributed Device acquisition ...... 22-23 Security, network ...... 32 for any reason. Federal law provides for severe and criminal penalties for the unauthorized Device features...... 12-13 Security policy ...... 9 reproduction and distribution of copyrighted materials. Criminal copyright infringement is investigated by the Federal Bureau of Investiga- Device policies ...... 8 Smartphones ...... 11 tion (FBI) and may constitute a felony with a maximum penalty of up to fi ve (5) years in prison Device user categories ...... 10-11 Tablets ...... 11 and/or a $250,000 fi ne. Title 17 U.S.C. Sections 501 and 506. Th is reference guide is designed to provide readers with information regarding Expense management ...... 23-24, 25 Traffi c optimization ...... 31 mobile solutions. CDW makes no warranty as to the accuracy or completeness of the infor- mation contained in this reference guide nor Geo-fencing...... 8, 25 Two-factor authentication ...... 9, 25 specifi c application by readers in making deci- sions regarding mobile solutions. Furthermore, Help desk ...... 5, 33-34 Ultrabooks ...... 12 CDW assumes no liability for compensatory, consequential or other damages arising out of or related to the use of this publication. Th e content Hybrid PC-tablets ...... 11 Virtual private network (VPN), contained in this publication represents the mobile ...... 9, 25, 31-32 views of the authors and not necessarily those Jailbreaking ...... 9, 13, 24, 25 of the publisher. Wireless assessment/planning ...... 29-30 ©2013 CDW LLC. All rights reserved. Mobile application management (MAM) ...... 6, 28, 34 Wireless LAN (WLAN) ...... 29-32

WLAN controller...... 30-31

35 JULY 2013 ABOUT THE CONTRIBUTORS

JASON BROWN is the Technical Field Mobility Solution Architect for CDW, helping inform customers about the ever-changing mobility landscape. He works closely with a team of internal and fi eld solution architects, assessing customer needs in all aspects of the mobility workplace. With over 18 years of technical experience, he brings a wealth of knowledge to the team, researching mobility updates from CDW vendor partners and helping provide successful solutions for education, healthcare, government and small, medium and large enterprise environments.

STEPHANIE SULT is a Mobility Solution Architect with CDW, specializing in the healthcare industry. In her role, Sult develops and implements comprehensive enterprise mobility solutions for CDW’s healthcare customers. She specializes in enterprise mobile management, mobile device management, carrier activation services, telecom expense management and mobility IT help desk services. Sult holds a bachelor’s degree in business administration from Saint Mary’s College (Ind.) and currently resides in Chicago.

LOOK INSIDE FOR MORE INFORMATION ON:

• Building out a holistic mobile strategy • Purchasing the right devices for workers’ job needs • Fine-tuning MDM to better meet organizational needs • Getting a handle on app management

SCAN THIS! Check out the CDW Technoliner and fi nd out when this tricked-out tech experience is coming to your city.

800.800.4239 | CDW.COM/MOBILITYGUIDE 130620 121836