Unified Endpoint Management

Security and Productivity for the Mobile Enterprise

Citrix.com 1 The workplace has evolved from stationary EMM has the potential to manage and secure employees working on IT distributed Windows more than one billion Windows 10 devices work desktops and laptops to mobile users over the next several years as more and more playing and working on personal roaming lap- organizations make the transition to the new tops, tablets and smart phones. Ten years ago OS. Organizations moving into a more mobile, client management tools (CMT) such as Mic- global era should consider seriously whether rosoft SCCM and LANDESK were the enter- a partial or total transition from separate CMT prise choice for managing scores, hundreds or and EMM platforms to a single UEM tool such thousands of IT distributed Windows systems. as Citrix XenMobile makes sense for them. In an era of mobility, BYOD and the Internet of Things (IoT), however, client management In the next few years, organizations will also tools (CMT) must evolve. need to extend unified management solutions to cover the emerging enterprise Internet of Instead, for a growing number of IT organi- Things (IoT), including sensors, beacons and zations, the future lies in Unified Endpoint other similar devices. Luckily, EMM solutions Management (UEM), which combines CMT such as Citrix XenMobile have been moving with EMM (Enterprise Mobility Management) forward to encompass IoT devices as well. providing a single pane of glass to manage and secure, devices and operating systems, Why EMM whether laptops, smart phones, tablets or There are many reasons why UEM via EMM any other device. Increasingly, UEM means makes sense for a lot of organizations. EMM, with the user, rather than the individual device as the management focus. For users, Symplicity CMT and EMM tools have signifi- UEM helps enable a single unified workspace cantly different ways of working, and, for with easy, consistent collaboration and infor- many organizations, require a separate set of mation access from any device. staff and training for each. It’s a no brainer that managing all devices from a single pane In the next few years, many analysts believe of glass makes more logical business sense. that organizations will employ EMM systems Not only is it less expensive to invest in a to manage PC’s and Macs. This means that single management tool than two or three but

This means that EMM has the potential to manage and secure more than one billion Windows 10 devices over the next several years as more and more organizations make the transition to the new OS.

Citrix.com | White Paper | Unified Endpoint Management 2 significant operational savings can come in be administered by an EMM solution such as OS and applications updates were much less reduced staff resources and training, allowing XenMobile. frequent a few years ago and very time and organizations to leverage existing staff for resource intensive and LAN dependent. Mo- more strategic purposes. Mobile Friendly Management Conceived at a bile operating systems today tend to run on a time when devices were stationary, corporate cloud service model with much smaller, more Consistency in management, security and distributed, and mostly connected to the frequent updates, which makes a lot more usability is important for enterprise user enterprise LAN, CMT tools required desktops sense for the roaming mobile user. productivity and information protection. Even and laptops to be LAN connected and joined small unintended differences in security and to an enterprise domain with a set of group Containerization One of the ways EMM and management policies among devices, appli- policy objects for initial configuration and mobile OS API’s enable BYOD and corporate cations and information can expose holes in subsequent management to take place. A owned, personally enabled (COPE) workstyles the security infrastructure that allow hackers user could not typically connect, configure is through containerization. Using application and malware to penetrate the organization. and upgrade his or her own device. This was wrapping, encryption and other similar meth- Consistency in mobile access to applications the job of IT, which acted as the ultimate ods, IT can separate corporate and personal and information is also important for user super user. applications and data on the device such productivity. UEM offers consistency in sev- that interactions among them are disabled eral ways: With legacy CMT solutions, IT spends a lot or restricted according to enterprise security of time creating one or a few sets of custom policies. •It’s inherently easier to implement a single system images and pushing them over the set of enterprise management and security LAN to a few, scores, or hundreds of network Containerization accomplishes both malware policies across all devices and users with a connected desktops and laptops, or uses an protection and Data Leakage Prevention single UEM solution than with two separate image deployment service for up to $25 per (DLP). Since enterprise and personal appli- sets of tools. system. With such a methodology, bringing cations and data on the device are walled a new device on board or replacing a lost or off from each other, any malware download- •User helpdesk services and system trouble- stolen laptop with all the requisite appli- ed with personal applications or browsing shooting are more consistent with a single cations are resource and time consuming has no impact on containerized enterprise management platform, and with operating processes that hamper user productivity. applications and cannot be transmitted to the systems, such as Windows 10, that are them- CMT application distribution is also IT centric, enterprise network when the device con- selves have more consistent interfaces across requiring complex distribution packages. nects. Most EMM solutions such as XenMobile different types of devices. enforce this separation as well with per app By contrast, EMM API’s and tools such as virtual private network (VPN) connections ac- •Reporting is obviously easier and more Citrix XenMobile were designed from day one tivated automatically when certain enterprise comprehensive with a single platform, which to support roaming, wirelessly connected mo- applications connect to the corporate LAN. can be useful when planning and calculating bile users on their chosen devices. Users can Per app VPN’s connect a single application, the costs of hardware and software upgrades acquire a device with the vendor configured rather than the entire device, shutting out any or refreshes. operating system and applications and use an malware from personal application use. enterprise EMM portal and configuration app •Windows 10 introduces its own consistency to enroll and configure their device them- Similarly, most operating system API’s and with a common operating system, application selves over the air according to corporate EMM systems allow IT to configure and en- development tools and set of API’s across settings and policies --all with little to no IT force a number of policies that regulate users’ desktop and mobile devices. Users can get all touch or help. ability to cut and paste data from enterprise their devices’ applications from a single se- to personal applications, paste or attach cure, corporate approved app store and work Users can also use a corporate app store enterprise data or files to personal email with enterprise applications and information portal to download and install IT preapproved messages, and print files containing sensitive both on their devices and the corporate net- applications. Cloud SaaS and virtual appli- data. work in a much more consistent way. cations have become much more prevalent in the enterprise, so in many cases applica- With Windows 10 laptops, desktops and •Microsoft recently announced the Centennial tions don’t have to be downloaded at all. If EMM, containerization can be accomplished App Converter, which will convert even legacy necessary, IT can still push out applications via digital rights management through the Win32 apps into the Universal Windows and updates to hundreds of globally roaming enforcement of Bitlocker encryption of all Platform apps, so organizations can add them devices. enterprise applications and data. IT can then to the Windows app store, where they can leverage policies that prevent users from

Citrix.com | White Paper | Unified Endpoint Management 3 cutting and pasting encrypted content into organizing mobile collaboration and business online meetings and phone conference links unmanaged applications not using BitLocker processes across globally dispersed teams. in new meeting invitations and joining online encryption, including personal email client meetings via a single touch. software. Any data downloaded from services Citrix XenMobile is providing increasing such as SharePoint or a shared network are support for all operating system enterprise Secure Mail integrates tightly with XenMo- also encrypted. Thanks to Centennial, con- management API’s as they are introduced and bile’s Secure Web mobile app, so that all email tainerization can be accomplished with legacy adds its own unique capabilities that deliver Web links are opened in a secure, sandboxed Win32 applications as well. management consistency across device oper- web browser environment. Secure Mail also ating systems. These include full FIPS 140-2 integrates tightly with Citrix’s own ShareFile Windows 10 delivers many other critical compliant AES 256-bit encryption, its own file sharing application, which is discussed enterprise management features IT needs MDX containerization features on top of those below, so that ShareFile links rather than file across devices. IT can push down and enforce offered by operating system API’s and its own attachments can be embedded in emails for a raft of policies and settings, enforce pass- toolkit and SDK for wrapping individual appli- tighter control over content sharing. word and encryption, enable self-enrollment cations with the policies and containerization of new devices through Azure Active Direc- strategies necessary to protect their associ- Secure Web is a secure browser alternative tory or a third party EMM solution, manage ated sensitive information. This is important that IT can use to place policies and restric- corporate provisioned apps separately from as XenMobile provides a seamless, productive tions on Web browsing, particularly when user installed apps, distribute Windows 32 experience for the user at the same time as it connecting to the corporate network and apps via .msi packages, enforce and deploy provides consistent, necessary protections for intranet. Organizations can apply policies that updates, and prevent access to dangerous the enterprise. govern which websites users can and cannot Web sites, all without having to touch the access, what enterprise firewall proxies are device connecting it to the enterprise LAN. XenMobile also offers its own mobile enter- used to access them, and can analyze and Any Win32 application that can’t be leveraged prise level Secure applications, such as Secure filter URL’s to ensure they’re safe. this way can be deployed to mobile devices Mail and Secure Web, across iOS, Android and via desktop virtualization using solutions such Windows 10 mobile and desktop systems and ShareFile is XenMobile’s enterprise-class as Citrix XenApp and Xen Desktop. While the devices. secure mobile file sync and share application, full breadth of management features may not which provides the same or better features equal those offered by CMT, the most critical Secure Mail is an enterprise email client and and convenience than consumer friendly and widely used management capabilities are personal information manager with a user Box and DropBox, but with enterprise-lev- there and will continue to evolve. friendly interface much like those of device el security and management. Rather than native email client solutions, but with scores forcing users to store all information in the Windows 10 Redstone 1 update added new of additional features that enhance security cloud, organizations can leverage ShareFile management features and more will be added and usability in an enterprise setting. Storage Zones to store shared files either with Redstone 2, due for Spring 2017. on-premises behind the firewall, in the With Secure Mail, all corporate email, Citrix ShareFile cloud service, or in another With OS X Lion, Apple also started giving the contacts, and calendar items are stored public cloud storage service of their choice. desktop operating system most of the same completely separate from the personal ShareFile can store files on internal CIF policy based, self-enrollment management applications on the device. Secure Mail can based network storage systems and provides API’s as iOS and more will come with macOS be accessed via single sign-on after the user connectors for Windows network shares and Sierra. logs into Secure Hub, and offers multifactor Microsoft SharePoint so that files don’t have authentication, remote wipe, and encryption to be migrated to another service in order to The Citrix UEM Solution in transit and at rest. IT can also enforce re- be shared. Citrix is the only EMM provider with a full, strictions on email attachments, and printing integrated UEM suite that includes Citrix Xen- and cutting and pasting of information from Secure Forms is Citrix’s easy-to-use full-fea- Mobile for UEM across all iOS, Google Android other applications into emails. tured drag and drop solution that novices and Windows 10 devices, including desktops can use to create, populate and store mobile and notebooks. Citrix also offers XenApp Secure Mail integrates with organizations’ forms-based applications running on a variety and Xen Desktop for Windows desktop and existing data leakage prevention (DLP) tools, of devices. Secure Forms helps organizations application virtualization; a full IoT integra- which monitor and restrict content sent out in digitize and automate manual workflows and tion, automation and messaging platform via enterprise emails. Secure Mail also offers out- processes rapidly and eliminate double data its Octoblu acquisition; and Podio, a powerful standing convenience features, such as view- entry and paperwork in the field. And perhaps and highly flexible Web based platform for ing availability of meeting invitees, including most important, Secure Forms leverages

Citrix.com | White Paper | Unified Endpoint Management 4 With Windows 10 and macOS Sierra, Enterprise Mobility Manage- ment Solutions can deliver a single Unified Endpoint Manage- ment capability for all mobile users, devices and applications.

all the powerful security and management Podio adds a powerful, free enterprise cloud features of Citrix XenMobile to protect and based mobile collaboration platform combin- secure enterprise data and integrates seam- ing team conversations, processes and con- lessly with other XenMobile functions and tent sharing and integrates tightly with Citrix productivity applications. XenMobile security and management. Podio provides equivalent or better collaboration Finally, organizations can use Secure Hub capabilities than enterprise solutions costing (the XenMobile enterprise app) to provide tens of thousands of dollars. access to Secure apps, other mobile apps (either commercial third-party or enterprise With Windows 10 and macOS Sierra, Enter- developed), Web and SaaS services, and even prise Mobility Management Solutions can Windows desktops and applications based on deliver a single Unified Endpoint Management Active Directory group policies. capability for all mobile users, devices and applications. Enterprises should examine Octoblu Citrix is unique in offering an these solutions closely to see if UEM can not integrated IoT automation, monitoring and only simplify and slash the cost of managing, analysis tool named Octoblu. With Octob- securing and simplifying the mobile work- lu, Citrix extends mobility management to place, but take the mobile enterprise into the the emerging IoT enabled workplace where era of IoT. Only Citrix offers a complete UEM context-aware environments synthesize data solution that includes integrated manage- from many different sources to respond to ment, security, application and desktop virtu- the needs of the user, increasing workplace alization, mobile collaboration and enterprise efficiency and productivity. Octoblu software IoT enablement. With Citrix solutions, the can be used to create workplace automation enterprise can realize the dream of the single services such as launching a personalized integrated mobile workspace. desktop when a user approaches a worksta- tion; adjusting heating, cooling and lighting and starting GoToMeeting or Skype for Busi- ness meeting when staff enters a conference room; and using beacons to connect user automatically to nearby printers. The IoT possibilities are limitless.

Enterprise Sales North America | 800-424-8749 Worldwide | +1 408-790-8000

Locations Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309 United States Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054 United States

Copyright© 2016 Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Office and in other countries. All other marks are the property of their respective owner/s.

Citrix.com | White Paper | Unified Endpoint Management 5