Overview of Mobile Device Manager
System Center Mobile Device Manager is a Microsoft technology that helps Windows Mobile 6.1 devices work within the IT infrastructure of a company as trusted and managed members of the enterprise with minimal effect on existing infrastructure. Thus, you can provide your mobile workforce security-enhanced, authenticated access to business-sensitive, business-critical data that you might not allow for unmanaged devices.
To achieve this level of management, MDM includes features that extend Windows Mobile and Windows Server platforms. The MDM architecture is based on open industry standards that provide the following: specialized device management (Open Mobile Alliance Device Management); authenticated and encrypted communications, including Internet Protocol security, Internet Key Exchange (IKE) version 2, and IKEv2 Mobility and Multihoming. When you use these standards together with Windows Server platform services, such as Group Policy and Windows Server Update Services (WSUS), you have a consistent, scalable solution for Windows Mobile device management in the enterprise.
MDM offers features that coexist with your existing infrastructure and resources to bring devices into a managed, authenticated state, including the following areas:
- Network connectivity
- Device management
- Connectivity optimization
Cellular wireless connectivity is improving constantly but still lags behind the network connectivity that is available in a Wi-Fi (802.1 X)–enabled enterprise network. Cellular connections are bandwidth constricted, subject to high error rates, and prone to delay and "jitter" (delay variation). MDM can manage Windows Mobile devices across various network bandwidths and conditions, ranging from speed-limited cellular networks up to full Wi-Fi connections. MDM does the following:
- Addresses the complexities and challenges of Network Address Translation (NAT), especially when encountered in an IPsec-based application.
- Manages mobility and roaming managed devices that may change their IP addresses during a session.
- Improves the user experience by keeping the underlying infrastructure transparent.
- Allows for and manages the low bandwidth available to a mobile device.
The data that mobile devices can access is becoming more business-sensitive as mobile applications and the devices themselves become more powerful. Therefore, it is increasingly important to help protect the way devices access the IT services, settings, and architecture of a company. MDM provides the following key security-related features to managed devices:
- Encrypted access to e-mail messages and line-of-business (LOB) applications through the Internet
- Active Directory Domain Services authenticated network access
- Device inventory and health inspection
- Application approval and blocking by using Active Directory Group Policy
- Remote device wipe to remove sensitive data from lost, stolen, or compromised devices
For full acceptance of mobile devices in the enterprise, you must be able to manage them as you do other computers, portable computers, and servers. Devices must be able to follow the security and operating policies of a company. Until recently, creating and enforcing a standard policy across many devices has been difficult or impossible. Device users were able to modify device settings that could result in compromising the data that is stored on their devices. For example, a user could remove password protection, which would allow unauthorized users access to stored data if the device were lost or stolen.
In MDM, a device is enrolled in a controlled and managed process to become a trusted device and a member of the Active Directory domain. Then, as with any computer or server, membership in the domain provides manageability. If needed, MDM lets you block a device from enrolling.
MDM lets you manage Windows Mobile devices in a manner that resembles portable business computers by using Group Policy and MDM software distribution, built upon WSUS, to make sure that devices follow the required policies and apply software package updates. Additionally, MDM lets you manage device loss or theft in an appropriate and timely manner.
All mobile devices are restricted with regard to battery power and network bandwidth. Make sure that any service that uses a Windows Mobile device is aware of the effect that this service will have in a mobile environment. MDM uses several techniques and technologies to address these limitations specifically:
- Traffic aggregation: Constant network communication will drain a device battery. Therefore, MDM aggregates policy and software packages and issues them as one update the next time that the device connects to the company network. A configuration schedule sets the connection frequency.
- Stable network address: MDM provides a stable internal IP address to a device so that an application can easily maintain a persistent connection as the device moves around in the network.
- Data caching: MDM collects, validates, and caches information about a device. The operating system can resolve future queries from the cache, minimizing communication with the device.
- Roaming state awareness: You can configure the MDM client component of Windows Mobile devices to reduce device communications based on network connection profiles. This can be useful for turning off MDM communications when the device should not communicate with MDM, such as when the device is subject to roaming charges.
For more information about new features in MDM 2008 SP1, see What's New in Mobile Device Manager 2008 SP1.
For more information about Windows Mobile devices, see the Windows Mobile Web site: http://go.microsoft.com/fwlink/?LinkId=108529.
For more information about Windows Mobile devices for an enterprise, see this Windows Mobile Web site: http://go.microsoft.com/fwlink/?LinkId=108530.
For more information about the Windows Mobile device Enterprise Resource Kit, see the Windows Enterprise Resource Kit Web site: http://go.microsoft.com/fwlink/?LinkId=108531.
For more information about Windows Server Update Services, see the WSUS Web site: http://go.microsoft.com/fwlink/?LinkID=105608.