构想 BYOD 基础架构解决方案Envisioning the BYOD infrastructure solution

在清晰地定义了要解决的 BYOD 问题之后,你可以开始定义此问题的解决方案,并定义解决方案的详细要求。After clearly defining the BYOD problem you are trying to solve, you can begin to define a solution to the problem and define detailed requirements for the solution.

解决方案定义Solution definition

若要解决以前发现的问题,并帮助组织鼓励用户自带设备办公,并使用它们访问公司数据,则公司必须从以设备为中心的 IT 方法转换为以人为中心的 IT 方法。To solve the problems previously identified and assist organizations to encourage users to bring their own devices to work and access corporate data with their devices, a company must switch from a device-centric IT approach to a people-centric IT approach. 若要定义你自己的 BYOD 基础结构解决方案以达到以下目的,可以使用本指南中的设计注意事项:The design considerations in this guide can be used when defining your own BYOD infrastructure solution to:

  • 使用户能够灵活地使用他们自己的设备来访问企业应用和数据。Provide users the flexibility to use their own devices to access corporate apps and data.
  • 管理从本地和云访问公司资源的设备。Manage devices that are accessing corporate resources when on-premises and from the cloud.
  • 通过使用加密和信息保护防止未经授权的本地访问,使 IT 部门能够保护存储在设备上的数据,并且能够在设备丢失或停用,或者员工离职时,通过 Internet 远程擦除公司数据。Enable an IT department to protect corporate data stored on devices by using encryption and information protection to safeguard against unauthorized local access, and remotely wiping corporate data over the Internet when a device is lost or retired, or during an employee’s termination process.
  • 当用户从本地和云访问资源时为其提供通用标识。Provide users a common identity when they are accessing resources when on-premises and from the cloud.
  • 使 IT 部门能够管理多个标识,并使信息在不同的环境之间保持同步。Enable IT to manage multiple identities and keep information in sync across different environments.
  • 支持企业身份验证服务,例如多重身份验证和单一登录。Enable enterprise authentication services such as multi-factor authentication and single sign-on.
  • 提供信息的安全性和符合性活动,例如符合性认证。Provide for information security and compliance activities such as attestation of compliance.

解决方案要求Solution requirements

在允许用户自带设备访问公司的资源之前,必须先修改现有基础结构的技术功能。Before enabling users to bring their own devices and have access to a company’s resources, the existing infrastructure’s technical capabilities must be revised. 此修改旨在了解此新模型的解决方案要求是否已存在,或者是否必须引入新的技术来解决该问题。The goal of this revision is to understand if the solution requirements for this new model are already in place or if new technologies must be introduced to resolve the problem. 若要进行修改,则必须先针对环境定义大量的要求和约束。You must first define a number of requirements for doing so, as well as the constraints for the environment. 一些要求和约束由功能的使用者定义;其他要求和约束由你的现有环境定义,包括现有的技术能力、服务、策略和过程。Some of the requirements and constraints are defined by the consumers of the capabilities; others are defined by your existing environment, in terms of existing technical capabilities, services, policies, and processes.

确定要求、约束和设计以使用户能够从其托管的设备访问公司资源是一个关键的过程。Determining the requirements, constraints, and design to allow users to have access to company resources from their managed devices is a key process. 环境的初始要求和约束可能会引起初始设计无法满足所有初始要求,因而需要对初始要求和后续设计进行更改。Initial requirements, coupled with the constraints of your environment, may drive an initial design that cannot meet all of the initial requirements, necessitating changes to the initial requirements and subsequent design. 在最终确定要求和设计之前,在要求和解决方案设计的定义中进行多次迭代是必要的。Multiple iterations through the definition of requirements and the solution design are necessary before finalizing the requirements and the design. 因此,你将会反复地浏览本指南。Therefore, do not expect that your first run through this guide will be your last. 你可能会发现,在该过程的前期作出的决策排除了在该过程后期中对你而言更可取的方法。You might find that decisions you make early in the process exclude more preferred options made available to you later in the process.

将你对以下各部分中的问题的答案生成一张完整的要求列表,使用户可以从他们的设备访问公司资源,这些设备可由 IT 部门托管,同时保护数据。Your answers to the questions in the next sections build a comprehensive list of requirements for enabling users to access company resources from their devices, which can be managed by IT while keeping the data protected. 这些问题并非特定于供应商,它们可以应用于任何 BYOD 基础结构解决方案。These questions are not vendor specific and can be applied to any BYOD infrastructure solution.

关于本指南中讲述的 BYOD 问题域将划分为子域的注意事项。The considerations regarding the BYOD problem domain presented in this guide will be divided into subdomains. 每个子域都将具有一个组件集合。Each subdomain will have a collection of components. 对于本指南中介绍的每个子域,你有一系列要求:For each subdomains presented in this guide you have a set of requirements: