用户和设备要求User and device requirements

允许用户从他们的设备访问公司资源之前,请先回答与环境中这些资源的使用者以及 IT 部门协作之后的部分中的问题。Before enabling users to access company resources from their devices, answer the questions in the sections that follow by working with the consumers of these resources in your environment and with your IT department. 下图显示了用户和设备之间进行的交互,最终目标是访问和使用数据。Figure below shows the interactions between users and devices, with the ultimate goal of accessing and consuming data. 请注意,该关系图没有涉及地理位置。Note that the diagram does not address geographical location. 尽管地理位置是一个重要的注意事项(将在本指南后面进行介绍),但是此图旨在阐述用户和设备的核心组件。Although geographical location is an important consideration (and it will be covered later in this guide), the intent of this figure is to illustrate the core components of users and devices. 必须进行设计方面的考虑以引发此通信。Design considerations must be made to enable this communication to occur.

用户、设备和数据

此过程最终将提供明确的功能定义。The outcome of this process is a clear definition of the functionality to be provided. 以下部分包含为了制定解决方案设计的要求而必须回答的有关用户和设备的问题。The section below contains questions about users and devices that you will need to answer in order to formulate the requirements for your solution design.

要提出的问题Questions to ask

用户和设备要求分为三个方面:User and device requirements are categorized in three areas:

  • ProfileProfile
  • 设备Device
  • 网络Network

ProfileProfile

  • 在企业中,你拥有的用户配置文件类型有哪些(例如远程员工、偶尔出差的员工和全职的家庭办公员工)?What are the types of user profiles that you have in your enterprise (such as remote workers, occasional travelers, and full-time home-office workers)?
  • 是否所有用户对于执行其工作都有相同的要求?Do all users have the same requirements to perform their jobs?
  • 你是否拥有一个可以根据工作/角色建立用户需求的矩阵?Do you have a matrix that establishes users’ needs according to jobs/roles?

设备Devices

  • 用户将携带的设备类型有哪些(例如智能手机、平板电脑和便携式计算机)?What are the types of devices that users will bring (such as smartphones, tablets, and laptops)?
  • 你是否打算为所有设备类型提供远程擦除功能?Do you plan to provide remote wipe capability to all types of devices?
  • 你是否打算管理用户的设备?Do you plan to manage users’ devices?
  • 你是否拥有任何不需要管理设备但必须跟踪该设备的所有者的方案?Do you have any scenario in which it is not necessary to manage the device, but you will need to track who owns the device anyway?
  • 你是否打算根据携带设备进入公司的用户来对设备进行身份验证?Do you plan to authenticate devices according to the users who brought the devices to the company?
  • 贵公司是否遵循必须应用于可能会访问公司数据的所有设备的任何符合性要求?Does your company follow any compliance requirements that must be applied to all devices that will potentially have access to your company’s data?
  • 贵公司是否准备好用于处理被盗设备的策略?Does your company have a policy in place to deal with stolen devices?

网络Network

  • 贵公司是否具有可从用户设备通过 Internet 访问的位于云中的任何资源?Does your company have any resources in the cloud that will be accessible via the Internet from users’ devices?
  • 对于从不同的地理位置访问公司数据的用户,贵公司是否具有策略限制?Does your company have policy restrictions for users accessing the company’s data from different geographical locations?
  • 你是否打算提供网络加密,以允许用户从他们的设备访问公司资源?Do you plan to provide network encryption to allow users to access company resources from their devices?
    • 如果是,那么当前支持的设备列表是否支持将要使用的加密协议?If so, does the current list of supported devices support the encryption protocol that will be used?
  • 你是否准备好网络分段?Do you have network segmentation in place?
    • 如果是,你是否会将所有用户的设备都连接到一个单独的网络以使其与生产网络隔离?If so, will you have all users’ devices connected to a separate network to isolate them from the production network?
  • 对于家庭办公员工来说,如何在网络中连接这些用户?有线、无线还是两者皆可?For home-office workers, How are the users to be connected in your network? wired, wireless or both?
    • 如果是无线连接,你打算如何处理设备的身份验证、授权和记帐 (AAA),以便未注册/未授权的设备在无需所规定许可的情况下能够使用网络资源?If wireless, how do you intend to handle the devices' Authentication, Authorization and Accounting (AAA) so that no unregistered/unauthorized devices will be able to use network resources without proper clearance?

技术支持Technical Support

  • 你的网络/安全团队是否已准备好调整常规设备合规性的审核?Are your network/security team ready to accommodate a regular device compliance audits?
  • 你是否已更改了管理策略和过程以支持 BYOD 实现?Do you have change management policies and procedures in place to support BYOD implementation?