2013 Enabling Enterprise Mobility Kieran Jacobsen HP Enterprise Services @kjacobsen Aperturescience.su
Enterprise mobility != BYOD Enterprise mobility is not BYOD, but can be a stepping stone. Company still owns end user devices. Enterprise mobility is not just hardware and software, but policy and procedures.
Core solution concepts Connectivity, Data, Security, Self service, Policy.
Connectivity Requirements Confirm you have enough bandwidth. Confirm usage billing. Confirm network device capacity and licencing.
Virtual Private Networks VPN required for: Legacy applications, Windows file sharing. User experience: Demand dial, Automatically triggered connections, Always on connections.
Automatically triggered connections Windows 8.1 introduces: Automatically connect to a VPN connection. Trigger based upon DNS names or applications. Support for PPTP, L2TP and 3rd Party VPN (F5, CheckPoint, SonicWall). Requirements: Split tunnel VPN. User can forcibly disable automatic triggering. Not supported on domain joined devices
Demo Triggering VPN based up DNS names
DirectAccess Seamless corporate connectivity. No changes from 8 to 8.1. Significant improvements from 7 to 8: More deployment options, No IPv6 requirements, Plenty of authentication options. Must be Enterprise Edition on clients.
VPN: Summary Enterprise licence – DirectAccess Non domain joined – VPN Triggering Rest?
De-centralization of user data Mainframe era: Processing and storage is centralised on mainframes. User devices were “dumb” thin clients. Personal PC era: Processing moved to user devices. Storage still centralised – Central SMB clusters, NAS, SharePoint. Mobile device era: Processing and storage moved to user devices.
Storage technologies Previously: User home drives. Network shares. Roaming profiles. Now: File and folder synchronization, Public or private cloud, Cloud – SkyDrive, SkyDrive Pro, DropBox, Box, Google Drive, Host your own – Work Folders, SharePoint, OwnCloud.
Evaluating storage technologies Integration: Web UI, Microsoft Office Suite, Client applications. Sharing capabilities: Between different users Between 3rd Parties Data retention. Trust!
Work Folders Brand new in Windows 8.1 Generation 1 technology File synchronization, No web interface, One folder structure per user, Integrates well with existing user home drives.
OwnCloud Cloud storage like user experience. Designed, deployed and managed by YOU! Free!!!!! Features: File, folder, contact, calendar and bookmark synchronization, Multiple operating systems, Lots of out-of-box features, Rich plugin landscape offering even more features.
Demo Deploying OwnCloud with Windows Azure, VM Depot and BitNami
Antivirus We need to know: Clients a protected, Definitions are being updated, When threats occur. Consider cloud based solutions: Windows Intune, Symantec, Sophos, McAfee.
Client Backups Traditionally: Backup central data stores/shares/servers. Enterprise World: Decentralised data requires decentralised backups. Consider: Storage costs, Data transfer costs, Backup frequencies, User self service restoration.
Demo Revisiting OwnCloud
Encryption Protect data at transport: VPN, HTTPS/SSL. Protect data at rest: File Encryption, Full Disk Encryption (FDE) – BitLocker, TrueCrypt, GPGDisk FDE recovery key management: USB keys and file shares, Active Directory, MBAM.
MBAM Microsoft BitLocker Administration and Monitoring. Part of Microsoft Desktop Optimisation Pack. Simplification of BitLocker management: Secure storage of recovery information, User self service portal, Helpdesk focused recovery portal, Reporting of encryption compliance, Auditing of access to recovery key information. Improves security by resetting recovery key upon access
Demo Self service recovery in MBAM
Device Loss Corporate policy: Do you have a policy defining an employees responsibility when a device containing corporate data is lost? What is the IT process for these incidents? Credentials: When devices are lost, consider disabling computer accounts, resetting user’s passwords, revoking certificates. Device recovery products: Track devices using geolocation services, Allow for devices to be recovered by LAW ENFORCEMENT, Some can be highly persistent even after Windows reinstallation. Recommended – Prey, CompuTrace
Things I wish I could mention… Email Instant Messaging Audio/Video conferencing Remote Desktop Group Policy Help Desk ticketing Authentication Disaster Recovery Admin rights Windows To Go BitLocker To Go BranchCache Web filtering Client firewalls …