MDM SOLUTIONS

FOR CISCO

INTRODUCTION
Interest and adoption in mobile device
management continues to grow at a
fast rate, with companies looking for
enterprise security and mobile
optimization and enablement.
Strong offerings go beyond policy to
support enterprise mobile
management.

WHAT IS MDM?
Mobile device management (MDM) is a
type
of security software used by an IT
department to monitor, manage and
secure employees' mobile devices that are
deployed across multiple mobile service
providers and across multiple mobile
operating systems being used in the
organization, to
provide
securesoftware
mobile
Mobile
device management
is
often combined with additional security
solutions to BYOD
workforce.
services and tools.

WHAT IS MDM?
Mobile Device Management (MDM) addresses
the unique needs of a growing computing
platform.
It provides you with real management
capabilities, including convenient configuration,
self-service tools, and enhanced protection.
It also keeps you up to date with best practices.
MDM can support corporate-owned as well as
personal devices, and helps support a more
complex and heterogeneous environment.

BRING YOUR OWN DEVICE

(BYOD)
Employees carry their personal
Smartphones,
tablets to work and need freedom to use
the corporate network to check emails,
contacts, calendar and business
applications on the devices.

EVALUATION CONSIDERATIONS FOR

SELECTING AMONG MDM VENDORS

Integration and compatibility

Capabilities and key features
Management and usability
Security and privacy
Pricing model

BENEFITS
Simplified configuration: MDM can
automatically configure a bundle of settings
including email, calendar, and contacts, a
passcode, VPN access, and more.
Valuable self-service: You can remotely
erase some data or all the data from your
device if it's lost or stolen.
Enhanced privacy and protection: MDM
provides secure access on your mobile device
to non-public data. It helps you set "best
practices" privacy controls on your device.

PRODUCT CAPABILITIES OF
MDM
Software management This is the ability to manage and
support mobile applications, data and OSs.
Network service management This is the ability to gain
information off of the device that captures location, usage, and
cellular and wireless LAN (WLAN) network information, using GPS
technology. Network access control (NAC) features are also found
here.
Hardware management Beyond basic asset management,
this includes device provisioning and support.
Security management This is the enforcement and support of
standard device and data security, authentication, and encryption.
Application containerization, VPN and encryption software are also
part of this capability.

MDM is also now available for

Windows Mobile, Blackberry, iOS
and Android devices.
Companies are always asking when is
the right time to assess and adopt
MDM.

SUPPORTED MDM
SERVERS

Airwatch, Inc.
Good Technology
MobileIron, Inc.
Zenprise, Inc.
SAP Afaria
Fiberlink MaaS

COMPARISON

COMPARISON
Vendor
Product
Name(s)
Password
protection
Password
reset
Remote
device wipe
Selective
wipe
Remote lock
Set VPN, WiFi, APN,

Airwatch

Good
Fiberlink (an MobileIr
Technolog
SAP
IBM company)
on
y

AirWatch
Enterprise
Good for
Mobility
Enterprise
Management

MaaS360 by
Fiberlink

MobileIro SAP
n
Afaria

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes, for iOS

and for

Yes

Yes

Yes

COMPARISON
Good
Airwatc
Fiberli MobileIr
Vendor
Technol
h
nk
on
ogy
Automated provisioning
Yes
Yes
Yes
Yes
Disable camera
Yes
Yes
Yes
Yes
Disable Bluetooth
Yes
No
Yes
Yes
Manage mobile-attached
devices
Yes
No
No
No
(e.g printers, scanners)
Support multiple users
Yes
No
Yes
Yes
Yes
restricts
Disable carrier
data
Yes
Yes
Yes
data connection
when
roaming
for iOS

SAP
Yes
Yes
Yes
Yes
Yes

Yes

GARTNER REPORT
According to the Gartner Report for
Mobile Management Software Solutions
May 2013, AirWatch and MobileIron lie in
the leader quadrant having highest
completeness of vision as well as ability
to execute.

MDM INTEGRATION
PROCESS FLOW
1.The user associates a device to SSID(Service
Set Identifier).
2. (Optional) If the device is not registered, the user
goes through the device on-boarding flow.
3. Cisco ISE makes an API(Application Programming
interface) call to the MDM server.
4. This API call returns a list of devices for this user
and the posture status for the devices.

The input parameter is the MAC

address of the endpoint device.

MDM INTEGRATION
PROCESS FLOW
5. If the users device is not in this list, it means the device
is not registered. Cisco ISE sends an authorization request to the
NAD(Network Access Domain) to redirect to Cisco ISE. The user is
presented the MDM server page.
6. Cisco ISE uses MDM to provision the device and presents an
appropriate page for the user to register the device.
7. The user registers the device in the MDM server, and the MDM
server redirects the request to Cisco ISE (through automatic
redirection or manual browser refresh).
8. Cisco ISE queries the MDM server again for the posture status.

MDM INTEGRATION
PROCESS FLOW
9. If the users device is not compliant to the posture (compliance)
policies configured on the MDM server, the user is notified that the
device is out of compliance and must be compliant.
10. After the users device becomes compliant, the MDM
server updates the device state in its internal tables.
11. If the user refreshes the browser now, the control is transferred
back to Cisco ISE.
12. Cisco ISE polls the MDM server once every four hours to get
compliance information and issues Change of Authorization (CoA)
appropriately.

INTEGRATING CISCO MOBILE

COLLABORATION MANAGEMENT SERVICE
WITH CISCO ISE

The majority of MDM features are

implemented
directly through the operating system (iOS
only) and do not require a mobile device
client application. MCMS agent is always
required on Android devices. The following
features require that MCMS agent be
installed on the device:
Jailbreak Detection
Location Based Services

INTEGRATING CISCO MOBILE

COLLABORATION MANAGEMENT SERVICE
WITH CISCO ISE

Application Inventory (for blacklist,

mandatory apps)
Document Distribution
Data Usage Tracking
WiFi SSID Connection Tracking
Admin to user messaging via the portal

CONFIGURE MDM
POLICY
Cisco ISE allows you to configure MDM
policy, based on the following attributes:
DeviceRegisterStatus
DeviceCompliantStatus
DiskEncryptionStatus
PinLockStatus
JailBrokenStatus

CONFIGURE MDM
POLICY
Manufacturer
IMEI (International Mobile Equipment
Identity)
SerialNumber
OsVersion
PhoneNumber

THANK YOU!