mdm
11 TopicsMdm server internal error
Hi All, I have a F5 APM with End point Management Systems configured to make connection with microsoft intune to update the mdm complaince database in the F5. We have running this configuration for many years and since 14 feb, the F5 is not able to make connection to microsoft intune to update the mdm complaince database. in tthe GUI i see the following error message: "Mdm server internal error". The hardware is running on version 15.1.8.2. Has anyone the same issue or have solve the issue. Thanks.120Views0likes6CommentsMobileIron MDM APM Integration iApp Template
Problem this snippet solves: The MobileIron MDM iApp Template is meant to quickly and accurately configure BIG-IP APM objects for integrating MobileIron into the BIG-IP infrastructure. For specific instructions on deploying the MobileIron MDM iApp, see the online help or the tech tips. Integrating APM with MobileIron MDM - Part 1 How to use this snippet: Code : 45226703Views0likes4CommentsiOS and Android F5 Edge Client enrolled in MDM - prevent ability for manually created profiles
Hi all, Hoping to get some help or advise..... I have a client who we are setting up in AirWatch and deploying F5 VPN Edge Client to devices (Android and iOS). Authentication with F5 APM is via user certificate, issued from NDES server via AirWatch. We have configured for per-app vpn use. Once device is enrolled and VPN policy installed on to device, we have found that it is possible for an end user to create an additional profile in client, using same certificate that was issued via AirWatch, thus enabling an end user to create a secondary profile and then have whole device vpn into their infrastructure. We would like to prevent this from happening - ability for whole device to vpn into their infrastructure. Is there a way to either: - Prevent end user from creating their own profiles in F5 Edge client - Prevent end user, when creating their own profiles, to create additional profile using certificate in configured profile - Prevent whole device from vpn'ing into infrastructure and only accept per-app vpn connections Or am I going about this completely the wrong way. Thanking the community in advanced. Cheers, Tina.232Views0likes1CommentThird Party VPN configuration blob
Greetings, We're trying to implement MDM VPN configuration policy for Windows Phone 8.1 and Windows Phone 10 using the VPN CSP. We are able to push Custom VPN policies to device. However, we're unable to obtain the 3rd party VPN profiles for F5 Big-IP Edge (it is one of the third party vendors currently supported by Windows Phone 8.1). Would it possible to share the xml blobs? If not, what would be the procedure to obtain the xml blobs? Regards, SG225Views0likes1CommentBring Your Own A-Z
The #BYO craze has taken the world by storm and now infiltrates every sector of out lives. Here is a partial list, in alpha-order, of various bring your owns. BYO Apple: For the teacher in your life, the princess you'd like to put to sleep or to keep the doctor away for a day. BYO Beer: The original classic, college style. And BYO Booze for when you're out of college and got a little cash. BYO Candy: With Halloween approaching this could see a surge over the next 30 days. BYO Device: Or danger, destruction, demolition, detonator or any other dastardly 'D' word to represent risk. BYO Everything: When Internet of Things takes over our lives. Chocolate Chips have a whole new meaning. BYO Food: The newest Potluck Parties. BYO Game: Actually sitting at a table playing the physical versions of Monopoly, Life, Candy Land, Scrabble, or any other favorite. BYO Hacker: Bodyguards in the 21st Century. BYO Intelligence: Actually using your brain to figure out something...or when AI robots take over the world. BYO Jump Drive: A whistleblower's favorite. BYO Kittens: For making that irresistible, can't-stop-watching, almost viral video. BYO Litigation: The new term for Small Claims Court. BYO Money: What Cash with be called 10 years from now. BYO N: BYO's maximum amount. As far as BYOingly possible. BYO OMG: The Surprise Party. BYO Presents: What you take to the BYO OMG. BYO Quarrel: The updated version of an older brother's favorite 'Stop Hitting Yourself.' BYO Raven: Quoth he. BYO Sushi: The new 'Gone Fishing' Bumper sticker. BYO Time: It's all relative anyway. BYO Utopia: Happiness comes from within. BYO Vacation: The latest Griswold adventure this time with a Hybrid LTD Country Squire. BYO Warnings: Wouldn't be cool if everyone had to announce the hazards of interacting with them? BYO X: Half of a Tic-Tac-Toe game or how Hawaiians greet each other. BYO Yawn: What you did right now when you read this entry. BYO Zombie: Pretty much anyone walking around fully engaged with their BYOD. Well that was fun. C'mon play along - it's easy and works with almost any word! ps Related: How Terms Have Changed over Time BYOD Injuries BYOD–The Hottest Trend or Just the Hottest Term Is BYO Already D? Will BYOL Cripple BYOD? Freedom vs. Control The Prosecution Calls Your Smartphone to the Stand Technorati Tags: byod,mobile,smartphone,lists,humor,fun,byo,silva,human,society,mam,mdm Connect with Peter: Connect with F5:247Views0likes0CommentsThe Problem with Consumer Cloud Services...
…is that they're consumer #cloud services. While we're all focused heavily on the challenges of managing BYOD in the enterprise, we should not overlook or understate the impact of consumer-grade services within the enterprise. Just as employees bring their own devices to the table, so too do they bring a smattering of consumer-grade "cloud" services to the enterprise. Such services are generally woefully inappropriate for enterprise use. They are focused on serving a single consumer, with authentication and authorization models that support that focus. There are no roles, generally no group membership, and there's certainly no oversight from some mediating authority other than the service provider. This is problematic for enterprises as it eliminates the ability to manage access for large groups of people, to ensure authority to access based on employee role and status, and provides no means of integration with existing ID management systems. Integrating consumer-oriented cloud services into enterprise workflows and systems is a Sisyphean task. Cloud-services replicating what has traditionally been considered enterprise-class services such as CRM and ERP are designed with the need to integrate. Consumer-oriented services are designed with the notion of integration – with other consumer-grade services, not enterprise systems. They lack even the most rudimentary enterprise-class concepts such as RBAC, group-based policy and managed access. SaaS supporting what are traditionally enterprise-class concerns such as CRM and e-mail have begun to enable the integration with the enterprise necessary to overcome what is, according to survey conducted by CloudConnect and Everest Group, the number two inhibitor of cloud adoption amongst respondents. The lack of integration points into consumer-grade services is problematic for both IT – and the service provider. For the enterprise, there is a need to integrate, to control the processes associated with, consumer-grade cloud services. As with many SaaS solutions, the ability to collaborate with data-center hosted services as a means to integrate with existing identity and access control services is paramount to assuaging the concerns that currently exist given the more lax approach to access and identity in consumer-grade services. Integration capabilities – APIs – that enable enterprises to integrate even rudimentary control over access is a must for consumer-grade SaaS looking to find a path into the enterprise. Not only is it a path to monetization (enterprise organizations are a far more consistent source of revenue than are ads or income derived from the sale of personal data) but it also provides the opportunity to overcome the stigma associated with consumer-grade services that have already resulted in "bans" on such offerings within large organizations. There are fundamentally three functions consumer-grade SaaS needs to offer to entice enterprise customers: Control over AAA Enterprises need the ability to control who accesses services and to correlate with authoritative sources of identity and role. That means the ability to coordinate a log-in process that primarily relies upon corporate IT systems to assert access rights and the capability of the cloud-service to accept that assertion as valid. APIs, SAML, and other identity management techniques are invaluable tools in enabling this integration. Alternatively, enterprise-grade management within the tools themselves can provide the level of control required by enterprises to ensure compliance with a variety of security and business-oriented requirements. Monitoring Organizations need visibility into what employees (or machines) may be storing "in the cloud" or what data is being exchanged with what system. This visibility is necessary for a variety of reasons with regulatory compliance most often cited. Mobile Device Management (MDM) and Security Because one of the most alluring aspects of consumer cloud services is nearly ubiquitous access from any device and any location, the ability to integrate #1 and #2 via MDM and mobile-friendly security policies is paramount to enabling (willing) enterprise-adoption of consumer cloud services. While most of the "consumerization" of IT tends to focus on devices, "bring your own services" should also be a very real concern for IT. And if consumer cloud services providers think about it, they'll realize there's a very large market opportunity for them to support the needs of enterprise IT while maintaining their gratis offerings to consumers.249Views0likes1CommentBYOD 2.0 -- Moving Beyond MDM
#BYOD has quickly transformed IT, offering a revolutionary way to support the mobile workforce. The first wave of BYOD featured MDM solutions that controlled the entire device. In the next wave, BYOD 2.0, control applies only to those apps necessary for business, enforcing corporate policy while maintaining personal privacy. The #F5 Mobile App Manager is a complete mobile application management platform built for BYOD 2.0 ps Related: F5's Feeling Alive with Newly Unveiled Mobile App Manager Inside Look - F5 Mobile App Manager (Video) BYOD - More Than an IT Issue (Video) Is BYO Already D? Will BYOL Cripple BYOD? Freedom vs. Control BYOD Uptake Has Only Just Begun BYOD Policies – More than an IT Issue Part 1: Liability BYOD Policies – More than an IT Issue Part 2: Device Choice BYOD Policies – More than an IT Issue Part 3: Economics BYOD Policies – More than an IT Issue Part 4: User Experience and Privacy BYOD Policies – More than an IT Issue Part 5: Trust Model Technorati Tags: f5,byod,mam,mdm,mobile,smartphone,big-ip,policy,security,privacy,legal,video,silva,mobile app manager Connect with Peter: Connect with F5:237Views0likes0CommentsBYOD - More Than an IT Issue
I explain the various organizational entities that should be involved when creating a BYOD policy. ps Related: F5's Feeling Alive with Newly Unveiled Mobile App Manager Inside Look - F5 Mobile App Manager Is BYO Already D? Will BYOL Cripple BYOD? Freedom vs. Control BYOD Uptake Has Only Just Begun BYOD Policies – More than an IT Issue Part 1: Liability BYOD Policies – More than an IT Issue Part 2: Device Choice BYOD Policies – More than an IT Issue Part 3: Economics BYOD Policies – More than an IT Issue Part 4: User Experience and Privacy BYOD Policies – More than an IT Issue Part 5: Trust Model Technorati Tags: f5,byod,mam,mdm,mobile,smartphone,big-ip,policy,security,privacy,legal,video,silva,mobile app manager Connect with Peter: Connect with F5:262Views0likes0CommentsBYOD Policies – More than an IT Issue Part 2: Device Choice
#BYOD or Bring Your Own Device has moved from trend to an permanent fixture in today's corporate IT infrastructure. It is not strictly an IT issue however. Many groups within an organization need to be involved as they grapple with the risk of mixing personal devices with sensitive information. In my opinion, BYOD follows the classic Freedom vs. Control dilemma. The freedom for user to choose and use their desired device of choice verses an organization's responsibility to protect and control access to sensitive resources. While not having all the answers, this mini-series tries to ask many the questions that any organization needs to answer before embarking on a BYOD journey. Enterprises should plan for rather than inherit BYOD. BYOD policies must span the entire organization but serve two purposes - IT and the employees. The policy must serve IT to secure the corporate data and minimize the cost of implementation and enforcement. At the same time, the policy must serve the employees to preserve the native user experience, keep pace with innovation and respect the user's privacy. A sustainable policy should include a clear BOYD plan to employees including standards on the acceptable types and mobile operating systems along with a support policy showing the process of how the device is managed and operated. Some key policy issue areas include: Liability, Device choice, Economics, User Experience & Privacy and a trust Model. Today we look at Device Choice. Device Choice People have become very attached to their mobile devices. They customize and personalize and it's always with them, to the point of even falling asleep with the device. So ultimately, personal preference or the 'consumerization of IT' notion is one of the primary drivers for BYOD. Organizations need to understand, what devices employees prefer and what devices do employees already own. That would could dictate what types of devices might request access. Once organizations get a grasp on potential devices, they then need to understand each device's security posture. About 10 years ago, RIM was the first technology that really brought the Smartphone into the workplace. It was designed to address the enterprise's needs and for years was the Gold Standard for Enterprise Mobility. Management control was integrated with the device; client certificate authentication was supported; Active Directory/LDAP servers were not exposed to the external internet; the provisioning was simple and secure; organizations could manage both Internet access and intranet access, and IT had end point control. When Apple's iPhone first hit the market, it was purely a consumer device for personal use and was not business centric, like the BlackBerry. Initially, the iPhone did not have many of the features necessary to be part of the corporate environment. It was not a business capable device. It did not support applications like Exchange, which is deployed in many organizations and is critical to a user's day-to-day activities. Over time, the iPhone has become a truly business capable device with additional mechanisms to protect end users. Android, very popular with consumers, also offers numerous business apps but is susceptible to malware. Device selection is also critical to the end user experience. Surveys show that workers are actually more productive when they can use their personal smartphone for work. Productivity increases since we prefer to use our own device. In addition, since many people like to have their device with them all the time, many will answer emails or do work during non-work hours. A recent survey indicated that 80% of Americans work an extra 30 hours a month on their own time with BYOD. But we are much happier. A few blogs ago, I wrote about Good Technology’s BYOD survey, found that organizations are jumping on the phenomenon since they see real ROI from encouraging BYOD. The ability to keep employees connected (to information) day and night can ultimately lead to increased productivity and better customer service. They also found that two of the most highly regulated industries - financial services and health care - are most likely to support BYOD. This shows that the security issues IT folks often raise as objections are manageable and there's major value in supporting BYOD. Another ROI discovered through the survey is that since employees are using their own devices, half of Good’s customers don't pay anything for the employees' BYOD devices – essentially, according to Good, getting employees to pay for the productivity boost at work. As part of the BYOD Policy the Device Choice Checklist, while not inclusive, should: · Survey employees about their preferences and current devices · Define a baseline of acceptable security and supportability features · Do homework: Read up on hardware, OS, and regional variances · Develop a certification program for future devices · Work with Human Resources on clear communication to employees about which devices are allowed–or not–and why ps Related BYOD Policies – More than an IT Issue Part 1: Liability BYOD–The Hottest Trend or Just the Hottest Term FBI warns users of mobile malware Will BYOL Cripple BYOD? Freedom vs. Control What’s in Your Smartphone? SmartTV, Smartphones and Fill-in-the-Blank Employees Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? Bait Phone BIG-IP Edge Client 2.0.2 for Android BIG-IP Edge Client v1.0.4 for iOS New Security Threat at Work: Bring-Your-Own-Network Legal and Technical BYOD Pitfalls Highlighted at RSA233Views0likes0CommentsFreedom vs. Control
No sooner had I posted BYOD–The Hottest Trend or Just the Hottest Term, last week than yet another BYOD survey hit the news. The full results will be released in a webinar tomorrow but SANS announced their First Annual Survey Results on Mobility Security. Last December, SANS launched its first ever mobility survey to discover if and how organizations are managing risk around their end user mobile devices. The survey of 500 IT pros found that a meager 9% of organizations felt they were fully aware of the devices accessing corporate resources, while 50% felt only vaguely or fairly aware of the mobile devices accessing their resources. In addition, more than 60 % of organizations allow staff to bring their own devices. With so many companies allowing BYOD, controls and policies are very important to securing business environments. Courtesy: SANS Mobility BYOD Security Survey Deb Radcliff, executive editor, SANS Analyst Program said, ‘Another interesting note is that organizations are reaching for everything at their disposal to manage this risk,…Among them are user education, MDM (mobile device management), logging and monitoring, NAC and guest networking, and configuration controls.’ Less than 20% are using end point security tools, and out of those, more are using agent-based tools rather than agent-less. According to the survey, 17% say they have stand-alone BYOD security and usage policies; 24% say they have BYOD policies added to their existing policies; 26% say they "sort of" have policies; 3% don't know; and 31% say they do not have any BYOD policies. Over 50% say employee education is one way they secure the devices, and 73% include user education with other security policies. The BYOD challenges, I think, falls under an age old dilemma: Freedom vs. Control. We see this clash in world politics, we’ve seen it pertaining to the internet itself, we may even experience it at home with our offspring. The freedom to select, use, work and play with the desired mobile device of our choosing bumping up against a company’s mandate to protect and secure access to sensitive corporate information. There can be tension between a free and open culture verses the benefits of control and information management. Sometimes people equate freedom with having control over things yet when it comes to controlling others, many of us feel slightly uncomfortable on either end of the leash. Sometimes oversight is necessary if someone does not have self-control. BYOD is a revolution, a drastic change in how organizations manage devices and manage access to information. If you look at revolutions through the years, often it’s about freedom vs. control. I’m certainly not suggesting an employee coup of the executive floor but remember there are two distinct and diverse powers at play here and successful BYOD deployments need to involve both people and technology. ps Resources SANS Mobility BYOD Security Survey Are your employees on a BYOD binge? SANS Survey: BYOD Widespread But Lacking Sufficient Oversight SANS First Annual Survey Results on Mobility Security: Lack of Awareness, Chaos Pervades with BYOD BYOD–The Hottest Trend or Just the Hottest Term Only 9 Percent of Organizations Are Aware of the Devices Accessing Their Corporate Data Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? Audio Tech Brief - Secure iPhone Access to Corporate Web Applications Freedom vs Control – important lessons to be learned New security flaws detected in mobile devices Freedom and Control | Psychology Today Devo - Freedom Of Choice (Video)245Views0likes0Comments