For many agencies, a more mobile workforce means staff can be productive almost anywhere they need to work. For the IT team, it usually means an explosion of devices to support and secure.
IBM Endpoint Manager for Mobile Devices, a component of the IBM Tivoli Endpoint Manager (TEM) platform, provides a solution by centralizing management of a variety of portable endpoints: iOS, Android Symbian and Windows Phone mobile devices; notebook PCs running Windows; Apple notebooks; and portable systems running Linux.
Endpoint Manager uses the same console and server as do other parts of the suite. It supports basic control of devices using an email-based management feature and an agent installed on each mobile device for more advanced tasks.
Advantages for Federal Agencies
The beauty of TEM integration is that agencies can establish a single program for granular control of all endpoints, not just mobile devices but PCs as well. The suite centralizes patch management, provides software use analyses, ensures security compliance, supports power management services and enables lifecycle management enterprisewide.
Using TEM, the IT staff can deploy apps, ensure that software updates occur on schedule, ensure that security policies are set and complied with, remotely wipe data from devices and deploy configurations of virtual private network software.
The email portion of the system works with Lotus Traveler or Microsoft Exchange 2007 or 2010. Relay servers process information from each mobile device and send it to the Tivoli Endpoint Manager Server.
The TEM Server allows for control of mobile apps on users’ devices. It also allows the IT department to remotely handle most day-to-day mobile device management (MDM) needs for those devices: installing approved apps, blocking unwanted ones, remotely wiping lost or stolen devices, pushing out security patches to protect against malware, enforcing device use policies, ensuring that software is updated and verifying security policy compliance.
Why It Works for IT
Endpoint Manager provides regular inventories of the installed apps on devices and reports about device settings. Armed with this information, IT managers can improve their return on investment in mobile tools using the TEM data to license apps only to those users who need and use them.
From a security perspective, the IT department can make sure that users are not installing any apps that may circumvent corporate security policies. The IT team can also establish and enforce policies that restrict which devices can carry backed-up corporate data. As users increasingly work on multiple platforms, this means a worker can’t inadvertently store agency data on a home system, for instance, or upload sensitive files to a cloud storage provider if that’s prohibited.
Additionally, the TEM Server allows for push notification to devices so that users don’t have to check regularly for updates. It supports a variety of mobile devices, and includes specialized functions such as location tracking and data usage tracking, which lets administrators closely monitor mobile device usage patterns.
What’s more, systems administrators can establish profiles through the console to manage users individually or in groups.
IBM acquired the software from BigFix, but distributes it under the Tivoli brand. The documentation and system help variously refers to BigFix, Tivoli and IBM, which could be confusing for some users.
Finally, it’s worth noting that because this is a modular component of a broad system, the program is more complex (albeit more flexible) than a single-use platform. For example, possible tasks shown under the MDM console include many that are not applicable to mobile devices.