1 / 43

Windows Mobile Device Management

Windows Mobile Device Management. Khalid Siddiqui Mobility Architect Microsoft Corporation. Scope. Windows Mobile Device Management Overview Provisioning Standards and architecture System apdates System Management Server Messaging and Security Feature Pack Scenarios.

pallavi
Download Presentation

Windows Mobile Device Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Mobile Device Management Khalid Siddiqui Mobility Architect Microsoft Corporation

  2. Scope • Windows Mobile Device Management • Overview • Provisioning • Standards and architecture • System apdates • System Management Server • Messaging and Security Feature Pack • Scenarios

  3. What is Device Management? Software distribution Provisioning OTA connected Help Desk Troubleshooting Patch management OS update Image update Auditing and logging Inventory H/W S/W

  4. SD Card Website OMA CP OMA DMserver SMS / MSFP RAPICONFIG Device Management Mechanism Mechanism Payload XML CPF CAB XML/ PKG OMA DM XML WBXML CPF/CAB CPF/CAB Protocol SMS SI SL SMS HTTP/S HTTP/S DTAS DTAS SDIO HTTP/S Direction

  5. Configuration Manager Configuration Service Provider Configuration Service Provider Configuration Service Provider Configuration Manager • Configuration Manager hosts Configuration Service Providers (CSP) • Each CSP is a block of settings • Each block of settings has a corresponding block of XML

  6. Accessing Configuration Service Provider

  7. Configuration Service Providers • Branding • Home, notifications • Customization • Clock, browser favorites, email, sync, sounds • Networking • GPRS, mapping, planner, proxy, VPN, WiFi, Bluetooth • Security • Policies, certificates

  8. <wap-provisioningdoc> <characteristic type="CM_GPRSEntries"> <characteristic type="GPRS1"> <parm name="DestId" value="{436EF144-B4FB-4863-A041- 8F905A62C572}" /> <characteristic type="DevSpecificCellular"> <parm name="BearerInfoValid" value="1" /> <parm name="GPRSInfoValid" value="1" /> <parm name="GPRSInfoProtocolType" value="2" /> <parm name="GPRSInfoL2ProtocolType" value="PPP" /> <parm name="GPRSInfoAccessPointName" value="your apn" /> <parm name="GPRSInfoAddress" value="" /> <parm name="GPRSInfoDataCompression" value="1" /> <parm name="GPRSInfoHeaderCompression" value="1" /> <parm name="GPRSInfoParameters" value="" /> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc> GPRS CSP

  9. WiFi CSP <wap-provisioningdoc> <characteristic type=“Wi-Fi"> <characteristic type=“access-point"> <characteristic type=“Work Network"> <parm name=“NetworkKey"value=“key"/> <parm name="DestId"value="{GUID}"/> <parm name=“Authentication"value=“0"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>

  10. Bluetooth CSP <wap-provisioningdoc> <characteristic type="Bluetooth"> <parm name="BtMode" value="2"/> </characteristic> </wap-provisioningdoc> 0=Off 1=On 2=Discoverable

  11. Sync CSP <characteristic type="Sync"> <characteristic type="Connection"> <parm name="User" value="test"/> <parm name="Password" value="test"/> <parm name="SavePassword" value="1"/> <parm name="Server" value="labsrv.sphone.net"/> <parm name="Domain" value="sphone"/> </characteristic> <characteristic type="Mail"> <parm name="Enabled" value="1"/> <parm name="SyncSwitchPurge" value="1"/> </characteristic> <characteristic type="Contacts"> <parm name="Enabled" value="1"/> <parm name="SyncSwitchPurge" value="1"/> </characteristic> <characteristic type="Calendar"> <parm name="Enabled" value="1"/> <parm name="SyncSwitchPurge" value="1"/> </characteristic> </characteristic>

  12. Setting a security policy Security Policies CSP <wap-provisioningdoc> <characteristic type="SecurityPolicy"> <!-- Unsigned CAB Policy: do not allow unsigned cab files   -->   <parm name="4101" value="0" /> <!-- Unsigned Applications Policy: enabled   -->   <parm name="4102" value="0" /> </characteristic> </wap-provisioningdoc> Querying a given security policy <wap-provisioningdoc> <characteristic type="SecurityPolicy"> <parm-query name="4101"/> <parm-query name=“4102"/> </characteristic> </wap-provisioningdoc>

  13. Provisioning the Device

  14. CAB Provisioning • CPF = CAB provisioning file • Contains XML configuration file instead of EXE • Should be signed using SIGNTOOL tool and a certificate appropriate for the contents of the CPF (usually a certificate with Manager role on the device) • May be distributed like a CAB file • Delivered via: • Pull CPF file from a website • OTA Push of CPF File • Load CPF file from MMC/SD card • SI and SL

  15. Creating CPF File • Create XML Configuration file, test it and name it _Setup.xml • Run makecab _Setup.xml Filename.cpf • Sign and apply like a CAB file

  16. OMA Provisioning Standards • Open Mobile Alliance v1.1.2 • “2 clients” on each Windows Mobile 5.0 device • “WAP-based” provisioning • Primarily for bootstrapping • Declarative (make the device settings be “this”) • Windows Mobile 2003 extends for continuous provisioning • “OMA-DM -based” provisioning • Primarily for continuous provisioning • Interactive session with a DM server • New for Windows Mobile 2005

  17. OTA Push Message Structure SMS header WDP header WSP header WBXML body + + + ProvisioningServer Push Router Push Proxy gateway Over the Air Configuration Manager Configuration Service Provider Configuration Service Provider Configuration Service Provider

  18. OTA Provisioning

  19. The OMA DM Architecture

  20. OMA-DM: Continuous Provisioning • 1. Server trigger • Binary “blob” including: • Message digest (hash) • Server ID (pre-configured on device) • DM protocol version • User interaction (optional) Short Messaging Service (SMS) IP data connection IP data connection • 3. Server-controlled interchange • Get (Query) • Add • Replace • Delete • Atomic • Execute • Sequence 2. Client initiates session

  21. Patch Management • OS update • Image update

  22. OS Update Scenario • Update to the next version of OS is available • User logs in to distribution site • User provides device ID and request update file • Signed update file and appropriate tool is downloaded to laptop • User connects mobile device to laptop via ActiveSync • The tool will update the connected device

  23. Image Update • Builds checked to match certificate in the update loader which is built by ODM • This certificate is not in the same stores as other certificates on the device; it’s hard-coded into the executable file • Ensuring appropriate updates • This is checked through versioning, signatures, GUIDS and Device ID • Packages are differential packages so ODM needs to build your packages • KEY MESSAGE: Update package has to be created and signed by ODM

  24. System Management Server

  25. System Management Server Device Management Roadmap • Device Management Feature Pack v1 (11/04) • Pocket PC 2002-2003 and Windows CE 3.0/5.0 management for corpnet-connected devices • Password and settings management add-ons • Device Management Feature Pack Update (May 2006) • Support for Windows Mobile 5.0 Pocket PC and Phone Edition • Windows Mobile 5.0 password application support and settings management • SMS V4 • Everything above plus: • Smartphone 2003 and 2005 • Internet-facing device support • Fully integrated with SMS • SMS v4 ++ • Support for latest versions of Windows CE, Smartphone, and Pocket PC as they are released • Regular post SMS V4 feature enhancements via download and in Service Packs

  26. Supported Platforms • Device Management Version 1 (shipped 11/04) • Pocket PC and Phone Edition 2002 • Pocket PC and Phone Edition 2003 • Windows CE 5.0 Platform Builder (built-in client) • Windows CE 3.0 and above (with OS dependencies) • Coming soon to DMFP (May 2006) • Support for Windows Mobile 5 Pocket PC and Phone Edition • SMS V4 (mid-2007) • Smartphone 2003, 2005 • Next Smartphone and Pocket PC release soon after • Partner support – Sybase iAnywhere • Formerly XcelleNet • Support Palm, RIM, Symbian, Smartphone 02 • Integrated with SMS 2003 and DMFP • Partner support – Odyssey Software Athena • Integrated with SMS 2003 and DMFP (announcing at MMS) • Support for Windows Mobile, Windows CE, Smartphone in parallel with SMS DMFP support • Additional features for Windows Mobile devices such as remote control

  27. HTML Template Pages HTML Template Engine Configuration Service Security Web Server File Manager Service System Manager Service Networking Service Log Manager Service WSDL Messenger Service Remote Control Service Tracker Service Athena™ Architecture PocketPC, WinCE.NET Devices • Browser interface • Interactive troubleshooting and corrective action • Remote control (directly in browser) HTML over HTTP/S [Browser/Console] Desktop PC • Programmatic interface • Microsoft SMS Server 2003 console adapter • Device-side Logging (device to server) • Server-side Scripting (server to device) XML Web Services (SOAP) over HTTP/S Enterprise server Device side Enterprise side

  28. DMFP Feature Set • Hardware/software inventory • File collection • Software distribution • Script execution • Settings management • Password policy management • Automated client distribution via SMS 2003 Advanced Client desktop

  29. SMS V4 Feature Set • Hardware/software inventory • File collection • Software distribution • Script execution • Settings management • Connection Management • Password policy management • Automated client distribution via SMS Advanced Client desktop • Over-the-air management of devices • Internet facing support for managing Internet-connected devices

  30. Messaging and Security Feature Pack

  31. Security Features • Remotely manage and enforce corporate IT policy over-the-air via Exchange 03 SP2 console • Enable automatic reset of data when password is entered incorrectly X number of times • Help to better protect device data with remote reset of on-device data via Exchange 03 SP2 console • Increase access security to Exchange 03 SP2 using Certificate-based Authentication to the server • Help protect email content with native support for S/MIME • GAL Lookup over the air (no storage on device)

  32. Keep Outlook Mobile Up-to-date with Direct Push Technology: An Illustrative View Server running Exchange 2003 SP2 Direct Push = Device interacts directly with Exchanger Server 2003 SP2 1. Device sends PING request to Exchange 2003 SP2 server 5. Device immediately issues SYNC request to pull mail. Upon SYNC completion, go to step 1 2. Exchange 2003 holds the request pending until heartbeat interval expires Windows Mobile Device with Messaging and Security Feature Pack 4. If new mail arrives before heartbeat interval expires, Exchange 2003 notifies device that changes have occurred in the mail box 3. If no mail arrives before heartbeat expires, device sends another PING request

  33. Device and Server Requirements WinMobile device requirements Exchange server requirements • Requires a Windows Mobile 5.0 device • MSFP will not work on devices with versions prior to Magneto • MSFP features will not need PC sync except Certificate-based Authentication • Certificate-based Authentication will require a one-time connection to ActiveSync for certificate deployment • Requires upgrade from Exchange Server 2003 to Exchange Server 2003 SP2 • No major changes beyond SP upgrade • Need to increase IIS and Firewall https connection timeout to the ActiveSync virtual directory • Recommend 15-30minutes for timeout • Certificate-based Authentication feature will require a Certificate Authority (CA) deployment • Recommend using Windows Protocol Transition for CA deployment

  34. How Does MSIT Does Windows Mobile Device Provisioning • Web site • Windows Mobile Provisioner

  35. Windows Mobile ProvisionerWhat does it do? • Allows users to rapidly configure their Exchange ActiveSync settings in seconds via a single screen • Facilitates the easy configuration of device data connections through the selection of a mobile operator from a list • Displays mobile applications, ring tones and other content that can be downloaded and installed on the device • Allows administrators to push out patches, anti-virus definitions, ROM packages, and other software to selected devices • Sends device inventory, health metrics, and other information to the server for analysis

  36. Windows Mobile Provisioner Examples

  37. Device Management Partners • Credant • CA • Odyssey Software • SOTI • Sprite Software • Sybase iAnywhere AvantGo • Synchronica • Trust Digital

  38. Scenarios • User has accidentally deleted their GPRS settings • SD Card, OMA CP, DTAS • Need to wipe the device contents over the air • MSFP • Revoke application in the ROM with known fault • OMA CP, OMA DM, System Management Server • Admin wants to find out the device configuration – OS Version, Memory • OMA DM , DT ActiveSync, System Management Server • Handset Vendor has a fix • Image Update, OMA DM, SD Card, Web site, System Management Server

  39. Device Management ArchitectureReview SystemManagementServer ImageUpdate OS Update Messaging and Security FeaturePack SI/SL OTA OMA CP OTA OMA DM Rapi-Config SDCard USB Serial XML/ WBXML BinaryNotification Sync ML XML/ CAB ExchangeAir Sync XML/CAB/ CPF CAB/CPF USB Serial OTA Short Message Service OTA DATA GPRS/1XRTT (HTTP/S) (HTTPS for Sync ML) DeskTop ActiveSync SDIO Windows Mobile Device

  40. Q&A Windows Mobile Enterprise Security Internals ITP 401 Windows Mobile Enterprise Security Best Practices ITP 310 Inside Microsoft: The Microsoft Corporate Windows Mobile Architecture ITP 307 Using Systems Management Server with Windows Mobile Devices ITP 311 Overview of Mobile Messaging with Windows Mobile and Exchange Server 2003 ITP 302

  41. Resources Need developer resources on this subject? Stop by the MED Content Publishing Team Station in the Microsoft Pavilion or Visit the MED Content Publishing Team Wiki Site:http://msdn.microsoft.com/mobility/wiki

  42. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related