MDM: Mobile Device Management Overview

In 2010-2013, MDM is the buzz word in Enterprise Mobility world since Mobile itself very diversified by OS, Platform, version, resolutions, providers, SS and SSP.

Now MDM is part of evaluation criteria in every Mobile Application Development RFPs/RFIs. Its important to know the various MDM capabilities for the enterprises to take right decisions.

The Key MDM capabilities are,
1. Device identification
2. Device registration
3. Device Database
4. Device Lock/Unlocking
5. Device Secure Storage and Remote Wiping
6. Device Grouping
7. Device Specific Content delivery
8. Device Specific analytics
9. Device crashing report capturing
10. Device Penetration capturing
11. Device Specific campaigns / targeted delivery
12. Device Binary Management
13. Device Security
14. Geo Fencing
15. Device Over the Air delivery

Let's look at some of the MDM capabilities in-details to understand the enterprise mobility world. These concepts are same across various platform providers. But they might name it differently part of their product marketing strategy and sub-product licensing aspects.

1. Device Identifications:

Mobile devices are categorized by platform, resolutions, OS Version. Traditionally these devices are grouped by platform and resolutions. Each device groups are named uniquely to identify by the enterprise mobility middleware or MADP engine.
Every Mobile request can be identified via mobile user agents. Ex reference sites are:

These user agents tell the consumer middleware that the request comes with phone model, version etc. additionally that the provider can write a custom device detection logic and capture the
OS version, Model Number, Kernel version(optional), IMEI, IP Address, Wifi Mac address etc
These information will be mapped to Device DB. Device detection is important to understand what device is interacting with mobile middleware which helps the middleware to decide Content selection, resolutions selection, kind of request processing and content delivery.

2. Device Registration:

Once the device are identified as part of first request, the information from the request will be registered with Mobile middleware's/database. Most of the middleware will generate the unique device registration identifier as part of successful mobile registration and return that unique identifier to mobile client. This unique identifier will be stored in mobile RMS / cookies / db /filesystems.
Mobile client expect to send this unique identifiers on all the consecutive request to avoid re-registrations.

All future interaction from that mobile devices is mapped to generated unique key at middleware level for tracking and auditing perspective.

3. Device Database:

In early days, every MADP provider use to manage the custom device database in-order manage the targeted device content delivery and device identification.
For Example, Open source Device Databases such as WURFL is used by lot of providers.
This ideally keep each device information and grouped those under platform/version/OS/resolutions. Each device groups identified by unique device group id.
Updating this device database is the one of key job for MADP providers to maintain the upto date devices list.

Some organization will customize their own device db to control the custom requirement from specific customers.

This DB allow users to 'allow' and 'not allow' specific device interactions via provider services.

4. Device Locking / Unlocking

MDM will provide capabilities to lock or unlock specific device. This can achieved through the unique id generated during the registration of that device or via IMEI.
Some providers provide the custom mapping into this segregate identifier which maps to user-friendly search via admin portal using "search device by user name, IMEI, platform, model, app version or phone number etc". Once the device found via search result than the administrator can lock or unlock the phone.

This feature provide the enormous security control over enterprise mobility to lock the stolen, missed/lost devices, ex-employee devices and any fraud report handling.

5. Device Secure Storage and Remote Wiping

The Key challenge in enterprise mobility app development world is
- Will the app store any user sensitive information into the mobile app?
- How this information's are safe?
- Is there anyway enterprise can control the data storage and sensitive information data protection?
MDM ideally provides the lot of mechanism to protect the data storage (off line) via encrypted storage, data transfer between mobile to middleware over encrypted.
Non sensitive information can be protected via ISO/base 24 encodings.
Offline data stored /cached in Device RMS or Mobile Secure Library provided by the provider. This Mobile Secure library only unlocked by the provider propriety security logic.
If the provider provides the Remote wiping options, then whenever the device activated at remote wiping at middleware.

If the targeted device connected to internet then the security licenser will check the app status and wipe-out all the data stored in the Mobile Secure Library.
However in industry uses the data protection frequently but the remote wiping option used very lower side.

6. Device Grouping

Device grouping is most critical item in MDM design since each devices has different models and providers and each model comes under specific resolutions.
It's better to group each resolutions /per device in a separate group so that the content can be delivered to specific group based on resolutions.

7. Device Specific Content Delivery

Device identification, device grouping and device DB all are inter-related to identifiy, prepare and deliver the device specific content.
The key challenges for device management is the each device will have variety of resolutions. This device resolutions need to be taken care when the mobile apps builds the UX/UI rendering during the runtime. For this the application UX manager need to know the device group.
Based on the device identification the relevant mobile app assets will be linked to UX drawing manager.
Assets can be data set, image set, style sheet and java scripts. All the above collectively applied during the runtime to deliver the use friendly /device specific content and UX.

Advice to Mobility Service Selectors:

- Please assess thoroughly the provider capabilities specific to your business or functional domain and nature of application to be build and published over the air.

Arivuvel Ramu
Enterprise Architect.

About Author / Additional Info: