Mobile Device Management Products update from August 2004
It's not easy supporting the wide range of mobile devices your users employ. Implementing mobile device management products will rein in the madness and prevent data theft. Find out which
August 16, 2004
Last week, your marketing VP's cell phone contract expired. While shopping for a new service, she was dazzled by a smartphone that could do everything but order her morning latte. "Sign me up!" she said.
Even as you read this, that smartphone is busily downloading sensitive corporate data once stored on the VP's laptop. Why schlepp a PC, she figures, when the smartphone can store sales, customer and inventory information?
Worried? You should be. Although laptops are still the device of choice for most users, the increasing automation of business processes is driving a growing need for ubiquitous access to corporate data. Small mobile devices will soon pussyfoot their way into your enterprise, if they haven't already.
The trend has not yet reached critical mass, but we expect that to change as smartphones grow in popularity. Essential PDA and PIM functions crammed into a mobile phone form will make even non-gadget-addicted end users take notice. And don't bother pushing for a corporate policy banning unsanctioned mobile devices; given a choice between following the rules and making their lives easier, most employees will toss the company manual out the window.
Why not get ahead of the curve? Work with, rather than against, early adopters. These are likely among the most productive employees in your organization. And as prices for mobile devices plummet while feature sets grow, the capital and management cost savings of moving from multiple devices to one become more compelling. Standardization on just a single device is a battle well worth fighting (see "One Platform for All,").
So, now that you've acknowledged that mobile devices are a fact of life, you must face these concerns:
Whether mobile productivity devices are owned by enterprises or by employees, corporate data will find its way onto them--and then, inevitably, out the door. And mobile devices have a nasty habit of being lost or stolen and becoming gold mines for thieves looking for sensitive information on unprotected machines.
Recently publicized viruses remind us how important it is to control and sanitize devices when they interact with the corporate network. Symbian has Cabir, and earlier this month, just three weeks after publication of the WinCE4.Duts.A proof-of-concept code, which showed the Pocket PC platform was vulnerable, the Bardor.a Trojan appeared.
Asset tracking can be tough without an accurate bead on how many devices a corporation has floating around. Further, knowing what sensitive information has been compromised by lost devices is impossible without knowing what applications and data are kept on them.
Because mobile devices connect to network resources intermittently, keeping tabs on them, their software and their data is a daunting management task, especially for IT departments already stretched thin. There are products that can help.
We asked nine vendors to submit their mobile device management software to our Syracuse University Real-World Labs® for testing. We looked for products focused on a broad range of management features, including inventory, configuration and security, on an equally broad range of handheld platforms. Point solutions in the PIM or security space were not included, nor were products supporting just one hardware platform.
We received entries from iAnywhere, Intellisync, Mobile Automation and Novell. Extended Systems, Hewlett-Packard, Marimba, Symantec and Symbol Technologies declined. For details of the devices we used for testing and our test bed setup, see "How We Tested,".
Being able to distribute applications, data and configuration settings seamlessly to hoards of mobile devices sounds good. Truth is, mobile device management is no cakewalk, even with a specialized product.
Although vendors promise to support entire device platforms, that doesn't mean every gadget in your enterprise will play nice with each management system. In fact, not only are some devices and OS versions (especially legacy ones) picky about taking client software installs and then being managed, even when they do work as intended, feature sets vary widely by platform.
We found support for Pocket PC the most robust among the products tested, followed closely by that for Palm handhelds. For those that support Windows Mobile-based smartphones, Symbian and BlackBerry devices, feature sets were noticeably thinner--especially for BlackBerry, whose limited development API has restricted support to lean inventory-management functions, and Symbian, which has little enterprise traction and, therefore, minimal management support.
Despite limitations, the promise of a decent level of mobile device management is likely enough to tempt any organization awash in unmanaged handhelds. But our experience with these products suggests that only companies with large mobile device installs--say, 100 or more--that house sensitive corporate information will get a sufficient ROI. The products we tested cost $40 to $110 per device or user. Some vendors license based on the number of devices, while others allow an unlimited number of devices per user; there's usually no charge for the server software. XcelleNet's and Intellisync's offerings are the most expensive, but they support the widest range of devices and include the most features.
On the bright side, feature sets and pricing are generally quite customizable. For example, you may need inventory and software-distribution functions but not patch management. Intellisync usually bundles its product with its Email Accelerator PIM sync software, while Novell's ZENworks 6.5 Handheld Management is a component of the ZENworks 6.5 suite. Each vendor offers something for the Win32 platform as well. We pulled together a pricing chart to give you an idea of your mileage; remember to negotiate.
Pricing Guide Click to Enlarge |
From a user perspective, these suites promise better access to timely data, and data loss should be less common thanks to frequent automated backups and automatic restores. Users will welcome having all the apps and files they need slapped on their devices automatically. On the other hand, few users will enjoy the enforcement of security policies, which generally entail extra time and effort.
Updates on the client side are pushed onto devices or triggered by users (or a friendly admin); this varies by vendor and by product, depending on how the devices connect to the servers--cradle sync versus Web connection, for instance. For applications, admins can decide what users need and assign those apps to user or device groups. The next time those users or devices connect, they get the apps destined for them.
Security, a big selling point of mobile device management, starts with hardware and software inventory but is rounded out by application distribution and security policy enforcement. Some of the products tested also include file- or folder-level encryption. Although almost every mobile device comes with a power-on password feature, it's rarely used. All the device managers we tested can enforce a power-on password policy, using the device's native capabilities or by hooking into the device's wake-up mode. Further, if the policy is violated, you can lock the device, wipe files or folders, or perform a hard reset to return the device to default settings. Tie that kind of policy enforcement with the advanced wireless data capabilities found in some newer devices, and administrators can send an action and kill a stolen device remotely.
XcelleNet Afaria 5.1 took our Editor's Choice award for its ease of use, rich feature set and granular control of clients. Acquired by Sybase in May, XcelleNet is now part of Sybase's iAnywhere Solutions subsidiary. The combination of iAnywhere's leadership in the mobile database market and XcelleNet's strong mobile device management makes Afaria a compelling and synergistic, albeit expensive, choice.
Although PIM sync was not the focus of our tests, it is Intellisync's primary selling point, and organizations interested in that functionality will recognize the value of the product's excellent handheld device support and broad feature set. Mobile Automation's low price will be attractive to those supporting only a few platforms. And Novell shops will be happy to hear that ZENworks 6.5 Handheld Management works well with other ZENworks products and that its mobile device agent software deployment is about as hands-off as possible.
XcelleNet once again demonstrated its competency in the mobile device management space with Afaria 5.1. Since the last time we looked at Afaria (see "Enable Your Mobile Apps,"), the company has added enhanced custom views. On the client side, we found support for Windows Mobile smartphones and hooks into VBScript or JavaScript.
Server installation was simple on Windows 2003 once we ensured we had the necessary prerequisites, which include a functioning IIS Web server, Microsoft .Net 1.1 and MDAC (Microsoft Data Access Components). We had to create the database manually on the SQL server, but once we did and provided the correct connection information, database connectivity was a breeze. We pointed to our Active Directory server and could seamlessly authenticate our AD users.
Afaria neatly divides device management into self-explanatory components: Session Manager, Software Manager, Inventory Manager, Document Manager, Backup Manager, Configuration Manager, Sync Manager, License Manager and Security Manager. Each module can be purchased la carte, but not all are available for all devices. The Pocket PC and Palm platforms are the most generously endowed, while the BlackBerry client supports only the Inventory and License Managers. We don't blame Afaria for this; rather, we consider this a reflection of what RIM (Research in Motion) has exposed. ZENworks can deploy older RIM applications using desktop software and RIM's Desktop cradle sync, but BlackBerry support was lacking across the board.
Afaria's Web administrative interface is enhanced by cascading style sheets, JavaScript and the use of .Net. The interface is split into four sections, but we spent most of our time in the Channels view. Channels, a concept similar to the bygone days of PointCast, is the mechanism through which we published information for distribution to our test devices. There is a Channel for each manager module, and helpful wizards guided us through Channel creation. After selecting the device type, such as Pocket PC or Palm, for which we wanted to create the channel, we performed a more detailed configuration. Channels can be assigned to specific users or to groups, which can be generated dynamically based on the presence of certain hardware or software.
Once we got the inventory from each device in our test bed, we deployed a game to only those Palms with color displays and upgraded a productivity application if an older version was found. We also attempted to create a dynamic group based on devices that didn't have a certain piece of software installed. We learned that though this is possible, it requires creation of a custom query or database field. To be fair, none of the other products tested made creating such a dynamic group any easier.
Other highlights include Afaria's broad mobile device support, the most of any product we tested. For example, deploying new software, always a challenge, becomes particularly difficult when it involves the nomadic users of handheld devices. We created agent or client installations on each platform by generating an executable using the Afaria client-creation wizard, which prepopulated the mobile device settings. Installing the agent was a breeze using an executable on a desktop computer configured to work with the device's synchronization program.
Unfortunately, we couldn't perform Web installs, though we could have searched for necessary installation files and downloaded them using a cellular data network and the Web browsers on our Sprint Treo 600, Motorola MPx200 or Sony Ericsson P900. Only Mobile Automation offers easy Web installs as a standard feature--all the products should provide this, though. New PDAs and smartphones are acquiring faster and more pervasive connectivity via Bluetooth, Wi-Fi and high-speed packet data technologies like CDMA EV-DO and EDGE, meaning you can ease the IT support load by offering self-help--when these devices are combined with a sophisticated interface that includes a Web browser, end users can visit a Web page on your company's intranet and install the software agent. Visualize a couple hundred devices being FedExed to your desk for updates, and we think you'll see the beauty of letting users serve themselves.
Product Features Click to Enlarge |
Although a full complement of modules is available for the Palm and Pocket PC platforms, smartphones, Symbian and RIM BlackBerry devices got the short end of the stick (see our table for a breakdown of features by platform). Even on those popular platforms, we encountered a few shortcomings.
A case in point is Afaria's implementation of file and folder encryption. This feature is touted for Pocket PC, smartphone and Palm devices, but when we tested encryption on the Palm Vx running Palm OS 3.5.3, it didn't work. XcelleNet identified the problem as a conflict with one of its other modules and a combination of the specific device and OS version, then provided us with a fix. Although the devices in our test bed were updated to the latest publicly available firmware or ROM, this small glitch illustrates the complexity of developing heterogeneous mobile device management apps and the diminishing viability of older PDA OSs.
We liked Afaria's advanced document-distribution feature, which let us publish a multitude of documents to granular user groups. If the document is a weekly report, for example, Afaria can be configured to regularly check for new content and distribute it to users. That way, road warriors will have the latest report, spreadsheet or document. Again, this functionality worked mostly as promised, except on the two older Palms in our test bed. XcelleNet again identified the problem as stemming from device/OS version and module conflicts, did regression testing and coughed up a fix.
Afaria had a rich set of features across most platforms, and organizations contemplating advanced applications requiring databases should be comforted by its integration with iAnywhere. The high price tag is a reminder that features and breadth come at a cost and that if you have the luxury of a controlled rollout of mobile devices, sticking to one platform will save you big bucks.
XcelleNet Afaria 5.1. iAnywhere Solutions, (800) 322-3366, (678) 585-7300.
Intellisync's Mobile Suite boasts a rich PIM-sync heritage going back to its Synchrologic roots. It had the widest breadth of features of the products tested, with support for everything from management functions and license auditing to automated delivery of weather reports and traveling directions. It fell short of our Editor's Choice only because it failed to execute as well on device platform support and ease of use.
Although time-consuming, installing Mobile Suite was straightforward, and based on our license key, the modules Intellisync provided for testing were activated automatically. Our installation included device-management, file-sync, license-auditing and database-sync features. Like XcelleNet, Intellisync prices each module separately, so be prepared to shell out extra bucks for each added piece of functionality.
Conveniently, Mobile Suite automatically created a database on our SQL server, but we were unable to seamlessly tie into our existing Active Directory user database. Rather, we had to import those users and groups whom we were authorizing to use Mobile Suite sync features. AD accounts that we created post-installation required importing as well, manually or on a scheduled basis using an included application. The product also supports LDAP and NT Domains, and user credentials are passed in the background.
With Mobile Suite installed, we were ready to begin shooting supplicant software out to our client devices. We found that most client apps are larger than 1 MB, which translates to long download times and may even cripple older devices. We could install software in two ways. For cradled devices in our test bed, client applications were easily installed by running through a few simple steps on a server-based Web page from the devices' host computers. For our Web-enabled mobile devices, we downloaded and installed the client files directly from the server over a simple HTML Web page we had created and linked to the installation files for each platform.
Mobile Suite performed admirably, easily handling each promised function on our test devices, though its extremely thin support for BlackBerry and Symbian kept us from performing much more than inventory functions--quite a bit shy of the advanced features offered for Pocket PC, Palm and smartphones.
Supported devices are managed almost entirely through user identities. Although this approach can be useful in ensuring that only authorized users get certain software, files or policies, Mobile Suite lacks a simple interface for us to group devices based on their hardware or software. Now it's true that Intellisync's versatile scripting tool let us create logic on which to base package distribution, depending on the contents of a device or its hardware. But though this made it easy to create powerful granular-distribution packages, we missed what Afaria and ZENworks offered: a simple mechanism to create hardware-based groups for general and ongoing management.
For Pocket PC shops, Intellisync's Device Configurator tool can further help management of multiple devices by extracting a device's configuration and distributing it across all similar devices. Any time we changed a setting on a managed device, Mobile Suite enforced a configuration based on our preset parameters by pushing changes back down to the devices.
Intellisync led the pack in security options, offering not only solid support across most devices for power-on passwords and device wipe, but also, impressively, support for encryption types ranging from AES to SSL. Whether you require the strongest encryption for high file-security levels or need to go easy on heavy encryption algorithms because of CPU limitations, you're covered.
With Mobile Suite, Intellisync delivers comprehensive mobile management of Microsoft- and Palm-based devices; BlackBerry and Symbian users will be less pleased. Although we found Mobile Suite's complex, hierarchical interface less than intuitive--owing in part to its user-based management approach--the product let us undertake many tasks not found in rivals, such as PIM and license auditing. As with Afaria, you'll pay for all this functionality.
Intellisync Systems Management, a component of Intellisync Mobile Suite 5.5. Intellisync Corp., (800) 244-5430, (408) 321-7650.
Mobile Automation's Mobile Lifecycle Management Suite gave us ample support for redundant backup and relay servers that off-load tasks and help manage traffic flow across WAN links. It was clearly designed with scalability and high availability in mind. Unfortunately, MLMS doesn't deliver quite as well on its device-management promise, lagging not just in features but in breadth of platforms supported.
Of the products we tested, MLMS was the fastest and easiest to install: It performs all device management through HTTP Port 80 via Microsoft's IIS. However, Microsoft's increased Windows 2003 Server security meant we had to perform extra steps to loosen that security in order for MLMS to work properly. This lowering of the guard has to be done only once for each server installation, but we've complained before about this requirement--past versions also have required loosening security. In addition, we had to change a default setting that prevented IIS from executing ASP pages, as well as change security permissions on a folder. An application to perform these tasks automatically would have been preferable. Better yet would be for MLMS to work while keeping the tightest possible Windows security settings.
Clearly, MLMS won't be a good fit for shops where security is important. Beyond the ability to encrypt transmissions with SSL, for example, the platform doesn't support power-on passwords, remote-device killing on the Palm or any sort of file encryption.
On the bright side, MLMS's client installation method was the most elegant of all vendors. We surfed to an installation Web page on our server and were tickled to see that the installation package was determined automatically based on which device we used to access the page. This worked beautifully for only some of our devices, however; our Motorola MPx200 couldn't install the downloaded file, and the Treo 600 and Palm Vx locked up or reset after installation. Docking the devices to a cradle and installing the client apps via a connected desktop fixed this. Mobile Automation doesn't support BlackBerry or Symbian devices.
Contrary to the way competitors categorize devices, MLMS differentiates between managed devices that are docked to PCs and those that connect without a cradle. Not only are the two categories in different parts of the management tree (we found it especially confusing when a test device was present under both sections), but functionality is different between connectivity methods. For example, we could create task and application packages using an easy wizard only on docked Palm- and Microsoft OS-based devices. We had to access advanced features, such as installing software, updating patches and creating tasks, using Mobile Automation's scripting tool, which supports Microsoft devices only. Our Palm handhelds that connect directly to the server without being docked could only send and receive files. MLMS also didn't allow for any task or configuration changes to be sent to these Palms. Byte-level differencing, where only differences between an original file and its modified version are transmitted, isn't an option with MLMS, either--another feature the other three platforms support.
Enterprises that rely on MLMS for their desktop and laptop populations and that have standardized on the Pocket PC and Palm platforms may be comfortable with its limited functionality and security, which are offset by a comparatively minuscule price tag.
Mobile Lifecycle Management Suite 6.0. Mobile Automation, (800) 344-1150, (310) 914-9603.
Novell just released an upgraded suite of products for desktop, server and handheld management, ZENworks 6.5. The previous version, ZENworks 6, included ZENworks for Handhelds 5.1, but this latest package pushes all the components up to version 6.5. Unfortunately, the handheld component can't be considered best of breed, and it appears to us that device support hasn't expanded since Orbiter was acquired from Callisto almost three years ago.
Because ZENworks doesn't work directly with our Active Directory, we installed eDirectory 8.7.3. Those running AD or NT Domains can use the included DirXML connector, which will synchronize objects between Microsoft directories and Novell's eDirectory, but we chose to use it in its native format. To log in to the eDirectory tree, we had to install Client32 on the server; we then needed to install Novell's ConsoleOne management interface. Of course, Novell shops won't need to take these steps, but we had hoped to see a move to Novell's Web-based Remote Manager; the company did tell us that Web management is on its road map. We were pleasantly surprised at how smoothly the installation used our SQL server, even though the default is for ZENworks' own internal database.
ZENworks Handheld Management's architecture has four components: the server, which controls distribution; the access point, which is the interface between the server and the handheld clients; the desktop- synchronization integrator, which provides management connectivity for cradle-synced devices; and the handheld clients. This design lends itself very well to providing sync connectivity over low-speed WAN links.
The desktop-synchronization component effectively and consistently forced installs on our Palm OS-based devices. We pushed out cradle-sync installs on the RIM platform. However, automatic PocketPC installs via ActiveSync didn't work until we rebooted our workstation (who knew?), so for most of our testing we resorted to copying the CAB files and executing them manually, as documented on Novell's online manual.
Point Security Click to Enlarge |
Once our handheld device objects were generated in the directory, we created dynamic queries to group the devices by type or hardware feature. We produced applications that performed file copying directly to the device and then, optionally, could run and install. We also had the option of pushing an executable down to the workstation for installation; that required a desktop install and a subsequent PDA sync. We associated the applications to users, eDirectory groups or handheld groups based on dynamic queries.
One irritating weakness with the dynamic groups was that they updated themselves only at scheduled intervals, begging the adjective dynamic. If not for the "Update Groups Now" button, it could have taken up to an hour for a new device to be listed as a member of a group.
Inventory Viewer, a separate utility, is powerful. It let us view all hardware and software inventories, build queries and generate reports.
Novell's program does not support Windows Mobile smartphones or Symbian devices, and RIM support covered only the older 85x/95x devices. To perform an IP-based sync on our Treo 600 over the Sprint PCS network, we had to install an extra (albeit small) component. These limitations and a dearth of features highlight Novell's struggle to maintain currency in the fast-developing world of mobile devices. Those using the ZENworks suite will appreciate the familiar interface and low price, but Microsoft shops should look elsewhere.
ZENworks Handheld Management. Novell, (888) 321-4272, (781) 464-8000. www.novell.com
Jesse Lindeman is the lab manager at the Center for Emerging Network Technologies at Syracuse University. He has been a systems administrator for a historic roofing firm in Washington.
Frank Bulk is a technology associate with the Center for Emerging Network Technologies at Syracuse University.
To get beyond the fundamentals of mobile device management, you must understand file and data management. Some of the packages we tested can perform sophisticated document delivery, version tracking, backups and restores, but a mobile database is better for mobile devices running advanced applications. Enter Sybase's iAnywhere, of which XcelleNet is a newly minted subsidiary.
An example will make the benefits clear. Say a sales rep is visiting a customer in a given territory. The rep wants to have instant access to that customer's sales information and to data regarding other customers in the area just in case he or she has time to visit. What's more, the rep needs only summary statistics for all other locations and wants to generate reports. Under this scenario, a mobile database that can carry aggregates of some data and subsets of other data is likely a better fit than a maze of spreadsheets guaranteed to become outdated quickly.
IAnywhere offers a pair of mobile databases: Adaptive Server Anywhere (ASA), which has a feature-rich database engine; and Ultralite, a slimmed-down version for resource-confined devices. Designed from the ground up to run on mobile devices, the products offer ease of use, good performance and strong security. In addition to the software portion that resides on the end-user device, you must run Sybase's MobiLink service, which provides an interface to an existing database server. It performs conflict resolution and sophisticated scripting, and can deal with the sporadic and unreliable nature of mobile-device communication.
IBM's similar product, DB2 Everyplace, comes in behind iAnywhere's products in market share. Unlike iAnywhere's software, which doesn't require tight integration with an existing platform, DB2 Everyplace requires an instance of DB2 Universal Database to provide an interface between the mobile platform and any of several multivendor back ends.
Two other players in this market are also major database vendors. Microsoft already has SQL Server CE, and a project code-named Laguna is on tap to become SQL Server Mobile Edition early next year. It's targeted for mobile devices based on the Windows CE platform. And Oracle has a mobile version of its flagship product, called Oracle Database Lite 10g. Both systems are closely tied to their namesake databases.
You can't solve a problem until you acknowledge that it exists. So look around your organization and take a rough count of how many different mobile devices are in use supporting your business. And consider that both Canalys and Reed Electronics Group expect the smartphone market to grow at a brisk rate through 2009 as people upgrade their cell phones. For many companies, now may be the time to develop a standardization policy while planning to implement a capable mobile device management product to distribute applications, data and configuration settings to corporate handhelds. Without management, properly leveraging mobile devices' productivity-enhancing capabilities while preventing theft of corporate data is close to impossible.
We tested mobile device management products from iAnywhere, Intellisync, Mobile Automation and Novell in our Syracuse University Real-World Labs®. We found that small companies may not see a sufficient ROI--products tested cost $40 to $110 per device or user. However, most vendors' à la carte setups do let you choose--and pay for--only what you need.
After testing on a multitude of device types, OSs, versions and service providers, we named iAnywhere's XcelleNet Afaria 5.1 our Editor's Choice. It was a breeze to run, with an impressive feature set and granular client control. PIM-centric organizations should also consider Intellisync's offering, while Novell shops will want to take ZENworks Handheld Management for a spin. Mobile Automation offers a low price but limited platform support.
Because few enterprises nail their employees down to a single mobile platform, most IT groups must manage more than one of the four major mobile device types and operating systems. Compare this to your desktops: Imagine having a mix of Linux, Mac OS and two versions of Windows. Ouch.
Some companies have rolled out mobile apps on a specific device, frequently Research in Motion's BlackBerry. So why not just standardize on BlackBerry, for example, use RIM's enterprise-management server and save a bucket of cash? It's true that organizations standardizing on BlackBerry will find little value in a third-party mobile device manager--the BlackBerry Enterprise Server provides password policies, configuration management and system backups.
However, while a recent Network Computing reader poll for an upcoming cover package makes it clear that most people see e-mail and Web access as the most pervasive mobile applications, specialized applications, including sales and field force automation, are on the radar. But third-party software is limited on RIM devices. And going beyond e-mail and PIM sync is a problem. Whose fault is that? Is it that RIM hasn't opened up its APIs? Is it a memory or processor speed problem?
We don't have all the answers, but if you plan to deploy custom or advanced applications, you'll need to go with Palm or Pocket PC. You'll also see benefits with a more advanced--and, yes, expensive--specialized mobile device management system. How We Tested
To create a real-world environment in our Syracuse University Real-World Labs® for testing mobile device management, we first gathered devices for each major mobile operating system: Palm, Pocket PC, Research in Motion's BlackBerry, smartphone and Symbian.
For Palm, we used a Palm Vx running Palm OS 3.5.3 and a Palm m505 with Palm OS 4.1. We tested Palm OS 5 on a Treo from Sprint PCS.
For the Pocket PC line, we used a Compaq iPaq 3950 running Microsoft Pocket PC 2002 and a Hewlett-Packard iPaq 5150 running the 2003 version.
We used two BlackBerries: an older RIM 957 and a BlackBerry 7230 from T-Mobile.
Our smartphone was the Motorola MPx200 running Windows Mobile 2002 and using AT&T Wireless' GPRS service.
Our Symbian Series-60 device was a Sony Ericsson P900 using T-Mobile.
For our anecdotal laptop testing, we used a PCMCIA-based Sierra Wireless AirCard 750 over AT&T Wireless' GPRS.
How We Tested Click to Enlarge |
For base connectivity, we used standard desktop sync cables (serial or USB) and their syncing programs. To provide WLAN connectivity for our Pocket PCs, we used the iPaq-compatible PCMCIA sled with a Cisco Systems 350 (802.11b) card and a compact flash sled with a Socket CF. We used AT&T's and T-Mobile's GPRS for two of our phones, and Sprint PCS' CDMA 1xRTT for the Treo 600. This gave us an idea of how well each mobile device management app worked in both on-site and wide-area roaming situations.
In the lab, we used 802.11b and dock-based syncing. Even with dock-based syncing, most devices could support TCP/IP communications through their sync conduits, so we were testing as if they were using TCP/IP connections, just faster and without battery drain. We tested the high-speed packet data services based on GPRS or CDMA 1xRTT outside our lab simply because of limited coverage in our building. Only for large software installations that exceeded several hundred kilobytes did we find the packet data services slow; for configuration deployment, policy enforcement and document distribution, these 2.5-G services performed very adequately.
After testing each product, we hard-reset it so we could start with a clean slate. We attempted to perform over-the-air installations using the device's native wireless capabilities wherever possible.
On the server side, our test bed consisted of six Dell PowerEdge 2550 servers with dual-Pentium III 1-GHz CPUs and 1 GB of RAM, running Microsoft Windows 2003 with the latest patches. We dedicated one server to run our Active Directory server and Exchange 2003, while a second hosted Microsoft's SQL 2000. The remaining four servers hosted the four products under test, along with IIS if required. We opened all necessary communications ports on our firewall so we could connect with our lab's other subnets and our devices' packet data services. Some enterprises will want to run their management server in the DMZ to limit exposure of their directories, files and documents. A VPN is probably unfeasible, so consider using the provided encryption features.
For functionality testing, we began by pushing down a device configuration that included as much detail as possible, such as the device owner's name and company, as well as setting the power-off and sound configurations. We deployed an older version of eReader for the Palm and created a subsequent package that upgraded those Palms running the old versions of eReader.
We then installed Symantec's Antivirus for HandHelds 3.0, which runs on Palm and Pocket PC devices only. For the Pocket PC, we deployed eReader by using a file-copy mechanism, but deployed a CAB and executed an install for the antivirus software.
We tested document distribution by pushing down documents that could be read by the eReader. We also enabled power-on passwords and tested to see if they locked the device after a predetermined activity time, after soft resets and after powering off. We also verified that the devices would do a data wipe or hard reset after failed authentication. We then tested device-based file or database encryption, performed backups and verified that the software and hardware inventories were obtained properly.
Read more about:
2004You May Also Like