Organizations and workers are going mobile. The percent of mobile knowledge workers is expected to rise from the current 50% level to 75% by 2010. Market research reports net gains in work time of 5 to 10 hours per week when workers go mobile. 

Mobile enterprise applications can be effectively applied to a large array of tasks including field force automation, remote systems administration, sales force automation, supply chain and inventory management, fleet management, and telemetry and remote monitoring, among many others. Your organization and your customers will benefit from mobilizing many of these tasks.

In the beginning, a few early adoptors request smartphones to meet their individual needs. Over time, the IT department accommodates this recurring request and standardizes their response by selecting a platform, supported devices, and service providers.

In the final stage, wireless capabilities become integrated into the daily business activities of the entire organization. More comprehensive mobile solutions then take on the form of “thick mobile apps” which are more flexible and full featured mobile apps.

Across the organization, employees seek to improve their productivity through the use of smartphones with access to corporate communications and data. For example:

• Employees are connecting their smartphones to corporate email servers
• Sales teams need access to customer and order information from corporate CRM
• Field technicians need access to service information as well as updates
• Managers need timely access to critical business data from the business intelligence system. 

• Smartphones are always on and ready to respond to events in real time
• There are more competing platforms and operating systems on smartphones
• Offerings and innovation are driven by a massive consumer market
• Consumer innovation must be adapted to enterprise use and security
• Limitations in screen real estate, memory, processing and storage require custom solutions optimized for specific tasks
• Geo-spatiality and RFID open a wide range of new application opportunities
• There is no standard administration capability on smartphones
• Exposure to loss and theft are greater with smartphones.

Even if there were no security issues, organizations still need to manage smartphones.

• The organization has invested time and money to purchase and distribute these devices
• Management must track how these devices are being used and ensure they are used for the purposes they were intended
• Smartphones unique characteristics (see answer to question 5) create opportunities and risks that must be managed
• Anytime, anywhere communication and data access enables new management models, flatter structures and expanded spans of control.

The ubi-Suite administrator has the ability to install a new software application on any mobile device under its control or on any new device when a user initiates the first time install procedure. This is accomplished by creating Software Packs that contains all the required components to install the application. These Software Packs can be mandatory installed applications or can reside in a company software store that the user would choose to install on the mobile device. If the application is mandatory, installation can be completed with no user intervention.

 The ubi-Suite administrator has the ability to initiate a remote device wipe or to lock the device, whichever is more appropriate. The locking or remote device wipe can be initiated from the ubi-Suite devices tab. On the next polling cycle, the device is either blocked or wiped. 

In addition to the benefits from mobile calling that we are all familiar with, Smartphone users can expect to experience improvement in work and in balancing work with other obligations.  

This list is only the beginning. As applications are optimized for smartphones and new opportunities are pursued based on geo-spatiality or other unique capabilities, the list will grow.

Smartphones can be initially configured using one of the following methods: 

• Over-the-air (OTA) installation using either an SMS message with an embedded link to a phone server such as ubi-Suite or a WAP push to a server
• Preconfigured SD card inserted into the phone
• Direct connection to a desktop or laptop computer. 

The installation is automated and takes only a few minutes. The installation does not require an additional SD card or have any other computer requirements. If necessary, the OTA installation can be re-done during a support call. The device also can be remotely disabled via OTA. Auditable installation and configuration tracking can be centrally maintained on the server.

There are a number of ways this can be accomplished. The easiest method for the initial install is to initiate a WAP push of the link to initiate the install. This is done from the ubi-Suite console manager. 

The ability of a smartphone user to override default settings is under the control of the administrator. Some settings are established as default values but can be changed by the user while other settings are restricted and cannot be overwritten by the user.  

If your ubi-Suite managed mobile device is lost or stolen, you should contact the ubi-Suite administrator. Your company security policy will dictate the course of action related to locking the device or initiating a remote device wipe.

By using a mobile device management system, an accurate and complete inventory of smartphones is automatically maintained. ubi-Suite provides a detailed view of total inventory including listings of all applications and resources available on each smartphone as well as tracking changes to these resources. You will have an accuracte record of people, devices, configurations and up-to-the-minute device status. This information enables the mobile administrator to effectively monitor and manage problems as they occur.

Yes, most administrators would run an inventory report directly from Microsoft SQL Server taking advantage of the inventory tables automatically maintained by the ubi-Suite server. The administrator can use any off-the-shelf SQL reporting tool including Microsoft SQL Reporting Services, Active Reports, or Crystal Reports etc.

Yes, the ubi Suite server monitors all installed applications, program files, windows files, directory structures, mobile device hardware specifics, operating system, language and build numbers. The administrator can see these changes using the ubi-Suite web interface.

Since ubi-Suite gives the administrator the ability to lock down settings on the smartphone that will not need to be changed, the primary areas of interest to the administrator will be characterized by consumable resources. Examples of this include battery life, SD card storage space and RAM space.  

In the Roadmap to Mobility, the second and third levels of mobility come about with the integration of mobility into daily business tasks. Line of Business applications may result from customizing an existing application for smartphone use or from creating new applications to leverage geo-spatiality or remote monitoring to create new capability. These mobile tasks require the automatic, consistent and error-free distribution and installation of LOB applications into the smartphone fleet.  

ubi-Suite provides industry-leading capabilities in this area. For example ubi-Suite installs ubiControl on each smartphone. This resident process traps smartphone user interactions and enables preset responses or limits to be imposed. User interactions during software installation can be dramatically simplified or eliminated reducing user errors, confusion and smartphone support costs.

ubi-Suite can be used for installation, provisioning and periodic upgrading of a LOB application. The installation and provisioning can be completed in the initial install process or at a later date. 

The ubi-Suite administrator creates a Software Pack complete with licensing and provisioning files. This Software Pack is added to the Deployment Pack and then automatically deployed to the mobile device on the next polling cycle.

Examples include field force automation, remote systems administration, CRM (Seibel, Microsoft or Sales Force), supply chain and inventory management, fleet management, and telemetry and remote monitoring. In fact all applications that are actively used on laptops should be considered as a starting list with applications that use RFID, geo-spatiality and remote diagnostics adding to the list.

Default smartphone applications such as Microsoft Office are managed by controlling access to the application and configuration of the application whereas third party LOB applications require installation as well as configuration. A third party LOB installation can have several components that must be managed and installed together. These components typically include a CAB or EXE file, a configuration file, a security certificate, and a license file.

In general, security certificates are required for secured access and/or communications. For example Microsoft Exchange Server can be set up to use a security certificate as an added requirement to gain access and enable secure communications between smartphone and the company’s Exchange server. Another example is the use of a security certificate to secure a VPN communication connection through a corporate firewall.

The ubi Suite MDM has the ability to install certificates on mobile devices.

The ubi Suite MDM can distribute the same certificate to all mobile device users.

Yes, even this exceptional level of security is possible by adding a file to the user area of ubi-Suite server.

Smartphones need to be maintained in a high availability and high performance state 24X7. The enhanced monitoring, alerting, troubleshooting and reporting capabilities of ubi-Suite enable proactive issue identification and resolution essential for effective fleet management and to maintain confidence in the smartphone system.

The ubi-Suite server has the ability to monitor an enormous amount of items on the mobile device. Examples of these items are: Hardware, device name, UUID, AKU OS, Language, Device mobile IP address, Installed Files, directory structure, and installed programs to mention only a few. ubi-Suite also maintains a communication log which records every time the mobile device checks in with the ubi-Suite server.

The ubi-Suite administrator can view all of the above mentioned items on any mobile device and many more by simply double clicking on the mobile device in question and selecting one of the many tabs of information available.

The mobile device communicates with the ubi-Suite server based upon the interval of the polling cycle set up by the administrator. During this polling cycle, any changes in the mobile device would be relayed to the server and any updates that the server has for the mobile device would be initiated at that time also.

One example of a problem with a mobile device that could be identified would be small amount of program memory free space or data memory free space available. Both of these statistics are captured in the ubi-Suite server in the Device tab. Another example of a mobile device problem that could be captured would be the identification of bugs in a Windows Mobile release. Since ubi-Suite reports on the exact build number of the Microsoft operating system, the bug can be diagnosed as a known problem with a particular build. Another example: ubi-Suite records the use of a device after it is reported missing but before it is disabled.

All laptops have different security levels built in that make the secure administration access different from the user access. Smartphones do not have this layered approach to security. This creates a security problem because the smartphone user has the same rights as the administrator. ubiControl changes this situation by implementing a secure administrator level on the smartphone. Once ubiControl is installed on a smartphone, the phone is controlled by the ubi-Suite server and security cannot be compromised without completely erasing the phone through a hard-reset.

There are four essential capabilities to support mobile device policy:

• Ability to secure and confidently disable a phone
• Ability to deploy complex applications silently by automatically answering installation dialog boxes
• Ability to manage any number of phones simultaneously as a single group
• Ability to audit setting for any single phone or group of phones.

• Control Mail-Push Settings: Properly configuredEmail push to the smartphone is very convenient but also a high security risk. ubiControl makes sure that the mail push settings, established by the administrator, can’t be compromised by the user. This insures smartphones are secure when used outside the company.
• Protect Certificates: ubiControl enables the administrator to manage changes on certificates for mail, VPN. Certificate compliance will be implemented consistently and always enforced.
• ActiveSync Control: With ubiControl you can monitor and manage the communication between the mobile devices and the company network. You can prevent ineligible synchronization of the PIM data with the desktop. Controlling unregulated data transfer closes a serious security gap.
• Control of Incoming Configuration Messages: Smartphones and PDA users can get requests for unauthorized system changes via SMS or MMS. But ubiControl can prevent these users from executing these requests that can put security and stability of the handhelds at risk.
• Lock Device Settings: WLAN or Bluetooth Manager, Internet Explorer or the camera, any application or phone feature can be blocked. When a setting is locked by ubiControl only the administrator can make changes.
• Lock Software Installation: If the user isn’t able to install applications and games on his handheld the number of handheld breakdowns can be reduced considerably. Support times and costs can be kept low and the responsible administrator is less burdened.

• Execution control of all applications
• Settings protected against changes by the user
• Fix and protect connection profiles
• Prevent software installation and de-installation
• Active Sync-connection control (RAPI-control)
• WLAN and Bluetooth blocking
• Prevent changes of mail push settings
• Prevent sending of attachments
• Start menu configuration and program menu set up
• Access control of folders and memory cards
• Prevent autorun of memory card
• Control of incoming configuration messages (SMS-/MMS-Receipt)

The combination of ubi-Suite server talking to the smartphone’s ubi-Control client provides a completely securable software and hardware solution. The ubi-Control client on the smartphone acts like a kernel-level administrator residing on the smartphone itself. This type of kernel is very difficult to implement but is absolutely required for complete and secure control over the phone. ubitexx is the only company to have developed this client-server technology patterned after the secure kernels of much larger server operating systems.

Active Directory Sync is a feature that automatically imports or synchronizes users or groups of users from the Microsoft Active Directory server into the ubi-Suite system. This alleviates the need for manually creating the users within ubi-Suite and ensures that the user credentials are consistent between the Active Directory and the ubi-Suite server, even if they are changed in only one place.

In addition to Microsoft Active Directory, ubi-Suite also supports Lotus Notes LDAP server.

Many features of smartphones lend themselves to mismanagement and security issues. One is example is that detailed control over the configuration and encryption of a smartcard in a smartphone is required. Another example is multimedia messages (MMS) can contain malware or smartphopne viruses. Allowing relatively safe SMS messages but blocking MMS messages would provide a higher level of security. One final example is a simplistic password protection system that is not controlled by a resident security kernel can be overridden by a phone hacker.