In the test: Installing AppTec EMM, registering and configuring mobile devices
Tablets and smartphones are now an integral part of IT. To prevent them from becoming a cost and security trap for companies, they require centralized management just like desktop devices. This article shows how this task can be accomplished with the AppTec Enterprise Mobile Manager (EMM).
Unlike their big brothers, mobile devices are not always in contact with the corporate network, and because private devices are increasingly being used for professional purposes (BYOD), different guidelines apply to the handling of the data on them. IT therefore needs specially tailored solutions for the management of mobile devices.
AppTec with a focus on the German market
In the market for Enterprise Mobility Management (EMM), which is dominated by American manufacturers, the Swiss company AppTec is one of the few providers that complies with the strict German legal framework. AppTec360 EMM supports all common versions of iOS, Android and Windows Mobile.
As usual in this software category, AppTec EMM addresses the three main areas of mobile device management:
- Mobile Device Management (MDM): Inventory, configuration and management of mobile devices, device security, email access, BYOD.
- Mobile Application Management (MAM): Management, distribution, updating and protection of apps on the end devices, based on a self-defined app store, which can also include your own apps.
- Mobile Content Management (MCM): Securing data usage, for example through encryption, monitoring of data usage, targeted access to company data from mobile devices.
Fast commissioning in the cloud or on-premises
With AppTec, users can choose between an on-premises installation or the cloud version with servers in Germany and Switzerland. There is no functional difference between the two options.
While the SaaS variant only requires registration in order to start managing the appliance, the administrator for a private instance must first import the virtual appliance supplied in OVA format on a hypervisor such as ESXi, Hyper-V, Virtualbox or XenServer.
After booting the VM, the browser-based installation wizard opens, with which the appliance is configured and integrated into the network. In addition to uploading the license file and a public SSL certificate, the admin user and a mail account must be set up for the system to send mails.
If you find it too inconvenient to work in the small console window of the VM, you can also enable the appliance for remote access to the configuration wizard via SSH command line. To do this, you have to create a password in the file /opt/console/application/configs/externalConfigPassword and can then gain access from a remote computer via a browser using the URL:
https://HOSTNAME/public/config/extconfig/pwd/MEINPASSWORT
As the management server must communicate with the mobile devices via the Internet, additional ports must be enabled in the firewall in addition to 8080, 8081 and 443: 5223, 2195 and 2196 must be open for Apple APN communication, and 5228, 5229 and 5230 for Android.
Preparation for device management
From this point onwards, the on-premises software is in the same state as the cloud version. As with all MDM solutions, the EMM administrator first makes some arrangements for the management of iOS and Android devices via the tidy web console.
For iOS, they must obtain an APNS certificate via the corresponding Apple service and store it in the EMM. If Apple devices are also to be operated in supervised mode, which opens up extended configuration options, a DEP server must also be defined in the EMM, which requires an additional Apple certificate.
Enrollment and provisioning
The EMM administrator can either create users manually, import them from a CSV file or connect the server to their own directory service using an LDAP connector.
For the enrollment of the devices, he can automatically send the users an installation request by email or SMS. After logging into the EMM service on the end device, a certificate is first set up on the mobile device and then the EMM app required for control is installed.
Clear device configuration
The administrator can now configure and control the devices that have been taken over into management from his console. Despite the manufacturer-specific differences between mobile operating systems, most parameters can be managed using a uniform methodology, which greatly simplifies the work of administrators.
For example, password policies, camera use and access to cloud services can be configured uniformly for all device types.
The dashboard provides an overview of the status of all devices, provides information about their compliance and lists all devices that have not yet been registered.
Although you can see how many mobile devices have a modified operating system installed (jailbreak/root), there is no automatic response, such as blocking, deleting or a request to the user. The administrator must initiate these actions manually.
Users can use the slimmed-down self-service web console to check the device status, for example, or to initiate device location in the event of theft.
Dual Persona supports BYOD scenarios
In addition to the subdivision of users and devices into individually definable groups and correspondingly defined configuration profiles, the differentiation according to ownership status is a decisive parameter: For each device, it must be specified during enrollment whether it belongs to the company or the user.
In the latter case, the dual persona principle applies: private and business content and apps can coexist on the devices managed with AppTec. These are securely separated from each other so that the company can enforce its security guidelines while access to private data is excluded and the user’s privacy is protected.
Prices and availability
Of particular interest to smaller environments is the option to manage up to 25 devices for an unlimited period of time with the free version of the software. It offers the full range of functions and can be downloaded from the manufacturer’s website.
If you want to manage more devices, you pay €0.99 per device and month for the on-premises version. Use of the Universal Gateway, ContentBox and SecurePIM add-ons costs extra.
Device management in the cloud costs €0.49 per device per month with a minimum term of 24 months.
Conclusion
The AppTec360 EMM software impresses with its wide range of features, fast commissioning and simple operation via the web console.
Important for German companies are the works council-compliant design of the management and cloud operation on servers in Switzerland and Germany. The fact that the manufacturer promises same-day support for OS updates demonstrates the high security standards of the Swiss.
Source: https://www.windowspro.de/andrej-radonic/test-enterprise-mobility-management-emm-apptec