Out of band remote control of devices, MDM and AMT what the future holds

Introduction

Out of Band communication has arrived, as bandwidth has become commoditised. Device management is important. This article will cover two emerging technologies MDM and AMT and what the future holds for device management. Both technologies are developing rapidly, MDM in the mobile device market and AMT for the Intel based desktop PC’s on the LAN.

MDM

Mobile device management or MDM is now a familiar term describing solutions and technologies which enable the remote management of our growing estate of mobile devices including laptops, PDA’s, smart phones and tablets. MDM secures and monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises.

The growing popularity of these devices due to the commoditization of wireless internet access, their ever growing powerful operating systems and accessibility by the majority, make them an essential tool to own for enterprise today. These devices are no longer used for the sole purposes of personal information management, while the applications are now endless.  More businesses than ever before are facing the challenge of how to fully provision, manage and secure mobile devices in their corporate environments. Desktops and all these mobile devices are uniting and require a single platform to manage, both personal and corporate.

The cost of owning a Mobile device is high given its uses within an enterprise, as they are very mobile and thus vulnerable to being lost, stolen or damaged. However, the advantages of having a mobile device with its endless applications at your fingertips outweigh the cost. Thus given the potential, it is agreeable that having a mobile device management solution is essential for the effective implementation and execution of a mobility strategy. The most common issue is that of compliance relating to corporate data on mobile devices, be it personal devices or company issued. The intent of MDM is to optimize the functionality and security when using mobile devices while minimizing cost and downtime.

What should you expect to get from a MDM solution?

Most mobile device management solutions would offer a variation on the following functions:

Management of software

  • Ability to remotely assign software to the device, this is useful for when updates or patches are needed, and distribution of applications.

Management of Assets

  • The ability to group or categorise and generate inventory of managed devices.

Management of configuration

  • The ability to change the settings within the group of devices, OTA (Over The Air) settings like WPA keys deployed to all devices.

Security management

  • There are various forms of security offered for mobile devices such as, password policy enforcement, remote locking of the device as well as the ability to remotely wipe all data on the device.

Back up and restoration

  • The ability to store a backup of files or folders from the device in the unfortunate event of the device being damaged, or becoming inoperative for one or other reason. Allowing restoration at some point.

Measuring performance and diagnostics

  • Reporting and alerting concerning your devices performance with regards to battery life, memory and network information

Steps to assist in putting in place an effective and smooth running MDM solution within a business from the beginning

Before you put a MDM solution in place consider the following:

  1. Be realistic in your chosen policy and get management buy in.
    a.       This is accomplished through supporting multiple device platforms and allowing personal devices alongside corporate devices, and agreeing with management a reasonable enforceable policy.
  2. Put in place a multi-platform inventory and reporting tool from the beginning.
    a.       You should have a MDM tool that is able to quantify the mobile devices within the business, this way you ensure control of mobile devices. You would be able to identify which devices should be in use or the devices that should not be in use.
  3. Enforce security precaution within the business
    a.      Physical security is still important
    b.      Password/PIN when powering the device on, mirroring corporate password policy.
    c.       Enable local encryption.
    d.      Allow remote wiping if the need occurs.
    e.      Make Bluetooth hidden as a security measure.
  4. Plan for a single console multi-platform MDM solution
    a.       Look for a MDM platform that can manage various devices alongside one another. In the long term this will be beneficial as it will reduce set-up costs, improve functionality and efficiency, and create a singular viewpoint into the devices and data for maintenance and security.
    b.      Be sure that the reporting/inventory tool combines both your existing solution and your new multi-platform MDM solution. Avoid manual processes to access information on your mobile devices. Rely on your reporting and inventory tool for this. It will be more effective in the long run and is scalable.
    c.       Consider a cloud based solution, it is as effective and more economical and will have global reach of all your devices including your wintel platform.
  5. Ensure that there is a backup and recovery service available, that is either compliment or included in the platform.
  6. You can choose to limit the transfer of data, or prepare for the bills, especially for roaming users.
  7. Ensure security is also covered, there are many MDM vendors that have forgotten the essential security rational which should be the focus of MDM.  Elements like DLP, AV and all the other security controls should be standard and not retrospectively bolted onto MDM at a later stage.  So, words of warning pick your vendor carefully and be weary of flash in the pan start-ups.
  8. Increase mobile device security by installing firewall, anti-virus and intrusion prevention tools, ideally part of the same solution.

There are a large number of vendors selling MDM Solutions including on-premise and cloud-based solutions.  Both solutions having their pros and cons, the cloud-based solution is more appealing due to its favourable capex/opex.

The enterprise should carefully consider their requirements, and research the various vendors and solutions to find the one most suited to them as a company. As each Vendor claims to have a Mobile Device Management Solution, they all provide some different features, yet some features might be more prominent with one solution than another, and vice versa. The key is to understand your own requirements and work with those to achieve the most effective solution.

For example:

  • If your enterprise has limited security and management requirements, and profound control is not accepted by employees using personal devices. It’s probably best to choose a Vendor with a solution that supports a lightweight management approach.
  • If your enterprise requires strict security and compliance requirements, then choose a vendor with a solution that supports a heavyweight approach to security and management of the devices.

The effective solution for one enterprise may not be the best solution for another.

Active Management Technology or AMT by Intel

AMT or Active Management Technology is a management and security solution from Intel. It is an out of band remote management technology. It uses a dedicated communication channel which is part of an Intel AMT enabled chipset, thus making use of a hardware based platform.  It works independently of the platform processor and operating system.

This technology allows for ease of desktop and notebook security, maintenance, monitoring, repairing and updating all remotely. This is achieved through its independence of the processor and operating system so remote management applications can access AMT even when the device is turned off.

Features offered by AMT

  1. Out of band management, including rebooting PC’s, remote BIOS updates, access to event logs and asset information as well as sending of alert messages.
  2. Its main defence feature is through blocking outside threats, preventing infected PC’s from spreading viruses to other networked PC’s. It sends alert messaging when the firewall or anti-virus software has been disabled. It also automatically updates the antivirus software.
  3. AMT provides authentication and encryption; these features can be activated only by authorised management consoles. Another advantage of AMT being hardware is that this feature can’t be removed by users.
  4. If a desktop on the network has been corrupted in some or other way, it can be rebooted from files on another system on the network.

AMT Limitations

  1. AMT is a powerful tool for remote and out of band management of PC’s using the hardware, however, it is limited to Desktops that have the Intel hardware only.
  2. AMT is purely a desktop management technology and is not suited to server technology yet. In due time, it may move to server management.
  3. AMT does not possess the features to replace service processors for server management. There is no out of band network access as AMT works over the main production network. It is thus unsuitable for administering servers in datacentres with management networks.
  4. It has great features for client PC management but the downfall is that it does not offer any virtual hardware or features like support power, temperature and fan speed monitoring to name a few.
  5. AMT is an advanced piece of technology and enables development of powerful management tools, however due to its unlimited permissions it could leave room for potential security downfalls.

Summary

Technologies for management and securing ones devices both mobile and desktop PC’s are quickly emerging and vital for compliance, as the market adapts and rapidly evolves. A management and security solution has become a necessity for all enterprises or anyone owning a personal computing device of any sort. The increasing complexity of these devices makes it a prerequisite, even if it is solely for the purpose of ease of management and compliance.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top