Frequently Asked Questions

 

Basics

Products

• Which operating systems do you support?
• What is the Virtual Smartphone Platform (VSP)?
• What is Sentry?
• What is MyPhone@Work?
• What is the Connected Cloud?
• What is the Enterprise App Storefront?

Importance

• Why is preserving the "native experience" important?
• Why is jailbreak/root detection important?
• Why is having an agent on the device important?
• Why is having an enterprise app storefront important?

The "Trust/Verify" model

• Overview
• Can you restrict voice, SMS, and data?
• Can you prevent or force OS upgrades?
• Can you prevent or force application installation or removal?
• Can you filter web access?

Installation decisions

• What is the difference between the virtual and physical VSP?
• What is the difference between the virtual inline, physical inline, and integrated Sentry?
• What is the difference between MobileIron's on-premise and cloud solution?
• What is the difference between MobileIron advanced management and MobileIron intelligence?
• What is the difference between standard support and premium support?
• What is the difference between a perpetual license and subscription?
• What is the difference between professional services and independent installation?

Implementation

• Do you replace BES?
• Do you replace ActiveSync?
• Do you replace Good?
• How does the client-side application work?
• Which encryption methods are used and supported?
• Can you perform selective wipe and restore?
• Can you perform jailbreak/root detection?
• Can you provide a secure app store?
• What are policies and how do you use them?
• What is an alert?
• What can you do over the air?
• What can you push?
• Does MobileIron have APIs?

 

Basics

There are many mobile operating systems, constantly evolving and adapting to user needs. Each operating system has different capabilities depending on how it was written and the APIs the operating system makes available to third parties. Most, if not all, were designed with the consumer in mind, and thus provide a limited but growing set of capabilities for the enterprise. As each operating system developer releases new enterprise functionality, MobileIron supports it as soon as possible. For example, MobileIron was the first to market with features such as SCEP certificate proxy, iOS jailbreak detection, and an enterprise app store. 

back to top

 

Products

Which operating systems do you support?

MobileIron supports all seven major mobile platforms: Apple's iOS, Google's Android, RIM's BlackBerry, HP's webOS, The Symbian Foundation's Symbian, Microsoft's Windows Mobile, and Microsoft's Windows Phone. As new platforms and vendors emerge, MobileIron is often first to market with advanced management and security features.

What is the Virtual Smartphone Platform (VSP)?

The MobileIron Virtual Smartphone Platform ("VSP") is the central hub of the MobileIron solution. It may be deployed as a physical hardware appliance or as a virtual appliance using VMware ESX. The VSP interfaces with the MobileIron application and enterprise resources such as LDAP, Exchange ActiveSync, certificate authorities, and the BlackBerry Enterprise Server.   

What is Sentry?

What is the Connected Cloud?

What is MyPhone@Work?

MyPhone@Work is the employee's interface to MobileIron, and operates in conjunction with the VSP and Sentry. It can be accessed in two ways: through a web browser or through the MobileIron application on the employee's smart device. With MyPhone@Work an employee can perform basic administrative tasks without contacting the IT department, such as registering new devices and wiping lost devices. On iOS and Android, MyPhone@Work provides an enterprise app storefront for the discovery and distribution of enterprise apps and the recommendation of external third-party apps.

What is the Enterprise App Storefront?

back to top

 

Importance

Why is preserving the “native experience” important?

“Native experience” refers to the particular design choices, user interaction paradigms, and feature sets chosen by operating system developers to promote and enhance their respective platforms. It is these “native” features that make a Blackberry a Blackberry and an iPhone an iPhone. 

A crucial factor in the use and adoption of mobile technology are these individual design decisions and interfaces chosen by operating system developers and embraced by users.

For example the native experience of the iPhone includes the Apple email app for communication, the Safari app for browsing, the iTunes app for media, and the ability to download a wide range of other apps to the device. If the user can’t use these features, they can’t take advantage of the full potential of the device and will generally be unhappy.

There are mobile device management solutions that do not preserve the native experience because they create an artificial, closed environment on the device. Users are forced to use enterprise capabilities only within this closed environment -- email, browsing and apps are limited to what’s in this walled garden, detracting from the user experience. In addition, these “container-based” solutions often don’t follow industry standards.

Why is jailbreak and root detection important?

To jailbreak (or root) a phone circumvents the built-in security and protection of the operating system, opening up the phone to malware and unsupported uses. Jailbroken devices also allow any application to be installed on the phone and malicious applications to steal contacts and corporate data.

Why is having an application (or agent) on the device important?

An application (or agent) is a piece of software that is installed on a user’s device. In order to detect jailbroken devices — and thus keep corporate data secure — smart devices must have an agent on the device itself, and the agent must be part of the registration process to ensure that the agent and device is identified with a specific enterprise user.

The agent also can check the device and analyze its current state, monitoring for compliance with corporate policies. Without an agent, the device could be compliant during the initial registration process but non-compliant later. Based on the current state of the device, the agent can block the device from corporate resources and send alerts.

Why is having an enterprise app store important?

An enterprise app store is similar to other app stores, but tailor-made to the needs of a corporation by providing a centralized location for business applications. These applications can be ones that are already readily available in other app stores, or ones that have been created by the enterprise for internal use.

When the enterprise app store is on a registered device and tied to a specific user, not only can the user discover applications easily, but they can also be notified of the apps that are appropriate while keeping inappropriate ones from the user.

back to top

 

The "Trust/Verify" model

Overview

Lockdown security models fail in mobile because they damage the user experience. MobileIron introduces a less autocratic and more sustainable model of security: IT sets the central policy and then monitors devices for compliance. When a device falls out of compliance, IT can take several remediation actions including notifying the user, blocking access to the enterprise, or wiping the mobile device.

Can you restrict voice, SMS, and data?

No, because most operating systems do not allow it. Restricting voice calls also introduces liability in an emergency situation. Instead, the MobileIron solution allows administrators to set thresholds and usage caps for any time period, and provides real-time event monitoring and warning of non-compliance.  

Can you prevent or force OS upgrades?

No, because most operating systems do not allow it. Instead, the MobileIron solution allows for real-time insight into operating system version (and policy compliance, including whether a phone is jailbroken/rooted) and informs administrators of non-compliance. However, administrators can set policies based on OS version and block certain versions from accessing enterprise resources.

 

Can you prevent or force application installation or removal?

No, because most operating systems do not allow it. It is not in the interest of the OS vendor to restrict what applications can be installed on the device. Instead, MobileIron allows monitoring of applications that are installed on a device and inform administrators and users of non-compliance. The VSP comes pre-loaded with certain bad strings (like "porn") and disallow apps with those titles.

Please note that web-clips are not applications, though they appear similar; web-clips, in contrast to apps, may be forcibly removed or installed at will. 

Can you filter web access?

No, because web traffic must first be routed to the enterprise via a VPN before it may be filtered using third-party web filtering software. Instead, MobileIron can notify an administrator if a user is not using the company VPN for web traffic and subsequently block access to corporate resources. 

back to top

 

Installation Decisions

What is the difference between the virtual and physical VSP?

The virtual VSP is a software image downloaded from the MobileIron Support website that can be installed on customer-owned servers. MobileIron supports VMware ESX. The physical VSP is a standalone hardware appliance that ships with VSP software already installed.

What is the difference between the standalone and integrated Sentry?

Standalone Sentry sits inline between the mobile device and the email server. It may be deployed as either a virtual or physical appliance. Integrated Sentry, which only supports Exchange 2007 and 2010, does not sit inline and is instead installed on the ActiveSync server.  For most customers, standalone Sentry is the preferred option because it provides greater access control across a greater variety of email systems.    

What is the difference between MobileIron's on-premise and cloud solution?

The MobileIron Connected Cloud solutions is a subscription-based SaaS offering that gives customers all VSP features and functionality without the need to install the MobileIron solution in a data center. For an on-premise MobileIron VSP installation, the appliance must reside at an in-house data center or third-party datacenter.

What is the difference between MobileIron advanced management and MobileIron intelligence?

The MobileIron Advance Management features includes mobile device management, security, and app management. MobileIron Intelligence features include near-real-time activity monitoring for international roaming and voice/SMS/data usage.    

What is the difference between standard support and premium support?

MobileIron has two annual support options for the MobileIron VSP — standard and premium. MobileIron Annual Standard Maintenance and Support offers support from 6am to 6pm PST Monday to Friday. MobileIron Annual Premium Maintenance and Support is available around-the-clock, 24/7. MobileIron Connected Cloud also includes 24/7 support.

What is the difference between a perpetual license and subscription license?

MobileIron software can be purchased as either a perpetual license with an additional annual support fee, or as a monthly subscription that includes support.

What is the difference between professional services and independent installation?

MobileIron and its partners offers a variety of professional services for guided assistance in installing the MobileIron solution, including training and deployment services.

back to top

 

Implementation

Do you replace BES?

No. The MobileIron solution is complementary to BES (BlackBerry Enterprise Server), providing additional features such as real-time telecom expense monitoring.  

Do you replace ActiveSync?

No. The MobileIron solution is complementary to ActiveSync. ActiveSync mobilizes email and provides a handful of basic management settings. MobileIron provides advanced device management, security, and application management.

Do you replace Good?

Some of Good's functionality (such as email) are deployed in a complementary fashion by many MobileIron customers.

How does the client-side application work?

On platforms like iOS and Android, MobileIron makes available a client application that resides on the employee's device. The application allows employee access to MyPhone@Work, enabling the employee to communicate with IT, but also provides real-time application, usage, and security insight into the phone.

Where possible, the application runs unobtrusively in the background. Battery impact, space and memory usage are nominal. Since many platforms do not prevent application removal, the MobileIron VSP automatically notifies an IT administrator if the client application has been removed from the employee's phone.

Which encryption methods are used and supported?

MobileIron does not provide encryption and is agnostic to native encryption methods. Depending on the operating system, MobileIron is able to create and enforce polices based on the encryption status.

Can you perform selective wipe and restore?

Yes. MobileIron can wipe and restore corporate data while keeping employee data intact.

Can you perform jailbreak/root detection?

Yes. MobileIron can detect if an iOS or Android device has been compromised and can block the device from accessing corporate resources.

Can you provide a secure app store?

Yes. MobileIron can determine whether or not the device is compliant with security polices at any given moment in time, ensuring that the app store and the apps only appear on devices that meet enterprise standards. 

What are policies and how do you use them?

Policies are a set of rules the VSP uses to secure, manage and regulate the behavior of the smart devices. One example is a policy that blocks a device from enterprise resources if it is rooted or jailbroken. 

What is an alert?

An alert is a notification that is sent to a device and is triggered by a policy rule. It can be a notification using native OS capabilities, a text message or a badge that appears on the MobileIron icon. One example of an alert would be a notification that the device has a banned app installed. 

What can you do over the air?

"Over the air" is remote configuration with no physical connection from the employee device to a computer server. Any data transfer occurs over wireless (WiFi or 3G). In this mode MobileIron can provision, wipe, encrypt and lock phones, but cannot backup data or upgrade the OS. This limitation is in the process of being addressed by various OS vendors.  

What can you push?

To "push" means to send data or configurations to an employee's device without the employee having to take an action. MobileIron pushes security settings, application configurations and profiles. Note that no management platform can push applications to iOS or Android devices without the user’s permission, though MobileIron does publish the catalog of available apps to the user and then provisions the app at the user’s request.

Does MobileIron have APIs?

MobileIron has developed a set of Application Programming Interface (API) libraries for partners and customers to extract data about telecom expense management (TEM) from the MobileIron VSP. 

back to top