"Connecting the various BlackBerry devices that are still around at M-net would be technically possible using MobileIron, but is not pursued since BlackBerrys will become obsolete for M-net in the medium-term."Filipe Pinto Correia, Head of the IT Operations & SupportM-Net Head of the IT Operations & Support, M-Net
BlackBerrys are yesterday’s news. Today, the iPhone is the device of choice at telecommunications provider M-net, where the company provides them as standard. Using the MobileIron enterprise mobility management (EMM) platform, M-net is able to uniformly configure and centrally manage the devices. In addition to iOS devices, M-net also uses MobileIron to seamlessly integrate the M-net service technicians’ Android smartphones.
With a proprietary fiber optic network several thousand kilometers long and close mobile network collaboration with O2, M-net Telekommunikations GmbH has now become a key player in the regional telecom market, with a service radius extending beyond the state of Bavaria. Mobile IT is not only part of M-net’s service offering, it is also widely used within the company.
“Mobile IT is routine virtually everywhere at our company,” says Filipe Pinto Correia, Head of the IT Operations & Support Division at M-net.
The mobile era began at M-net over ten years ago, with the installation of remote access for on-call service technicians.BlackBerrys were introduced in 2005. However, starting in 2012, M-net wanted to introduce iOS and Android devices and use one platform to centrally manage all devices. M-net selected California-based MobileIron. Munich IT service provider Cancom IT Solutions GmbH, also one of M-net’s long-term and reliable suppliers provided advice and support as M-net reviewed a number of vendors.
Filipe Pinto Correia, the M-net division head, explained: “In the early platform selection phase, MobileIron was competing against another EMM product. The choice of MobileIron was, however, obvious as soon as we decided to centrally manage Android as well as iOS using the platform.“
Android Devices for the Service Technicians
The current drive to provide mobile services for M-net employees is being driven by the company’s top managers. An Exchange profile was rolled out for all staff with an iPhone, iPad, or Android device so that they could access their emails, calendar, contacts, and tasks. In addition, a WLAN profile is installed via the EMM system so that mobile devices can use the WLAN infrastructure in office buildings. This means that they have faster network access and consume less battery power.
For the Android devices, this is a technical challenge. In this case, the aim is to accelerate and optimize the service process. In terms of Android devices, M-net uses only SamsungGalaxy Notes. M-net made the decision to standardize in order to ensure a consistent level of security and to streamline the management of the devices.
Service technicians are given access to field force management via an app on the Samsung Galaxy devices. Furthermore, a VPN profile is pushed to the mobile devices via the MobileIron platform, so that the service technicians can view and clear their jobs when they are out in the field. As a result of this optimized job processing, service specialists can work more efficiently and the customers are served faster. For Android devices, the TouchDown email app is mandatory, as M-net does not think the native Android email is sufficiently secure.
“MobileIron is a one-stop provider for everything associated with this app, as TouchDown from Nitrodesk is part of the MobileIron AppConnect partner program. This means that we can safely manage the email app on the Android mobile devices using the MobileIron platform, without forfeiting any ease of use. This was one of the reasons we opted for using MobileIron,” explained Pinto Correia.
In addition, the fieldforce app is made available via MobileIron’s private enterprise app store, Apps@Work. Apps@Work provides an integrated solution for the secure support of native apps on any mobile device. Apps@Work includes AppConnect, which containerizes apps to protect data-at-rest, and AppTunnel, which provides secure tunneling and access control to protect app data-in-motion instead of requiring M-net to use a VPN. M-net also plans to test MobileIron Docs@Work, which provides a secure content hub, email attachment security and access to SharePoint documents.
Mobile Strategy Based on MobileIron
When asked about the BYOD problem, the M-net division head makes it clear that security is most definitely the guiding principle in such decisions: “It is important for us that only the devices that we manage have access to our Exchange server. iPhones are the standard devices for us. We provide them to employees or allow them to connect their own devices. Android devices are only given to the service technicians because they are provisioned with the fieldforce app the technicians need. And BlackBerrys are being increasingly replaced.”
As M-net develops its mobility strategy for the coming years, the company is looking to MobileIron to safely manage a heterogeneous mobile landscape with different operating systems and equipment ranges. Connecting the remaining BlackBerry devices that are still in use at M-net would be technically possible using MobileIron, but M-net has not bothered because BlackBerrys will be obsolete in the medium-term. The standard device is the iPhone, which is always provisioned with a standard profile. The same configuration is used when connecting an employee’s private device.
“Currently, the policy is that no staff-owned Android devices are permitted. This is not set in stone, however. I think we have to watch how things develop and regularly review the situation,” says Pinto Correia.
Two-Day Workshop Sufficient for Initial Installation
To implement the MobileIron Platform, a two-day workshop was all that was needed after Cancom’s preparatory consulting work. During this time, the system was installed and configured in collaboration with the M-net administrators, including the Active Directory connection, integration into M-net’s own certificate authority (CA) and configuration of Sentry, MobileIron’s intelligent gateway which provides a secure connection to the company’s Exchange server. The configuration profiles were then refined over time. “But this does not mean that one can start connecting devices without a specific plan,” warns Pinto Correia. “Avoid corrections after the fact. They are very cost-intensive.”
Regarding certificate management, M-net uses its proprietary CA and MobileIron has been configured to act as a sub certificate authority (sub-CA) in order to provide the client certificates to the mobile devices. The cost for installing the MobileIron platform was within bounds, according to Pinto Correia: “We needed around 20 person-days internally,” he says. “On top of that, there were two service days and of course the costs of the licenses. M-net already had the virtual infrastructure for the servers.”
The benefits M-net has gained from the “mobilization via MobileIron” are obvious: the various types of mobile devices are managed uniformly, private iPhones can also be safely integrated, and staff, including the service technicians with their Android devices made suitable via the MobileIron platform, can quickly access company resources when out and about.