The following features have been added to the product to simplify installation and management. This will result in a significant improvement to the Total Cost of Ownership (TCO) of the product.
The installation process has been simplified, allowing an administrator to carry out a clean installation and get the first device connected, loaded and operational within 30 minutes. The standard recommended installation configuration now uses a public shared internet proxy - the CommonTime Switching Center (CSC). This removes the need to open inbound TCP ports through firewalls. There are two other optional proxy configurations, see Proxy Configurations.
The CSC is a highly resilient multi-hosted routing service provided by CommonTime. The Connection Manager Server (CMS) and Exchange Adapter each establish and maintain outbound SSL connections to the CSC. Full mSuite client devices open an end to end AES encrypted VPN tunnel directly to their own respective host mSuite servers. Exchange ActiveSync (EAS) clients use SSL to secure the connections from the device to the CSC.
In summary, the CSC supports installations where the only firewall requirements are that the machine hosting mSuite can make an internet connection. Once the connection is made to the CSC, this is used bi-directionally for all communications.
TCP only required protocol for an mSuite installation
mSuite does not use UDP ports. This reduces firewall considerations.
Actionable Alerts allow the administrator to deal with system problems that occur during installation or normal operation. An optional tray application alerts administration if something requires their attention and launches them straight into the management console to “action” the alert and resolve the problem. Actionable Alerts include:
|•||Continuation Instructions |
These alerts are also used during the installation process, where they are used to resolve any configuration problems. There is an Installation Completion Alert that instructs the administration on how to get the first device operational, with detailed instruction of the web URL for the Provisioning Portal.
Simplified load balancing and failover using the CSC
Load Balancing and Failover can be simply achieved by installing multiple mSuite servers that share a resilient SQL database. The CSC looks after all load balancing and failover scenarios between the connected mSuite servers. Scalability and reliability can be incrementally grown through the addition of mSuite server machines connecting to the CSC. One mSuite server can support up to 3,000 mobile users.
Self Generated Certificate
The server installation process now generates a self signed certificate and installs it rather than using the CommonTime evaluation certificate. This improves security and removes the need for the mSuite administrator to provide a server certificate. A mSuite administrator can still use their own certificate if this meets their organizations security needs better.
Simplified Device Management
There are subtle but significant changes to application deployment in order to simplify the process and make it easier to understand.
Simple Integrated on Device Security Model
On device security is now an integral part of mSuite rather than an add-on component. This currently provides the following features for Windows Mobile and Nokia S60-3 E Series devices:
|•||Mail and attachments can be automatically encrypted when stored on the device with AES 256|
|•||Policy management for devices enforces password/pin, device lock characteristics.|
|•||Remote wipe for lost or stolen devices|
|•||Encryption of storage card data (WM 6 and later).|
Secure Provisioning Portal
mSuite includes a remote OTA provisioning portal capability. This allows users with devices that do not have CommonTime mSuite software on them to install and configure their devices. The following process takes place:
|2.||The 'Bootloader' program connects to the mSuite server.|
|3.||The user authenticates using the configured authentication method.|
|4.||The portal determines the connected device type and mSuite builds a customized installer for the user that contains the mSuite software, the Replication policy, the Device policy, the Security policy and any deployed mForms and/or 3rd party Line of Business (LOB) applications. |
|5.||This package is downloaded and installed onto the client.|
|6.||The client software makes a connection and replicates to establish the base set of information.|
|7.||The device continues normal operation in Immediate Transaction eXchange (ITX) mode.|
Multiple Authentication Methods
mSuite supports multiple authentication methods allowing it to meet the security requirements of most organizations; these include LDAP, Active Directory, RADIUS, Domino Internet passwords and Domino ID file passwords. Additional requirements can be fulfilled through CommonTime's Professional Services team as required.
Self registration (automatic user creation)
Domino Internet and LDAP authentication provide new support for self registration for users. One or more groups in the Domino or LDAP directory list the users that will be supported by mSuite. As each user authenticates for the first time, as part of the provisioning process, they are automatically imported in the mSuite system and placed in the designated group. Administrators no longer need to manually import users into mSuite.
This Windows Mobile only facility forces all device HTTP/HTTPS traffic through the mSuite 256 bit AES encrypted Tunnel to a corporate web proxy, ensuring that employees can only connect to corporately approved sites and that corporate monitoring can be enforced. This also improves the security of web traffic. For more information, click here.
This Windows Mobile only facility allows any collaborating application that uses TCP communication on a specific port to use the mSuite 256 bit AES encrypted Tunnel to provide over the air security (OTA). For more information, click here.
Additional reporting capabilities are now available to help administrators manage their mobile devices. These include:
|•||Device Inventory – what software is deployed on what device?|
|•||Deployment Status – I’ve deployed this software, how is it progressing?|
Changes to the server software have improved scalability. mSuite now supports up to 3000 users on a suitably sized machine. This is more than a 100% improvement over mSuite 4.3.
The change detection scan cycle has been optimized and multi-threaded to improve the scalability of the mNotes server.
The ITX protocol is much less data intensive and much more responsive - no information is sent to maintain the replication status. It works through a 2-way transaction log recorded by both the client and server and applied according the ITX configuration rules. As well as reduced data flows, this also reduces server overheads.
Symbian Series 60 3rd edition support (Nokia)
Symbian Series 60 3rd edition devices are now fully supported with an ITX based mSuite client. This includes application provisioning and, for Nokia E-series devices, on-device security and remote wipe.
The entire management console has been re-organized and simplified. It is now more task focused to make management easier.
Actionable Alerts allow the administrator to deal with system problems that occur during installation or normal operation.
An optional tray application will alert the administrator if something requires their attention and launch them straight into the management console to “action” the alert and resolve the problem.
Client Configuration Management
There is added granularity and control over the client software, the device policy and the security policy. Settings can be delegated to user control or locked to stop users from reconfiguring actions.
|•||Replication Settings Policy – this controls all aspects of the configuration of the mSuite client.|
|•||Device Settings Policy – this controls the characteristics of the device that may affect reliability, security or supportability. For example, the ability to use Infrared Connections or Bluetooth, stopping programs from executing on the device and setting back light settings to improve battery.|
|•||Security Policy – set up and enforce a password policy for the device, ensure that mail and attachments are stored encrypted.|
Working Set preserved and restored
The Replication Setting Policy that has been applied to the device and any changes that the user has been allowed to make constitute the 'working set'. Changes to the working set are pushed as part of ITX, this means that if an end user obtains a replacement device, when the re-provision occurs, they receive correctly configured software. Users will also get their working set back, restoring the device configuration to its previous state.
The mSuite database now automatically house keeps itself to ensure that it doesn’t create a support problem through uncontrolled growth.