“AppTec360 EMM” is an enterprise mobility management solution made in Switzerland that complies with the strict German legal framework and is free of charge – at least for smaller installations. We took a closer look at it.
- Free choice between on-premise or cloud version, with servers located in Germany and Switzerland
- Admins have a uniform view of device and system diversity
- Private and business content and apps can coexist
To prevent tablets and smartphones from becoming a cost and security trap for companies, they require central inventory and monitoring, updates and protection against security gaps and data loss, just like desktop devices. By their very nature, mobile devices are not always in contact with the company network, and because private devices are increasingly being used for professional purposes (BYOD – Bring Your Own Device), different policies apply to the handling of the data on them. IT therefore needs specially tailored solutions for the management of mobile devices.
AppTec with a focus on the German market
In the enterprise mobility management (EMM) solutions market, which is dominated by US manufacturers, AppTec from Basel is one of the few providers that complies with the strict German legal framework. Up to 25 devices can be managed free of charge with this software. AppTec360 EMM supports all common versions of iOS, Android and Windows Mobile.
As usual in this software category, the EMM solution addresses the three main areas of mobile device management:
- Mobile Device Management (MDM) = inventory, configuration and management of mobile devices, device security, email access, BYOD.
- Mobile Application Management (MAM) = administration, distribution, updating and protection of apps on the end devices, based on a self-defined app store, which can also include your own apps.
- Mobile Content Management (MCM) = Securing data usage, e.g. through encryption, monitoring of data usage, targeted access to company data from mobile devices.
Fast commissioning in the cloud or on-premise
With AppTec, users can choose between an on-premise installation or the cloud version with servers in Germany and Switzerland. There is no functional difference between the two options. While the SaaS variant only requires registration in order to start managing the appliance, the administrator must first start the appliance supplied in ova format on a VMware, Hyper-V, Virtualbox or XenServer hypervisor for a private instance.
After booting the VM, the browser-based installation wizard opens, with which the appliance is configured and integrated into the network. In addition to uploading the license file and a public SSL certificate, the admin user and a mail account via which the system can send mails must be configured.
If you find it too inconvenient to work in the VM’s small console window, you can also enable the appliance for remote access to the configuration wizard via the SSH command line. To do this, you have to create a password in the file /opt/console/application/configs/externalConfigPassword and can then gain access via browser from a remote computer using the URL https://HOSTNAME/public/config/extconfig/pwd/MEINPASSWORT.
As the management server must communicate with the mobile devices via the Internet, additional ports – in addition to 8080, 8081 and 443 – must be enabled in the firewall: 5223, 2195 and 2196 must be open for Apple APN communication, and 5228, 5229 and 5230 for Android.
Preparation for device management
From this point onwards, the on-premise software is in the same state as the cloud-based access. As with all MDM solutions, the EMM administrator must now first make some arrangements for the management of iOS and Android devices via the tidy web console. For iOS, they must obtain an APNS certificate via the corresponding Apple service and store it in the EMM. If Apple devices are also to be operated in supervised mode, which opens up extended configuration options, a DEP server must also be defined in the EMM, which requires an additional Apple certificate.
Enrollment and provisioning
The EMM administrator can either create users manually or import them via a CSV file and by connecting the server to their own directory service via an LDAP connector. For the enrollment of the devices, he can automatically send the users an installation request by e-mail or SMS. After logging into the EMM service on the end device, a certificate is first set up on the mobile device and then the EMM app required for control is installed.
Clear device configuration
The administrator can now configure and control the devices added to the management system from their console. Despite the manufacturer-specific differences between the mobile operating systems, most parameters can be managed using a standardized method, which greatly simplifies the work of administrators. Many settings can be made uniformly for all device types, such as password policies, use of the camera, access to cloud services, etc.
The dashboard provides an overview of the status of all devices, provides information on their compliance and lists all unmanaged devices. Although you can see how many mobile devices have a modified operating system installed (jailbreak/root), there is no automatic response, such as blocking or deleting or a request to the user. These actions must be carried out manually by the administrator.
Users can use the slimmed-down self-service web console to check the device status, for example, or to initiate device location in the event of theft.
Dual Persona supports BYOD scenarios
In addition to the subdivision of users and devices according to individually definable groups and configuration profiles, the differentiation according to ownership status is a decisive parameter: For each device, it must be specified during enrollment whether it belongs to the company or the user. In the latter case, the dual-persona principle applies: private and business content and apps can coexist on the devices managed with AppTec. These are securely separated from each other so that the company can enforce its security policies while access to private data is excluded and the user’s privacy is protected.
Containers for separating business and private data
To prevent apps that manage or exchange business data from being read or compromised via private apps, administrators can use the EMM console to install so-called containers on the devices, which create a virtual separation between the private and business worlds.
If Android is in use, Android for Work can be used for this after appropriate pre-configuration in the AppTec console. This container encrypts the data managed in the apps and their connections. The administrator only has access to the apps installed via EMM and the data they contain, while the private apps remain outside. The Android administrator can also set up and configure the Samsung Knox security features for encryption, secure boot and VPN from the AppTec software.
With SecurePIM, the AppTec software supports a third-party solution on iOS and Android devices that installs an encrypted messaging container for email, calendar and contacts on BYOD devices. In addition to encrypting all data and, for example, all email communication, the app also comes with its own “secure” browser, which can also be activated and preconfigured via the EMM console. This allows IT to store URL lists and blacklist Internet links. The app works with Microsoft Exchange 2007, 2010 and 2013. In this case, data is synchronized via ActiveSync. Lotus Notes in conjunction with Domino Traveler is also supported.
In order to use SecurePIM, only a valid license needs to be imported in the AppTec console. In the case of Windows 10 Mobile devices, the software directly takes into account the Enterprise Data Protection (EDP) technology integrated into the mobile operating system, which encrypts company data and separates it from private data and apps without the need for additional apps on the end device.
In the event of device loss, the device can be locked or wiped immediately. In the case of BYOD devices, only the business content can be removed. In the event of loss or theft, a tracking function is available, which can only be activated by entering two passwords, depending on the requirements of the works council, for example.
Management of apps
The Enterprise App Manager integrated into the AppTec software helps to manage the apps required for the corporate environment. This makes it easy to define your own app collection and roll it out to devices via push. The MDM also ensures that the apps are automatically updated on the end devices.
If the respective apps allow this, they can already be preconfigured in the EMM software so that users can use them immediately. The administrator can use blacklisting and whitelisting to specify in detail which apps are permitted on a device. Apps developed in-house can be uploaded in the In-house apps menu item and assigned to the devices.
Secure Dropbox alternative
The AppTec component ContentBox can be used to make the transfer and exchange of data between colleagues as secure as possible. This Dropbox alternative provides a cloud storage area for data and documents of all kinds, which users can access via their own app or via the EMM web console.
The administrator can configure the cloud storage via the EMM console, assign access rights and store mandatory data for users, for example. ContentBox supports different storage scenarios, so Amazon S3 can be connected, but Sharepoint, (S)FTP, ownCloud, WebDAV and Windows drives can also be used as storage.
Prices and availability
Of particular interest to smaller companies or environments is the option to manage up to 25 devices free of charge for an unlimited period of time. If you need to manage more devices, you pay EUR 0.99 per device and month for the on-premise version. Use of the Universal Gateway, ContentBox and SecurePIM add-ons costs extra. Device management in the cloud costs an additional €0.49 per device per month for a minimum term of 24 months.
Conclusion
The AppTec360 EMM software impresses with its wide range of features, fast commissioning and simple operation via the web console. Important for German companies is the works council-compliant design of the management and the cloud operation on servers in Germany and Switzerland.
The use of security-tested and approved container technology underlines the focus on support in the area of security. The fact that the manufacturer promises same-day support for OS updates demonstrates the Swiss company’s high security standards. (hv)
Source: https://www.computerwoche.de/a/smartphones-kostenfrei-managen-mit-apptec,3331870