Enterasys Networks First Vendor to Guarantee BYOD Solution Deployment
BYOD (Bring Your Own Device) to work is an undeniable trend affecting organizations of all sizes. Industry pundits anticipate 2 billion devices in use by 2015 with 75% of them used for both business and personal use. These devices and their apps have become foundational tools for today’s workforce and a major influence on the use and direction of UCC. The upside is improved business agility and employee satisfaction coupled with reduced enterprise costs of acquiring and licensing the devices or apps. However, with so many new devices requiring access to networks, organizations need to be able to handle the influx in a safe, secure and positive quality of service (QoS)/user experience affecting manner. This is driving network and security teams to assess new risks and implement new controls. Depending on the path taken to enable BYOD, significant redesign of existing workflows or the creation of new ones may be required. The most effective solutions encompass devices, types and identity, and add attributes associated with users, locations and applications.
Quite recently a number of vendors have announced BYOD solutions. This news analysis focuses specifically on the Enterasys (a Siemens Enterprise Communications Company) Mobile IAM (Identity and Access Manager) press release. Mobile IAM (slated for GA during June, 2012) is a component of the Enterasys OneFabric security architecture. Consistent with competitive offerings, this solution will be available in two form factors – physical and virtual. The virtual solution is a software appliance that can run on any VMware ESX partition.
Users sign into the solution, and Mobile AIM’s profiling engine creates a profile that includes everything from the device that’s being used and the applications running on it to the user’s location, authorization, the security software running on the device and network access types.
Main Features of Enterasys Mobile IAM:
- Auto Discovery: Automatic discovery and dimensioning of users, equipment and place of access.
- Multi-Level Device Profiling: Automatic detection of the types of equipment and their operating systems. The solution can support any kind of smartphone or tablet, from Apple and Android devices to those running Windows, Research In Motions’ BlackBerry and Nokia.
- Flexible Onboarding: The Mobile IAM appliance supports multi-vendor networks to provide users a range of options for equipment and operating systems.
- Context-Based Policy Management: Helps users enforce granular policies to ensure optimal usage of network resources and application capacity while providing end-to-end visibility of employees, guests, devices, and location usage. For example, a physician may take an iPad into the hospital and at the patient bedside she is permitted access to the patient’s records on that device. However, if the physician goes into the cafeteria for lunch or a coffee policy can be set to disable access to those patient-critical records on the same device at this new location.
- E2E Visibility and Control: APIs to connect to VMware and Citrix virtual desktop infrastructures (VDI), or mobile device management (MDM) technologies for better management and the ability to integrate additional services like threat management, voice, video, location-aware services and application visibility, which are becoming much more popular. Through support of VDI users can only access business apps in a virtual desktop environment. This prevents data being taken into the device.
- Guest Access Management: Provides context-based policy enforcement and E2E management, as well as auditing and reporting on guest access.
- User Interface (UI): Uses a single user interface for E2E management, auditing and reporting capabilities, and context-based policy enforcement.
Each Mobile IAM appliance – both the physical and virtual versions – can support up to 3,000 devices. The HW appliance lists for $23,995, while the VM appliance lists for $20,995 and requires an ESX server. These costs include perpetual licenses for 3,000 devices. The architecture, however, scales up to 100,000 devices and supports n+1 active-active failover stacking.
Enterasys Mobile IAM Professional Services will provide a free on-site needs assessment followed up with a guaranteed 10-day deployment of a solution that supports up to 3,000 devices engineered to customer-specific specifications and policies. Any additional time needed will be provided at no charge to customer. This is an important feature since multi-vendor certified interoperability is wanting.
Figure 1: Mobile IAM Professional Services MSRP
Mobile IAM Deployment Services
Guaranteed deployment and optimization services
for up to 3,000 devices
MDM Connect Integration Services
Integrate with MDM software
Fusion SDN Connect Integration Services
Integration of Palo Alto NG-FW, IF-MAP, Student Onboarding Systems, SEN OpenScape, Polycom, Avaya, MS SCCM and others
VDI Datacenter Integration Service
Integration with VMware or Citrix VDI solutions
What this Means to You
For Customers: A good BYOD solution is one that integrates the establishment and enforcement of network-level policy, guest management and dynamic threat detection and mitigation with mobile device management (MDM) and mobile application management (MAM) capabilities to make sure that mobile devices allowed on the corporate network are operationally secured and appropriately monitored. Key MDM/MAM features include the ability to encrypt data, deliver apps, perform inventory tracking and software updates, and remotely wipe a device if it’s lost or stolen.
Keep in mind that this is a buyers’ market. There are a lot of new competing solutions out there that meet these criteria and more can be expected. One needs to perform an appropriate business case taking into consider total cost of ownership (TCO) inclusive or risks involved as well as the benefits offered by these different solutions.
As a rule of thumb, it’s wise to consider a recurring pro services cost for on-going deployment and integration of the software and hardware upgrades of multi-vendor solutions. This could become costly as product development cycles within a multi-vendor solution are likely to vary. And don’t forget to consider the risk associated with managing mixed architectures if the likelihood of M&A occurrences, either customer- or vendor-driven, are considered to be significantly different from zero.
Consider the Enterasys Mobile IAM solution for a BYOD implementation supporting improved business agility and employee satisfaction coupled with reduced enterprise costs of acquiring and licensing the devices or apps if IT is not an organization core competency such as you would find at a Wall Street financial services firm or Telco. Another way to look at is to think of Mobile IAM’s sweet spot as small to medium enterprises (SMEs) with top line revenue in the range of $0.5B to $5B. Healthcare, higher education, retail and hospitality typify the targeted market. Today, healthcare and education account for about 40% of Enterasys’ business.
For partners: Mobile IAM offers partners an opportunity to participate in this new BYOD-driven market with a competitively packaged and featured solution offering IT control and visibility into their BYOD environments. This consultative sale, which offers improved business agility and employee satisfaction, should prove easier than selling switches and infrastructure, because of its emphasis on revenue growth – a line of business imperative. In addition, all the services that are required – the integration and deployment services – are available to partners to either supply or to sell through Enterasys Pro Services.
There are three levels of partner certification: A basic selling certification, a Systems Engineering certification for technical sales and services certification for deployment and customization of the solution. The first two are broadly available to all channel partners. However, the services certification will be available to only a few select channel partners with the appropriate background. All partners employing Enterasys’s Pro Services organization will be compensated via sales commission for doing so.
Finally, those partners that have a NOC can continue to make money with ongoing monitoring and management services.