The proliferation of smartphones, PDAs, and other
mobile devices presents a wide range of challenges and opportunities to
IT organizations. Applications on these devices, along with access to
corporate email, instant messaging, and line-of-business applications,
are vital to the productivity of an increasingly mobile workforce.
Devices such as point-of-sale systems and RFID scanners play business
critical roles in many enterprises. To effectively deploy and support
mobile devices, it is essential to implement device configuration
standards, efficiently install applications to those devices, and secure
both data on the devices and connections into the enterprise network.
A number of point
products (products providing a solution to a single problem) exist for
mobile device management. Using Configuration Manager for device
management has several advantages over using a separate device
management solution:
You can leverage the same infrastructure you have deployed, licensed, and supported for computer management.
Device data will be integrated into your Configuration Manager database.
Configuration Manager enables you to use a consistent approach for managing all systems.
Configuration
Manager 2007 device management extends a subset of ConfigMgr client
services to a variety of mobile devices running the Windows Mobile and
Windows Embedded CE operating systems.
Some point products offer a
more extensive set of device management features than Configuration
Manager provides, and they support a more extensive array of devices.
You should
consider the range of devices you need to support and your management
needs, as well as cost, in deciding on a device management solution.
Using Configuration Manager for device management provides several benefits:
Hardware and
software inventory supply data about the mobile devices you support and
the applications installed on those devices:
Although
hardware inventory on PCs relies on configuration data exposed through
WMI, because mobile devices do not support WMI, this limits the
information you can collect. Basic device information gathered includes
CPU, device name and ID, memory, phone number, user, and OS details.
This is essential data for targeting software distribution and asset
management.
Software inventory is similar to software inventory for PC clients.
File
collection allows you to back up files from mobile devices and acquire
file-based data from mobile devices for use in enterprise systems.
Typical file collection tasks include centralizing contact information
and acquiring data stored in files on embedded systems.
Software
distribution enables you to deploy Windows Mobile, Windows CE, and
Pocket PC–based applications needed by mobile workers.
Mobile
device configuration items allow you to enforce options such as device
locking and password options on mobile devices in your enterprise.
Windows CE Operating Systems
In the early 1990s,
Microsoft undertook two innovative but unsuccessful attempts to create
Windows-based handheld devices. In 1994, Microsoft combined the
development teams to form the Windows CE team. Two years later,
Microsoft released the first version of Windows CE for the then nascent
PDA market. The Windows CE kernel is not based on the Windows kernel,
but is designed to provide Windows-like functionality with minimal
computing resources.
Over the years a variety
of operating systems and devices based on the CE kernel have been
released under brands such as Windows CE, Palm PC, Pocket PC,
Smartphone, and Windows Mobile. Today’s Windows CE core supports
component-based, embedded, real-time operating systems requiring minimal
storage.
Two distinct families of operating systems are now based on Windows CE technology:
|
In
addition to Windows CE Embedded, Microsoft offers an embedded OS based
on the XP kernel. Windows XP Embedded has a much larger memory and
storage footprint than the CE Embedded version, and it’s designed for
more capable and complex systems such as industrial robots and advanced
set-top boxes. You can manage these devices with the standard ConfigMgr
client. If you need to manage XP Embedded clients, consider the
following specific points:
XP Embedded
clients will appear in the All Windows XP Clients collection by default.
You should create a collection based on the Windows Management
Instrumentation (WMI) attribute OS_Product Suite = 64 to manage your XP Embedded clients. Many
XP Embedded clients have special attributes you will want to inventory
that are not included in the standard hardware inventory. You will want
to add custom classes to capture this inventory data. You
must disable the XP Embedded Service Pack 2 Feature Pack 2007 disk
protection features during software distribution and software updates.
To do this securely, you should first reboot to a clean configuration to
clear any malware that might be in RAM. You should also re-create the
hibernation file after updates. Re-creating the hibernation file is
required if the protected partition has been updated and may require
manual intervention.
|
Communicating with Site Systems
Mobile devices
communicate with site systems through the HTTP/HTTPS protocol. A
Configuration Manager site must be in native security mode to manage
Internet-based mobile devices. Mobile devices connected through a VPN
gateway can receive services from mixed mode sites; however, this
configuration requires configuring Internet Information Services (IIS)
for anonymous access on the distribution point.
Three Configuration Manager site systems communicate directly with mobile devices:
Mobile Device Management Point (MDMP)—
Mobile devices receive policy from the MDMP and send inventory, state,
and status messages as well as collected files to the MDMP. Before
configuring an MDMP, first configure the server as a management point
and have IIS installed with BITS and WebDAV (Web-based Distributed
Authoring and Versioning) enabled. To enable a management point for
device support, check the Allow devices to use this management point box
on the management point’s properties page, as shown in Figure 1.
This
page is located in the Configuration Manager console under System
Center Configuration Manager -> Site Database -> Site Management
-> <Site Code> <Site Name> -> Site Settings -> Site System -> <Site System>.
Distribution Point— Mobile
devices download content from distribution points, much like standard
clients. To support mobile devices, a distribution point must have the
Allow clients to transfer content from this distribution point using
BITS, HTTP, and HTTPS option enabled. In addition, if the site is in
mixed mode, you must enable the Allow clients to connect anonymously
option for device support. Enable these options on the General tab of
the distribution point’s properties page, displayed in Figure 2.
To access this page, navigate to System Center Configuration Manager -> Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Site System -> <Site System>
in the Configuration Manager console. Although you must enable BITS on
the distribution point, devices do not actually use BITS to download
content.
Fallback Status Point (FSP)— A mobile device can contact an FSP to report status if it is unable to contact its management point.
Installing Client Software
Just as the
Configuration Manager client must be installed on managed computers,
client software must be installed on mobile devices before they can
receive Configuration Manager services. The options available to install
the mobile device client depend on whether or not your devices
synchronize with a PC through Mobile Device Center for Windows Vista or
use ActiveSync for Windows XP.
Tip: About Windows Device Synchronization Technologies
You can copy the installation folder to the PC and manually run DMClientXfer.exe from the connected device.
If
the PC is a Configuration Manager client, you can use software
distribution to deploy an advertisement to the PC, which will
automatically initiate setup when the device synchronizes.
For those devices that do
not synchronize with a PC though Mobile Device Center or ActiveSync, you
will need to create a platform-specific installation folder with the
correct versions
of the setup files. You then place the folder on a location that is
accessible to the device, such as a memory card or network share. You
can initiate the platform-specific setup program (DMInstaller <platform type>.exe)
manually from the device. Regardless of the installation method used,
the installation folder must contain the following items in addition to
the client setup files:
The mobile
client settings file, DMCommonInstaller.ini, for installations through a
Mobile Device Center or ActiveSync-connected PC, or ClientSettings.ini
for other installations. The settings file contains installation
options, information needed to contact the Configuration Manager site,
certificate metadata, and other information.
Any required certificates for native or server authentication mode.
After installing the client, you can send upgrades over the air using ConfigMgr’s software distribution functionality.
Configuring Client Agent Settings
The Mobile Device
Client Agent settings control the schedule, options for policy
downloads, and inventory. You can configure these settings on the
properties page under System Center Configuration Manager -> Site
Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Client Agents -> Device Client Agent in the ConfigMgr console. Figure 3
shows the default settings for the General tab of the client agent
properties page, which controls the policy download schedule and retry
settings.
