Comments

Share your ideas

Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Criteria

Your rating: None

What are the best criteria to differentiate the providers? Most are the same, of course. My point-of-view is probably skewed.

  • Multi-tennant? (Limited manager roles)
  • Reseller-friendly?
  • Automatic Web Clip points to hosted app portal with both in-house and iTunes apps and media
  • SCEP (how is this used today?)

Any comments on these? What is missing?

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

More Criteria for comparing MDMs

Your rating: None

I went to a Caper training today. They have some interesting features that may be worthwhile to put on the chart.

  • Smart device groups, with E-mail notification on change (i.e., "All Roaming Phone")
  • Education VPP integration
  • Apple GSX integration for warranty lookup from serial number
  • An API for querying and controlling the server from external sources
  • Various forms of directory integration

Which of these should be in the comparison?

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Scoosh's picture

Scoosh

Joined: Dec 7, 2010

LDAP

Your rating: None

Anyone can configure LDAP on iOS. (Active Directory, Open Directory, SunOne, et al.)
It can be done on-device, via Mobile Configuration profile, or delivered OTA by any of the MDM solutions.

The majority of organizations I've worked with don't provide LDAP access unless you are connected via VPN.
Some have gone the route of building an app (which authenticates the user) to provide more details, location, maps, etc.

Sidebar: Exchange ActiveSync does provide access to the Global Address List. It's only first/last name & email.

Top
Scoosh's picture

Scoosh

Joined: Dec 7, 2010

Each MDM is a different approach

Your rating: None

Each will approach the management interface & business process differently. (smart groups, VPP, GSX integration)

Some vendors even provide an SDK to incorporate into your in-house apps that will interact with your MDM server. (AirWatch, as an example)

it will really boil down to:

Q. Do they fully support all the MDM 4.0 capabilities or are only doing SCEP?
Q. Which backend Certificate Authority servers can they integrate?
- important if you plan to automate digital certificate generation for WIFI/VPN/EAS authentication
- Microsoft CA seems the easiest to integrate from what I've seen.
Q. SaaS / On-Premise ?
Q. Appliance / software (linux/Win) / do they provide a VM?
Q. perpetual license / subscription ?
Q. Microsoft BPOS integration? (big question mark for a lot of organizations looking to outsource email)
Q. Management - MMC snap-in, web interface? (does it require Flash or SilverLight?)
Q. Role-based admin management?
Q. Multi-tenant architecture?

Multi-tenant architecture is great question to ask. Organizations with decentralized IT group will want to give the tools each subsidiary/geo, with access to only their devices. Contoso Healthcare vs. Contoso Capital Bank.

Each sub may have their own iPhone Developer Enterprise Program membership (and corresponding MDM/APNS certificate)

Every MDM is on an equal playing field on how they interact with iOS 4.
What will set them apart?

It's going to be their reputation, customer service, experience within your vertical and enterprise technical support.

Perform your due diligence, filter down to 2-3, do the bake-off.

- Scoosh

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

For enrollment, I mean

Your rating: None

I gues I wasn't clear. I meant what kind of directory service integration do they offer for the enrollment step.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Other differences I've

Your rating: None

Other differences I've noticed:

  • Can send push notifications to the device? (I mean text messages to the user)
  • Do profiles have start/end dates?
  • Is there a revisioning system, change log, rollback for profiles?

I'll try to rework this chart this week.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
forgetcomputers's picture

forgetcomputers

Joined: Dec 10, 2010
WWW

jailbreak detection

Your rating: None

I believe jailbreak detection was a function of MDM that Apple removed in the most recent update. The providers don't currently have a say in this.

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

That is true. But providers

Your rating: None (1 vote)

That is true. But providers could also try to detect jailbreak from an app. I'm curious who is trying this, and how successful it could be.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
forgetcomputers's picture

forgetcomputers

Joined: Dec 10, 2010
WWW

Maybe

Your rating: None

Although it's possible to detect a potentially jailbroken device by the presence of an app (Cydia for example), it also may be possible to hide the presence of this app. I'm curious as well if anyone is having success with this (and wish Apple would just add it back to MDM.)

Top
Mobile Who's picture

Mobile Who

Joined: Feb 4, 2011

May be okta ?

Your rating: None

It looks okta has option to integrate enterprise to cloud.

Identity & Access Management for the Cloud -
On-demand identity & access management for cloud/SaaS applications. Integrates with Active Directory and sets up in an hour.

Top
ApplePie's picture

ApplePie

Joined: Feb 22, 2011

SAAS Mobile Iron

Your rating: None

They have apparently suspended or discontined their SAAS service that was per a account rep. Unsure as to the reason.

Top
echo's picture

echo

Joined: Feb 25, 2011

Push In-House Apps

Your rating: None

I'm confused. This page says all of the providers here are able to "push" in-house apps out to users, but Apple's Enterprise Distribution documentation says that these are the only ways to install apps:

1. Distribute the app to your users for installation using iTunes.
2. Have an IT administrator install the app on devices using iPhone Configuration Utility
3. Post the app on a secure web server; users access and perform the installation wirelessly.

And Absolute Manage's documentation says this "By contrast to administered Mac OS X and Windows computers, you cannot push-install software on administered iOS devices – any instal- lation must be initiated by the local user of the device."

So how is it possible that any of these providers would be able to "push" in-house apps? Can anyone confirm that they are able to?

Thanks,
Tom

Top
Cimarron's picture

Cimarron

Joined: Mar 7, 2011
WWW

Delivery of "In-House" apps on IOS

Your rating: None

There is no ability to "push" in-house apps to an IOS device without user prompt. Any MDM or other vendor that says otherwise is providing, at best, misleading information. There is class of platforms providing mobile application management (MAM), so if your major concern is creating secure native apps with authorization, authentication, in-app version checking, etc., these provide much more than MDM in app management.

The Apple specification for "Wireless Enterprise App Distribution" allows a developer to host a manifest file in XML format, and from this point a user to an IPA file for download of an app. (There are other requirements as well, such as description data and an icon file).

When a user clicks on the link, IOS will prompt with:


"abc.domain.com would like to install "Your Application Here"

[Cancel] [Install]


At this point, the user can choose to proceed.

With systems such as EASE (Enterprise App Services Environment) from Apperian, there is the added capability to install multiple apps - i.e., 2 or more - simultaneously. In this case the user sees a prompt such as:


"abc.domain.com would like to install x applications"

[Cancel] [Install]


In addition, if an app is installed for the first time against an enterprise cert there is an additional prompt asking for permission based on the signer of the cert. That only occurs once - and thereafter, any app built with a profile using that cert will not require any additional confirmation other than the standard download prompt.

Top
echo's picture

echo

Joined: Feb 25, 2011

Awesome, thanks for the

Your rating: None

Awesome, thanks for the detailed confirmation!

Top
Peter Mohr's picture

Peter Mohr

Joined: Apr 15, 2011
WWW

Try (and fail)

Your rating: None

I know that the Afaria client will try to perform a series of actions that is only allowed if the device is jailbroken. That way it is not dependent on other apps to be present.

It would be a little difficult for Apple to deliver this detection since the jailbreak community would surely circumvent this so it would always report “Not jailbroken” I guess

Top
andrer9999's picture

andrer9999

Joined: Jun 15, 2011

VM?

Your rating: None

I added what I know of McAfee, and I think I have everything correct as of version 9.5.

My confusion was that pretty much everyone has a check in the "Virtual Machine" category, but I doubt this is correct. Do they all have importable virtual machines that don't require you building one from scratch and installing an OS.

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Thanks for these additions.

Your rating: None

Thanks for these additions. This is a tough chart to navigate.

Ideally we ought to have definitions for each point of comparison. Any ideas how we can do that?

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
andrer9999's picture

andrer9999

Joined: Jun 15, 2011

Definitions

Your rating: None

Are tooltips a possibility in the wiki? It seems like it would be the least intrusive to the rest of the chart.

My concern with adding them now is that they might alter the answers in the chart. The VM question is a good example... it seems to me that people were answering it as "can this run in a VM?", where I answered as "do they have a importable VM for VMWare or XenServer?"

Top
Opportun's picture

Opportun

Joined: Jun 16, 2011

Mac OS X Lion Server - Profile Manager

Your rating: None

Profile Manager should be added to this list of MDM solution. As a free MDM service within Mac OS X Server 10.7 ($50 add-on when Mac OS X Lion is installed for $30, so a $80 MDM solution!) that will use SCEP, it will be a very good alternative to commercial solution.

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

I think it would be a great

Your rating: None

I think it would be a great addition. Once it is released, that is.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

I like this idea. I propose

Your rating: None

I like this idea. I propose we begin to develop MDM Comparison 2.0 Beta. After we are happy with it, I'll invite the providers to submit their entries again.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
TechCoach's picture

TechCoach

Joined: Jun 28, 2011

Is not exposing LDAP is big NO NO?

Your rating: None

Security professionals at large enterprises I know will not allow an MDM tool that could expose LDAP, or AD to security attacks such as DDoS that would persist once exposed. And a lot poo poo an APP to manage a device. Are not these perspectives common? If yes, should the database ask if a tool avoids that exposure? Via certificates or any other method?

Top
enterpriseme's picture

enterpriseme

Joined: Jul 13, 2011

You don't have to expose LDAP :)

Your rating: None

This is a big one. We had done a fair bit of research in this space and the only MDM vendor that doesn't require you to expose your internal authentication source externally is SilverbackMDM. We went with them because of this and because they could integrate into our Microsoft CA for client certificate generation & automated deployment.

Top
Opportun's picture

Opportun

Joined: Jun 16, 2011

BoxTone elements

Your rating: None

I'm working on BoxTone implementation for iOS devices and here are some elements that are important to note:

1. SCEP is mandatory in order to send Configuration Profiles to iOS devices. It is not possible to generate a profile with iPCU and distribute it or within BoxTone (they implemented the same functionalities that iPCU is offering) and then send it by email.

2. BoxTone accept only self-signed certificate for the server, not able to leverage another CA. It may changed with new versions.

3. Installation of software (BoxTone) is not straight forward. Some files (folders) were missing after installation and needed to be added manually after the installation process.

4. iOS devices are monitored regularly (like every 15 minutes) in order to update the information. That's why SCEP is mandatory. The delay between every check may be configured, I'm not sure.

5. Do not support multiple iOS configuration profile. Only one profile can be created. It may changed with future versions.

6. BoxTone rely on Oracle (OEM version), Apache, OpenSSL, Flash, Ruby, Active Directory, Exchange (2007 or 2010) with ActiveSync, and BES (BlackBerry Enterprise Server). An HP OpenView plug-in is available.

Conclusion, if you don't have BB devices and BES to manage and troubleshoot, BoxTone is not the right solution for iOS devices as a MDM solution. iOS device management seem to be an ad-on, not a core functionality.

Top
david_mayor's picture

david_mayor

Joined: Aug 22, 2011

What about Mobiquant ?

Your rating: None

Hello,

I don't see Mobiquant in the list, which is unfortunate because it is quite a big player. But I don't have enough visibility on their product to know how they compete with others.

Cheers.

Top
cy2k's picture

cy2k

Joined: Apr 12, 2011

formatting issue

Your rating: None

The menus at the right are cutting off the far right portion of the top table. I'm seeing it on both my iPad and using Chrome on my laptop.

Just FYI

Top
pranav4290's picture

pranav4290

Joined: Aug 28, 2011

Why not MaaS360?

Your rating: None

I am surprised not seeing MaaS360 by Fiberlink in the list.
It has very simple and robust provisioning of MDM services across almost all the platforms like iOS,Android, BB, Win7.

Moreover, MaaS360 provides desktop management solutions along with MDM leveraging simple upgrade workflows.

Pretty interesting...

http://www2.maas360.com/services/mdm_trial.php?A=pk

Also, MaaS360 was named as 'Clear Choice Winner' by NetworkWorld amongst big MDM players.

http://tinyurl.com/3qf5k3e

Top
edwinvan52's picture

edwinvan52

Joined: Aug 9, 2011

The menus at the rig

Your rating: None

The menus at the right are cutting off the far right portion of the top table. I'm seeing it on both my iPad and using Chrome on my laptop.
Just FYI


best n router

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Better formatting now

Your rating: None

I fixed the formatting so you can actually see the entire table.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Chuck's picture

Chuck

Joined: Sep 9, 2011
WWW

Good?

Your rating: None

Before this turns into Abbott & Costello, Good really is a company w/ an MDM tool. I was hoping someone might know about it.

(http://www.good.com)

Thanks,
Chuck

Top
cy2k's picture

cy2k

Joined: Apr 12, 2011

I agree, Good is trying to

Your rating: None

I agree, Good is trying to become a real MDM product now as well. It would be great to see them on the list.

Top
grimesdr's picture

grimesdr

Joined: May 6, 2011

Take a look at DME from Excitor.com

Your rating: None

DME should be part of the Sandbox Environments for an alternative or complement to MDM

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Please help us out

Your rating: None

Hi David. The Comparison table is now backed by a database. I encourage you to add what you know about Mobiquant yourself. Hopefully it is pretty easy, but let me know.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Maas360

Your rating: None

Maas360 is now part of the database. Please add your comments to its page.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

The table is now a database.

Your rating: None

The table is now a database. I encourage you to add Good as best you can!

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
bcarton's picture

bcarton

Joined: Oct 5, 2011

Excitor's DME

Your rating: None

is now part of the tab. A real MDM solution but corpoarte partition or sandbox and integrated Enterprise App Platform.

Top
sj54fighting's picture

sj54fighting

Joined: Oct 6, 2011

Apple Profile Manager

Your rating: None

Why does the Apple Profile Manager have question marks (?) for some categories?

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Why are there question marks?

Your rating: None

Why are there question marks? Because I didn't know the answers. Luckily the site is built on a wiki. Anyone who wants to can improve the data by editing the Profile Manager page.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
hainder singh's picture

hainder singh

Joined: Nov 29, 2011

MDM provider comparison

Your rating: None

Well very nice information and it will surely help anyone to make a choice between different providers
Another criteria of comparison could also be the name of the clients of the different MDM providers
Mobile Device Management

Top
PaulHoran's picture

PaulHoran

Joined: Dec 7, 2011
WWW

Not "Push", but "Prompt/Pull"

Your rating: None

You're correct - there's no "unattended push" available for the iOS platform. There's also no blacklisting of apps either (e.g., we don't want our employees to install Angry Birds).

What Afaria does is provide a "private App Store" experience, where each registered device user sees only the apps that Afaria administrators have authorized them to download. (These are known as "Package Policies" in Afaria). Afaria admins create the package policy by staging the .IPA file on the Afaria server, and assigning the Package policy to selected groups of device users. So the Executive Leadership Team can see one set of apps, and my front-line field workers see a different list. As users change roles, leave the company, etc., their policy assignments change (or are revoked), and the apps get disabled. If you wipe the device, the apps are also disabled.
Apps can be marked as "Required" or "Optional" - and required apps will download as soon as the user clears the "Afaria would like to install app " prompt, but they still must access the Afaria client to initiate this process.

The inventory reporting features of Afaria report back the full hardware/software profile of the device, so even though you can't stop your users from installing Angry Birds, you can write a policy that denies them access to their mobile email or VPN (for example), until the app is removed.

-Paul Horan-

Top
MDM Advice's picture

MDM Advice

Joined: Dec 12, 2011
WWW

Reply

Your rating: None

Multi-Tenant is available on several offerings. Each will currently do this is slightly different methods.
This can be done by having a different environment for each or the easier option being User permission driven. EG limiting visibility and user function through permission groups. SOTI and Airwatch being examples

Can you clarify reseller friendly. Again most offerings work through resellers as a main revenue maker.

Web clips can be described as different things. Example, you can have a web clip that points to a website giving access to company website or say a survey website etc. For Enterprise apps and App store apps then you look at solutions like SOTI MobiControl who use an App Catalog device side to deliver these functions.

Top
MDM Advice's picture

MDM Advice

Joined: Dec 12, 2011
WWW

SDK reply

Your rating: None

Just in reply to the comment on SDK. I don't believe Airwatch currently have an SDK for IOS Enterprise App integration.
Currently only SOTI's solution has this. The SDK gives the ability to remote view the Enterprise app and to pull back information on it.

Top
JasonF's picture

JasonF

Joined: Dec 12, 2011

Subjective Feedback?

Your rating: None

The feature comparisons are great. Is there any consideration of adding Subjective feedback sections from users of the systems? Areas might include management experience, user impact, "bugginess", etc.

This would be very helpful in further guiding selections for those of us about to dive into the MDM space.

Top
Stevo's picture

Stevo

Joined: Dec 14, 2011

How accurate is this data?

Your rating: None (1 vote)

Hi recently had access to this link following a handset vendor recommending this to our customers. Concept looks great, however I would flag on the accuracy.

What is the true definition of SaaS? As many MDM providers state they offer SaaS on this site but in reality don't. Such as Good and Mobile Iron (although MI suggest its round the corner). Both have a dedicated server based solution the only true SaaS provider I'm aware of is AirWatch.

Good also does not provide Windows Desktop support and would not be able to offer BlackBerry etc.

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Accuracy is a function of community involvement

Your rating: None

Stevo (and all others),

You ask a great question about the confidence you can have in the data. Most of the data about MDM providers has been submitted by the providers themselves. Sometimes this comes from the technical side, but just as often it comes from marketing. (To tell the difference see if every box is ticked Smile .)

This sounds hopeless. But technology may come to our rescue.

It turns out that every MDM page (and nearly every other page on the site) is editable by ANY registered user. So if you are pretty sure Good has overstated their support, you can fix this. Edit this page, and tick the "No" or "Coming Soon" box. Your change will be published immediately. The revision will be noted in the sidebar to the page. And other authors and editirs will be emailed, just in case they want to discuss.

This method of community edititing works pretty well for Wikipedia. Maybe it can work here as well?

Aaron

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Subjectivity has its place

Your rating: None

Geat question. In addition to the chart, each MDM provider has its own page. I would add more subjective feedback to the page comments, or even to the copy of the page.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
jswade's picture

jswade

Joined: Jan 24, 2012

Device Location Integration with Maps

Your rating: None

I would like to see a new category of feature called "Map Integration" with information about products that support real-time device location display with popular Internet mapping engines (Google, Bing, etc...) I know at least one of the products supports this feature (Absolute Manage MDM). Of course "Find my iOS device" is free from Apple, but an account is limited to 100 devices max and using Apple IDs for tracking is ridiculously messy for an enterprise.

Thanks!

Top
Daniel Greening's picture

Daniel Greening

Joined: Feb 14, 2012
WWW

Casper Bulk Upload Capability

Your rating: None

Hello,

I noticed that Casper does not have "Bulk Upload" checked off in the feature set comparison. JAMF does provide a tool called "JSS Computer Importer - Cocoa" which is used to enroll machines into Casper. I have used this tool to enroll over 5500 Macs in Casper, so this product does indeed provide this capability on the Mac platform. I am not sure about iOS enrollment, and will have to clarify this with JAMF.

-Dan

Top
Drew_P's picture

Drew_P

Joined: Mar 11, 2012

MDM for Windows CE

Your rating: None

We deal with a lot of industrial type of mobile devices from the likes of Intermec & Motorola. These typically run Windows CE aka Windows Embeded Handheld (WEH), and connect via WiFi. However there is still a very real need to manage these mobile devices in much the same manner as mobile phones and tablets, etc. So it would be nice to include Win Ce/WEH as a characteristic to comapre in the Other Devices section.

My research suggests there are very few MDM vendors who support these operating systems but would be nice to find out who does. For the record Motorola Solutions do have MSP which does support these operating systems and in version 4 they have also included support for Apple iOS. See www.motorolasolutions.com/msp

So be nice to see Motorola MSP included in the comparison. Does anyone know someone at Motorola to do this?

Top
mtaggart's picture

mtaggart

Joined: May 8, 2012

MDM Comparison chart

Your rating: None

Is there a downloadable copy of this anywhere? It's really good and it would be nice if I could download it to show others and it not require an internet connection.

Regards,

Mike

Top

Backlinks

Recent Activity