During the past several days I had enough time to play around with latest and greatest Mobile Device Management solution from Zenprise Citrix – XenMobile 8.6.
I have mixed feelings for this type of products. On some of the smaller non-official IT talks meetings I’ve heard people mention that-not-so-successfully stories on their implementations and use of the product and I’m yet to hear a good one, but after playing around with it and looking at the options from the prism of requirements I had – it’s not as bad.
It’s not as bad in terms of getting the users that extra piece of convenience and centrally driven configuration with a bit of self-service on top. You don’t have to worry about what apps the company has and where to get them, you don’t have to worry about e-mail settings, you don’t have to worry about Wi-Fi profiles, it just works out of the box and if you’re lucky – your local IT can even help protect your data by using encryption, you can find your phone if you lost it, you can wipe your phone remotely if someone stole it.
In terms of security the company device the same way you’re configuring limited users and tuning user experience through GPO – XenMobile is not quite there, yet, but it’s not it’s fault. It’s the OS market.
Enterprise readiness levels of mobile OSes varies for vendors:
iOS comes out as the market leader (iOS 7 and up) – best previous generation support of their devices in terms of software updates (~up to 3 products back), good enterprise options package, some nice administrative control features, to name a few – extensive policies, application uninstall, VPP licenses. One vendor, one hardware manufacturer, uniformed device specs all contribute to making this possible.
followed by SAMSUNG Knox or just SAMSUNG – SAMSUNG has really put in a lot of man-hours into expanding the base API list to make managing the mobile phone in an enterprise easier. It’s the little things that sum up, like being able to rollout a 3rd party application (not the one from the market store) even though the device policy for “untrusted” installation sources is not set. The policy list in XenMobile MDM is very extensive and in the same league as iOS. There is even Remote Screen support control API built in (my understanding is that Apple cut them out of newer OS and Windows Phone didn’t have them).
followed by Android – most users describe their initial experience with low end Android devices as horrible, but if you’re willing to invest time, tune the system, find workarounds and just geek around with the phone – Android is a viable option. My experience with XenMobile reflects this.
followed by Windows Phone 8 – even some of the basic things are lacking. Pre-configured wi-fi profile policy? no, custom script. no push/notification service for devices, which means that in reality you have almost no control over the device, because no-one knows how often it checks for new policy versions with the system. Lost your device? Want to wipe it? You have to wait a random interval of time and just hope it works.
When looking at your enterprise mobile device list you will inevitably come to a point when you’ll be putting a lot of asterisks in the documentation, much like the European Union with it’s exclusions and “additional comments”. “Doesn’t work on Windows Phone”, “doesn’t work on standard Android”, “PIN code recovery only supported on iOS”, “Android has up to 3 passwords to encrypt a device”, “installation on external media (such as SD cards) is not possible” and the list goes on. And after that you’re going to explain that to business and their requirements.
Most of observations here come from looking at the core “device manager” component. There is, potentially, additional benefit to “app controller”: better control over apps and security, the ability to make use of your xendesktop/xenapp environment on a mobile device, “cloud document storage”. In my opinion people are still more productive on laptops, not tablets or phones.
Mobile phones were not built with enterprise scale management in mind, historically it’s been a personal device. From this perspective – XenMobile offers a great jump start and gives you users just a bit of extra value in form of self-service and enterprise configs.
There is also reasonable demand for enabling enterprise management on company devices and when looking at is through the prism of strict device control and policies enforcement – there are lot of features that are still not available to make this happen. There will always be hacks and ways around the system, so if you need to restrict and control everything right here and right now – I won’t expect a solution on the market to do it for you, most likely it will involve custom ROM programming, lots of customizations and storage encryption.