Skip navigation

In this recent blog post post by Earl Perkins of Gartner, he describes some of the factors behind the increased challenge of supporting mobile workers for security and access to mobile applications.  Some of those trends include:

  • The improved capabilities (ease of use) of different multiple devices is causing pressure on IT shops to provide identity & access management (IAM)  support for these devices.
  • The evolution of how applications are delivered as mobile apps is causing demand for IAM for these mobile apps.
  • The increased need for mobile device management to merge with existing IAM processes.

Providing access to enterprise applications through mobile devices should be as simple as deploying existing policies & procedures to this new domain.  In many cases, however, the breadth of technology in place for management has not yet caught up with the demands of users.  What many vendors offer today are point solutions.  For example, they may provide application access to one type of device (a point product solution) or a vendor may offer a secure platform that works with many device types (MEAPs).  SolarWinds Mobile Admin software blends the best of both worlds by providing a secure platform for multiple devices, and provides out of the box mobile access to over 40 IT management software products.  Mobile Admin did not re-invent the wheel to provide secure mobile access but leverages existing security infrastructure.

 

Mobile Admin’s client-server architecture features a fully-integrated security model that provides both data encryption and user authentication to insure a very high security level across the 40+ IT management features it supports. 

 

Below are examples of how companies can leverage the existing security infrastructure to provide secure mobile access to enterprise applications.

 

Active Directory integration for Mobile Access

Mobile Admin integrates with Active directory which can be configured so only wanted users can access Mobile Admin and even only specific applications within Mobile Admin. This is a great security feature since the network rights are already determined and the accepted authority is still Active directory. 

Encryption with BlackBerry and a BlackBerry Enterprise Server

  • If you use a BlackBerry Enterprise Server, all your data is sent over the Mobile Data Service (MDS), and is, by default, automatically encrypted using Triple Data Encryption Standard (TDES or 3DES). While TDES provides the highest industry standard encryption, you can also choose additional layers of encryption.
  • All versions of the BlackBerry Enterprise Server use TDES as the default encryption for all data. The BlackBerry Enterprise Server 4.1, however, allows you to choose between using TDES and Advanced Encryption Standard (AES), or both.
  • While TDES and AES are generally recognized as the most robust encryption methods available today, the US Government has also certified TDES and AES as compliant with Federal Information Processing Standards (FIPS).

  Encryption options for Mobile Admin on Apple iOS and Android devices 

  • You can Encrypt Apple iOS and Android devices with a Virtual Private Network (VPN). If you use a VPN, all your data is sent over the VPN, and is, by default, automatically encrypted.

Encryption with Hypertext Transfer Protocol – Secured (HTTPS)

  • Whether or not you are using the Encryption with the BlackBerry Enterprise Server on BlackBerry devices, or the Encryption with the VPN on iOS and Android devices, you can also add a layer of encryption with Hypertext Transfer Protocol – Secured (HTTPS).
  • HTTPS is HTTP encrypted with Transport Layer Security (TLS). When you use HTTPS, all data transmitted between the application server and the wireless handheld is encrypted.

  Locking down the firewall with a Proxy Service 

  • If you have a common server for mobile platform integration, a proxy service can be used and helps to lock down your firewall to have fewer openings for users’ without permission to access servers.
  • If a common proxy service is not used, then all SSH/Telnet and RDP/VNC servers must have the appropriate firewall configuration.
  • The proxy service proxies SSH/Telnet and RDP/VNC traffic. The mobile app clients authenticate transparently to the proxy if the appropriate rights and permissions have been configured. The proxy service can enable access to SSH/Telnet and RDP/VNC servers through a central port, rather than having to configure access to each individual server.

Mobile Devices: Additional Levels of Authentication

  • Primary login authentication (required), from a choice of: Windows user name & password, application-specific user name and password
  • Device level password or RSA SecurID/RADIUS (optional)

IPAM 3.0 is out and we still listen to our customers and community and already working on next version of IPAM and new features like:

 

  • Microsoft DNS service Management
  • CISCO DHCP server Management
  • Support for DHCP Split scope - high availability scenario
  • Support for Cisco ASA devices
  • Network and broadcast addresses are not taken into license count

 

And more will come!

 

PLEASE NOTE: 

Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are base on the product teams intentions, but those plans can change at any time!

If you’re looking for a cost effective way to manage your entire IP infrastructure then look no further. We’ve been listening to IT professionals around the world that need an easy-to-use tool that will manage both their IP address space and their DHCP/DNS services without the need for expensive physical or virtual appliances from the likes of Infoblox, Bluecat, and others.

 

Today we launched version 3.0 of SolarWinds IP Address Manager (IPAM).  IPAM v3.0 brings management of Microsoft DHCP services, monitoring of Microsoft DNS records and zones, and monitoring of Cisco® DHCP services to the already powerful IP address management capabilities of IPAM. With v3.0 you now have a full-featured IP infrastructure tool:

 

  • Centralized IP Address Management with role based user delegation
  • Management of Microsoft DHCP services
  • Monitoring of Microsoft DNS records and zones
  • Monitoring of Cisco DHCP services
  • Reporting improvements

 

In addition, v3.0 also includes an import wizard that makes transitioning from spreadsheets or .csv files quick and easy.

Here is just a summary of some of the great IP address management features that you get along with the new DHCP/DNS features:

 

  • Prevent IP address conflicts
  • Preventative alerting
  • Team-based access with role based controls
  • History and address tracking

 

You can learn more or see for yourself how powerful IPAM v3.0 is by test-driving our live demo or if you’re ready to take the next step, you can download a free, fully functional 30-day trial.

I'd like to announce availability of IPAM RC3. It mainly fixes reported issues of previous RCs. Here comes full changelist:

 

  • Help page for Reservations was fixed
  • DNS Server configured Conditional Forwarders are no more shown in polled Zones
  • In the DNS Credentials Test is new warning that DNS server Orion node has to be assigned to the Main Poller
  • DHCP & DNS Monitoring page title was changed to DHCP Management & DNS Monitoring
  • Improved logging process during DNS Zones scaning
  • DNS zone scan which is unreachable (because was removed from DNS server manually) displays error messages in Job logs
  • Import Wizard sometimes shows Operation Failed message after successfull step
  • Subnet allocation wizard is disabled for Supernets


You can download that from your customer portal. Or you can contact me directly for download link.

We do support upgrades from previous RC versions and we also provide SolarWinds support in case of problems.


Please use our IPAM RC forum to leave us feedback or call support if you run into a problem.


thanks,

Michal

Be in the Know!

Join the upcoming webcast on vital important of log & event management. Check out this post for more info:http://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2012/05/02/upcoming-geek-speak-webcast-back-to-the-basics-of-log-event-management

So you are out to dinner with the family and you get a call from a high priority user complaining of a system outage.  Your’re confident his issue is related to a virtual machine in your vSphere deployment.  There is not much you can do since you are away from your desk or laptop, but in the meantime you would like to be able to triage this situation and get notified if this issue escalates.

Here is how you would do that with Mobile Admin and your trusty iPhone (Android, or other mobile device).  First, connect to the Mobile Admin server from your Mobile Admin client and open Mobile Admin’s VMware interface.
vmware 1.png

View a list of ESX servers, virtual machines, data centers and resource pools – similar to how you would view them at your desk. Keep in mind that Mobile Admin can connect to vSphere servers or directly to ESX servers.


Suppose the virtual machine that you think is the source of the problem is ‘Rove-c45.’  You can clearly see that this vm is in a
suspended state...


VMware 2.png

First thing you need to do is get the virtual machine running again for your high priority user.   Select the ‘Rove-c45’ vm...
VMware 3.png

Hit the menu button...
vmware 4.png

And power on the vm....

vmware 6.png
Once you confirm the power on command completed successfully you can leave a note in
the vm’s settings page to let others know of the issue...


vmware 7.png
Now you need to find out why this machine went into a suspended state. First you check the event log for this machine.  To do this, select Events from the menu. Viewing the event log entries you see the machine powered on a few weeks ago, a reminder to install VMware tools and then the machine entering a suspended state.  There’s not much to go on here so you will need to find the root cause when you get back to your desk.
vmware 8.png

In the meantime you need to keep this vm up and running for your user so you would like to be informed immediately if this machine goes into a suspended state. This is done via Mobile Admin’s Notifications feature.  To set up a notification that will inform you of a new event for vm ‘Rove-c45’, you just select ‘Subscribe to this feed...’,  then give the feed a name and optional contact info...  In two clicks you are now set up to be notified on your phone  that a new event has occurred for this vm.
vmware 9.png

Unfortunately,  you do get a notification a few minutes later....
vmware 10.png

From the iOS notification center youcan open the Mobile Admin client directly to the list of events from vSphere for the vm you are watching.

vmware 11.png
Selecting the most recent event gives you some bad news.  The vm is entering a suspended state again...Mobile Admin’s Notification system has informed you that the fix didn’t take. 

vmware 12.png

 

At this point you are already in Mobile Admin’s VMware interface so you can quickly power on the vm again, add more ram and CPU power or even change the vm’s resource pool settings.  Or you could also leverage the power of other Mobile Admin interfaces: manage the Windows OS, Telnet, RDP, VNC, or SSH to the VM, or open a support ticket in BMC Remedy.

Using this scenario, you can see how to triage a VMware issue and set up notifications for status without too much interference on your personal life.
In addition to VMware, Mobile Admin works for a ton of other applications like Active Directory, Windows, and SolarWinds Orion.

Filter Blog

By date: By tag: