Top of Page
November 14, 2011
(Original Japanese article translated on September 21, 2012)
The smartphone market in Japan is growing at a fast pace, with smartphones accounting for about half of total mobile phone sales in the first half of 2011. As this demonstrates, the shift from conventional feature phones to smartphones is progressing rapidly.
The introduction of smartphones and smart devices at companies is also progressing, and their use as business tools is expected to improve work and operating efficiency. In addition to enabling activities such as reading mail or managing schedules while out of the office, there is also a growing trend for presentations that were previously paper-based to be displayed on devices such as smartphones and smart devices using digitized catalogs, and it is expected that they will bring about other new ways of doing business in the future.
However, these mobile devices are currently not always used for the purpose they were introduced for. This means that, for companies to comply with regulations, the question of how to manage mobile devices is an issue.
Here, we take a look at MDM (Mobile Device Management), which is attracting attention as a solution to this problem.
Recently, smart devices such as the iPad and Android tablets and phones have been proactively introduced by companies. This leads to the issue of how devices such as these should be managed. MDM refers to the management of mobile devices such as smartphones. As smart devices like the iPad become more sophisticated and widely used, data protection and measures for when they are stolen or lost become increasingly important. Optimizations such as the use of collective settings are also required when managing a large number of devices at a company.
The functions required for MDM can be broadly categorized into the following three areas.
Remote operation refers to deleting data from a device remotely or locking it so that it is unusable when lost. In some cases various settings may also be added or modified remotely.
The management of settings refers to the enforcement of password use, the definition of password strength, and the collective management of VPN and mail settings, etc., in accordance with device usage policy. The use of some features such as the camera may also be restricted when not required for work.
Finally, data gathering refers to gathering and organizing data such as information on the applications and certificates installed, and information on device operational status.
The MDM functions implemented on smart devices vary depending on the OS. For example, the following mechanisms are available for Apple's iOS devices such as the iPad and iPhone.
First, the device in question is registered to a mobile device management server. This is carried out with the consent of the device owner. Registration creates a link between the device and the management server, placing the device under the server's management.
Additionally, the link between the device and the management server can be cancelled at any time by the device owner. This is designed to protect the device owner, but all settings introduced via MDM are also deleted when the link is cancelled. This protects company information, and provides for the "BYOD" use of a personal device at work.
As an aside, when using MDM it is necessary to properly define rules for the managing and managed parties, such as the protection of privacy and prohibition of usage outside the intended scope.
Devices under server management can be operated in a variety of ways by sending commands from the server. Instructions from the server are received using APNs (Apple Push Notification Service).
While turned on, iOS devices maintain constant communications with the APNs server. This is a TCP connection, with communications always initiated from the device side. Consequently, APNs can be used even when behind a NAT. When the connection is broken due to a NAT timer, the device once again initiates communications. By maintaining communications with the APNs server in this way, devices can "stand by" for instructions from the server. This also provides immediacy, as instructions from the server are communicated to devices promptly because a TCP connection is always in place.
While iOS devices use APNs, Android devices have a similar mechanism called C2DM (Cloud to Device Messaging) that is unique to that OS. There are also implementations that use SMS (Short Message Service), and others that use polling to periodically check processing details.
The polling method is the simplest implementation, but it requires frequent communications with the server for immediacy. Its chief demerit is the fact that it consumes a lot of battery power on mobile devices. Meanwhile, SMS is a push method that uses the line switching network of mobile phones. The impact on battery life is minor because the device remains in normal standby mode, but a line able to use SMS is required. For example, devices that only have Wi-Fi cannot use SMS. On the other hand, implementations such as APNs and C2DM combine the advantages of both. APNs keeps a TCP connection up to maintain communications with the server, but there are no communications when there are no instructions. It is defined by the fact that a TCP connection can be maintained even though no communications take place.
Smart devices consume a large amount of battery power when they emit signals, but there is a mechanism for putting them in a dormant state while maintaining a connection to a server with no communications, making it possible to keep battery consumption low. Mechanisms such as this implement instantaneous push notifications while keeping battery consumption low.
|Method||Characteristics||Battery Power Consumption|
|Polling method||Frequent communications with server||High|
|Push method||SMS||A phone line is required||Low|
|A TCP connection is kept up to maintain communications with the server, but no communications take place when there are no instructions||Power consumption is kept low by using the dormant state|
Devices receiving APNs communicate with the management server, and execute the actions they are instructed to carry out.
IIJ provides services for carrying out this management online in a unified manner. We will continue to propose management services to match the evolution of mobile devices, and work to support their secure use.
Service Development Section, Network Service Department, IIJ Service Division
Mr. Miyamoto joined IIJ in 1999. After working on the deployment and implementation of dedicated line access services, he moved on to network integration. Following this, he become involved in the development of enterprise-oriented network services, including those for VPN and mobile.
Service Development Section, Network Service Department, Service Division, IIJ
Mr. Hayasaka joined IIJ in 2010. He started working on development of the IIJ Smart Mobile Manager service soon after joining the company. He is currently involved in the development of devices for mobile services, as well as service planning and development.
End of the page.