June 5, 2008

Cisco Makes an Enterprise MDM Play

Cisco has launched a heterogeneous mobile device management capability for enterprise IT departments, becoming only the second major vendor, after HP, to target corporate users rather than carriers with such technology. While Cisco's first target will be companies running its data to and from phones over its WLAN infrastructure, the technology is equally applicable to mobile/cellular networks.

Cisco has unveiled plans to develop a software package called Secure Client Manager to enable corporate IT departments to manage mobile devices, be they cellphones, dual-mode phones, PDAs or more vertical-specific products in sectors such as healthcare, manufacturing and logistics.

This means carrying out functions such as provisioning, activating and pushing software updates, OS patches and the like, as well as de-activating when a device has been stolen or mislaid, for instance, and, as such, it makes Cisco only the second major vendor to target the actual corporates rather than mobile operators with such technology. HP launched a mobile device management (MDM) server specifically for enterprises in mid-2007, the result of its acquisition of specialist MDM vendor Bitfone at the end of the previous year.

The main MDM technology developers, such as Mformation and InnoPath, sell into mobile operators, which obviously have a requirement for managing millions of devices for both consumers and business customers. When asked about enterprise offerings, they always argue that big corporates are happy to get MDM as a service from their mobile providers, which can often extend its use to the individual IT department via a Web portal. They downplay the importance of a DIY capability for enterprises, which could potentially operate independently of the source of their mobile connectivity, or even manage mobile devices across different operators' networks.

Cisco, of course, comes at the subject from a different perspective, namely WLAN infrastructure, and indeed it is not in the cellular business, with neither mobile network equipment nor cellphones in its portfolio. Even last year's acquisition of Navini, a developer of the alternative wireless WAN technology WiMAX, was driven very much by the desire to offer wireless backhaul in developing world countries where wired infrastructure is lacking, rather than to participate in end device connectivity in markets such as the US, where WiMAX is touted as a competitor to cellular technologies.

It does, however, have software clients, such as its Cisco Security Agent and the 802.1x supplicant that it obtained by buying Meetinghouse in 2006, now called the Secure Services Client. It also has a program for mobile device vendors like Nokia, RIM and Apple to enable their products to run on its WLAN infrastructure, called the Cisco Compatible Extensions (CCX) initiative.

The idea now is for Cisco's own software clients to become one, perhaps with a subset of their functionality being available as default on certain dual-mode cellular/WiFi business devices such as BlackBerries and the Nokia Eseries. The Secure Client Manager, meanwhile, is designed to sit in a corporate network and provide management capabilities on such devices, and while the network may, in the first instance, be a WLAN from Cisco, they could equally well be delivered over a mobile network, provided that there is an IP connection available, which of course there will be for any devices designed for data as well as voice applications.

Unlike HP, which offers its MDM server as a dedicated device, Cisco plans to offer Secure Client Manager, when it starts to ship in the first half of 2009, as software to sit on the 3300 Series Mobility Services Engine (MSE), an appliance for installation in the corporate network, which starts shipping next month. Other modules planned in what the company is calling the Cisco Motion architecture are:

- Context-Aware Software for location-specific information applications, including things like temperature, time, pressure and movement, which will start to ship at the same time as the MSE;

- Adaptive Wireless Intrusion Prevention System (wIPS) for defense against rogue APs and endpoints, as well as malicious activity and malware on the network, and

- Mobile Intelligent Roaming for the seamless handoff of dual-mode mobile devices between WiFi and cellular networks. These last two are scheduled to ship only in the second half of 2009.

The MSE appliance has prices starting at $19,995, which go up according to the number of devices supported, and the software packages, when they come out, will have similar pricing models. It has not announced pricing for the software modules, but does say that the entry-level price of the MSE will provide support for up to 18,000 clients or locationing tags used with the Context-Aware package.

Locationing vendor AeroScout is one of several app developers working with Cisco to integrate with the Motion infrastructure. Others include Agito in fixed-mobile convergence (FMC) and vertical-specific players such as Johnson Controls in healthcare and OATSystems in manufacturing. There is also an open API for other developers to write to.

MDM is inherently a client-server technology, so enterprises or carriers deploying it face the potential bugbear of loading clients onto all of their mobile devices. Other MDM vendors have sought to overcome this issue by having the client pre-integrated into handsets by leading manufacturers. The Bitfone client, for instance, ships from the factory on a large number of Motorola phones, as well as on some Nokia, Samsung and LG handsets.

Cisco's answer to this is an interesting one, in that, on the one hand, it plans a multi-function client with security, roaming and locationing functionality as well as MDM, while on the other it has relationships with three of the leading purveyors of business-class devices for integration with its WLAN infrastructure through the CCX program.

It will be interesting to see how take-up compares to the HP Enterprise Mobility Suite Server, which is a standalone device for heterogeneous MDM, i.e. the management of devices running any operating system. That product does not currently have the ability to extend into areas such as locationing, security and FMC roaming.

Microsoft also targets enterprises rather than carriers with the System Center Mobile Device Manager that it began shipping this year, but that product is primarily designed to manage handsets running the company's Windows Mobile operating system, so much so that it introduced hooks into its MDM server in version 6.1 of the OS, released at this year's CTIA show.