MANAGING THE BLACKBERRY TRANSITION: BLACKBERRY BES 10 VS. CITRIX XENMOBILE
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Managing the Blackberry transition White Paper Managing the BlackBerry transition: BlackBerry BES 10 vs. Citrix XenMobile citrix.com
Managing the Blackberry transition White Paper 2 Once the king of enterprise-class smartphones and mobile email, BlackBerry faces overwhelming competition from consumer smartphones and tablets running Apple iOS and Google Android. Bring-your- own-device (BYOD) programs, which let employees use their personal devices for work, have accelerated the trend. Gartner put even more pressure on the BlackBerry platform in October 2013 when it warned that its parent company’s uncertain financial condition indicated enterprises should start thinking about transitioning to other mobile platforms. Any organization moving to multiple mobile platforms faces a host of security and management challenges. The BlackBerry enterprise mobile solution always included a powerful management and security platform for its devices, as well as a secure, signature network operations center (NOC) architecture. Geared to consumers, iOS and Android did not start out with enterprise-class security and management, but subsequent versions have added more enterprise management features. In the case of Android devices, Samsung has been notable in adding a host of robust features to its smartphones via its SAFE and Knox mobile security solutions. Third-party enterprise mobility management (EMM) solutions, such as Citrix XenMobile, have stepped in to provide a single point of management for all mobile devices. Aware of the mobile transitions going on in the enterprise, BlackBerry released BlackBerry Enterprise Server (BES) 10, its own management platform for mobile devices and applications running on BlackBerry, iOS and Android. BES 10 may be a tempting management offering for organizations born and raised on the BlackBerry mobile platform. However, any organization in transition should also consider alternatives, such XenMobile, which have a longer track record of Android and iOS device and application management, particularly if a phase-out of BlackBerry devices is in the picture. Organizations currently managing their iOS and Android devices using XenMobile should also be aware that it provides a number of features for managing and securing BlackBerry devices as well, including secure Microsoft Exchange access via ActiveSync, and may eliminate the need to invest in BES 10. To help with a decision, following is a technical comparison of the BlackBerry and Citrix solutions for mobility management in the enterprise. Device management comparison There was a time when mobility management was mostly mobile device management (MDM). As more users harnessed the same devices for work and play, managing and securing mobile applications, data and the workspace became essential components of a viable mobility management and security strategy. citrix.com
Managing the Blackberry transition White Paper 3
Since it was the first component of EMM and thus a mature technology, MDM
platforms tend to have similar features. In all cases, device management is about
centralized detection, provisioning, management and de-provisioning of mobile
devices over their enterprise lifecycle.
Both BlackBerry BES 10 and XenMobile provide centralized, role-based
management of iOS and Android mobile devices and users, and can protect an
organization from rogue mobile devices connecting to the enterprise network.
Both enable IT to enroll and manage devices, blacklist and whitelist mobile
applications, detect and block devices that are jailbroken or otherwise out of
compliance and do a full or partial remote wipe of a lost or stolen device or
when an employee leaves the organization. Both have a long list of configurable
policies regarding passwords, wireless connectivity, cameras, applications,
full and partial device wipe and other items necessary to maintain device and
network security. Both provide the means for employees to self-enroll new
devices without having to wait for IT to do so. XenMobile supports monitoring
and management of BlackBerry devices, including operations such as remote
wipe, quarantine, ActiveSync traffic filtering for BlackBerry 10 devices and
password reset.
XenMobile Feature BlackBerry XenMobile
Secure Email
FIPS 140-2 compliant encryption of message
• •
and attachments
Email notifications on lock screen • •
Out of office support • •
Contact handling and syncing • •
Secure attachment handling, viewing and editing •
One-touch online meetings and audio
•
conferences
Integration with enterprise content
•
management through Citrix ShareFile
Secure web browser with DLP controls •
Deliver Windows, SaaS/web or native mobile apps •
Secure data collaboration across mobile, PCs
and Macs – Microsoft SharePoint, network •
shares and Microsoft Outlook integration
Ecosystem of enterprise-ready apps •
SSO for enterprise apps Messaging
•
tools only
Mature multi-OS and platform agnostic MDM
•
solution
Flexible deployment options - on-premises or On-premises
•
cloud based solutions only
Secure access Micro App
NOC
VPN
citrix.comManaging the Blackberry transition White Paper 4 Both also allow IT to set up app stores to provide employees with mobile access to pre-approved applications, including internal apps. However, this is where the solutions diverge. The BlackBerry app store is focused on IT-approved internal BlackBerry, iOS, and Android applications. Citrix recognizes that most essential business applications still run on Windows and that organizations are hard pressed to find the resources and expertise to port these applications to multiple mobile operating systems. Citrix has long provided the technology to virtually deploy Windows applications to mobile devices, complete with touch enablement and other mobile-centric features. The company also recognizes that the cloud and SaaS are increasing in importance in the enterprise. That’s why Citrix provides a single unified app store with one point of user access, not only to pre-approved Android and iOS apps but also to SaaS and Windows applications. For internal web and SaaS apps, XenMobile offers Active Directory- based identity creation and management and single sign-on access so users don’t have to remember multiple passwords. Mobile scalability comparison The Citrix solution also addresses two other challenges facing large mobile enterprises—scalability and fast, secure, remote access. Citrix Netscaler application delivery controller is an essential component of the XenMobile solution that provides a single point of tightly controlled, secure, fast, highly scalable mobile access to the network and business and web applications. Unlike BES 10, which was rated to scale to just 2,000 devices and only recently upgraded to 15,000, NetScaler can scale to handle access by more than 65,000 mobile devices and XenMobile can handle up to 8 million concurrent connections. NetScaler provides other essential management, security and usability features, including robust Denial of Service attack protection; an application-level firewall; multi-factor authentication; highly granular application- and data-level access control based on user and device; SSL offloading; ActiveSync mail filtering for iOS, Android and BlackBerry 10 devices; and SSL application-specific micro VPNs. Scalability is absolutely essential for maintaining mobile performance and low total cost of ownership at large enterprises, while secure access is vital for regulatory compliance and protection of sensitive enterprise data and intellectual property. That’s why huge, security-sensitive organizations such as Google and Apple are longstanding NetScaler users. Application management comparison As enterprises increasingly embrace BYO or corporate-issued devices for both work and personal use, their IT focus has inevitably expanded from device management to include application and data management as well. Application management solutions wrap mobile business applications with a layer of security and management policies, including authentication, robust AES-256 encryption over the wire and at rest and data leakage prevention (DLP) policies to protect sensitive data stored on or transmitted or accessed from the device is protected. citrix.com
Managing the Blackberry transition White Paper 5 DLPs can prevent users from opening attachments in unapproved applications, cutting and pasting sensitive information into emails or files and printing information that should not be printed. BlackBerry and Citrix take different approaches to mobile app management (MAM). BlackBerry takes a basic approach with its BlackBerry Balance for BlackBerry devices and the Secure Workspace for iOS and Android devices. Both use containerization to create two separate domains on the device: personal and work. Work data cannot be shared outside the work domain and is secured using FIPS 140-2-compliant AES 256 encryption. IT has management access to the secure work domain on each device but not the personal domain. Both solutions also provide an integrated work email, calendar and contacts application; a workspace browser; and work email attachment viewing and editing using Documents to Go software. Work applications access data behind the corporate firewall via BlackBerry Secure Connectivity. It’s important to note that native iOS and Android email clients do not reside in the secure workspace. Over time, Citrix has developed a more granular, flexible approach to securing applications and data. With the Citrix Worx Mobile Apps SDK, an administrator or developer can add a host of enterprise policies and capabilities, including FIPS 140-2-compliant AES-256 encryption, password authentication, application-specific micro VPNs and DLPs, to individual applications with just a single line of code, even if direct access to the application code is not available. The SDK can be applied to both internal and third-party applications. Micro VPNs are a powerful, exclusive feature of XenMobile. They provide each application with its own automated, encrypted VPN connection, rather than opening a single, secure connection across the entire workspace. Each micro VPN connection is completely separate and protected from others and includes a host of data compression and optimization techniques--not available with BES 10--which ensure only minimal data is transferred for tight security and fast performance. This feature is particularly important in areas with slow connections and very attractive for organizations whose employees travel outside North America. While BlackBerry’s NOC has often been cited for its highly secure architecture, XenMobile micro VPNs provide equivalent security without the risk posed by a single point of failure, such as a NOC. Scores of useful third-party Worx-enabled mobile business applications are available through the Citrix Worx App Gallery. In addition, Citrix offers WorxMail, its secure mobile email client, the WorxWeb browser and ShareFile, an enterprise-class alternative to consumer file-sharing solutions such as DropBox. BlackBerry does not offer such a solution. ShareFile addresses concerns of security-sensitive organizations about consumer file-sharing services, which were not developed with the enterprise in mind and pose a significant data leakage risk due to unmanaged, widespread use among employees. All three Worx-enabled applications were built from the ground up to provide enterprise-class security and integration with each other and other Worx applications. All offer a user experience very similar to that of native applications on mobile devices. WorxMail offers usability features including one-touch launch of online meetings and audio conferencing, a rich contact information store and email push. citrix.com
Managing the Blackberry transition White Paper 6 With WorxWeb, all web links open in a secure, sandboxed browser environment that protects access to corporate web, external SaaS and HTML5 applications. All connections to enterprise networks are secured via dedicated micro VPNs. A host of enterprise policies can be applied to the browsing experience to suit each organization’s DLP needs. With WorxMail, all corporate email, contacts and calendar items are separated from personal applications and information and are inaccessible to them. All email and attachments can be encrypted and policies can be enforced to prevent users from opening, editing or saving attachments in unapproved applications, forwarding sensitive information or cutting and pasting confidential company information into other documents. WorxMail opens all embedded links in WorxWeb and can provide links to files stored in ShareFile as an alternative to bulky, less-secure file attachments. ShareFile offers a choice of deployment options, including secure cloud storage, on-premise file storage and hybrid. IT can tightly control ShareFile accounts to ensure information is not shared with the wrong people and access is eliminated when a user leaves the organization. XenMobile allows use of the native email client, and adds encrypted attachments (a feature not offered by BES 10 for iOS and Android). Organizations can also use Outlook Web Access (OWA), which XenMobile protects and scales with the NetScaler application delivery controller. Thanks to NetScaler, enterprises need not host an OWA server in the less-secure enterprise DMZ. XenMobile integrations and additional capabilities Finally, a number of other XenMobile functions are not yet offered by the BlackBerry solution. These include secure integration with Microsoft SharePoint, which allows IT to configure granular mobile access, data control policies and micro VPN access to SharePoint content and metadata. XenMobile also includes full integration and support for the management and security features and hooks in Samsung SAFE and Knox, and provides full support for management features in iOS 7. XenMobile/Knox integration provides Samsung devices with more than 840 MDM controls, 390 IT policies, secure boot to ensure only authorized software is running on the device and a highly secure, encrypted Knox container and file system to prevent data leakage. XenMobile also integrates Citrix XenDesktop, Citrix XenApp and Citrix Receiver with Samsung Smart Dock and Smart Office so mobile device users can view Windows and Office applications via a large- screen monitor. Citrix has the largest number of applications verified to run on Knox-enabled Samsung devices. Deployment options Enterprises looking for deployment flexibility can take advantage of XenMobile options for on-premise, cloud and hybrid. BlackBerry currently offers only on- premise deployment. Cloud is a great option for enterprises looking to get up and running quickly with mobility management while slashing the capital costs and resources typically required for in-house deployment. citrix.com
Managing the Blackberry transition White Paper 7
XenMobile and BlackBerry
Organizations transitioning from BlackBerry have two options. They can replace
all BlackBerry devices with iOS and Android devices and use XenMobile as
the central point of management and security for their new mobile platforms.
Or, they can accommodate existing BlackBerry users using a software module
that provides BlackBerry device discovery via Exchange ActiveSync, as well as
BlackBerry device inventory and the ability to block unmanaged BlackBerry 10
devices from connecting to the enterprise network. For BlackBerry devices using
Exchange ActiveSync, XenMobile can enforce a number of policies from the
ActiveSync console as well, including passcode enforcement, device encryption,
and camera and browser control. IT can also do a full remote device wipe from
the XenMobile MDM console.
Organizations will have to retain their existing BlackBerry Enterprise Servers for
BlackBerry application management and distribution and BlackBerry Balance,
among other features. They won’t need BlackBerry BES 10 for non-BlackBerry
10 devices, including previous versions of the operating platform. If they choose
ActiveSync to connect BlackBerry devices, they may not need BES at all, which
reduces management costs and required resources.
Conclusion
The transition from BlackBerry to multiple platforms is accelerating in thousands
of organizations. Those without a strategy for managing this transition and new
devices put enterprise security at risk. Citrix XenMobile offers a viable, seasoned
EMM strategy for all devices, applications and data. It provides the most flexible,
secure and scalable management solution to support mobile enterprises today
and into the future.
Corporate Headquarters India Development Center Latin America Headquarters
Fort Lauderdale, FL, USA Bangalore, India Coral Gables, FL, USA
Silicon Valley Headquarters Online Division Headquarters UK Development Center
Santa Clara, CA, USA Santa Barbara, CA, USA Chalfont, United Kingdom
EMEA Headquarters Pacific Headquarters
Schaffhausen, Switzerland Hong Kong, China
About Citrix
Citrix (NASDAQ:CTXS) is a leader in virtualization, networking and cloud infrastructure to enable new ways for people to work better. Citrix
solutions help IT and service providers to build, manage and secure, virtual and mobile workspaces that seamlessly deliver apps, desktops,
data and services to anyone, on any device, over any network or cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler
and people more productive with mobile workstyles. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000
organizations and by over 100 million people globally. Learn more at www.citrix.com.
Copyright © 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenMobile, NetScaler, XenDesktop, XenApp, WorxMail, WorxWeb and Citrix
Receiver are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product
and company names mentioned herein may be trademarks of their respective companies.
0314/PDF citrix.comYou can also read
