Maa S 360 Cloud Extender Basics Maa S

Agenda > > Cloud Extender Overview Architecture Installation Requirements Cloud Extender Modules > Integration, Features, Requirements & Actions > Maa. S 360 Portal Workflows > Troubleshooting Basics © 2011 Fiberlink Communications 2

Cloud Extender Overview > Extends Maa. S 360 Management to On-Premise Infrastructure § Installed in your network > Modular Architecture: § Agent Core : On Cloud Extender Install § Modules : Downloaded & Activated after Core Installation > Integrates with Mail Servers § § § Mail Servers : Exchange / Lotus / BES Auto Discover devices connecting to mail infrastructures Total Device Visibility Device Action Support – Block / Remote Wipe Policy Management & Auto-Quarantine (Exchange Only) © 2011 Fiberlink Communications 3

Cloud Extender Overview > Integrates with Corporate Directories § § Microsoft Active Directory / LDAP Authentication – for enrolling devices Authentication – portal login User attribute collection – Group, OU information • Replicate Corporate Directory User Groups for Devices > Integrates with Corporate Certificate Services § Microsoft NDES / Symantec Hosted PKI § Automated User Certificate Delivery to end devices • E-mail, Wi-Fi or VPN end user authentication § Supports Certificate Revocation & Auto renewal © 2011 Fiberlink Communications 4

Cloud Extender Architecture Internet XMPP over SSL Cloud Extender AD Maa. S 360 Servers Lotus Traveler . . . Customer Network IT Administrator Maa. S 360 Cloud Communication via XMPP over SSL Online & Configuration Status Tracking in Maa. S 360 Statistics & Communication timestamps from each of the integrated services © 2011 Fiberlink Communications

Basic Installation Requirements > Installed on-premise: § Microsoft Windows Server – Physical or Virtual works § 2008 R 2, dual processor, 2 G memory recommended • Will also run on Win 7 machine or MS Server 2003 > Runs as a Service Account: § Local Administrator Rights on the server > Access to Internet: § Fiberlink Servers : *. fiberlink. com, *. maas 360. com > Installation: § Downloaded from Maa. S 360 portal: • Product Downloads link on Home Page § Requires License Key for installation: • Send License Key link on Home Page © 2011 Fiberlink Communications 6

Cloud Extender - Modules Cloud Extender Modules © 2011 Fiberlink Communications

Module: Exchange Active. Sync > Version Requirements: § On Premise Mail Servers: Exchange 2007 / 2010 § Hosted Mail Servers: BPOS-D / Office 365 • *BPOS-Shared not supported > Features: § Auto Discovery of devices & policies § Device Visibility & Action Support § Auto Quarantine (AQ) • • Prevents new devices from directly connecting to Exchange Provides alerting to admins on new devices Approval / Block Workflow for devices Auto Approve enrolled devices § Policy Management • UI to Configure & Publish Exchange Policies on Maa. S 360. © 2011 Fiberlink Communications 8

Module: Exchange Active. Sync > General Requirements § Exchange 2007: • Exchange Management Tools: Uses Local Powershell Snap-ins – Needs to match the Exchange Server Version exactly § Exchange 2010 / BPOS-D / Office 365: • Remote Powershell § Powershell version 2. 0 • $host. Version on Powershell to confirm version § Service Account Requirements: • 2007 : Exchange Organization Administrator/Domain User • 2010 : Organization Management/Domain User • Office 365 : Global Administrator © 2011 Fiberlink Communications 9

Module: Exchange Active. Sync > Exchange Supported Actions § The following actions are available directly from Device View • • • Approve Block Change Active. Sync Policy [Device to Policy Assignment] Wipe Device Remove Device from Exchange Server © 2011 Fiberlink Communications 10

Module : Lotus Notes Traveler > Version Requirements: § 8. 5. 2 Domino and Traveler environment & higher • 8. 5. 2 introduces Android Support > Features: § Auto Discovery of Traveler Devices § Device Action Support – Remote Wipe / Block § No AQ or Policy Management > General Requirements § Lotus Notes Client (single-user) installed § Configured with the ADMIN notes. id and then exited • Needs to be exited for us to access the API’s § A Domino account and credentials with sufficient rights to perform Domino/Traveler Admin functions. • Least access level of Server Remote Admin • Manager w/ delete access to Traveler. nsf. §. NET Framework 3. 5 or higher © 2011 Fiberlink Communications 11

Module : Lotus Notes Traveler > Traveler Supported Actions § The following actions are available directly from Device View • Block • Wipe Device – Wipe internally blocks the device – Default Domino functionality. • Remove Device from Traveler © 2011 Fiberlink Communications 12

Module: Black. Berry Enterprise Server > Version Requirements: § BES 5. 0 or higher > Features: § Auto Discovery of devices § Support for enrollment of new Blackberry devices § Policy Assignment & Action Support > General Requirements § Blackberry Administrator APIs installed on the server that hosts the Blackberry Administrative Console • (BES 5. 0 SP 1 and above preinstalls these automatically). § BAS Server name & Port § Administrator Account: Supports both AD and BES Admin • Minimum rights of Security Manager §. NET Framework 3. 5 or higher © 2011 Fiberlink Communications 13

Module: Black. Berry Enterprise Server > Enrollment workflow integration with Maa. S 360 allows Admins to provision new Blackberry devices § Customer may also keep existing process, this is optional > User gets email with URL for enrollment and accesses that URL from Blackberry device > User is prompted for either passcode or AD credentials and accepts EULA > After authentication § User record is imported to BES (if doesn't’t already exist) § User record is assigned policy § Random activation passcode is generated and sent to user > User enters passcode and device registers to BES © 2011 Fiberlink Communications 14

Module: Black. Berry Enterprise Server > Black. Berry Supported Actions § The following actions are available directly from Device View • • • Refresh Device Information Send Message Reset Device Passcode Wipe Device Change BES Policy Remove Device from BES © 2011 Fiberlink Communications 15

Module: Active Directory > Active Directory Requirements § Microsoft Active Directory § LDAP – Oracle, Domino, Novell & Open LDAP > Features: § § Authentication during Device Enrollment Authentication during Portal Login User authentication during Enterprise App installation End User Portal Authentication > General Requirements § Powershell 2. 0 § Service account • Local Admin on Cloud Extender machine • Domain User on Domain © 2011 Fiberlink Communications 16

Module: User Visibility > User Visibility Requirements § Microsoft Active Directory § LDAP – Oracle, Domino, Novell & Open LDAP > Features: § User attribute collection & availability in Maa. S 360 • Group Information, OU data etc. § Maa. S 360 Features: • • Grouping devices based on Corporate Directory Groups Dynamic Policies & Dynamic Compliance Rules Restrict device enrollment to specific groups Restrict admin access to portal belonging to specific groups > General Requirements § Powershell 2. 0 § Service account • Local Admin on Cloud Extender machine • Domain User on Domain © 2011 Fiberlink Communications 17

Module: Certificate Integration > Version Integration § Microsoft Certificate Services 2003 & 2008 R 2 § Symantec Managed PKI v 8 > Features: § Requires creation of Certificate Templates on Cloud Extender • Points to CA with authentication credentials § Device certs for Wireless/E-mail/VPN authentication • i. OS Only Support as of today > General Requirements: § MS: Integrates with Network Device Enrollment Service(NDES) • 2008 R 2: Installed via Server Manager • 2003: Free Download here. § Symantec • Access to a Symantec MPKI environment • An Registration Certificate to provide to the CE © 2011 Fiberlink Communications 18

Module: Certificate Integration > Microsoft NDES Integration Architecture Example: © 2011 Fiberlink Communications

Maa. S 360 Portal Workflows > Manage >> Manage Maa. S 360 Cloud Extenders § Configuration / Online Status § Cloud Extender Data: • Summary – Activated Services, Modules – Service Accounts, Server H/W Inventory • Exchange, Traveler, BB, AD, LDAP or Cert – Statistics & Communication Dates § Actions • Configure CE Settings – Exchange Policies for AQ • • Refresh Data: from various modules Remove Devices: Cleans old records Upgrade / Uninstall CE Mark as Inactive © 2011 Fiberlink Communications

Maa. S 360 Portal Workflows > Test Actions: § Tests authentication § Tests reachability

Troubleshooting Basics > Cloud Extender Requirements prior to Installation § (90% of the troubles occur during install) § Decide where the Cloud Extender should be installed • Can be physical or virtual machine • Check OS Requirements in “Cloud. Extender. Installation. pdf” § Communication Requirements between Cloud Extender and the Maa. S 360 Servers on port 80 and 443: • https: //mpns. maas 360. com 208. 76. 128. 168 • https: //services. fiberlink. com 208. 76. 128. 153 208. 76. 132. 59 208. 76. 130. 187 • http: //internettest. fiberlink. com 208. 76. 128. 58 208. 76. 132. 21 • http: //upload. fiberlink. com 72. 21. 0. 0/16 © 2011 Fiberlink Communications

Troubleshooting Basics > Cloud Extender Requirements prior to Installation § Documented in “Cloud Extender Requirements Cheat Sheet V 3. doc” or a later doc § Make sure customer got the required server versions running (Exchange 2007, 2010, Lotus Domino 8. 5. 2, etc. ) § Cloud Extender accounts for the servers need to have the correct rights settings (i. e. Organization Management Rights for Exchange 2010…) § Specific SW components needs to be installed on the machine where cloud extender is running • i. e. Exchange management tools • or Power Shell Version 2 • …. © 2011 Fiberlink Communications

Troubleshooting Basics > Cloud Extender Requirements during Operation §. . are the same as before installation > Possible Issues § Communication between Cloud Extender and Maa. S 360 is broken or not working properly • Cloud extender will be seen as offline in Maa. S portal, Fiberlink OPS will see XMPP errors when trying to communicate whit the Cloud Extenders and will inform o 2 helpdesk. Use refresh data action. • Caused by – – – Changes in the customers proxy setup New firewalls blocking traffic Routing issues to the internet DNS issues through the proxy server or direct New VLAN setup or changes to configuration Etc. . © 2011 Fiberlink Communications

Troubleshooting Basics > Possible Issues § Communication between Cloud Extender and Servers is not working as needed • No direct indication in Maa. S today (!) Use test actions to proof operation • Caused by: – Different Protocol issues: LDAP, Powershell, other proprietary protocols may be filtered – Routing and Switching issues – ACLs in routers/routing switches or new firewall rules – Changed VLAN structure / issues in new VLAN configuration – Etc… © 2011 Fiberlink Communications

Troubleshooting Basics > Possible Issues § Admin Accounts are changed or deleted • No direct indication in Maa. S today (!) Use test actions to proof operation • Caused by: – Changed rights of the admin accounts to perform required actions on the servers. – Deleted admin account on a server © 2011 Fiberlink Communications

Troubleshooting Basics > Possible Issues § Required SW was uninstalled • Maa. S Portal shows configuration status unchecked • Caused by: – – – Deleted Exchange Mgnt. Tools Upgraded Exchange Server version but not Exchange Mgnt. Tools Uninstalled. Net version Changed / wrong configuration on the Cloud Extender (typo? ) Etc. . © 2011 Fiberlink Communications