Table Stakes for MDM Jump a Notch


Two recent developments that address IT's complex job of managing and securing multiple operating systems reflect new approaches to conquering mobile device management (MDM) challenges and deliver overhauled price points for getting table-stakes MDM features.

As you're likely aware, nearly everything but the kitchen sink is moving into the cloud. Mobility is no different, except that the pricing model for getting MDM as a cloud service was turned on its ear last week by MDM newcomer Centrify. The eight-year-old company brought a base set of security and MDM features to the cloud for a game-changing price: $0.

How? More about that in a minute.

Feb20-WirelessArt-2.jpgBecause if that didn't shake things up enough, Wi-Fi vendor Aruba Networks has announced a network-agnostic, multi-OS access management system (also available as a cloud service) called ClearPass, which encroaches onto MDM territory. It offers automated device provisioning, five-tier device profiling, mobile app delivery and device health and compliance posture checks for iOS, Android, Mac OS and Windows devices.  

Aruba's ClearPass can be overlaid onto any Ethernet, Wi-Fi or virtual private network (VPN) infrastructure (not just Aruba's own Wi-Fi networks). It provides access restriction based on risk level, the quarantine and remediation of compromised devices and cloud-based self-configuration of a device's 802.1X network security settings. The company estimates per-seat costs at $17 per user, based on 1,000 users with 2.5 mobile devices each and 100 guests.

Asserts Robert Fenstermacher, director of product marketing at Aruba: "Aruba ClearPass will obviate the need for MDM in most cases."

Diverse Means to a Similar End

These moves reflect a burgeoning MDM industry hard at work to rein in the havoc created by the consumerization of IT and the bring-your-own-device (BYOD) mobility trend among today's employees.

While most observers wouldn't categorize Aruba and Centrify together, when it comes to MDM, their stories sound similar: they both portend to deliver secure, automated onboarding of iOS, Android, Mac OS and Windows devices (and Linux and Unix, in Centrify's case) over any kind of network.  

Unsurprisingly, Aruba prefers to compare itself to the likes of big networking vendors like Cisco, Juniper and HP with network support that extends beyond just mobility. Centrify is more comfortable being described as an entrant into the MDM space with an extension of its core product line, which subsidizes the free MDM cloud services.

The Microsoft Approach

Centrify comes at the complex problem of managing today's multi-OS mobile environments from its historical experience with allowing non-Microsoft systems - specifically various flavors of Unix and Linux - to join the Microsoft Active Directory domain. It has extended its centralized login, password enforcement and group policy management capabilities from these non-Windows OSs to include Apple iOS (and Macintosh OS X) and Google Android platforms.

The company believes that many MDM capabilities should be commoditized because they are dictated by the mobile OS maker and thus common across MDM systems.

"Apple has published an Apple MDM API," explains Centrify CEO and co-founder Tom Kemp. "If you look at vendors who manage iOS, the vast majority of capabilities are exactly the same. Apple has completely leveled the playing field in terms of what you can do. If you do anything extra, you're jailbreaking the device."

So, amid the crowd of MDM vendors, Centrify announced a free version of a new MDM service, called Centrify Express for Mobile, "for an unlimited number of devices with no time-bomb for when the free version expires," Kemp says. A paid version, called Centrify Direct Control for Mobile, costs about $24 a seat and brings technical support and additional, premium features to the table.

The catch? If you've standardized on a directory other than Microsoft AD, the Centrify freebie won't do you much good.

Ironically, none of the Microsoft mobile platforms - Windows Mobile, Windows CE or Windows Phone 7 - support Active Directory, says senior director of product management David McNeely, so Centrify is not supporting those platforms. Nor does it support Symbian, BlackBerry, or other mobile OSs kicking around, such as HP webOS.

Same story for Aruba.

McNeely states, "We meet 80% of market need with Android and iOS out of the gate."

That might be true. But if you're in the other 20% with additional device and OS requirements, you'll need another solution instead of, or in combination with, the Centrify and the Aruba solutions.

That's the situation across the entire MDM movement. Vendors from all walks of life are bringing important pieces of the puzzle to the table, but few alone are comprehensive enough to do it all.

Email and Social Media Links: Share securely via email |  |


Joanie, I find it interesting that even more players are rushing to enter this congested field. Of the 50+ MDM vendors identified by Gartner about a year ago, I don't think many have dropped out or gotten acquired...yet.

What these announcements suggest to me is that MDM isn't yet bubbling down to a common set of core features. Network infrastructure that expands to provision mobile devices is only biting off perhaps 1/3 of "MDM functionality." And, while Apple dictates MDM APIs and therefore iPhone/iPad admin capabilities, I hope we learned from BlackBerry/BES not to put all mobile "eggs" into one basket.

Many MDMs may sound superficially similar; it's tempting to believe "every MDM that manages iOS (or Android) does the same thing" - but I disagree.

Here, Aruba and Centrify are both focusing on reduced TCO thru tighter integration - albeit in entirely different ways. HOW you deliver functionality is extremely important, but it isn't the whole picture. WHAT functionality you are capable of delivering is still critical. I think the MDM market has a long way to go before that "WHAT" becomes commonplace or commodity.


"The pricing model for getting MDM as a cloud service was turned on its ear last week by MDM newcomer Centrify. The eight-year-old company brought a base set of security and MDM features to the cloud for a game-changing price: $0."

Neat, but hardly game changing. Isn't this pretty much exactly the same thing that Xigo did 10 months ago?

Hank, great way to illustrate the point I was trying to make...

Xigo also offers a free cloud service, but it does wireless COST management (e.g., track usage, roaming, purchasing). Aruba and Centrify don't do ANY of that - although both deliver a bunch of DEVICE provisioning capabilities that Xigo doesn't even try to.

Hard to figure out how "mobile management" products line up without direct feature comparison.


What will happen when the IT departments succeed in taking over the management of the devices that the users bought and brought into their cubicle? MDM is a knee-jerk response to Bring Your Own (BYO). I witnessed minicomputers coming in because the mainframe was inapproachable, then PC’s when the same thing happened to minicomputers. Now we have users escape to smart phones and tablets to get away from the reign of their IT department, and again IT tries to be their guardian angel, straight jacking them in the process. Let’s pause and think.

A major source of this permanent disconnect is that IT thinks it is responsible for the firms information. That is not entirely their fault, because when IT ever raises the issue of data security, they are told that everything digital is in their court. Of course, it isn’t. IT is merely the provider of the tools; the business is solely responsible for its data and must define what should be protected, weighing the cost of protection measures against the value of the data and the consequences of a breach.

BYO is not only a result of the availability of affordable, approachable, capable devices. It is as much fed by the fear of businesses to estrange the next generation of workers, those who come to their first day at the job already fully connected, asking not for a desk but for the URL to company cloud. These guys and gals are more like independent contractors than employees. They run their own IT-show. Don’t expect to tell them what to do or not. Tell them - in a contract - to guard your information, just as you would with a print shop or document shredding service. And just as with any other new provider, ask them how they are planning to keep your data safe. If they don’t have good answers, if they ask, beg, for it, IT can offer to help. But don’t take over their devices, because it is theirs and you don’t want to be responsible for it. If things go wrong, it is never IT's fault again.

Join the Webtorials Community
Subscription Maintenance

Featured Sponsors

Recent Comments

Webtorials TechNotes

Featured Analysts

Gary Audin, Delphi, Inc.

Michael Finneran, dBrn Associates

William A. Flanagan, Flanagan Consulting

Douglas Jarrett, Keller and Heckman LLP

Jim Metzler, Ashton, Metzler & Associates

Lisa Phifer, Core Competence

Dave Powell, Independent Technical Writer

David Rohde, TechCaliber Consulting LLC

Steven Taylor, Distributed Networking Associates, Inc.

Joanie Wexler, Technology Analyst/Editor


Steven Taylor

TechNotes is a special program of Webtorials and Distributed Networking Associates, Inc.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2013, Distributed Networking Associates, Inc.