- A TechNote on Wireless and Mobility
- Joanie M. Wexler
- Technology Analyst/Editor
- Editorial Director, TechNotes
As you're likely aware, nearly everything but the kitchen sink is moving into the cloud. Mobility is no different, except that the pricing model for getting MDM as a cloud service was turned on its ear last week by MDM newcomer Centrify. The eight-year-old company brought a base set of security and MDM features to the cloud for a game-changing price: $0.
How? More about that in a minute.
Because if that didn't shake things up enough, Wi-Fi vendor Aruba Networks has announced a network-agnostic, multi-OS access management system (also available as a cloud service) called ClearPass, which encroaches onto MDM territory. It offers automated device provisioning, five-tier device profiling, mobile app delivery and device health and compliance posture checks for iOS, Android, Mac OS and Windows devices.
Aruba's ClearPass can be overlaid onto any Ethernet, Wi-Fi or virtual private network (VPN) infrastructure (not just Aruba's own Wi-Fi networks). It provides access restriction based on risk level, the quarantine and remediation of compromised devices and cloud-based self-configuration of a device's 802.1X network security settings. The company estimates per-seat costs at $17 per user, based on 1,000 users with 2.5 mobile devices each and 100 guests.
Asserts Robert Fenstermacher, director of product marketing at Aruba: "Aruba ClearPass will obviate the need for MDM in most cases."
Diverse Means to a Similar End
These moves reflect a burgeoning MDM industry hard at work to rein in the havoc created by the consumerization of IT and the bring-your-own-device (BYOD) mobility trend among today's employees.
While most observers wouldn't categorize Aruba and Centrify together, when it comes to MDM, their stories sound similar: they both portend to deliver secure, automated onboarding of iOS, Android, Mac OS and Windows devices (and Linux and Unix, in Centrify's case) over any kind of network.
Unsurprisingly, Aruba prefers to compare itself to the likes of big networking vendors like Cisco, Juniper and HP with network support that extends beyond just mobility. Centrify is more comfortable being described as an entrant into the MDM space with an extension of its core product line, which subsidizes the free MDM cloud services.
The Microsoft Approach
Centrify comes at the complex problem of managing today's multi-OS mobile environments from its historical experience with allowing non-Microsoft systems - specifically various flavors of Unix and Linux - to join the Microsoft Active Directory domain. It has extended its centralized login, password enforcement and group policy management capabilities from these non-Windows OSs to include Apple iOS (and Macintosh OS X) and Google Android platforms.
The company believes that many MDM capabilities should be commoditized because they are dictated by the mobile OS maker and thus common across MDM systems.
"Apple has published an Apple MDM API," explains Centrify CEO and co-founder Tom Kemp. "If you look at vendors who manage iOS, the vast majority of capabilities are exactly the same. Apple has completely leveled the playing field in terms of what you can do. If you do anything extra, you're jailbreaking the device."
So, amid the crowd of MDM vendors, Centrify announced a free version of a new MDM service, called Centrify Express for Mobile, "for an unlimited number of devices with no time-bomb for when the free version expires," Kemp says. A paid version, called Centrify Direct Control for Mobile, costs about $24 a seat and brings technical support and additional, premium features to the table.
The catch? If you've standardized on a directory other than Microsoft AD, the Centrify freebie won't do you much good.
Ironically, none of the Microsoft mobile platforms - Windows Mobile, Windows CE or Windows Phone 7 - support Active Directory, says senior director of product management David McNeely, so Centrify is not supporting those platforms. Nor does it support Symbian, BlackBerry, or other mobile OSs kicking around, such as HP webOS.
Same story for Aruba.
McNeely states, "We meet 80% of market need with Android and iOS out of the gate."
That might be true. But if you're in the other 20% with additional device and OS requirements, you'll need another solution instead of, or in combination with, the Centrify and the Aruba solutions.
That's the situation across the entire MDM movement. Vendors from all walks of life are bringing important pieces of the puzzle to the table, but few alone are comprehensive enough to do it all.
Joanie, I find it interesting that even more players are rushing to enter this congested field. Of the 50+ MDM vendors identified by Gartner about a year ago, I don't think many have dropped out or gotten acquired...yet.
What these announcements suggest to me is that MDM isn't yet bubbling down to a common set of core features. Network infrastructure that expands to provision mobile devices is only biting off perhaps 1/3 of "MDM functionality." And, while Apple dictates MDM APIs and therefore iPhone/iPad admin capabilities, I hope we learned from BlackBerry/BES not to put all mobile "eggs" into one basket.
Many MDMs may sound superficially similar; it's tempting to believe "every MDM that manages iOS (or Android) does the same thing" - but I disagree.
Here, Aruba and Centrify are both focusing on reduced TCO thru tighter integration - albeit in entirely different ways. HOW you deliver functionality is extremely important, but it isn't the whole picture. WHAT functionality you are capable of delivering is still critical. I think the MDM market has a long way to go before that "WHAT" becomes commonplace or commodity.