How It Works - Symbol Technologies

How It Works - Symbol Technologies
3.0
Mobile Device Management
How It Works
Revised 9/18/02
TA B L E O F C O N T E N T S
INTRODUCTION........................................................................................................................................... 1
ARCHITECTURE OVERVIEW........................................................................................................................ 1
THE AVALANCHE ENABLER....................................................................................................................... 2
THE AVALANCHE AGENT............................................................................................................................ 2
Deploymnet: Flexibility and Scalabilty.............................................................................................. 3
Automated Mobile Device Configuration......................................................................................... 3
Configuration Groups and Rules...................................................................................................... 3
Site Profiles......................................................................................................................... 4
Software Profiles................................................................................................................. 4
Configuration Profiles.......................................................................................................... 4
THE ADMINISTRATIVE CONSOLE............................................................................................................. 4
ADDITIONAL FEATURES............................................................................................................................ 5
Terminal ID....................................................................................................................................... 5
Bandwidth Management.................................................................................................................. 5
Scheduling ....................................................................................................................................... 5
Historic Logging .............................................................................................................................. 5
Backup/Restore ............................................................................................................................... 5
Text Messaging ............................................................................................................................... 5
TYPICAL INSTALL SCENARIO .................................................................................................................... 5
AVALANCHE PACKAGE BUILDER .............................................................................................................. 7
COMBINED WITH WAVELINK MOBILE MANAGER .................................................................................. 7
Automated WEP Key Rotation ........................................................................................................ 7
Rogue Access Point Detection ........................................................................................................ 8
Managed Roaming (Future) ............................................................................................................. 8
CONCLUSION ............................................................................................................................................. 9
INTRODUCTION
Wavelink Avalanche was designed to reduce the total cost of ownership of mobile devices throughout an enterprise by
automating device deployment and by improving efficiency of any ongoing management and maintenance of software and device
configuration.
Wavelink Avalanche eliminates IT costs by:
• Eliminating requirements to pre-stage equipment prior to updates
• Reducing IT travel to remote locations for device installs and management
• Eliminating field downtime during updates and upgrades
• Improving ongoing attention to revision maintenance
The advantages of Wavelink Avalanche are:
• Consolidated view of mobile devices from a single central Administrative Console
• Visibility to device properties, configuration and software installs
• Automated, “hands off ” updates, remote site installations and software upgrades
• Seamless support for multiple device types, vendors and architectures
(PCs, Windows CE, Palm, DOS, Bar code computers, etc.)
• Enhanced security through central maintenance of settings
• Supports advanced features such as automated WEP key rotation, rogue access point detection and managed
roaming. 1
ARCHITECTURE OVERVIEW
Avalanche is based on a distributed architecture that is highly flexible and scalable. “Agent” components can be installed centrally
or placed as close to the managed systems as possible to deliver extremely effective real time management and maintenance.
Wavelink Avalanche consists of three primary components:
• Avalanche Enabler
• Avalanche Agent
• Avalanche Administrative Console
The Enabler is the component that is loaded on the mobile device to be managed. It interacts with the operating system and
APIs on the device to deploy updates and changes. The Enabler receives its instructions and updates from the Avalanche Agent,
which stores all configuration information about mobile devices, maintains the logic about when to perform updates, etc. The
Agent receives its instructions from administrative personnel from the Avalanche Administrative Console. Each of these three
pieces is independent and can communicate to each other over the network.
1 Available when Avalanche is combined with Wavelink Mobile Manager.
w w w. w a v e l i n k . c o m
Wavelink Avalanche 01
T H E AVA L A N C H E E N A B L E R
Avalanche Enablers need to be pre-loaded on mobile devices to be managed. This can be performed over a serial or network
connection. However, many mobile device and wireless vendors are making Avalanche Enablers available from the factory. Check
with your device or wireless vendor for Avalanche availability.
Avalanche Enablers are operating system and, sometimes, device specific. The capability of the operating system defines the
level of functionality of the Enabler. In multi-tasking operating systems such as Windows™, the Enabler has the ability to run as a
background task and check with the Avalanche Agent for updates on a periodic basis. In DOS or embedded OS devices, the
Enabler may only check for updates during the boot sequence and then suspend operations to allow application software to run.
The Enabler communicates with the Avalanche Agent over the network or a serial connection. If an Agent is found, a quick
synchronization check is performed and an update occurs as needed. Only the updated components will be downloaded to
minimize download time. The Enabler allows updates to be initiated in several ways.
Options for Initiating Device Updates
• Prompted by the mobile device user
• Prompted by the administrator from the Administrative Console
• On a scheduled basis defined for each mobile device at the Administrative Console.
The Avalanche Enabler is designed so that more than one application can be installed at the same time even on DOS devices.
Applications with contradicting environmental requirements (such as different RAM drive sizes or unique sets of loaded drivers)
that previously would be unable to share a mobile device can do so with Avalanche. A device running Avalanche can allow the
mobile device user to choose which application to run when more than one is present.
T H E AVA L A N C H E AG E N T
The Avalanche Agent stores the configuration settings and software to be deployed along with the rules used to assign these
settings to the mobile devices throughout your enterprise. The Agent can run centrally and communicate across a WAN (at the IP
level), or multiple Agents can be deployed to locations throughout the network to distribute the load.
Agents communicate to mobile devices primarily at Layer 3 (IP). However, Agents can also communicate to devices across a
serial connection and at Layer 2 (MAC). Serial connections are especially useful for hand held devices such as Palm, Pocket PC
and application specific devices (such as handheld bar code computers). Serial connectivity is valuable for communications that
require extra security and for recovering devices that have been blocked off the wireless network. MAC layer communication is
valuable for automated discovery and configuration (see below).
Agent services can be left running or brought down without impacting the mobile devices under management control. Unlike a
“communication gateway” the Avalanche Agent does not become a weak link which can cause mobile devices to become
inoperable if unavailable.
w w w. w a v e l i n k . c o m
Wavelink Avalanche 02
Deployment: Flexibility and Scalability
The separation of the user interface functions and the working Agents allows Avalanche to deliver several distinct advantages,
including the ability to:
1. Deploy Agents closer to devices under management control. This significantly reduces the network traffic required to
update multiple devices.
2. Deploy Agents directly on wireless subnets so that automated discovery, configuration and update can be performed
on mobile devices even without a pre-assigned IP address.
3. Deploy Agents on VPNs so that management control can be maintained in environments using IPSec security.
4. Allow administrators anywhere on the network to connect to and control the devices through the deployed Agents.
5. Minimize the amount of server resources required on any single box.
6. Maximize scalability.
7. Eliminate the risk of a central point of failure.
Automated Mobile Device Configuration
By picking up periodic layer 2 broadcasts from the Enablers on mobile devices, a local Avalanche Agent (resident on the subnet or
broadcast domain) can automatically detect mobile devices before an IP address has been assigned. This allows all the configuration work and software installation to be performed automatically by Avalanche rather than manually configuring every device.
Although this function requires deploying an Avalanche Enabler to the device beforehand, many mobile device and WLAN card
vendors are now pre-loading or bundling Wavelink Avalanche with mobile device software. Ask your wireless or mobile device
manufacturer about Avalanche availability.
Configuration Groups and Rules
The Avalanche Agent maintains a list of known mobile devices and the information needed to manage them. Configuration
Profiles, Software Profiles, and Site Profiles together contain:
• Software and/or settings to be deployed
• Criteria that define the devices to which these settings will be applied
• Rules by which these settings will be deployed
In environments with multiple Agent, Profiles and their settings can be replicated rapidly to maintain consistent configuration and
software across devices throughout the entire enterprise.
Site Profiles
A Site Profile is a master template within the Agent. Multiple Site Profiles containing different sets of configuration and software
profiles can be maintained within a single Agent. These profiles are particularly useful when different settings need to be applied
on different occasions. Site Profiles are also useful for users that maintain the Agent and Administrative Console on a portable
computer. For these users a different Site Profile can be created for each facility they visit and log in to.
w w w. w a v e l i n k . c o m
Wavelink Avalanche 03
Software Profiles
Any software product can be packaged for deployment to mobile devices using Wavelink Avalanche. A simple Avalanche Packager
SDK allows any software package to be wrapped and inserted into the Avalanche Agent for deployment. Multiple software
components can be bundled together into a Software Profile to which a set of rules can be applied that defines where this
software will be deployed. These rules take the form of “Selection Criteria.”
Selection criteria allow a user to define a group of devices targeted to receive the software by identifying the specific attributes
that a device must have to be eligible for software within the profile. These attributes can include specific device properties such
as its operating system, radio type, IP address (range), or even screen size (specifically for PDAs and application specific
computers). A complete list of properties used for selection and profile assignment is available in the Avalanche user
documentation.
Software packages can be built with the ability to configure them prior to running them on the target device. Examples of this
might be an application with specific connectivity options to the network, or an application that is used to configure internal
settings on the mobile device. These settings can be pre-defined through Avalanche before deployment. Changes to configuration settings will be identified by the Agent and can trigger a forced update to the group of mobile devices defined by the
selection criteria for this software.
Configuration Profiles
Configuration Profiles define the network and wireless settings to be deployed to, and maintained on, the devices under
management control. Multiple profiles can be maintained and assigned to various mobile devices.
Within a Configuration Profile, parameters such as the ESSID, WEP Key settings, subnet mask, gateway, and IP address scheme
(DHCP or static IP assignment) can be defined. A “default profile” can be designated which allows newly recognized devices to
be configured using those settings by default.
T H E A D M I N I S T R AT I V E C O N S O L E
The Avalanche Administrative Console is the central user interface through which the administrator issues commands to the
Agents. Users with the correct password can log on to any Console and connect to any Agent. The Console allows the
administrator to view all known devices, identify device settings and software loads, configure profiles, schedule updates, and
immediately identify the success or failure of updates to each device on the target list.
In addition to defining profiles the Console lets the administrator perform a variety of functions including:
• Define update parameters to limit bandwidth consumed by management and update tasks
• Scheduling of update activity to avoid peak network periods
• Backup of configuration information
• Exporting data regarding managed devices
• Log device histories
w w w. w a v e l i n k . c o m
Wavelink Avalanche 04
A D D I T I O N A L F E AT U R E S
Terminal ID
Assign a unique name or identifier to each mobile device to more easily identify the device, the user, and the device’s function.
Bandwidth Management
Allow each Agent to update all devices under management control simultaneously or limit the number of simultaneous updates to
a specific number of devices in order to preserve network bandwidth. This is especially important when updating large software
programs.
Scheduling
Identify the date and time you want updates to occur. This feature allows you to select times when most devices are available
and avoid peak periods of network activity.
Historic Logging
Record and report on all relevant device parameters such as IP address, MAC address, device type, device name or ID, operating
system, etc. This information, plus a record of all management and update activity to each device, is maintained by Avalanche for
reporting and analysis purposes.
Backup/Restore
Backup all configuration and settings information from the Avalanche Agent to prevent loss in the event of a failure. This capability
allows administrators to quickly recover from device or server failures and is valuable in copying configuration settings across
Agents in multi-Agent systems.
Text Messaging
From the Administrative Console users can create a text message to send to Avalanche enabled mobile devices. The text message will show up immediately; directly on the display of the mobile device. This capability gives administrators a powerful, real
time method of communicating with users previously unavailable.
T Y P I C A L I N S TA L L S C E N A R I O
Wavelink Avalanche software management makes installing or upgrading mobile devices across an entire enterprise easier than
has been possible with any previous system. To illustrate, here is a typical installation sequence:
1. Install Avalanche Agent services throughout the enterprise (or on a single server in a central location) as desired.
2. Install the Administrative Console onto any Windows PC (NT 4.0, 95, 98 or 2000.) and connect to an Avalanche Agent.
3. From the Administrative Console install the applications that you will need onto the Agent. Each application comes as a selfinstalling Windows executable.
4. (Optional) Perform any fine-tuning desired for each software package. The Package can be moved into a particular software
Wavelink Avalanche 05
collection and assigned mobile device selection criteria. For Wavelink applications (emulation or Studio clients) a GUI user interface
is provided to configure any of the package’s properties, host profile lists, etc. Just locate the software package in the
Administrative Console’s system summary tree and select Configure Package.
5. (First time only) Install the Avalanche Enabler into any mobile devices that have not
previously received this software. You may want to check to see if Avalanche has already been pre-installed by the device manufacturer or made available by the radio vendor. 2
To simplify bringing up a large site, all networking parameters can be pre-configured
into the Enabler before downloading, or the console can be configured to transmit all networking parameters to the mobile
devices when they first come up after receiving the Enabler.
6. Allow each mobile device to automatically receive the software it needs.
NETWORK : To transfer the data, just open the Avalanche Enabler or client utility. In the case of DOS devices, simply re-boot. If
the mobile devices have not already been configured for IP communications, see step 6 below for options.
SERIAL : To transfer the data serially, just boot the devices while they are
serially attached to the Administrative Console.
7. Configure the IP and Wireless Networking Parameters for each mobile device that is
not already configured. This can be accomplished using a number of methods:
a. DHCP or BOOTP. Wavelink’s DHCP client is very complete, including automatic lease renewal when used with any
Wavelink Telnet Emulation Client.
b. Direct assignment from the Administrative Console. The console can automatically assign all IP and Wireless
networking parameters directly to the mobile devices. If using this feature then the devices will receive all
parameters automatically during step 5 described above. An IP address can be assigned to each device from a pool
configured at the console, or the console can direct the device to use DHCP.
c. All parameters can be checked or modified directly at the mobile device. That's the entire process!
2 Each mobile device type has its own method for initially downloading software. A very efficient hex download utility has been
built into the Administrative Console that allows downloading at 38400 baud to multiple devices without requiring flow control
(making fast simultaneous downloads possible).
w w w. w a v e l i n k . c o m
Wavelink Avalanche 06
AVA L A N C H E PA C K A G E B U I L D E R
The Avalanche Package Builder SDK simplifies the process of preparing and configuring software deployed to mobile devices
using Wavelink Avalanche. The SDK provides an easy-to-use graphic interface that allows a user to:
• Bundle software into the Avalanche Administrative Console and file system
• Configure the selection criteria that defines which mobile devices will receive the software
• Specify settings within the software
More detail on the Avalanche Package Builder SDK and how it is used is available in the Package Builder User’s Guide.
C O M B I N E D W I T H WAV E L I N K M O B I L E M A N AG E R
Wavelink’s suite of wireless management solutions consists of two primary products: Avalanche for device management and
Mobile Manager for wireless LAN access point management. In combination, these two products provide a complete wireless
domain management solution.
Wavelink offers a Administrative Console that allows an administrator to support both product functions and the functions delivered by the combination of the two products, from a single user interface. Enhanced functionality available by leveraging both
products is in various stages of development and availability.
Automated WEP Key Rotation
Wavelink’s automated WEP key rotation allows wireless LAN network managers to implement effective over-the-air encryption on
devices that do not have the capacity to support 802.1X or EAP. It also delivers security to users without having to invest in
expensive RADIUS server implementations.
WEP keys provide a valuable and simple security mechanism that prevents access to your system by over 99.9% of the wireless
population around you. The fact is that, historically, most wireless LAN users never enabled the basic security functions such as
WEP encryption and access control lists. The reason for this is lack of manageability. The work involved with trying to maintain
and update encryption keys and access control lists across hundreds of access points and mobile devices by touching each device
individually is completely unreasonable.
By implementing a management strategy that centralizes these functions the work involved with this aspect of security maintenance can be eliminated. Updates can then be performed as frequently as desired – thus delivering the ability to automatically
update WEP keys at an interval measured in minutes rather than months. By changing the WEP keys this frequently it makes it
impossible for hackers to pick up enough weak “initialization vectors” to break the encryption algorithm.
w w w. w a v e l i n k . c o m
Wavelink Avalanche 07
Rogue Access Point Detection
There is no completely reliable method of detecting rouge access points on the wired side of the network. Wavelink’s solution to
detecting rogue APs is uniquely based on leveraging your existing community of mobile devices. Using Wavelink Avalanche
Enablers, a report is generated of all the access points detected and recorded within range of the mobile device. This report is
then compared to both the wired side detection of new access points and the list of known access points available from Mobile
Manager.
An access point reported by an Avalanche user that is not visible on the wired network is likely to be a wireless system from a
neighbor – or a “foreign” access point. An access point that is also visible on the wired network, but is not under management
control, is considered a “rogue” access point. There is a strong possibility that this access point has been placed on the network
without appropriate security settings, perhaps outside an established wireless VPN. Rogue access points represent a significant
breach into network and corporate security.
Managed Roaming (future)
Managed roaming is designed to ensure that your users associate only to approved access points within your enterprise. This
means that mobile users will not connect to “foreign” access points that are not on your wired network – whether they are
placed within range of your users maliciously or not.
These APs may be in your neighbor’s building, on the floor below you or possibly across the street at the coffee shop. Because
802.11 wireless LANs operate in unlicensed frequencies, the problems with neighbor’s networks interfering with each other
increases as wireless LAN technology continues to grow in popularity. Foreign APs can cause trouble by generating a stronger
link signal for your mobile devices than one of your own access points, causing mobile devices to roam away from your own network.
Problems may arise from users simply booting up PCs and having them unwittingly connect to an incorrect AP because it had the
strongest signal (especially problematic with Windows XP) or because a malicious entity is listening for your broadcast ESSID and
sets up an access point on the same ID nearby (perhaps with a directional antenna with the specific aim of having your users
associate to his network).
By maintaining lists of both mobile devices and known access points within the enterprise, Wavelink solutions can ensure that
mobile users are not routed away from the network by foreign access points. A list of “exclude APs” will not allow mobile
devices to associate to specific known foreign APs and a list of “Managed APs” can define the acceptable APs to associate to.
This ensures seamless connectivity, and prevents outside parties from “capturing” your mobile users with access points near
your facilities that have the same wireless IDs (ESSID).
w w w. w a v e l i n k . c o m
Wavelink Avalanche 08
CONCLUSION
With 10 years of experience delivering wireless LAN solutions, Wavelink enjoys an industry leadership position that is reinforced
by the broad adoption of Wavelink solutions by the largest enterprises around the world.
As a part of Wavelink’s wireless management solutions, Avalanche offers a highly flexible and scalable software architecture for
performing mobile device configuration, software deployment and maintenance across a wide variety of devices that communicate to the network across a wireless LAN.
The benefits of incorporating Avalanche into your wireless system design include:
• Central visibility and control of mobile devices
• Detailed device visibility including:
o Software loads
o Firmware
o Network and wireless configuration settings
o Device property information such as operating system, wireless type and processor
• Rapid, hands-off updates of mobile devices located anywhere in the enterprise
• Automated software and configuration maintenance
• Enhanced security through central maintenance of settings
• Seamless support for many wireless devices with dissimilar device architectures
Combining Avalanche with Wavelink Mobile Manager for access point infrastructure management delivers even greater value and
security management with features such as rogue access point detection and managed associations.
Wavelink Mobile Manager and Avalanche deliver unparalleled value to IT organizations around the world. Together these solutions
provide the only comprehensive wireless infrastructure and mobile device management solution that supports a broad base of
vendor solutions and mobile device types.
Wavelink Corporation
11332 NE 122nd Way, Suite 300
Kirkland, WA 98034
1.888.697.WAVE
w w w. w a v e l i n k . c o m
Wavelink Avalanche 09
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising