Cisco MaaS360 - Manuals

Cisco MaaS360 – Manual in PDF format online.

Manuals:

Manual

Manual Cisco MaaS360

Summary

Page 4 - Overview; Fiberlink MaaS360 Capabilities and Features

Corporate Headquarters: Copyright © 2013 Cisco Systems, Inc. All rights reserved. Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Integrating Fiberlink MaaS360 with Cisco Identity Services Engine This document supplements the Cisco Bring Your Own Device (BYOD) CVD ( http://ww...

Page 7 - Deployment Models

7 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine The Fiberlink MaaS360 solution has three main components: • Portals (Administration and End User) • Fiberlink MaaS360 Server in the Cloud that manages policies and compliance rules • Fiberlink MaaS360 Agent software that runs on mob...

Page 8 - Getting Fiberlink MaaS360 Ready for ISE; Import MDM Certificate to ISE

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 8 Getting Fiberlink MaaS360 Ready for ISE The first requirement is to establish basic connectivity between the Cisco ISE server and the Fiberlink MaaS360 MDM server. A firewall is typically located between ISE and the Fiberlink MaaS36...

Page 10 - Grant ISE Access to the Fiberlink MaaS360 API

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 10 Figure 4 Importing the Certificate in ISE Grant ISE Access to the Fiberlink MaaS360 API The Fiberlink MaaS360 API is protected by HTTPS and requires an administrator account that has been granted permission to the API. Ideally a sp...

Page 13 - Add MDM Server to ISE

13 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine Figure 7 Assign Role to the Account Once the role as been added, an admin account can be created for ISE. Add MDM Server to ISE Once the account has been defined on the Fiberlink MaaS360 MDM server with the proper roles, ISE can be...

Page 15 - Verify Connectivity to MDM

15 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine The Test Connection button will attempt to log in to the API and is required prior to saving the settings with the MDM set to Enable. If the test does not complete successfully, the settings can still be saved, but the Enable box w...

Page 16 - Review MDM Dictionaries

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 16 Review MDM Dictionaries When the Fiberlink MaaS360 MDM becomes active, ISE will retrieve a list of the supported dictionary attributes from the MDM. Currently Fiberlink MaaS360 supports all of the attributes that ISE can query. Thi...

Page 17 - Enterprise Integration

17 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine Enterprise Integration Fiberlink MaaS360 offers a solution that enables integration with existing enterprise infrastructures such as AD, Exchange, and a certificate authority. This is achieved using a component called Fiberlink Maa...

Page 20 - Active Directory/LDAP Integration

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 20 Figure 13 Cloud Extender AD Configuration Active Directory/LDAP Integration Integrating ISE and the MDM to a common directory is important for overall operations. One benefit is the ability to set a requirement that a user periodic...

Page 22 - MDM Profiles

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 22 MDM Profiles Device profiles are an important concept of mobile device management. They are defined as part of the MDM protocol implemented by the operating system. The concept can be extended to application profiles, but as discus...

Page 25 - SCEP; Mobile Client Application—Fiberlink MaaS360 Agent

25 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine Figure 17 Enrollment Network Flows 293804 APNS/GCN MDM Device Authenticate User WebEnroll Policy Assessment Mobileconfig (mdm, cert) MDM Profile Check-in Notification Device Check-in Security Scan Profile Install APNS Registration ...

Page 26 - Device Ownership

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 26 Because ISE depends on these features for policy enforcement, corporate devices and personal devices with partial or full access should include a profile that specifies the Fiberlink MaaS360 Agent as a mandatory application. User i...

Page 27 - User Experience

27 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine User Experience For the most part, the fact that a device is under management is seamless to the user. If they are running the mobile client application as recommended for ISE compliance checks, then the user will have some additio...

Page 30 - Pass Code Complexity; Enterprise Application Store

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 30 Pass Code Complexity The user may be required to configuring a PIN lock on their device during the on-boarding process if the device is not already configured with one. When this occurs, the user will need to launch the client app ...

Page 32 - Corporate Data

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 32 Figure 25 Maas360 Applcation Corporate Data Fiberlink MaaS360 and ISE can work closely together to create a comprehensive approach to managing corporate data. This is generally known as data loss prevention (DLP). Data comes in two...

Page 33 - Corporate Wipe

33 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine • Querying Exchange Server using Microsoft PowerShell commands and standard APIs for vital information related to the ActiveSync enabled devices on the Exchange Server. The use of PowerShell and related APIs allows for abstraction ...

Page 34 - End User Portal; Verify Device Compliance; ISE Compliance versus MDM Compliance

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 34 End User Portal Fiberlink MaaS360 offers an End User portal that allows the user to manage their devices. Users can perform actions like Lock Device, Locate Device, Wipe Device, Reset Passcode, and Check-in device with Fiberlink Ma...

Page 36 - Device Scanning Intervals

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 36 Currently the MDM does not provide a method to mark compliance checks that are not reported to ISE. ISE cannot assert that network security issue caused a device to be MDM non-compliant. Device Compliance/Restrictions Restrictions ...

Page 37 - PINLockStatus

37 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine PINLockStatus The PINLockStatus is available to the API and can be used by ISE to set a minimum requirement for network access, as shown in the CVD. Fiberlink MaaS360 allows the administrator to create a PIN lock policy and set rul...

Page 38 - Manage Lost/Stolen Devices

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine 38 Jailbroken or Rooted devices These are devices where the user has gained direct access to the operating system, bypassing the control imposed on the device by the service provider. Devices in this state are generally considered com...

Page 41 - Conclusion; Disclaimer

41 Integrating Fiberlink MaaS360 with Cisco Identity Services Engine Figure 29 AnyConnect Provisioning Profile Conclusion The integration of the network policy enforced by Cisco ISE and the device policy offered by the Fiberlink MaaS360 MDM engine offers a new paradigm for BYOD deployments where sec...