Cisco Secure Client Management: Making Wi-Fi Device Management a Network Service
Introduction
As businesses accelerate investment in mobile technologies to gain productivity and optimize processes, they have new challenges to face.
IDC has forecast that 1.1 billion Wi-Fi mobile devices will be shipped worldwide during the next three years. With such an explosion in the number of Wi-Fi mobile devices, it's becoming essential to be able to manage remote devices centrally in order to keep the total cost of ownership (TCO) under control.
Device bootstrap provisioning, secured access management, and remote device troubleshooting are now elements that IT organizations have to integrate in their project roadmaps.
Additionally, users have different work styles and business requirements. Road warriors, corridor cruisers, or teleworkers-to name a few-have specific needs in term of access to information and security, and each category requires a specific network access profile. For example, while road warriors need access to corporate wired and wireless networks, home networks, and hotspots through VPN, corridor cruisers need connectivity only on the business premises. Giving the same profile to all-or leaving the final configuration of access security in the hands of end users-is not the optimal way to handle configuration and can lead to security risks.
The first level of challenge for IT organizations is provisioning new laptops or Wi-Fi mobile devices with specific access profiles. Manual management of network access provisioning can quickly become cumbersome and IT resource-intensive. Organizations need solutions that automatically ensure provisioning of new corporate mobile devices and that secure network access in all connectivity contexts, while providing a consistent and simple user experience.
Later in the lifecycle of a Wi-Fi mobile device, connection issues may come up. Here again, IT needs advanced troubleshooting capabilities to solve problems efficiently without having to request users to come to helpdesk.
Current analysis suggests that only 20 percent of businesses around the world have companywide initiatives for managing mobile devices. As they face this gap, businesses are increasingly recognizing that management is a critical element in total cost of ownership. IT organizations are now looking for solutions that will help them to easily provision and manage mobile devices at all stages of the lifecycle.
The Cisco Secure Client Manager Solution
The Cisco® Secure Client Manager (SCM) is a service component of the Cisco Unified Wireless Network. Cisco SCM centrally provisions, monitors, updates, and assists laptops1 troubleshooting, whether they are connected on wired or wireless networks.
More specifically, the Cisco Secure Client Manager:
• Delivers centralized and secure connection management (provisioning, monitoring, and troubleshooting) to facilitate 802.1X deployments.
• Allows harmonization of user access profiles for optimal security
• Automates the secured connection of end users across wired and wireless networks for optimal ease of use
• Offers a combination of connection management capabilities with third-party device management servers for holistic and operating-system-agnostic device management
By centralizing laptop deployment, Cisco SCM dramatically lowers both the cost of deployment and cost of ownership.
Managing Mobile Devices Throughout Their Lifecycles
Cisco Secure Client Manager has two main components: the SCM service software and the SCM agent.
The SCM service software is a server module hosted by the Cisco's Mobility Services Engine (MSE) and the SCM agent comes as a Cisco Secure Services Client (SSC) component. This approach offers the benefit of separating the Device Connection Management from the Data plane, bringing enhanced scalability and independence to present and future transport layers (802.11, 802.3, 802.16 ...).
As Figure 1 illustrates, the SCM manages the connection layer of Windows XP and Windows Vista computers at all phases of their lifecycles.
Figure 1. Cisco Secure Client Manager: Managing Mobile Devices at each Stage of their life cycles.
Provisioning
SCM offers simple and secure provisioning of new wireless laptops. Once IT has added new laptop information to the corporate database, the end user only has to connect his new computer to the corporate network and the SCM agent will automatically establish a connection to the SCM service module and download its connection configuration and access license.
Updating Profile and Software
Because users may need to have their profiles changed to adjust to new business requirements or evolving company policies, it's essential for companies to be able to update one or several profiles centrally. The SCM will allow IT managers to configure the new profiles, define the targeted users, and schedule the time for the configuration update. At the time defined, the SCM server will transfer the new client management policy and associated connection configuration to all targeted SCM agents. Similarly, for updates of the Secure Services Client, SMC allows IT managers to build packages that then can be pushed to end devices using existing management software.
Monitoring and Troubleshooting
SCM performs permanent log data collection for laptops that are connected to the wired or wireless unified network. This makes it possible for the help desk to quickly and easily troubleshoot laptops when users have connectivity issues.
To perform identification of connectivity issues, the SCM uses a Wi-Fi diagnostic channel established between Wi-Fi mobile devices and the Cisco Unified Wireless Network, correlating mobile device logs with network logs.
Decommissioning
Decommissioning is an important stage in the lifecycle of a mobile device. The licensing scheme managed by the SCM provides an easy approach. The licensing scheme, centralized with the SCM server, allows the IT organization to keep track of active devices and manage allocation and deallocation of network access licenses.
Beyond decommissioning, mobile devices need to be tracked if they are lost or stolen or when users are away for extended periods. The SCM licensing scheme helps IT keep track of active devices and allows automated license deallocation if a device has not connected to the server for a fixed period of time.
In addition, SCM provides discovery information to third-party device management servers through an application interface. This allows IT organizations to benefit from a complete and integrated device management suite, from connectivity to application, across devices and operating systems.
Summary
To be secure and operational at each stage of the lifecycle, mobile devices must be managed and monitored like any other network element. Mobile device management has become a critical enabler of mobile deployments and should be a core component of an IT mobile strategy.
With the Secure Client Manager as part of the Cisco Unified Wireless Network, IT organizations can administer the connectivity of mobile devices and help make them secure, from initial provisioning to final decommissioning. To allow complete management of any mobile devices, Cisco SCM also offers an application interface and an advanced device discovery service for third-party device management servers.
Cisco Wireless LAN Services
The Cisco Unified Wireless Network allows businesses to implement mobility applications across disparate networks. When you deploy a Cisco Unified Wireless Network, our technology expertise and deployment experience, combined with Cisco partner solutions, help your company to benefit from a high-performing, flexible, and scalable wireless infrastructure. By building an integrated platform, planning, deploying, and managing mobility solutions with far greater efficiency become possible. This allows greatly expanded capabilities in the areas of wireless client management, context aware services, and fixed-mobile convergence through end-to-end management and provisioning of services to enhance mobility of applications and protect your investment.
1Microsoft Windows XP and Windows Vista are the operating systems supported at first release of SCM. Additional mobile operating systems will be supported in upcoming versions.