Afaria is Sybase's device management solution for the Enterprise market, arguably the solution to choose if you need to manage a large fleet of remote devices running a variety of different operating systems and provide mobile integration with back-end line-of-business applications.

I have looked at Afaria in a previous article here - http://blog.brightpointuk.co.uk/sybase-afaria . In this post I shall look at the new features available in version 6.5 of the product.

Architecture

The essential architecture of the solution remains unchanged: a Windows Server is required, that needs to be Internet-facing and a single TCP port needs to be opened on the firewall to allow client access. A database is required to store configuration information. For security, a reverse proxy can be deployed in a DMZ environment to accept incoming client requests on one port, and pass them through to the LAN-based server on another port. The proxy can be either Windows or Linux-based.
Configuration parameters can be 'pushed' to compatible client devices via SMS messages using the industry-standard OMA-CP (Open Mobile Alliance Client Provisioning) protocol to configure clients with the required connection settings to be able to connect to the Internet and download the full Afaria client, to perform more detailed configuration, or alternatively the client's own OMA-DM client can be used if one is available (such as on Nokia's Symbian S60 series).

The solution is network agnostic and can operate over cellular, WiFi or Ethernet links.

Channels

Also unchanged is the modular nature of the solution. Different Channels can be enabled or disabled based on the license key used to install the solution. The Channels available include:

• Software Manager – deliver and install commercial or custom-built software packages on client devices
• Inventory Manager – interrogate and report on the hardware and software resources available on client devices
• Document Manager – publish and deliver groups of documents to client devices, be they text files, images, HTML web pages, etc
• Configuration Manager – enable, disable and configure hardware and software elements on the client device, delivering connection settings, blacklisting applications, disabling camera and Bluetooth features, for example
• Backup Manager – backup and restore specified files from the client device to a specified location on the corporate network
• Session Manager – the most powerful feature of the solution, enabling automation of file distribution, directory management, registry management.
• Data Security Manager – define and enforce security settings on the client device, including power-on passwords, encryption settings. Users can be allowed a set number of attempts to enter the password correctly, after which specific events can be triggered automatically, including removal of specific PIM data and/or files and applications, or a complete device hard reset
• Patch Manager – deliver operating system patches and security updates to clients automatically (Windows 32 only)

Further features of the solution include:

• Afaria supports both push and pull client-server interaction: clients can request packages from the server either on a schedule or manually by the user. Alternatively packages can be delivered to available clients with no user interaction immediately.
• Byte-level Differencing allows the client and server to calculate which changes have been made to large files, and only send those changes over the air to minimise data exchange traffic.
• Bandwidth Throttling allows the administrator to restrict how much of the client's connection to the Internet the Afaria client should be able to make use of to prevent it affecting users' other applications.
• Segmentation and Check Point Restart allows the administrator to deliver large packages to clients in stages, between specific hours or in specific size batches. Should a transfer be interrupted, it can be resumed at the same point it was cut off removing the need for the whole package to be re-delivered, reducing data exchanges, costs, and increasing efficiency.
• All client-server communications are compressed to reduce data exchanges and costs.
• Notifications allow the administrator to track the success or failure of client installations.

New features

Afaria Administrator
The Afaria Administrator now supports Internet Explorer 8:

Client Support
New features include support for new client devices including Nokia Series 60 5th Edition, BlackBerry 4.5, 4.6 and 4.7 devices, Windows Vista SP2 and Server 2008.

Data Security Manager
The Data Security Manager for Symbian now supports increased options for 'device lockdown' (ie what happens to devices when the password policy has been voided - the user has entered their password incorrectly too many times in succession):

Windows Mobile clients can now be locked down to a specific SIM card and be wiped automatically should the SIM be changed:

On both Symbian and Windows Mobile platforms specific PIM data and file locations can be encrypted:

Application Lists
The Application Control Policy for Windows Mobile clients allows the administrator to block access to any application on the device, be it part of the standard device ROM or a third party application. Access to device settings can also be restricted:

Call Filtering
The Call Filtering Policy allows the administrator to prevent specific numbers from being dialled from client devices:

Multiple policies can be defined.

Anti-Virus / Firewall Integration
The full Afaria device client features an integrated anti-virus client and built-in firewall, both of which can be enabled and configured from the server. Again multiple policies can be defined:

OMA DM
The OMA DM policy editor allows the administrator to quickly and easily deploy XML-based configuration templates to compatible OMA DM-capable clients, including such settings as:

• GPRS / 3G / WiFi Access Points
• Nokia Mail for Exchange
• SIP Settings (VoIP)
• SCCP Settings (Cisco VoIP)
• Remote device lock, reboot and wipe
• User access to connection and email device settings

Initial connection settings, including access point and DM server profile settings can be delivered via PIN-protected SMS message virtually removing the need for any user interaction altogether:

iPhone Support

Available as a separate Feature Pack for the Afaria server, iPhone clients running version 3.1 or higher of the iPhone operating system can also be managed from the Afaria server.
Individual device configuration templates are created using Apple's own iPhone Configuration Utility (http://blog.brightpointuk.co.uk/apple-iphone-configuration-utility-20). Therefore the items that can be configured on the iPhone client are those same elements that can be configured here.
The resulting package can then be published to the iPhone Configuration Server, which runs as a separate web service on the Afaria server within IIS.
For the iPhone to 'trust' the configuration package, the iPhone Configuration Server must have an SSL certificate assigned to it. This can be a self-signed certificate using Microsoft Certificate Services. The address of the configuration server can then be delivered to the iPhone via SMS. When connecting to the server for the first time the iPhone client will prompt you to accept and install the SSL certificate.

Symbian Client

To give you an idea of the client interface I have configured my Nokia E71 against the test server. The client installer package is created on the Afaria server and in the case of Symbian creates a SIS file as you would expect. During the client configuration process a specific Channel Set can be defined, user access to client settings can be removed, and clients can be configured to automatically connect to the server once installation is complete.
On the E71 the Afaria client is listed in the Installations folder:

If user access to settings is enabled, server address and channel set information can be edited:

Once a successful connection has been established, the log view displays information on package transactions:

For more detailed information about the capabilities of the Afaria solution especially the Session Manager, I recommend reading my previous article on the product - http://blog.brightpointuk.co.uk/sybase-afaria

You can access the product documentation for Afaria on our FTP site - ftp://ftpaccess:Brightpoint1@ftp.brightpointuk.co.uk/Sales/Sybase%20Afaria/

It worth noting that whilst Afaria is very much the "gold standard" of device management solutions in terms of the ability to run both client and server-side scripted routines, it may be overkill for smaller business who simply need the ability to remotely provision devices with connection, email and VoIP parameters and remotely 'kill' devices that have been reported lost or stolen.
Afaria can be deployed in a multi-tenant hosted model if you want to leverage the policy enforcement capabilities of the solution without the need to access LAN-based documents and applications, therefore not requiring that the server be hosted and maintained on your premises.

Contact Brightpoint today on +44 870 849 0225 for more information and an unbiased perspective on device management. If you're interested in simply learning more about what device management is and why it may be important to you, read my article on choosing a DM platform - http://blog.brightpointuk.co.uk/choosing-device-management-solution-q4-2009