Mobile devices are the perfect candidate for theftor for being left behind at the coffee cart or almost anywhere else you can take them. The problem is not so much the loss of the device itself (although that's never fun), but the loss of the data on the device, which can be a critical concern for companies. That concern tends to be felt down the command chain by IT staff striving to ensure that the computing environment not only works reliably and predictably, but also works securely.
The combined world of mobile technology and enterprise security is a young market with some reasonably mature organizations providing solutions. Credant is one of them, offering a number of products aimed at bringing military grade security to mobile computing enterprises with the Credant Mobile Guardian Enterprise Edition (CMG).
Architectural overview
The Enterprise edition of Credant Mobile Guardian consists of three main components which all work together to deliver a seamless, connected, and secure environment across a wide variety of mobile platforms.
The Server is the hub of the Credant enterprise environment. The Server stores the security policies and provides the engine to create and maintain policies in the database and across the organization.
In conjunction with the server there can be a number of machines functioning as Gatekeepers. There are two types of Gatekeeperlocal and remote. Local Gatekeepers work on individual workstations and detect the connection of mobile devices through Microsoft ActiveSync or HotSync. When a device is connected to a local Gatekeeper the Credant Mobile Guardian Shield for that device is deployed along with the specified policies. Remote Gatekeepers are responsible for deploying policy updates and user authentication over a network to mobile devices or desktops. These devices must have the shield deployed to them either through a local Gatekeeper or manually, but once done, the entire process of deployment and policy maintenance can be managed remotely over the network.
The key component in any device installation is the shield. The shield is the application on the mobile device or desktop computer that implements the policies it retrieves from Gatekeepers. Essentially, the shield enforces the security policies on the device where it is installed.
The architecture of the Credent Mobile Guardian Enterprise Edition
Setup and configuration
The documentation for CMG states hardware requirements (for the Server) of 2 GB of RAM and a 2GHz or faster CPU. In addition you'll need Microsoft SQL Server 2000 (currently the only supported version). SQL Server 2005 is currently unsupported, although you can use MySQL if you'd prefer. My test installation was configured with considerably lower requirements and the solution seemed to perform quite well. However, for an enterprise deployment, check the documentation carefully and follow it completely in order to deploy in a configuration appropriate for your organization.
The installation documentation includes details on how to perform a variety of installation configurations. For example, this will allow you to use an existing SQL Server rather than creating a new SQL Server installation, and there are detailed instructions on how to install it in this configuration. There are other documented configurations to allow for installation of various parts of CMG on various servers. For the purpose of my testing, I installed the CMG server and gatekeeper on a single server (which also acts as a domain controller and SQL Server database serveralbeit just for testing CMG).
