Earlier this week, Centrify launched an open beta of the company’s DirectControl for Mobile service. The service, which supports managing iPhones, iPads, and Android devices in business and enterprise settings, currently includes a subset of the features typical in other mobile device management (MDM) systems. Centrify, which is known for providing enterprise integration technologies for OS X as well as various Unix and Linux distributions, plans to maintain the current selection of controls as a free solution when the product emerges from beta while adding further management capabilities to a commercially licensed version.
Most MDM solutions are of the bolted-on variety – they run on a dedicated server or cloud offering that can pull information from enterprise systems like Microsoft’s Active Directory but use a separate management interface and data store for management profiles and other information. Centrify’s DirectControl does offer a cloud management system, but it uses Active Directory itself as the primary interface and data store, an approach that has several advantages including a very minimal learning curve for experienced systems administrators.
Centrify’s DirectControl line has been around for a number of years in the desktop computing world. Its focus is to make non-Windows system management as easy and seamless as possible in Active Directory environments. To this end, Centrify’s solutions function using two components: an Active Directory client for managed systems and extensions for Active Directory to support those clients. To facilitate device management, Centrify adds several client-specific group policy options to Active Directory. This allows Windows systems administrators to manage Macs or Unix/Linux systems using the same tools and approaches that they use for Windows PCs. The result is minimal changes to a company’s infrastructure, effective client management, and virtually no learning curve.
That approach has worked out quite well for companies that use Centrify’s DirectControl of Mac because systems administrators who may never have even used a Mac can still manage them effectively once they become familiar with the Mac-specific policies that Centrify provides (which are based around Apple’s Managed Preferences architecture). All management tasks like assigning policies and policy inheritance to different groups function just like they do for Windows PCs.
Centrify brings this Active Directory centered approach to its new mobile offerings. In Centrify’s model, mobile devices like iPhones and iPads are simply treated like a PC and assigned a computer account in Active Directory. Managing access and configuration uses the same tools that Microsoft provides as part of Windows Server like Active Directory Users and Computers. This makes mobile management a very easy to handle extension of traditional systems administration.
Obviously, there are some issues specific to managing mobile devices including communicating with those devices when they aren’t on a corporate network. A cloud solution called Centrify Cloud Service fills that role and interacts with Active Directory through a provided proxy server. The cloud service also handles tasks like device enrollment and includes a web-based management interface that can be used as an alternative to Microsoft’s Active Directory tools when needed (such as after hours management when a sysadmin isn’t in the office).
Deeper integration with Active Directory and a very limited learning curve for most Windows IT folks are definitely the biggest selling points for DirectControl for Mobile. The fact that Direct Control will offer an ongoing free MDM option is a plus as well. That price, however, needs to be balanced against the limited feature set, which includes just the following:
- Device and on-device inventory
- Detection of device OS and whether it has been jailbroken or rooted
- User self-enrollment and automatic de-provisioning based on Active Directory accounts when a user or device leave the company
- Automatic configuration of common network accounts like Exchange, VPN, and corporate wireless networks
- Remote wipe, lock/unlock, profile changes (such as passcode reset or removal)
- Passcode and lock policies
- Force iTunes to encrypt device backups
- Disabling iOS features including screen capture, sync while roaming, voice dialing, App Store purchases/installs, in-app purchases, Game Center, YouTube, Safari, iTunes Store purchases, playback of iTunes content tagged as explicit content, use of apps based on App Store age ratings
Overall, DirectControl for Mobile won’t be for every environment. At least in its current form, it doesn’t offer the degree of management and monitoring capabilities available in other MDM products. Its tie to Active Directory is a powerful selling point for many businesses, but it also excludes small to mid-size organizations that don’t have a Microsoft of Active Directory infrastructure.
That said, for some companies, particularly those with a limited mobile or non-Windows support/management expertise, this is going to be a very attractive offering. Like Amtels’ new Free Business MDM service, the fact that it’s a free option will likely be particularly attractive to organizations with shoestring budgets, including many schools.
One major advantage is that DirectControl for Mobile and DirectControl for Mac (including Centrify’s limited free Mac management option) together offer a very unified and easy to handle to solution for companies that have limited experience with Apple products but need or choose to integrate Macs as well as iPhones and iPads.
I can’t suggest that any business implement a beta solution on a broad range of devices or any mission critical systems, but I will say that after trying out DirectControl for Mobile, it is an easy to configure platform that feels like an extremely natural progression from traditional Windows/IT management. It is definitely worth testing and/or following over the coming months.