Weitere ähnliche Inhalte
Ähnlich wie Presentation build and connect apps, devices and data ibm worklight overview (20)
Kürzlich hochgeladen (20)
Presentation build and connect apps, devices and data ibm worklight overview
- 1. © 2012 IBM Corporation
Mobile
Build and Connect Apps, Devices and Data:
IBM Worklight Overview
Jeremy Siewert
IBM ISV & Developer Relations: Technical Lead for Mobile
February 19, 2013
- 2. © 2013 IBM Corporation2
Mobile
Building and connecting mobile apps has become
essential to the mobile enterprise
- 3. © 2013 IBM Corporation3
Mobile
Key mobile development and delivery challenges
• Highly fragmented set of …
• Platforms and devices
• Languages, APIs, and tools
• Native programming models not
portable across platforms
Delivering for multiple platforms
• Higher frequency of releases
and updates
• Added pressure on teams to
deliver on time and with quality
Accelerated time to market
requirements
• Existing services typically need to
be adapted and extended for
mobile
• Enterprise wireless networks are
running out of bandwidth to
accommodate employee devices
Connecting apps and mobile users
with existing enterprise systems
• High quality user experience is a
requirement
• Quality influenced as much by
design as it is by function
Consumerization of IT and need to
deliver high quality apps
- 4. © 2013 IBM Corporation4
Mobile
IBM’s strategy addresses client mobile initiatives
Extend & TransformManage & SecureBuild & Connect
Key Capabilities
• Strategy, planning and
implementation
• Mobile-enabled solutions
including analytics,
commerce, and social
business
• Mobile as a service
Key Capabilities
• Mobile web, hybrid and native
app development
• Enterprise data, service, and
application integration
• Enterprise wireless
networking
Key Capabilities
• Mobile lifecycle
management
• Device analytics and control
• Secure network
communications &
management
Manage mobile
devices and apps
Secure my
mobile business
Extend capabilities
to mobile
Transform
your business
Build mobile
apps
Connect & run
mobile systems
- 5. © 2013 IBM Corporation5
Mobile
When do you need a Mobile Application Platform?
• Get up and running in minutes– extending the development and Web skills you already have
• Maximize code reuse by sharing code across multiple devices and OS variants
• Leverage existing mobile applications without rebuilding– including those built in Web, native and HTML5
• Code without limits with the flexibility to mix HTML5 with native code when needed
• Maximize productivity by leveraging any standards-based open source and third-party library
• Deepen and personalize customer engagement with access to back-end systems and server-based data mashups
• Manage the complete mobile application lifecycle (build, connect, run)
• Govern and manage mobile apps from initial provisioning to ongoing upgrades, authentication, single-sign-on,
enforced app upgrades, and a mobile app feedback loop
• Communicate effectively with centralized push notification service management
• Protect data with on-device encryption of user data, SSL encryption, and secure offline access
• Control access through single sign-on and multi-factor authentication
• Secure applications with protection against reverse-engineering vulnerabilities, remote disable of applications, and
enforcement of client upgrades
• Enforce compliance with regulatory mandates through secure shells that can be deployed throughout your motile
portfolio.
Development: Can I scale app delivery – using existing skills and assets?
Security: Can I reduce security risk across my mobile enterprise?
Operations: Can I easily connect to data, applications and cloud services?
- 6. © 2013 IBM Corporation6
Mobile
Scale your ability to build, manage and secure mobile apps
IBM Worklight: A Mobile Application Platform
Speed and scale time-to-value
• Maximize code reuse across platforms
• Leverage standards-based technologies
• Deliver higher quality by mixing HTML with native
code in the same app
Connect to back-end services
• Get standardized access to data, applications
and cloud services
• Leverage runtime services for caching, push
notifications, authentication and service
interruption
• Enterprise app store for app management
• Data collection for analytics
Reduce security risk
• Strong authentication framework
• Encrypted offline availability
• Sign apps to detect unauthorized modifications
• Direct update and remote disablement
IBM Worklight leverages and extends
your investments in data, applications,
security and skills to mobile devices.
Client Challenge
Quickly build, manage and secure mobile
apps
Key Capabilities
- 7. © 2013 IBM Corporation7
Mobile
Mobile application development models
- 8. © 2013 IBM Corporation8
Mobile
Compatible with prominent
HTML5 libraries and tools:
App development using
native and/or familiar web
technologies:
• HTML5
• CSS3
• JavaScript
App delivery in variety
of forms:
• Mobile Web app
• Hybrid app
• Native
Open, cost-effective, cross-platform app development
IBM Worklight
http://youtu.be/uPFoT_MqLY4
- 9. © 2013 IBM Corporation9
Mobile
Enterprise
Applications
Web Services
Databases
Today Application Mobilization is Complex when Unstructured
Higher infrastructure costs
Longer mobile development time
Inability to support all required device
types
Higher administrative and maintenance
costs
Overall increase in risk
Security issues due multiple points of
entry into the network
Limited or no ability to respond to
changes in devices and backend
systems
No consistency across an enterprise
portfolio
Potential Issues:
- 10. © 2013 IBM Corporation10
Mobile
Web Services
Mobile Application Platforms help build, manage and integrate more easily
- to maximize the opportunity value of enterprise applications
Enterprise
Applications
Databases
Worklight Mobile Application Platform
- 11. © 2013 IBM Corporation11
Mobile
Worklight Server
Unified notifications, runtime skins, version
management, security, integration and delivery
Worklight Console
A web-based console for real-time analytics and control
of your mobile apps and infrastructure
Worklight Studio
The most complete, extensible environment with
maximum code reuse and per-device optimization
Worklight Component Overview
Worklight Runtime Components
Extensive libraries and client APIs that expose and
interface with native device functionality←
- 12. © 2013 IBM Corporation12
Mobile
Worklight Conceptual Architecture
- 13. © 2013 IBM Corporation13
Mobile
Worklight Studio
• Eclipse-based IDE
• Combining native and standard web
technologies in one multiplatform app
• Environment-specific optimization
• 3rd-party libraries integration
• Device SDK integration
• Back-end connectivity utilities
- 14. © 2013 IBM Corporation14
Mobile
Create a New Mobile Application
- 15. © 2013 IBM Corporation15
Mobile
Add Environments
Supports a variety of application types
Mobile
• iPhone
• iPad
• Android phones & tablets
• BlackBerry
• Windows Phone
Desktop
• Windows 8 desktop & tablets
• Adobe AIR
Web Applications
• Mobile web app
• Desktop Browser web page
- 16. © 2013 IBM Corporation16
Mobile
Combine HTML5 and
native-based pages
in the same
application
Call native code from
HTML-based pages
Display HTML and
native components
together on the same
page
Single Shared Codebase
- 17. © 2013 IBM Corporation17
Mobile
Skins
Different
Screen
Densities
Different
Screen
Sizes
Different
Input
Methods
Support
for
HTML5
• Provide support for multiple form factors in a single executable file for
devices of the same OS family
• A sub-variant of an environment
• Packaged together in one App
• Decision on which skin to use is done automatically at runtime
- 18. © 2013 IBM Corporation18
Mobile
WYSIWYG with drag-n-drop UI construction
- 19. © 2013 IBM Corporation19
Mobile
Incorporated Device SDKs
- 20. © 2013 IBM Corporation20
Mobile
Preview in browser
Perform device specific tests in the Mobile Browser Simulator: supports
Cordova and Worklight client API
- 21. © 2013 IBM Corporation21
Mobile
• Secure back-end integration
• XML-based declarative
specification
• Multi-source data mashups
• Eclipse plug-in supporting
auto-complete and
validation
• Simplified adapter testing
• Server-side debugging
• JMS, Cast Iron, Web
services and JDBC
integration
• Access to session data and
user properties
Create Adapters for Back-end Integration
- 22. © 2013 IBM Corporation22
Mobile
Worklight Runtime Architecture
Worklight Server
Authentication
JSON Translation
Server-side
Application Code
Adapter Library
Client-side
App Resources
Direct Update
Mobile
Web Apps
Unified Push
Notifications
StatsAggregation
Device Runtime
ApplicationCode
• Cross Platform Technology
• Security and Authentication
• Back-end Data Integration
• Post-deployment control and
Diagnostics
- 23. © 2013 IBM Corporation23
Mobile
Worklight Server
• Distribution of mobile web apps
• Enterprise connectivity:
• Secure client/server connectivity
• Direct access to enterprise back-end data and transaction
capabilities
• Authentication enforcement
• Client control:
• Application version management and remote disabling
• Direct update of application code
• Unified Push Notifications
• Aggregation of usage statistics
- 24. © 2013 IBM Corporation24
Mobile
Device Runtime Components
• Framework for server integration:
• Secure server connectivity
• Authentication
• Remote disable & notification
• Push registration
• Dynamic page loading & caching (soon)
• Event reporting for analytics & audit
• Check-in with Server on Startup
• Check for updates
• Sending Statistics
• Cross-platform compatibility layer
• Runtime Skinning
• Secure encrypted storage
- 25. © 2013 IBM Corporation25
Mobile
• Secure back-end integration
• XML-based declarative
specification
• Multi-source data mashups
• Eclipse plug-in supporting auto-
complete and validation
Back-end Integration with Adapters
Worklight Server
Adapters
• Simplified adapter testing
• Server-side debugging
• JMS, Cast Iron, HTTP and JDBC
integration
• Access to session data and user
properties
Internal Systems
Cloud
JMS
Cast Iron
JDBC
HTTP/Web Services (REST & SOAP)
Worklight
Runtime
JSON /
HTTPs
Existing Integration
Layer
- 26. © 2013 IBM Corporation26
Mobile
Direct Update – On-device Logic
1. Web resources packaged
with app to ensure initial
offline availability
2. Web resources transferred
to app's cache storage
3. App checks for updates
• On startup
• On foreground
4. Updated web resources
downloaded when
necessary
http://youtu.be/NvNzJtfub4Y
Worklight
Server
Native Shell
Pre-packaged
resources
1 Download
4
Update
web
resource
App Store
Web
resources
Cached
resources
2 Transfer
3 Check for
updates
- 27. © 2013 IBM Corporation27
Mobile
Unified Push Notifications Architecture
Back-end
System
Back-end
System
Back-end
System
Back-end
System
Polling
Adapters
Message-
based
Adapters
Unified
Push API
Notificatio
n State
Database
User-
Device
Database
iOS
Dispatcher
Android
Dispatcher
BlackBerry
Dispatcher
Windows
Phone
Dispatcher
SMS
Dispatcher
Apple
Push
Servers
(APN)
Google
Push
Servers
(C2DM)
RIM Push
Servers
Microsoft
Push
Servers
SMS/MMS
Brokers
Administrative Console
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
iOS
Push API
Android
Push API
BlackBerry
Push API
Windows
Push API
Broker
API
- 28. © 2013 IBM Corporation28
Mobile
Worklight Console
• Application Version Management
• Push management
• Usage reports and analytics
• Reports of custom application events
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems
- 29. © 2013 IBM Corporation29
Mobile
Dynamic Control of Deployed Apps
• Centralized control of all installed applications and adapters
• Remotely disable apps by device and version
• Customize user messages
- 30. © 2013 IBM Corporation30
Mobile
Mobile Application Center
A cross platform private mobile application
store similar to public app stores but focused
on the needs of an organization or a team
Ease highly iterative development process
and distribution of mobile applications
Key capabilities:
Delivers distribution and management of mobile
applications within a company / teams
Easy distribution of iOS and Android apps within
an enterprise
Supports any mobile applications
Provides versioning and updates
Centralizes rating and feedback information
Controls who can modify or install an
application
Easy to install and simple to run
- 31. © 2013 IBM Corporation31
Mobile
Advanced
Mobile
capabilities
• on-device, offline
available, reliable,
scalable, encrypt-able,
and sync-able JSON
database
• Server triggered security
challenges
Application
Governanc
e
• Enterprise App Store
• Native Application
Governance
• Integration with IBM
MDM (IBM Endpoint
Manager)
Apps and
Tooling
• Native libraries for iOS
and Android
• jQuery tooling support
Platform
• SMS notifications
• New target devices:
Windows 8, Java ME
• New integration points:
JMS adapter
• Updates: iOS6,Android
4.1, Cordova 2.2
IBM Worklight
V5.0.5
New features and enhancements in IBM Worklight
v5.0.5 (released Fall 2012)
- 32. © 2013 IBM Corporation32
Mobile
What are the other options?
Evaluation
Criteria
No Platform -
Native
Development
“Do it Yourself”
HTML5 with Open
Source Frameworks
Pre-packaged
Mobile Apps
Worklight Mobile
Application
Platform
Initial
Development Cost
Poor Excellent Excellent Excellent
Time to Market Poor Excellent Excellent Excellent
App Quality / Features Excellent Poor Poor Excellent
Ongoing Maintenance
Cost
Poor Poor Excellent Excellent
Integrations with Back
Office Services
Excellent Poor Poor Excellent
Ability to Customize Excellent Poor Poor Excellent
Runtime Caching,
Notification Services
Poor Medium Medium Excellent
Security and Identity
Services
Poor Poor Medium Excellent
App Governance and
Management
Poor Poor Medium Excellent
Usage Analytics Poor Poor Medium Excellent
- 33. © 2013 IBM Corporation33
Mobile
Build, connect, manage and secure your mobile enterprise
IBM Mobile Foundation
Quickly Build, Deliver, Manage and Secure Mobile Applications
in Enterprise Traditional & Cloud Environments
IBM Mobile Foundation
IBM Endpoint
Manager for
Mobile Devices
IBM WebSphere
Cast Iron
Hypervisor
Edition
IBM
Worklight
Mobile App
Development Platform
Mobile
Security
Connectivity
Taking Your Enterprise Mobile
App and device
management
- 34. © 2013 IBM Corporation34
Mobile
IBM provides a complete framework for mobile
IBM Mobile Foundation
Security Gateway
(WebSphere DataPower,
IBM Security Access Manager)SDLC Tools
(Rational Collaborative
Lifecycle
Management)
WebSphere Application Server
Enterprise Apps
SOA & Connectivity
(WebSphere Message Broker, WebSphere MQ (MQTT), WebSphere Services Registry and Repository)
MDM
(IBM Endpoint
Manager for Mobile)
WebSphere Operational
Decision Management
IBM Business Process
Management
MEAP
(IBM Worklight)
Elastic Caching
(WebSphere eXtreme
Scale, WebSphere
DataPower XC10)
Social
(Lotus Connections)
Mobile Threats &
Security
(IBM Qradar,
IBM AppScan for Mobile)
Analytics
(Cognos, Coremetrics)
WebSphere Cast Iron
- 35. © 2013 IBM Corporation35
Mobile
As an ISV, you care about
• Cost-effective development
• Leveraging your existing skills
• Short time to market
• Easy mobilization of your existing offering
• A rich user experience that drives adoption
• Collaboration of Dev, QA and test teams
• Simple integration with existing tools
• Quick update cycles and version control
• Adhering to the strictest security requirements
• Managing a growing portfolio of apps
• White-labeling and app customization
IBM Worklight delivers
• Open architecture and standard tools = short
learning curve, use of in-house skills and no
technology lock-ins
• Comprehensive integration capabilities with
back-end and cloud-based services
• Support multiple development approaches
(HTML, hybrid and native), access all device
features, transactions and high data volumes
• Collaboration tools, central build engine, and
internal distribution mechanisms
• Integration capabilities with the growing eco-
system of 3rd-party tools and frameworks
• Central management capabilities including
direct update, remote disable and reporting
• Customizable native shell for policy
enforcement and white-labeling of mobile apps
IBM Worklight – Value for ISVs/Partners
- 36. © 2013 IBM Corporation36
Mobile
IBM Worklight and Open Source
IBM Worklight is built on open standard and extends open source software:
Apache Cordova (aka Phone Gap), JQuery, Dojo, Derby, Jetty, SQLite, MySQL,…
Main value add:
1. Advanced development environment with WYSIWYG tooling and simulators
2. Mixing native, web and local HTML in the same app
3. Improved code sharing amongst platform (optimization framework)
4. Single binary for multiple form factors (runtime skins for smartphones and tablets)
5. Mobile application management (remote app disablement, direct update)
6. Security (device & user authorization, encrypted cache, offline authentication, app
authenticity testing…)
7. Analytics (who uses what & when)
8. Structured architecture with WL server as control point (data access and security)
9. Cross platform, production ready app store
10.Uniform push notification with user/device mapping management
11.Centralized management console (apps & versioning, adapters, push)
12.JSON local data store with sync (new v5.0.5)
13.IBM tested & supported SW combinations
- 37. © 2013 IBM Corporation37
Mobile
Business Partner Programs for Mobile
Mobile App Showcase
IBM web site dedicated to showcasing Business Partners mobile apps developed on the
Worklight platform, both cross-industry and cross-function
Register your mobile apps and gain greater visibility to a wide cross section of interested
clients
IBM Business Partner Authorizations
New Mobile Sales Mastery & Technical Sales Mastery tests available to certify as a
Worklight V5.0 Authorized Reseller and participate in IBM partner incentive programs
Invest and grow your Sales and Delivery Teams Mobile skills through comprehensive
training and certification provided by IBM
Mobile Ready to Execute campaign program
A new model of campaign delivery designed and developed as a complete package for
Mobile capabilities
Use this customizable marketing collateral to generate pipeline with current clients and
potential prospects
Available now! Leverage IBM co-marketing dollars to fund Mobile campaign execution
- 38. © 2013 IBM Corporation38
Mobile
Mobile App Showcase Overview
Your solutions become an integral part of IBM marketing programs, generating exposure with
clients, other IBM Business Partners and the IBM sales network
Leverage the pull of IBM in the mobile market
Market your solutions and capabilities to a worldwide audience
Qualify for the monthly rotating “Solution Spotlight” – your mobile app on the landing page.
Criteria:
1. Built on Worklight or Mobile Foundation
2. IBM Business Partner agreement in place
3. Member of PartnerWorld
4. Selected in the order the solutions arrive for first 6 months
Easy to use registration via the existing Global Solutions Directory on PartnerWorld
A common experience to feature and access IBM Business Partner mobile
applications and solutions built on IBM Worklight and/or IBM Mobile
Foundation offerings
- 39. © 2013 IBM Corporation39
Mobile
Global Solutions Directory – Mobile App Registration
GSD entry tips to maximize exposure in the mobile showcase:
• Ensure your solution is marked for Worklight or Mobile Foundation
• Create a thorough entry, completing all fields on the submission
form
• Keep your contact information current
• Include your company logo in your entries
• Refresh your solutions
What is the Global Solutions Directory (GSD)?
In the context of the Global Solutions Directory, IBM uses the term solution to refer
to all types of products and services provided by our Business Partners. This
generalized term represents the value add of Business Partners teaming with IBM to
bring solutions to our customer's business problems
Key Links:
Create an entry in the Global Solutions Directory
Video demonstrations: Learn how to use the Global Solutions Directory
Mobile app showcase landing page
- 40. © 2013 IBM Corporation40
Mobile
IBM Business Partner Authorizations
Sales Mastery & Technical Sales Mastery tests available to certify as Worklight V5.0
Authorized Reseller. Educate your Sales and Delivery Teams & become *SVP Authorized
to resell Mobile offerings through comprehensive training and certification provided by IBM
Why team with IBM?
• IBM Software Business Partners have a wide range of profit opportunities including cross sell, influence,
resell and bundled solution resell to leverage the high growth market of mobile:
• *Software Value Plus - Global program for SW resellers / influencers provides incentives for Business
Partner opportunity identification and progression with earnings opportunities from 5% to 50%+
• Industry and Capability Authorization provides recognition for expertise in providing client solutions,
based on key IBM Software products, such as Mobile and other high growth solution areas Earnings
opportunity from 20% to 30%
• Application Specific License (ASL) agreements - Resell model for lightly embedded and bundled
mobile solution offerings where Partners earn via discount on product sales for both initial sales and
annual renewals
Building Worklight Technical skills:
VW501 Introduction to IBM Worklight V5 for Mobile Application Development & Deployment (self-paced)
WU-VU503 Mobile Application Development and Deployment with IBM Worklight V5 (Instructor-led)
ZU503 Mobile Application Development and Deployment with IBM Worklight V5 (5-days self-paced)
ZU370 Introduction to HTML5 and JavaScript Programming
ZU371 Developing Mobile Web Applications with Dojo
Advanced Worklight 5.0 Worklight Hands-On Enablement Workshop for Business Partners
Become an Authorized Reseller via Certification:
Sales : IBM Mobile Worklight Sales Mastery v1 M660 - or - WebSphere Sales Mastery v5
Technical: IBM Mobile Worklight Technical Mastery v1 N31 - or – Any of these Software/WebSphere Core technical test
Tips & Techniques to pass Mastery test: WebSphere Sales Mastery v5 - tips and techniques for success
(PartnerWorld Id Required)
- 41. © 2013 IBM Corporation41
Mobile
IBM Business Partner Co-Marketing Program
Leverage co-marketing funds and Mobile campaign tools to grow your business
Mobile Ready to Execute Campaign Core Messaging for Business Partner Clients:
• Gain faster time-to-value with unified development across deployment models
• Universal connectivity to streamline multiplatform development, deployment, and information delivery for
mobile, web, and cloud
• Securely integrate information and applications between mobile computing and traditional IT
• Automate service delivery to improve economics, reduce risk, and accelerate innovation
• Enhance business process with mobility and uncover new business models across the mobile lifecycle
The IBM Co-marketing Center is the one-stop to maximize co-marketing
investment with IBM:
Apply for IBM co-marketing funds, if eligible, to help fund your campaign execution
Use Mobile “Ready to Execute" campaign materials that can be customized easily for
your unique requirements:
A new model of campaign delivery in which IBM has designed and developed a campaign as a
complete package for Mobile capabilities
Available to IBM Business Partners to use to generate pipeline with your current clients and
potential prospects
The campaign includes multi-touch emails, telemarketing scripts, web marketing guidance and
compelling customer offers (e.g. white papers, videos, etc.)
- 42. © 2013 IBM Corporation42
Mobile
Upcoming IBM Mobile Event Presence
• Mobile World Congress, February 25-28 in Barcelona, Spain.
• IBM will be announcing exciting new mobile capabilities for the enterprise
• On Monday, February 25th there will be a 1/2 day Conference "Business. In Motion: Speeding Innovation
and Extending Reach Securely with IBM Mobile." For more information click here
• If you can't join us in Barcelona, please register and plan to attend to our "Live from Mobile World Congress"
broadcast on Thursday February 28, 2013.
• IBM PartnerWorld Leadership Conference, February 25-28 in Las Vegas, NV
• Robert LeBlanc, Senior Vice President, Middleware Software, will be speaking at the General Session
Keynote on the topic: Middleware & Cloud Strategy: IBM Middleware and cloud strategy and strategic
capabilities (cloud, mobile, big data, security).
• IBM will host an IBM Mini Solution EXPO Showcase for Mobile Enterprise. Click here for more information
• Pulse 2013 in Las Vegas, NV from March 3-6
• Marie Wieck will be presenting the Mobile Enterprise Stream kick-off on Monday March 4th from 10 - 11 AM
around Speeding Innovation and Extending the Reach with Mobile Enterprise.
• Mobile will be the focus of many tracks, birds of the feather sessions, and meet the experts sessions.
• Don't forget to visit the IBM Mobile Booth to view our key assets around the IBM Mobile Story and demo
some of our exciting capabilities. Click here for more information
• South by Southwest Interactive Festival in Austin, TX from March 8-17
• IBM will be showcasing IBM Mobile & Social Business capabilities as well as introduce resources to the
start-up community . Click here for more information
- 43. © 2013 IBM Corporation43
Mobile
Next Steps for Partners
Get specific, prescriptive guidance and resources
IBM PartnerWorld Roadmap for Mobile:
http://ibm.biz/BdxrgB
Download the free Worklight Developer Edition
IBM Worklight Developer Edition download:
http://www.ibm.com/developerworks/mobile/worklight.html
Expand your knowledge and interact with IBM SMEs
IBM tech talk series for Mobile:
http://www.ibm.com/developerworks/mobile/mobile-techtalks/
Learn about upcoming IBM Mobile announcements
Register for our "Live from Mobile World Congress" broadcast on Thursday February 28,
2013.
- 45. © 2013 IBM Corporation45
Mobile
IBM Worklight Advanced Features
- 46. © 2013 IBM Corporation46
Mobile
Skin Creation
• Skins are created using the Worklight Skin Wizard
• Directories adjacent to the environment directory
• Containing HTML/CSS/JS
- 47. © 2013 IBM Corporation47
Mobile
Example Mobile Skin on Android
- 48. © 2013 IBM Corporation48
Mobile
Example Mobile Skin on iPad
- 49. © 2013 IBM Corporation49
Mobile
Data Collection and Analytics
- 50. © 2013 IBM Corporation50
Mobile
Flexible Push Notification Framework
Multiple users logging into the same app
Multiple apps using the same event source
Multiple event sources used in the same
app
One application multiple devices
- 51. © 2013 IBM Corporation51
Mobile
Mobile Security Objectives
Protect data on
the device
• Malware, Jail breaking
• Offline access
• Device theft
• Phishing, repackaging
Streamline
Corporate
security approval
processes
• Complex
• Time-consuming
Enforce security
updates
• Be proactive: can’t rely
on users getting the
latest software update
on their own
Provide robust
authentication
and authorization
• Existing authentication
infrastructure
• Passwords are more
vulnerable
Protect from the
“classic” threats
to the application
security
• Hacking
• Eavesdropping
• Man-in-the-middle
- 52. © 2013 IBM Corporation52
Mobile
Worklight: Security by Design
Enforcing security
updates
Remote
disable
Direct update
Providing robust
authentication and
authorization
Authentication
integration
framework
Data
protection
realms
Coupling
device id with
user id
Streamlining
Corporate security
processes
Mobile
platform as a
trust factor
Application
Security
Code
obfuscation
SSL with
server
identity
verification
Proven
platform
security
Jailbreak and
malware
detection
App
authenticity
testing
Protecting data on the
device and in transit
Encrypted
offline cache
Offline
authentication
Secure
connectivity
Integration point with VPN solutions (i.e. IBM Mobile Connect)
Integration point with MDM solutions (i.e. IBM Endpoint Manager for Mobile)
Integration point with User Security solutions
(i.e. IBM Access Manager for Mobile)
- 53. © 2013 IBM Corporation53
Mobile
Authentication Concepts and Entities
• Worklight entities, such as applications and adapter procedures, can
be protected from unauthorized access
• Entities are protected by authentication realms
• An authentication realm defines the process to be used to
authenticate users
• Each authentication realm consists of:
• Authenticator – client + server components which are used to
collect credentials (e.g. login form).
• Login Module – server component that receives credentials from
the authenticator, validates them and builds the user identity
object
• The same authentication realm can be used to protect several
resources
- 54. © 2013 IBM Corporation54
Mobile
Authentication Concepts and Entities
When a request is made to the protected entity, Worklight checks whether
the session is already authenticated. If not, Worklight automatically
triggers a process of verifying the user’s identity
Unauthenticated request tries to access the
protected application, or invokes a protected
adapter procedure
Authenticator is invoked automatically. User
credentials (e.g., username and password) are
collected on the client-end and sent to a server
Login module receives collected credentials,
validates them and builds user identity in case
validation passes
The original request is handled
- 55. © 2013 IBM Corporation55
Mobile
What is the Encrypted Cache?
The encrypted cache is a mechanism for
storing sensitive data on the client side
The encrypted cache is implemented using
HTML5 local storage technology which
allows data to be saved locally and
retrieved on subsequent application
use / re-launch
Data is encrypted with a combination of user-
provided key and server-retrieved randomly
generated token which makes it more secure
Data is stored using key-value pairs
- 56. © 2013 IBM Corporation56
Mobile
Enforcing security updates
Enforcing
security
updates
Remote
disable
Direct
update
Remote Disable: shut down
specific versions of a
downloadable app, providing
users with link to update
Direct Update: automatically
send new versions of the locally-
cached HTML/JS resources to
installed apps
Can’t rely on users
getting the latest
software update on
their own
- 57. © 2013 IBM Corporation57
Mobile
Mobile security measures
Mechanism Benefits Details
Encrypted offline
cache
• Protect against stealing
sensitive information via
malware, stolen devices
• Uses AES256 and PCKS #5 for on-device encrypted storage of app-
generated data, with random server-generated numbers for high security
• Allows user authentication when server is offline
• Implemented in JS (highly obfuscated) with optional native performance
enhancements
SSL identity
verification for AJAX
• Protect against man-in-the-
middle attacks
• Client-side AJAX framework automatically verifies IBM Worklight-server
credentials
Client code
attestation
• Prevent impersonation by
phishing apps
• Protect apps from manipulation
by malware
• Challenge-response based mechanism for proving client-application
identity
• Uses tamper-resistant self-inspecting code
Remote code
updates
• Ensure timely propagation of
critical security updates to
entire install base
• New versions of the code can be distributed without requiring update of
the app (currently JS/HTML)
Remote disable of
specific versions
• Ensure timely propagation of
critical security updates to
entire install base
• Server-side console allows configuration of allowed app versions.
Administrator can force users to install security updates to the native
code
Authentication
process framework
• Lower the cost and complexity
of robust integration with the
authentication infrastructure
• Server-side architecture for integration with back-end authentication
infrastructure based on JAAS, with Authentication realms
• Client-side framework for asynchronous login requests on session
expiration
Server-side
safeguards
• Prevention of SQL injection
• XSRF protection
• Prepared-statement enforcement
• Validation of submitted data against session cookie
Device identification • Prevent account-hijacking • Safely report device ID to the server
• Identifying a user with specific devices
- 58. © 2013 IBM Corporation58
Mobile
Mobile security measures - Continued
Mechanism Benefits Details
Enterprise SSO
integration
• Leverage existing enterprise
authentication facilities and user
credentials
• Enable employee-owned
devices
• Client side mechanism obtains and encrypts user credentials, sends to
the server with requests
• Encryption incorporates user-supplied PIN, Server-side secret and DID
• Credentials cannot be retrieved from lost or stolen device
VPN alternative
• Enable the secure delivery and
operation of mobile applications
for employee owned devices or
device types not allowed on the
corporate network
• Enable the secure delivery in
cases where the installation of
VPN client on mobile devices is
not possible or complicated to
manage
• Client side and server side framework act as SSL based VPN
• Network access control and policies pre-configured in the client side
framework layer
• Network access and security measures updated using server side
framework
• On device encrypted storage to prevent compromise of sensitive data
- 59. © 2013 IBM Corporation59
Mobile
Mobile Application Center
A cross platform private mobile application
store similar to public app stores but focused
on the needs of an organization or a team
Ease highly iterative development process
and distribution of mobile applications
Key capabilities:
Delivers distribution and management of mobile
applications within a company / teams
Easy distribution of iOS and Android apps within
a team
Supports any mobile applications
Provides versioning and updates
Centralizes rating and feedback information
Controls who can modify or install an
application
Easy to install and simple to run
- 60. © 2013 IBM Corporation60
Mobile
Log into the Worklight Application Center
- 61. © 2013 IBM Corporation61
Mobile
Add an application
- 62. © 2013 IBM Corporation62
Mobile
Download the application on the device
- 63. © 2013 IBM Corporation63
Mobile
Provide feedback and/or switch back
- 64. © 2013 IBM Corporation64
Mobile
Display the feedback from the App Center
- 65. © 2013 IBM Corporation65
Mobile
Architecture of the Shell-based Application
Architecture
• The Shell consists of native and web code
• Inner app consists of web code only
Native access
• The Shell provides JavaScript access to native
device capabilities
Sandbox
• The Shell can restrict inner apps from accessing
unsanctioned native and JavaScript functions
Customization
• The Shell can include custom native and web
libraries and APIs, branding resources,
authentication, and integration components
• API restrictions are also customizable
Diversity
• Company may distribute multiple shells for different
trust levels, authentication types, corporate
departments, etc.
Customizable Native Shell Code
Device APIs
Mobile Browser
Customizable
Web Shell Code
Inner
Application
Web Code
- 66. © 2013 IBM Corporation66
Mobile
The Shell-based Application
Shell Team
• Security configurations
and audits
• Authentication
• Mobile expertise
Inner App Team
• Business logic
• Develop the UI
• Data integration
Reducing the barriers of mobile development, making it ubiquitous
across the organization, by compartmentalizing skill-sets and
responsibilities
Distributed App
• Shell fed by repository
• Shell fused with app
• Shell packaged with
directory
App
Stores
Server
App
Stores