3. IBM Mobile Enterprise
Mobile is a mandatory transformation
10 Billion devices
by 2020
61% of CIOs put
mobile as a high
priority
45% increased productivity
with mobile apps
3
4. IBM Mobile Enterprise
With enormous opportunities
Business to Enterprise Business to Consumer
• Increase worker productivity • Improve customer satisfaction
• Improve claims processing • Deeper customer engagement and
• Extend existing applications to mobile loyalty
workers and customers • Drive increased sales through
• Increase employee and business personalized offers
partner responsiveness and decisions • Customer service
• Resolve internal IT issues faster • Competitive differentiator
• Reduce personnel cost utilizing • Improve brand perception
personal devices • Deeper insight into customer buying
behavior for up sell and cross sell
4
6. IBM Mobile Enterprise
How do we have to think about mobile differently?
Platforms Apps
• Networks Business • Smarter Commerce
Vodafone • Devices strategy and • Social Business
• OS’s planning • BI & Analytics
Process & • Etc.
transaction integrity
Full lifecycle solutions
Open cross-platform
development
End-to-end security and
management
Integration with backend systems,
enterprise data and cloud
IBM Mobile Enterprise
6 Open Governed Integral
7. IBM Mobile Enterprise
IBM strategy addresses client mobile initiatives
Extend & Transform Build & Connect
Extend existing business Build mobile applications
capabilities to mobile devices Connect to, and run
Transform the business by backend systems in support
creating new opportunities of mobile
Manage & Secure
Manage mobile devices, services
and applications
Secure my mobile business
7
8. IBM Mobile Enterprise
A deeper look at Extend & Transform capabilities
Extend & Transform Build & Connect
Extend existing business
capabilities to mobile devices
Transform the business by
creating new opportunities
Key Capabilities
• Strategy, planning and implementation
• Mobile-enabled solutions including
analytics, commerce, and social
business
• Mobile as a service
Manage & Secure
8
9. 9
IBM Mobile Enterprise
IBM Software Services for Mobile Foundation
A comprehensive suite of capabilities for your mobile initiatives
Helping you address your mobile
challenges:
Build a mobile strategy
Use mobile to Create new
business opportunities
Design an optimized mobile experience
Develop and Deploy mobile apps that
target multiple platforms using best
practices
Integrate with your enterprise
9
10. IBM Mobile Enterprise
A deeper look at Build & Connect capabilities
Extend & Transform Build & Connect
Build mobile applications
Connect to, and run
backend systems in support
of mobile
Key Capabilities
• Mobile web, hybrid and native
app development
• Enterprise data, service, and
application integration
• Enterprise wireless
networking
Manage & Secure
10
11. IBM Mobile Enterprise
Key Build & Connect challenges
Fragmentation / Consumerization / Time to market / Reutilization
Delivering for multiple platforms Consumerization of IT and need to
deliver high quality apps
• Highly fragmented set of … • High quality user experience is a
• Platforms and devices requirement
• Languages, APIs, and tools • Quality influenced as much by
• Native programming models not design as it is by function
portable across platforms
Accelerated time to market Connecting apps and mobile users
requirements with existing enterprise systems
• Higher frequency of releases • Existing services typically need to
and updates be adapted and extended for
• Added pressure on teams to mobile
deliver on time and with quality • Enterprise wireless networks are
running out of bandwidth to
accommodate employee devices
11
12. IBM Mobile Enterprise
Build, connect, manage and secure your mobile enterprise
IBM Mobile Foundation
Includes
• IBM Worklight
• IBM WebSphere Cast Iron
IBM Mobile • IBM Endpoint Manager for Mobile
Foundation Devices
Plus New Services Offering
• IBM Software Services for Mobile
Foundation
Complementary Offerings
• IBM Solutions for Social Business
• IBM Smarter Commerce
• IBM Exceptional Web Experience
• IBM Rational Collaborative Lifecycle Management
• IBM WebSphere Message Broker and DataPower
• IBM Secure Access Manager (ISAM)
12
13. IBM Mobile Enterprise
Delivering for multiple mobile platforms
IBM Worklight
Fast and cost-effective development, integration and management of rich, cross-
platform mobile applications Client Challenge
Using standards-based technologies and
tools and delivering an enterprise-grade
services layer that meets the needs of
mobile employees and customers
Key Capabilities
Mobile optimized middleware
• Open approach to 3rd-party integration
• Mix native and HTML
• Strong authentication framework
• Encrypted offline availability
• Enterprise back-end connectivity
• Unified push notifications
IBM Worklight is not only about • Data collection for analytics
mobile app UI creation but is a full • Direct updates and remote disablement
mobile middleware.
13
15. IBM Mobile Enterprise
IBM Worklight components
IBM Worklight studio
The most complete, extensible environment with
maximum code reuse and per-device optimization
IBM Worklight server
Unified notifications, runtime skins, version
management, security, integration and delivery
IBM Worklight runtime components
Extensive libraries and client APIs that expose and
interface with native device functionality
IBM Worklight console
A web-based console for real-time analytics and control
of your mobile apps and infrastructure
15
15
16. IBM Mobile Enterprise
IBM Worklight application types
BrowserApps
Web Access
Browser Access Hybrid Apps - Web
Hybrid Apps Web
Hybrid Apps - Web Hybrid Apps - Mixed
Hybrid Apps - Mixed Native Apps
Native Apps
Native Apps
Written in HTML5 HTML5 code and User augments Platform-specific.
JavaScript and IBM Worklight web code with Requires unique
CSS3. Quick and runtime libraries native language expertise, pricy
cheap to develop, packaged within for unique needs and long to
but less powerful the app and and maximized develop. Can
than native. executed in a user experience. deliver higher
native shell. user experience.
Mobile Browser Native Shell Native Shell Native App
1001010101011101001
Web Code Web Native 0100100101011101001
0011010101010100100
Web Code <!DOCT 100101 1001011110010011001
<!DOCTYPE html 010101 0101010010101010100
PUBLIC YPE
html 110100 1010101010101010101
<!DOCTYPE html <html> 101010
PUBLIC <! - - created 2003-12-1 PUBLIC 0111111000001010101
created 101010
<html> <head><title>XYZ</title 100100 0101010010010101010
<! - - created 2003-12- </head> 2003-12
</p> 100101 1010100011110101000
12 - - </body> 111001 1111010100111010101
<head><title>XYZ</title </html> </body>
</html> 001100 1111001011011110100
> 10
</head>
<body>
</p>
</body>
</html>
Device APIs Device APIs Device APIs
Browser Access Downloadable Downloadable Downloadable
16
16
17. IBM Mobile Enterprise
Downloadable (native) apps
High-quality user
experience and full
Application device access.
File System
Stores (on mobile device)
Platform-specific,
requires unique
Native App expertise, expensive to
(Java/Objective-C/C#) develop and maintain.
Mobile Operating System
17
17
18. IBM Mobile Enterprise
Web apps
Web Server Written in HTML5
JavaScript and CSS3.
Mobile Browser Quick and cheap to
develop.
Native App
(Java/Objective-C/C#) Less powerful than
native and limited
device access.
Mobile Operating System
18
18
19. IBM Mobile Enterprise
Hybrid apps
Combines best of both
worlds:
Application File System
Stores (on mobile device) Primarily written in
HTML5, CSS, JS while
Native Container
allowing full access to
device capabilities.
HTML, CSS, JavaScript
Mobile Operating System
19
19
20. IBM Mobile Enterprise
IBM Worklight shell approach
Trusted Allows development of
App downloadable apps
Repository without any knowledge
File System of native development
(on mobile device) languages.
Native Container (“Shell”)
with custom functionality Dedicated teams with
for performance and native expertise can
security provide custom native
HTML, CSS, JavaScript capabilities and
security functions to
Mobile Operating System app developers.
20
20
21. IBM Mobile Enterprise
IBM Worklight Studio
• Eclipse-based IDE
• Combining native and standard web
technologies in one multiplatform app
• Environment-specific optimization
• 3rd-party libraries integration
• Device SDK integration
• Back-end connectivity utilities
21
22. IBM Mobile Enterprise
IBM Worklight Studio
Integrated Development
Environment
(Eclipse Plug-in)
Application development
using native and/or
familiar web
technologies:
• HTML5
• CSS3
• JavaScript
Integrated device SDKs
allow direct access from
within the IDE to
emulators and code
debugging utilities
22
23. IBM Mobile Enterprise
Unlimited application functionality
• Full access to device features
• Integration of 3rd-party libraries, both JavaScript and native
• Application store ready
• A variety of application types:
• Downloadable apps
• Mobile Web apps
• Desktop gadgets and Web widgets
23
24. IBM Mobile Enterprise
Single shared codebase
Common code placed
in primary file
Environment optimization
code is maintained
separately
24
27. IBM Mobile Enterprise
Integrating best-in-class tools
IBM Worklight is compatible with prominent HTML5 libraries and tools:
27
28. IBM Mobile Enterprise
Runtime Skins – Use cases
Different
Screen Sizes
Different
Screen Densities
Different
Input Method
Support
for HTML5
28
29. IBM Mobile Enterprise
Hybrid Coding – Native and web
Combine HTML5 and
native-based pages in the
same application
Call native code from
HTML-based pages
Display HTML and native
components together on
the same page
29
30. IBM Mobile Enterprise
Hybrid Coding – Why mix native and web?
Write the majority of the code in
reusable web languages
Maximize user experience and achieve
unique functionality with native code
30
31. IBM Mobile Enterprise
The Shell-based application
Reducing the barriers of mobile development, making it ubiquitous across the
organization, by compartmentalizing skill-sets and responsibilities
Shell Team Inner App Team Distributed App
• Security configurations • Shell fed by repository
• Business logic
and audits • Shell fused with app
• Develop the UI
• Authentication • Shell packaged with
• Data integration
• Mobile expertise directory
Server
App
Stores
App
Stores
31
32. IBM Mobile Enterprise
Architecture of the shell application
• Architecture
• The Shell consists of native and web code
Customizable Native Shell Code
• Inner app consists of web code only
Mobile Browser
• Native access
• The Shell provides JavaScript access to native
device capabilities Inner
Application
• Sandbox Web Code
• The Shell can restrict inner apps from accessing
unsanctioned native and JavaScript functions
Customizable
• Customization Web Shell Code
• The Shell can include custom native and web
libraries and APIs, branding resources,
authentication, and integration components
• API restrictions are also customizable
• Diversity Device APIs
• Company may distribute multiple shells for different
trust levels, authentication types, corporate
departments, etc.
32
33. IBM Mobile Enterprise
IBM Worklight Server
• Distribution of mobile web apps
• Enterprise connectivity:
• Secure client/server connectivity
• Direct access to enterprise back-end data and transaction capabilities
• Authentication enforcement
• Client control:
• Application version management and remote disabling
• Direct update of application code
• Unified Push Notifications
• Aggregation of usage statistics
33
34. IBM Mobile Enterprise
Back-end integration
Secure back-end
integration
XML-based declarative
specification
Multi-source data mashups
Eclipse plug-in supporting
auto-complete and
validation
Simplified adapter testing
Server-side debugging
Web services and JDBC
integration
Access to session data and
user properties
34
34
35. IBM Mobile Enterprise
Direct Update – On-device logic
1. Web resources
packaged with app to
Native Shell ensure initial offline
1 Download availability
Pre-packaged
resources 2. Web resources
App Store
transferred to app's
2 Transfer cache storage
3 Check for 3. App checks for updates
updates
• On startup
Cached • On foreground
IBM resources
Worklight Web
server resources 4. Updated web resources
Update
4 web downloaded when
resource necessary
35
36. IBM Mobile Enterprise
Direct Update - Distribution
V1.0
V1.0
Native
Shell
Web Code
Web IBM Worklight Server Updated Web
Resources Resources for V1.0 <!DOCTYPE
html PUBLIC
<html>
<! - - created
2011-12-1
<head><title>X
YZ</title
IBM </head>
</body>
</html>
Worklight Maintains recent web
resources for native apps V1.0 Updated Web
Studio Resources for V1.1
and V1.1
V1.1
V1.1
Native
Develop: Shell
Web Code
•Native app
•Web resources Native + <!DOCTYPE
html PUBLIC
<html>
Application Stores (*) <! - - created
Web Download 2011-12-1
<head><title>X
YZ</title
</head>
Resources </body>
</html>
(*) During development cycles, testers automatically get recent web resources via
internal distribution mechanisms and not application stores.
36
37. IBM Mobile Enterprise
Unified Push Notifications
IBM
Apple
Notification iOS Worklight
Polling iOS Push
State Push Client-side
Adapters Dispatcher Servers
Database API Push
(APN)
Services
Unified Push
Back-end API
Systems IBM
Google
Message- Android Worklight
User-device Android Push
based Push Client-side
Database Dispatcher Servers
Adapters API Push
(C2DM)
Services
Administrative Console
37
38. IBM Mobile Enterprise
Flexible Push Notification Framework
One application multiple devices
One application multiple devices
Multiple event sources used in same app
Multiple event sources used in same app
Multiple apps using the same event source
Multiple apps using the same event source
Multiple users logging into the same app
Multiple users logging into the same app
38
40. IBM Mobile Enterprise
Device runtime components
• Framework for server integration:
• Secure server connectivity
• Authentication
• Remote disable & notification
• Push registration
• Dynamic page loading & caching
(coming soon)
• Event reporting for analytics & audit
• Cross-platform compatibility layer
• Runtime Skins
• Secure encrypted storage
40
41. IBM Mobile Enterprise
IBM Worklight Console
• Application Version Management
• Push management
• Usage reports and analytics
• Reports of custom application events
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems
41
42. IBM Mobile Enterprise
Session authentication management
Step 1 – Unauthenticated session
1. Call Protected
1. Call Protected IBM Worklight
Procedure
Procedure Server
Access denied - session is
2. Request unauthenticated or expired
2. Request
Authentication
Authentication
Session:
•Created on first access from client
•Identified using session cookie
•Associated data is stored on the server
42
43. IBM Mobile Enterprise
Session Authentication management
Step 2 – Authentication
1. Obtain credentials from
1. Obtain credentials from
IBM Worklight
user and device
user and device Server
2. Forward credentials
2. Forward credentials Process authentication data
3. If necessary:
3. If necessary:
•Consult with authentication servers
•Consult with authentication servers
•Receive authentication token
•Receive authentication token
•Associate token with session
•Associate token with session
43
44. IBM Mobile Enterprise
Session Authentication management
Step 3 – Authenticated session
1. Procedure call on
IBM Worklight
1. Procedure call on
authenticated session
authenticated session Server
Authenticated token
associated with session
3. Procedure result
3. Procedure result
Session ID Auth
Tokens/State
2bd4296a3 Realm 1:
f2 25418
25617ff82a Realm 2: -----
1:
9 --- 2.
2. Access back-end service
Access back-end service
using authentication token
using authentication token
89a77921b Realm 2:
1:
0 a6ca9
7b8fdf
Realm 2:
6a8a3
44
45. IBM Mobile Enterprise
Dynamic control of deployed apps
• Centralized control of all installed applications and adapters
• Remotely disable apps by device and version
• Customize user messages
45
48. IBM Mobile Enterprise
Mobile security measures
Mechanism Benefits Details
Encrypted offline • Protect against stealing • Uses AES256 and PCKS #5 for on-device encrypted storage of app-generated
cache data, with random server-generated numbers for high security
sensitive information via • Allows user authentication when server is offline
malware, stolen devices • Implemented in JS (highly obfuscated) with optional native performance
enhancements
SSL identity • Protect against man-in-the- • Client-side AJAX framework automatically verifies IBM Worklight-server
credentials
verification for middle attacks
AJAX code
Client • Prevent impersonation by • Challenge-response based mechanism for proving client-application identity
• Uses tamper-resistant self-inspecting code
attestation phishing apps
• Protect apps from
manipulation by malware
Remote code • Ensure timely propagation of critical • New versions of the code can be distributed without requiring update of the app
updates security updates to entire install (currently JS/HTML)
base
Remote disable of • Ensure timely propagation of critical • Server-side console allows configuration of allowed app versions. Administrator
specific versions security updates to entire install can force users to install security updates to the native code
base
Authentication • Lower the cost and • Server-side architecture for integration with back-end authentication
process framework infrastructure based on JAAS, with Authentication realms
complexity of robust • Client-side framework for asynchronous login requests on session expiration
integration with the
authentication
Server-side • Prevention of SQL injection • Prepared-statement enforcement
infrastructure
safeguards • XSRF protection • Validation of submitted data against session cookie
Device identification • Prevent account-hijacking • Safely report device ID to the server
• Identifying a user with specific devices
48
49. IBM Mobile Enterprise
Mobile security measures - Continued
Mechanism Benefits Details
• Leverage existing • Client side mechanism obtains and encrypts user credentials, sends to the server
Enterprise SSO with requests
enterprise authentication • Encryption incorporates user-supplied PIN, Server-side secret and DID
integration
facilities and user • Credentials cannot be retrieved from lost or stolen device
credentials
• Enable employee-owned
• Enable the secure delivery • Client side and server side framework act as SSL based VPN
devices • Network access control and policies pre-configured in the client side framework
VPN alternative and operation of mobile layer
applications for employee • Network access and security measures updated using server side framework
owned devices or device • On device encrypted storage to prevent compromise of sensitive data
types not allowed on the
corporate network
• Enable the secure delivery
in cases where the
installation of VPN client on
mobile devices is not
possible or complicated to
manage
49
50. IBM Mobile Enterprise
Ensuring application performance
Network Access Mechanisms
•APIs for network-, device-, and location-based behavior
•Enabled background operations
•Mobile-friendly slim JSON protocol for data transfer
•Reduced online traffic via backend data mashups
•Secure on-device storage
Code Management Mechanisms
•Use of high-performing CSS3 and HTML5 code
•Use of Fragments loads only relevant code
•Pre-packaged app resources eliminate loading time (Hybrid Apps)
•OTA updates are zipped and include only relevant skins (Hybrid Apps)
•Automatic HTML5 cache manifest by the server (Web Apps)
50
51. 5
1
IBM Mobile Enterprise
Rapid, simple & flexible connectivity for mobile apps
WebSphere Cast Iron Cloud integration
Simple and flexible integration for all connectivity projects, allowing you to rapidly
integrate SaaS and back-end systems with mobile apps
Client Challenge
Simplified and cost effective mobile
integration to back-end systems and cloud
Key Capabilities
• New Cast Iron Worklight connector to expedite
mobile applications connectivity challenges. Can
be extended with native connectors and template
integration processes (TIP’s) to connect mobile
apps to backend & cloud systems, reducing
project costs up to 80%
• Bidirectional connectivity and business logic to
increase data quality and streamline business
processes
• Centralized monitoring
• Simple and flexible, user-friendly, wizard-based,
“configuration, not coding” architecture provides
best-practices and repeatable mobile integration
51
52. IBM Mobile Enterprise
Extend back-end to mobile
IBM WebSphere Message Broker
•Simply Connect FROM anywhere TO
anywhere
•Simple & Easy –to Install, Learn,
Develop, Deploy and Manage
•Visually Map and Transform between
any two message or file formats
Connect Everything to Everything
Apps Microsoft
Microsoft MATCHES & ROUTES communications
between services
Dynamics Web Services TRANSFORMS
Dynamics Web Services •
between different data formats
CONVERTS
BAM MQ,JMS,MSMQ between different transport protocols
MQ,JMS,MSMQ
IDENTIFIES & DISTRIBUTES business
events
Databases z/OS, AS400
z/OS, AS400
52 Databases
53. IBM Mobile Enterprise
A deeper look at Manage & Secure capabilities
Extend & Transform Build & Connect
Manage & Secure
Manage mobile devices, services Key Capabilities
and applications • Mobile lifecycle management
Secure my mobile business • Device analytics and control
• Secure network communications & management
53
54. IBM Mobile Enterprise
Next Steps
• To learn more about IBM’s mobile enterprise, go to: http://www-
01.ibm.com/software/solutions/mobile-enterprise/
• To learn more about IBM Mobile Foundation go to:
www.ibm.com/software/mobile-solutions
• For additional information on IBM Worklight go to:
http://worklight.com/product/demo/
• To try IBM Worklight mobile platform, register for the trial download
at: www.ibm.com/worklight-trial
• Watch this informative webinar: Harnessing the Power of Mobile in the
Enterprise
54
55. IBM Mobile Enterprise
More information
• IBM Mobile Enterprise Community http://ibm.co/LGFc7o
• IBM Mobile Enterprise on IBM.com → http://ibm.co/wkGIUQ
• IBM Mobile Enterprise Sales Kit → http://bit.ly/LBu2Uh
• IBM Mobile Foundation brochure → http://ibm.co/IRa55
• IBM Worklight data sheet → http://ibm.co/Kp8Bpg
• IBM Worklight Sales Kit http://bit.ly/LnNm7T
• IBM Endpoint Manager for Mobile Devices data sheet → http://bit.ly/Jym5j2
• Comcast/Worklight client video → http://bit.ly/Kuz1oZ
• IBM Mobile Foundation getting started WIKI → http://bit.ly/GettingStartedMobile
• Personal page: ibm.co/OCNTC6
55