Enabling carriers and MSPs in the cloud mobile era with IBM MaaS360’s multi-tenant capabilities

Tens of thousands of clients use MaaS360 everyday to provide unified management (for mobile, PC and Mac).  These clients benefit from the simplicity, scalability and security of the SaaS platform.  This was recognised in the recent Forrester Wave: Enterprise Mobile Management, Q4 2015, which highlighted “MaaS360 product allows customers to easily add modules with appropriate functionality as they need them. the vendor provides customers with a wide variety of mobility and security tools via integration of the EMM product with other IBM MobileFirst products such as ISAM for identity and access management, the MobileFirst platform for application development, and QRadar for security intelligence“.

Many clients also turn to external IT services providers (particularly Mobile Service Providers) to operate their mobile infrastructure and BYOD initiatives.  With Mobile Managed Services (or MMS) are expected to grow at around 27% per year through 2016, it’s a strategic managed service provider capability.  Therefore, MaaS360 can provide the perfect platform for any MSP organisation of any size.

MaaS360 – Built with multi-tenancy services

Analysts and clients recognise MaaS360 provides a mature shared-processing multi tenant architecture, which is the best-in-class cloud among ranked EMM vendors.  MaaS360 initially provided management of Windows PCs and Mac OS X (which is why it can managed older operating systems as old as Windows XP SP3!)   The platform has evolved to support a large variety of mobile operating systems including a secure productivity suite (or container) for iOS, Android and Windows Phone.

MaaS360 provides inherant multi-tenancy services, which provides the following services for a MMS organisation:

  • Multi-Tenant Hierarchy
  • Easily supports multi-channel model
  • Easily onboard new customers/partners
  • Single login to manage customers
  • Branding
  • Dashboards and Reports

This is depicted in the following diagram:

MaaS360 multitenant architecture

These services are provided on a highly secure platform, which is all managed by IBM.  For example, IBM MaaS360 is the only Unified Endpoint Management (Mobile and PC including Windows XP, 7, 8, 10 & OSX) SaaS platform have successfully completed a SOC 2 Type II audit since 2007.  In addition, MaaS360 also has FedRAMP mobile authorisation. With IBM MaaS360, your clients data is safe.

maas360 certs


Benefits of using MaaS360 for an MSP

The MaaS360 MSP portal can allow an authorised administrator to create and manage separate customer accounts.  Each customer account is completely separate from the other.  This allows an MMS complete visibility and control of each customer they are managing.

MaaS360 MSP portal
Account Management
Via the MaaS360 portal each mobile managed services provider can generate their own trial registration URL.  This allows MMS to allow clients to start production trials within a few minutes in their own MSP portal.  This URL can include associated branding and customisation.  A good example is the trial registration link for O2 in the UK.

Various elements of MaaS360 can be easily branded via the MSP portal.  This includes the trial registration page, service name, portal logo etc.  Elements of MaaS360 can also be branded for each client of the MSP too (such as inside the Secure Productivity Suite, the logo can be changed).


MaaS360 provides a range of client and MSP reports.  For example an MSP can easily see what clients are in a trial phase and which are production:

MaaS360 MSP Account Overview

The good news for an MSP, is that there is no charge to change a trial account to a customer (live) account. It’s simply a change of status from within the portal.  Each client will have been testing using a production service.

Integrate to on-premises systems with certainty
The MaaS360 on-prem components such as the Cloud Extender and Enterprise Gateway can be installed and activated within a few minutes.  The CE/MEG are integrated into a single installer, and communicate to the MaaS360 cloud via port 443 (and via customer proxy systems).  The CE/MEG provide health check alerts, which provide alerts to an administrator if the CE or associated systems such as Active Directory or Exchange is unavailable.

MaaS360 CE Health Check

For an MSP organisation, all of these features result in less installation and ongoing effort to manage and maintain.


Unified Management
MSP organisations are also branching into other platforms such as PC and Mac management (which have traditionally been serviced by on-prem solutions).  MaaS360 can provide a range of more advanced services that other MDM solutions don’t provide.  For example:

  • Lock
  • Shutdown
  • Restart
  • Remote Wipe
  • Distribute Software (PC and Mac)
  • Distribute software for Windows PC and Mac OS X
  • Patch compliance for Windows

I’ve provided a link to the full list of services for PC and Mac.

Integrated Threat Protection
MaaS360 is the only leading EMM with integrated mobile anti-malware capability.  This includes anti-malware services for iOS and Android.  Here is a link to a great video overview.


Power your MSP business with MaaS360

MSP organisations are looking unified endpoint management solutions with zero infrastructure requirements.   When we’ve outlined some of the above features with organisations, they recognise how MaaS360 can provide a powerful platform for their clients.   Of course, if you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/trial.

If you would like further information, you can contact me via my blog contact page.



Unified Reporting with IBM Endpoint Manager and MaaS360

IBM has released a new extender for IBM Endpoint Manager (IEM) to MaaS360.  The extender (or connector) allows MaaS360 mobile device information to be accessible within IEM alongside PC, Mac and Server endpoints.  Hence the Unified Reporting capability.

The setup is relatively straightforward and the development team have created some excellent documentation here.   With some information provided by Fiberlink which is specific to your MaaS360 account, you’re ready to get started.

You start by activating the MaaS360 site and deploying the Management Extender for MaaS360.   I decided to use a dedicated virtual machine which was already an IEM relay in my test environment.

The only issue I came across was the information I received wasn’t correct for my MaaS360 account.   I was provided a Platform ID of 3, and the extender didn’t function after I configured it.  After re-confirming this with ops@fiberlink.com, they provided a Platform ID of 5 for my account.   The extender was then configured correctly, and a list of mobile devices from my MaaS360 account was displayed!

I’ve included a bunch of screen captures from the setting up the extender, to the list of devices, and drilling down to an iOS device and obtaining inventory information and sending commands to a device.

This capability allows clients to view a mixture of endpoint types from a single console.   I expect more integration will be progressively released over time.



IBM Fiberlink MaaS360 a Leader in the 2014 Gartner Magic Quadrant for Enterprise Mobility Management

MaaS360 has earned IBM Fiberlink a leadership position in the Magic Quadrant for the 3rd year in a row.

IBM was selected a Magic Quadrant leader for Enterprise Mobility Management (EMM) based on completeness of vision and ability to execute.

Gartner highlighted the MaaS360 mature shared-processing multi tenant architecture.  In addition, reference customers who consistently praise MaaS360’s ease of use for both end-user and administrator.


MaaS360 is one of the few MDM products, where you can literally use their MDM product in minutes.  A customer can register their details at www.maas360.com for a 30 day trial, and take it for a test drive within minutes

Get your complimentary copy of Gartner’s latest report for in-depth analysis of where enterprise mobility by registering your details here.

Please contact me if you need any information on MaaS360.


MaaS360’s Secure Productivity Suite for Windows Phone 8

MaaS360’s Secure Productivity Suite (SPS) or secure container is available on iOS, Android and now Windows Phone.  Clients have been particularly interested in MaaS360’s secure container for Windows Phone.  The different mobile experience and something different is quite a discussion point in live demonstrations. 

Organisations realise that Windows Phone will be a viable third force in mobile devices.  Windows Phone 8 is just beginning to see broader adoption in the U.S. and in Europe, and I’d agree in Australia and Asia Pacific too.

I’m still looking for a OS X / iPhone Reflector equivalent for Windows Phone (if possible) for live demonstrations.  So for the clients who have asked, I wanted to share a number of screen captures of Windows Phone 8 running the MaaS360 SPS (‘secure container’).

You’ll notice the MaaS360 SPS not only features email and calendar, but also the ability the securely share documents and your internal web resources via the secure browser.

I look forward to doing more testing with the Windows Phone 8 and MaaS360, and demonstrating this capability to our clients.

If you have any questions, head to the MaaS360 MDM forum.  If you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/IBM.


Remote Control a Samsung Galaxy with MaaS360

Samsung Australia were kind enough to loan me Galaxy Note 3 to test it’s capabilities with MaaS360. It’s a fantastic smartphone and the screen resolution was amazing.

MaaS360 provides a range of Android device management.  Samsung have extended this capability for their devices via Samsung SAFE (Samsung for Enterprise).   MaaS360 also has the capabilities to provide remote control of these devices, just like a traditional PC or Mac.

Enrolling a device to MaaS360 is very simple.  The administrator can configure all users to enrol in a pre-defined URL, which they can then be authenticated to a companies Active Directory server.  The following are a set of screen captures when I enrolled my device.

The Samsung phone would then register to MaaS360 and I could then manage the device.  I was then able to distribute the MaaS360 Remote Control application.

MaaS360 Remote Control

The user would install the application as shown in these screen captures:

The MaaS360 administrator can then select to remote control the device as shown:

Samsung Remote Control 1

The user is then prompted on their phone to accept remote control.

Samsung Remote Control 2

After a few seconds, the administrator can view and take control of the device as shown in this video.

If you have any questions, head to the MaaS360 MDM forum.  If you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/IBM.


Setting up the MaaS360 Cloud Extender

MaaS360 is a multi-tenant SaaS based Enterprise Mobility Management (EMM) solution.  It not only manages mobile devices (iOS, Android, Windows etc) but also your traditional Windows and Apple Macs (OS X) too.  To provide visibility of a companies internal resources such as Active Directory, Exchange, Domino or Blackberry in a secure manner to MaaS360,  Fiberlink created the “Cloud Extender” (CE).  The Cloud Extender is a small Windows application that you can install on an internal Windows server (physical or virtual machine) as shown in the following diagram:

Cloud Extender

This article details how I setup the Cloud Extender in our lab running on Softlayer, which consists of Active Directory (x2) and Exchange 2010 server (I tested with the Exchange 2007 Exchange Management Tool and PowerShell options below).

Setting up the Cloud Extender on your internal server

  1. The setup guide and Cloud Extender Configuration Tool executable is available from the Setup MaaS360 console as shownActiveSync Manager
  2. On your nominated intranet server, run the MaaS360_Cloud_Extender.exe and follow the defaults until it is installed.
  3. Run the Cloud Extender Configuration Tool and select if it’s communicating to the Internet directly or via a proxy.  The CE needs communication to *.fiberlink.com and *.maas360.com on ports 80 and 443:1 - Cloud Extender
  4. Select the Services to be configured.  You can select various Exchange versions, Lotus Traveller, Blackberry BES, User Authentication (Active Directory or LDAP), User Visibility (Active Directory or LDAP) and Certificate Integration:2 - Services
  5. The Cloud Extender Configuration Tool runs a series of prerequisite checks:3 - Config Tool
  6. I next configured the Service account to communicate to Active Directory and Exchange.  I then tested Authentication:5 - Test Extender

    4 - Configure Services Account
  7. I didn’t apply any device managmeent restrictions as shown below:5- Exchange Integration5- Exchange Integration 2
  8. The Cloud Extender then completes it’s configuration and it automatically downloads any required components from MaaS360:6 - Extender Status
  9. The Cloud Extender has an Automatic Software Update feature which is nice.  Finally click Finish.7 - Auto Updates

Cloud Extender from the MaaS360 console

Now login to the MaaS360.com console and select Setup and Cloud Extender.  You can see the range of services configured and last communication times.

9 - Cloud Extender

You can then run a series of tests to ensure the Extender running correctly.

10 - Test Action

So that’s it!  Incredibly easy and I took less than 30 minutes to walk myself through the installation and configuration.  If you have any questions, the MaaS360 MDM forum looks a great place look first. Of course, if you would like to try out MaaS360, you can register for a free 30-day trial by going to www.maas360.com/IBM.


IBM Closes Acquisition of Fiberlink Communications

Today IBM announced the aquisition closure of Fiberlink Communications.  Fiberlink have developed an amazingly simple to use Enterprise Mobility Management (EMM) service.  MaaS360 is one of the few MDM products, where you can literally use their MDM product in minutes.  A customer can register their details at www.maas360.com for a 30 day trial, and take it for a test drive within minutes.  No waiting for sales contacts to contact you first,  no migration to other services if you like to use the product after the trial.


I’ve found MaaS360 extremely easy to use.  Which is feedback I’ve also heard from clients evaluating other MDM solutions.  The MDM in minutes video provides a great overview:

The team at Fiberlink also provide PC and Mac management, which is based on IBM Endpoint Manager (BigFix) technology.  So I look forward sharing with you how IBM Endpoint Manager technology will integrate with MaaS360 in the future.  I’ll also post my experiences and insights into MaaS360 on this blog too.