baramundi IEEM or: How I learned to stop worrying and love the mobile office
Most users are happy about working remotely from home or otherwise out of the office. Most IT administrators on the other hand… well… not so much. But actually, Internet Enabled Endpoint Management is a really smart solution to this problem.
- IEEM (Internet Enabled Endpoint Management) makes the management of external devices without a direct network connection possible. For this it uses a gateway DMZ.
- It also supports mobile devices, which are then managed via cellular connections.
- With IEEM, timely security updates are no problem at all, no matter where a device is located.
IT folks definitely get the appeal of WFH, but it introduces new headaches and serious challenges for endpoint management and security:
- Remote PCs and mobile devices operate without the protections of enterprise-grade firewalls and network security procedures.
- Users may forget to use a secure VPN connection
- The catch-22 of VPNs: hard to manage without encrypted VPN connections, hard to manage with them.
- Devices frequently connect to unsecured public networks.
- Prompt and uncomplicated management procedures are possible only when the device is connected on the internal company network or via a VPN connection. That delays deployment of needed security updates.
Those factors make remote and mobile devices – and the company network - more vulnerable to malware and other exploits.
Us IT types are inclined to think that there must be a technical solution for this. Turns out there is.
Internet Enabled Endpoint management - IEEM for short - enables the secure management of external devices without relying on a secure internal network connection or a VPN. In practical terms, IEEM lets you manage every endpoint as if it were on the internal network.
IEEM uses a Windows server as a gateway installed in your network DMZ. This gateway is given a public IP address or a DNS name for access via the Internet. It’s secured by an SSL certificate to ensure that all connections are encrypted. In addition, an Allowlist ensures that only authorized devices may communicate via the gateway.
baramundi IEEM is implemented in three different modes:
- LAN mode: Devices have no access to the gateway and communicate exclusively via the internal network.
- Internet mode: Devices communicate with the company network exclusively via the gateway.
- Dynamic mode: Devices access the company network via the gateway only if a baramundi server is not reachable on the internal network.
Using IEEM, even mobile devices that access the company network sporadically based on connection availability and quality are not a problem because data transfer is carried out using baramundi Background Transfer (bBT). Based on Microsoft BITS technology, bBT ensures that if a connection is interrupted, the transfer continues from the point that the connection dropped as soon the link is re-established. That allows large amounts of data for things like OS or app installations or updates to be transferred when devices have spotty connections for whatever reason.
Another advantage of IEEM is that the gateway enables management of smartphones, tablets and other mobile devices in our Mobile Devices Management MDM/EMM module. The MDM module enables full-featured management of devices via LTE/GSM or WLAN connections.
An endpoint device can be managed via IEEM as long as it has Internet access. The user does not need to establish a VPN connection before you can do what needs to be done. Security updates are distributed promptly and device status is updated and inventoried.
For IT admins, IEEM means you no longer have to worry so much about remote and mobile endpoint management. It makes WFH a lot closer to being pretty great.