bMS Release 2020 R2: OT Security, Apple MDM, cloud monitoring and enhanced patch management
As we do with all twice-annual updates to baramundi Management Suite (bMS), bMS Release 2020 R2 delivers some great innovations, new and expanded features, and some smaller enhancements for the IT user experience.
Before I get into the highlights below, I want to thank everyone in the global baramundi user community for their suggestions, requests and ideas. It’s their input that inspires our great product development team to improve and expand bMS capabilities continuously. So, thank you!
Read on for the specifics of the new features and special treats in bMS 2020 R2.
We continued our innovation in IT-OT convergence by adding important new device security capabilities to the bMS OT Edition, a specialized version of the classic bMS for endpoint management in networked industrial production (Industry 4.0) environments.
The initial release of the OT Edition in May included the first module for automated inventory of Siemens SIMATIC S7 industrial control systems (ICS). That was an important building block for our OT management strategy because SIMATIC controllers are among the most widely deployed ICS devices in the world.
2020 R2 adds automated vulnerability scanning for the SIMATIC S7 using the new OT Vulnerability Identification module. The module automatically identifies system vulnerabilities and recommends remedial actions. For IT staff overseeing a production network, that eliminates the guesswork and lessens worries about unknown vulnerabilities. You get clear reports and can prioritize updates and patches accordingly.
We expanded data protection and MDM capabilities in 2020 R2 with support for Apple "User Enrollment". Similar to the existing support for Android Enterprise, User Enrollment simplifies BYOD management by enabling and enforcing strict separation of business and private data on iOS devices. What’s great about the new feature is that a user can place their own mobile device under corporate IT management for accessing company apps and data without exposing their own data and apps to IT staff.
User privacy is further ensured because they can remove their device from management at any time. IT managers at the same time can protect company data while giving the user access to what they need for work. If IT or the user removes the device from management only the company data is deleted. That way the user’s personal text, photos, videos, etc., aren’t blasted into digital never-never land.
(This might be apocryphal but is interesting nonetheless: About two years ago we read about a user who was leaving their job at a US company -- not a baramundi customer, btw. Their phone had company email and other data on it so IT promptly did a remote wipe as a standard offboarding procedure. Turns out the user was also a Tesla owner and the phone was their car key. It also had all of the phone numbers of family and friends, and the user could not remember their Apple ID password to access an online backup. It made for an interesting last day at work.)
Some iOS devices like iPads are also used for a single, dedicated purpose in sales and retail applications such as taking orders at a restaurant as a product configurator at a car dealership. Those often multiple users. This dedicated device mode - Corporate Owned Single Use (COSU) - is now easy to set up and manage on iOS devices with R2.
At the beginning of the year we added the new cloud-based Argus Cockpit IT system monitoring capability. It lets IT admins monitor the status of one or more bMS-managed IT environments securely via a browser from any location without the need for VPN access. It’s helpful for IT admins managing several networks via bMS servers (as MSPs do), or for checking to see if an important patch or software update deployment is encountering issues. Why wait until morning to find out that a patch deployed last night crashed the CEO’s or CFO’s PC and that want to have a word with you ASAP.
With R2, Argus capabilities have been expanded and are now customizable and very flexible: In addition to the job status, users can display relevant information about specific endpoints or groups of endpoints by configuring them with super-useful bMS Universal Dynamic Groups. This enables each user to display the performance values they want or need to see quickly. Even better, the IT department head can determine which IT staff can see which network segments or groups of endpoints based on their specific areas of responsibilities.
bMS 2020 R2 also marks the start of a long-planned project at baramundi: building the next generation of patch management functionality. The first step implemented in R2 is the ability to inventory and display installed or missing Microsoft updates. The status for each endpoint is shown in a compact, easy-to-understand graphical overview. That way you know exactly which machines have received which updates and – more importantly – which are missing important or critical updates.
By the way, admins can also set whether updates should be downloaded via WSUS from the company network or directly online from the Microsoft server. That’s really useful if you want to prevent hundreds of user computers from suddenly tying up network bandwidth with huge downloads (and then asking why the network and/or update is so slow).
2020 R2 also has a number of small but very useful feature improvements for the IT UX. For example, the baramundi License Management Module is now even easier to use thanks to a simpler assignment of installations to licenses. That speeds documenting new software installations, especially when you’re rolling out a package to 100s of computers. Also worth mentioning is the optimization of the transfer logic for end devices connected via the baramundi Gateway. Downloads of bMS updates via the 2020 R2 Gateway are now up to 25 times faster on slow connections.
If you want to get into the nitty-gritty of those and 2020 R2 enhancements we encourage you to check out the Release Notes available on the baramundi Forum.