In this article we will deal with mobile devices -smartphones and tables- by analyzing Cortado Corporate Server, a commercial product that helps MSP and IT professionals to manage the integration between personal and business devices, be it pure BYOD or situations where the company provides employees and collaborators with devices.
Overview and characteristics
This kind of software is commonly referred to as EMM, or Enterprise Mobility Management, and offers some common features: centralized management of mobile devices (MDM, or Mobile Device Management), management of installed applications, (MAM – Mobile Application Management) and management of on-board data and during the transmission. In addition to these three main characteristics, there are other useful features like secure access and sharing of files and, in the specific case of Cortado, printing straight from the device.
Being a product aimed towards MSP and companies, Cortado supports multi-tenant installations with a total separation of contents (SQL databases and Active Directory environments). In general the multi-tenant scenario is typical of Managed Service Providers, while the single-tenant one is oriented towards business on-premises situations. In both cases you can define which users will have access to the management interface and with which permissions level.
The pillars of the structure of Cortado are three: complete integration with Active Directory environments, safe encryption of data from and to controlled devices and a sophisticated online and offline authentication system. The first one allows to simplify the control on permissions and policies, thus avoiding another layer of users, groups and rule, the second guarantees data security during all phases of the process and the third offers a secure access to business resources everywhere and anytime.
This EMM supports the two main platforms, that is, Android and iOS. The close collaboration with Google and Apple allows Cortado to realize a product perfectly integrated with these two operating systems leveraging secure iOS (which requires a specific procedure) and Android for Work (with a dedicated procedure). Specifically, installing Cortado creates an isolated and controlled space (secure container) on the device where applications -native (email client, browser, etc..) and provided by the EMM- run.
Cortado Corporate Server naturally offers a secure remote access to business files and folders. This systems allows to minimize the storing of data (files, documents, emails, etc..) on the single device. Should the smartphone or tablet be lost, the platform offers a web interface accessible by the end user too, where one can authenticate and mark the device as “Lost”. Therefore the device is blocked and, if it’s not found, it can be re-initialized with different degree of severity: complete wipe, partial wipe or deletion of only company data stored within the secure container.
Mobile Device Management & Mobile Application Management
Going deeper into details of the two main features, let’s see how devices are managed once Cortado is installed. We’ve seen that the two supported platforms are iOS and Android: in both cases the installation is done from the play store, where the native application -20MB- is located. Server side, the management interface is HTML5-based. Once the app is installed, you need to load on the terminal a number of configuration files provided by the administrator, otherwise the software cannot be activated.
As described before, the installation of the MDM creates of a business container on the device, that is, an isolated instance with application data connected to the company environment. Compatibility with iOS and Google offers a total support to app and operating system updates of devices. In big sized situations and where particular setups are required, the integration with Window allows systems administrators to automate the procedure with PowerShell scripts. With regards to Mobile Application Management, Cortado allows a total management of the degrees of freedom of a terminal, also taking into account whether it’s in a BYOD or COPE context (ie device given by the company). For instance apps considered necessary for productivity can be distributed in On The Air (OTA) mode, while other can be blocked or added to blacklists. Email account configuration and any additional setting, like VPN networks or WiFi access credentials, can also be added via MAM.
An interesting option is to integrate third-party and ad-hoc applications in the business container, thus creating a sort of bundle that can be easily distributed, even in a large scale context, to mobile devices.
Cortado in practice
We have tried Cortado Corporate Server by installing the complete and free trial version and tested the different phases of installation and usage. You can download the software in a .zip file (with the Windows installer) after registering at this address.
Requirements are: Windows Server 2008 R2 or later (up to 2012 R2; on Server 2016 we have experienced problems related to IIS components that blocked the installation), at least 4GB of RAM memory and 3GB of storage space. However the installation cannot succeed unless the machine is part of a domain and not a domain controller; moreover, the user used to perform the installation must be a local admin (of the machine) but also a regular domain user and not a domain admin
Once the installation is done you can access the web management interface using the hostname chose during the setup as the browser address, https://cortado.guruadvisor.local/fw/CP in our case. In order to allow access to both user and admin portals, the hostname must be a FQDN reachable within the Internet, otherwise the application will run only on-premises.
By accessing the configuration area you can complete the integration with AD importing users, groups, policies and network shares: in addition you can create dedicated profiles for the configuration of Exchange to associate with users (and related devices) during the enrollment, as well as parameters for the connection to business wireless networks. The control panel has an area devoted to the configuration of the aforementioned business container, where you can define which apps are available for each user or group: enabled apps by default are Workplace and Personal Printing (Cortado native apps) and Remote Desktop by Microsoft.
Device enrollment can be done in two ways: QR code scan from the admin Web interface or by means of an email with an activation link. In both cases the smartphone interpretes links and asks to open it with the Cortado app -that you’ve previously installed- which proposes an initial wizard followed by the access to authorized apps and to the Web ones made available through an Intranet, etc..
You can configure several settings from the control panel: from app blacklists to single profiles to associate to devices and users, create certificates and a granular configuration of single devices. For instance, you can define on a per-user basis if GPS data are to be recorded or not.
The URL without the suffix /fw/CP brings to the non-admin user mode , where an usr can access its own files (a sort of Dropbox) and to the Self Portal, which is the equivalent of the one accessible with the Cortado app on the smartphone.
Final thoughts and costs
In the era of Cloud-based solutions, the implementation of an on-premises system for the control and management of terminals might sound odd, however we are dealing with a product oriented towards big organizations which already have an internal high-level IT situation, and MSP that already provide their services and might opt to offer their clients Cortado instances.
Regarding prices, the basic installation includes server licence, five users and a year of updates and costs around $1,200; add a per user licence of about $5 per month, or a single packet for $120. If you need a dedicated solution, contact the German company to obtain a specific quote.