In this article we will deal with mobile devices -smartphones and tables- by analyzing Cortado Corporate Server, a commercial product that helps MSP and IT professionals to manage the integration between personal and business devices, be it pure BYOD or situations where the company provides employees and collaborators with devices.

Overview and characteristics
This kind of software is commonly referred to as EMM, or Enterprise Mobility Management, and offers some common features: centralized management of mobile devices (MDM, or Mobile Device Management), management of installed applications, (MAM – Mobile Application Management) and management of on-board data and during the transmission. In addition to these three main characteristics, there are other useful features like secure access and sharing of files and, in the specific case of Cortado, printing straight from the device.

1 cortado profiles

Being a product aimed towards MSP and companies, Cortado supports multi-tenant installations with a total separation of contents (SQL databases and Active Directory environments). In general the multi-tenant scenario is typical of Managed Service Providers, while the single-tenant one is oriented towards business on-premises situations. In both cases you can define which users will have access to the management interface and with which permissions level.
The pillars of the structure of Cortado are three: complete integration with Active Directory environments, safe encryption of data from and to controlled devices and a sophisticated online and offline authentication system. The first one allows to simplify the control on permissions and policies, thus avoiding another layer of users, groups and rule, the second guarantees data security during all phases of the process and the third offers a secure access to business resources everywhere and anytime.

2 cortado user dashboard

This EMM supports the two main platforms, that is, Android and iOS. The close collaboration with Google and Apple allows Cortado to realize a product perfectly integrated with these two operating systems leveraging secure iOS (which requires a specific procedure) and Android for Work (with a dedicated procedure). Specifically, installing Cortado creates an isolated and controlled space (secure container) on the device where applications -native (email client, browser, etc..) and provided by the EMM- run.
Cortado Corporate Server naturally offers a secure remote access to business files and folders. This systems allows to minimize the storing of data (files, documents, emails, etc..) on the single device. Should the smartphone or tablet be lost, the platform offers a web interface accessible by the end user too, where one can authenticate and mark the device as “Lost”. Therefore the device is blocked and, if it’s not found, it can be re-initialized with different degree of severity: complete wipe, partial wipe or deletion of only company data stored within the secure container.

Mobile Device Management & Mobile Application Management
Going deeper into details of the two main features, let’s see how devices are managed once Cortado is installed. We’ve seen that the two supported platforms are iOS and Android: in both cases the installation is done from the play store, where the native application -20MB- is located. Server side, the management interface is HTML5-based. Once the app is installed, you need to load on the terminal a number of configuration files provided by the administrator, otherwise the software cannot be activated.

As described before, the installation of the MDM creates of a business container on the device, that is, an isolated instance with application data connected to the company environment. Compatibility with iOS and Google offers a total support to app and operating system updates of devices. In big sized situations and where particular setups are required, the integration with Window allows systems administrators to automate the procedure with PowerShell scripts. With regards to Mobile Application Management, Cortado allows a total management of the degrees of freedom of a terminal, also taking into account whether it’s in a BYOD or COPE context (ie device given by the company). For instance apps considered necessary for productivity can be distributed in On The Air (OTA) mode, while other can be blocked or added to blacklists. Email account configuration and any additional setting, like VPN networks or WiFi access credentials, can also be added via MAM.

3 cortado user page

An interesting option is to integrate third-party and ad-hoc applications in the business container, thus creating a sort of bundle that can be easily distributed, even in a large scale context, to mobile devices.

Cortado in practice
We have tried Cortado Corporate Server by installing the complete and free trial version and tested the different phases of installation and usage. You can download the software in a .zip file (with the Windows installer) after registering at this address.

Requirements are: Windows Server 2008 R2 or later (up to 2012 R2; on Server 2016 we have experienced problems related to IIS components that blocked the installation), at least 4GB of RAM memory and 3GB of storage space. However the installation cannot succeed unless the machine is part of a domain and not a domain controller; moreover, the user used to perform the installation must be a local admin (of the machine) but also a regular domain user and not a domain admin

.

4 cortado install

Once the installation is done you can access the web management interface using the hostname chose during the setup as the browser address, https://cortado.guruadvisor.local/fw/CP in our case. In order to allow access to both user and admin portals, the hostname must be a FQDN reachable within the Internet, otherwise the application will run only on-premises.

5 cortado login admin

By accessing the configuration area you can complete the integration with AD importing users, groups, policies and network shares: in addition you can create dedicated profiles for the configuration of Exchange to associate with users (and related devices) during the enrollment, as well as parameters for the connection to business wireless networks. The control panel has an area devoted to the configuration of the aforementioned business container, where you can define which apps are available for each user or group: enabled apps by default are Workplace and Personal Printing (Cortado native apps) and Remote Desktop by Microsoft.

6 cortado fast enroll

Device enrollment can be done in two ways: QR code scan from the admin Web interface or by means of an email with an activation link. In both cases the smartphone interpretes links and asks to open it with the Cortado app -that you’ve previously installed- which proposes an initial wizard followed by the access to authorized apps and to the Web ones made available through an Intranet, etc..

7 Screenshot 20170523 133746

You can configure several settings from the control panel: from app blacklists to single profiles to associate to devices and users, create certificates and a granular configuration of single devices. For instance, you can define on a per-user basis if GPS data are to be recorded or not.
The URL without the suffix /fw/CP brings to the non-admin user mode , where an usr can access its own files (a sort of Dropbox) and to the Self Portal, which is the equivalent of the one accessible with the Cortado app on the smartphone.

Final thoughts and costs
In the era of Cloud-based solutions, the implementation of an on-premises system for the control and management of terminals might sound odd, however we are dealing with a product oriented towards big organizations which already have an internal high-level IT situation, and MSP that already provide their services and might opt to offer their clients Cortado instances.
Regarding prices, the basic installation includes server licence, five users and a year of updates and costs around $1,200; add a per user licence of about $5 per month, or a single packet for $120. If you need a dedicated solution, contact the German company to obtain a specific quote.

About the Author

Lorenzo Bedin

Lorenzo graduated in Telecommunication Engineering and works as freelance IT consultant, after a period of training as systems analyst. Currently he provides hardware solutions, virtualized infrastructures and websites.

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • GURU advisor: issue 13 - March 2017

    GURU advisor: issue 13 - March 2017

  • GURU advisor: issue 12 -  January 2017

    GURU advisor: issue 12 - January 2017

  • GURU advisor: issue 11 -  October 2016

    GURU advisor: issue 11 - October 2016

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1