This document discusses setting up and managing a BYOD program using Kaseya's mobile access tools. It describes defining allowed data sources for users to access, including websites, documents, and email. Sources can be segmented by Active Directory groups. The document also covers configuring document repositories, setting permissions, and using direct or relayed access. It emphasizes leveraging single sign-on via NTLM authentication and using logs to monitor access and troubleshoot issues.

1. Advanced Administration: BYOD
Jonathan Foulkes
VP of Mobile Product Management
Copyright ©2014 Kaseya 1

2. The information in this presentation is confidential and proprietary to Kaseya and may
not be disclosed or distributed without the prior written permission of Kaseya. This
document, and any related presentation, as well as Kaseya's strategy, possible future
developments, products, platforms, directions and/or functionality are all subject to
change without notice at Kaseya’s sole discretion. The information in this document
does not constitute a commitment, contract, promise or legal obligation to deliver any
material, code or functionality. This document is provided without warranty of any
kind, either express or implied, including but not limited to, the implied warranties of
merchantability, fitness for a particular purpose, and non-infringement. This document
is for informational purposes only and may not be incorporated into a contract.
All forward-looking statements, including those set forth in this presentation, are
subject to various assumptions, risks and uncertainties that could cause actual results
to differ materially from projections. Readers are cautioned not to place undue
reliance on such forward-looking statements, and specifically, not to rely upon such in
making purchasing decisions.
Copyright ©2014 Kaseya 2

3. BYOD Recap
 Add-on enabling secure mobile access to
enterprise resources
 Secure containers
 On-prem Gateway & Cloud Services
Copyright ©2014 Kaseya 3
Browser Docs Mail

4. BYOD Elements
Copyright ©2014 Kaseya 4

5. Setting up data sources
 Define the sources users may
reach
– For web-based systems
– For document sources
– For mail
 Segment based on AD groups
Copyright ©2014 Kaseya 5

6. Site Menu
Copyright ©2014 Kaseya 6

7. Tunneled Site Setup
Copyright ©2014 Kaseya 7

8. Segmenting with AD groups
Copyright ©2014 Kaseya 8

9. Mobile View
Copyright ©2014 Kaseya 9

10. Browser-related Tips
 Want to let them type their own URL?
– Add a page that shows a text field
– Redirect page to that URL on submit
 Leverage single-sign-on
– Set target sites to use NTLM auth as an option
– Reduce creds exposure, as not typed on mobile
Copyright ©2014 Kaseya 10

11. Working With The Proxy List
 Proxy list – white list of targets the Gateway
will route mobile requests to
– Enforced at both mobile and Gateway
 Auto-built via Site tab, but admin can edit
– Why?
• Site A (in proxy list) links site B (not there) – Fail
• Use wildcards (CIDR)
– Route locked-down public addresses
Copyright ©2014 Kaseya 11

12. Document Sources
 What sources?
– Most WebDAV-capable systems
• IIS, SharePoint
• Network Attached Storage systems
• Cloud CMS
 Ideally, NTLM auth set
– Single-sign-on
Copyright ©2014 Kaseya 12

13. Doc Source list
Copyright ©2014 Kaseya 13

14. Mobile View
Copyright ©2014 Kaseya 14

15. Defining A Doc Source
Copyright ©2014 Kaseya 15

16. Permissions
Copyright ©2014 Kaseya 16

17. Docs-related Tips
 Leverage IIS as WebDAV server to publish
shared folders
– Test access and config via Explorer
 KISS - Let the server do trimming
 Leverage single-sign-on
– Set target servers to use NTLM auth as an option
– Reduce creds exposure, as not typed on mobile
Copyright ©2014 Kaseya 17

18. Direct vs. Relay
 What is ‘Direct’ for?
– Typical DMZ-style deployment
– Bypass the relay
 How:
– Network tab - check direct
– Set external name and port
– Turn OFF relay
Copyright ©2014 Kaseya 18

19. Logs Are Your Friend
 Four primary logs
– Gateway – start, stop, auth, comms
– Panel– Local UI, not really interesting
– Portal – Siteinfo, policy, locally served content
– Proxy – proxied requests
Copyright ©2014 Kaseya 19

20. Log Content
 Standard Apache log format
– Consume in your favorite log-munger
 Determine who is accessing what
– Or if they are getting errors, rejections (auth?)
 Gateway log is a pretty good network line
monitor ;-)
Copyright ©2014 Kaseya 20

21. Log Levels
 Set in byodgateway.ini
– Only use Debug on test systems with limited
access – very verbose
# Logging level for gateway error log -
CRITICAL/ERROR/WARNING/INFO/DEBUG
service_loglevel = INFO
Copyright ©2014 Kaseya 21

22. Summary
 Connect the right users to the right sources
 Integrate with AD for security and simplicity
 Leverage logs for insight and troubleshooting
Copyright ©2014 Kaseya 22

23. Copyright ©2014 Kaseya 23
Questions and Answers
Thanks for Attending Kaseya Connect
#KaseyaConnect
Let's Share!