E-mail
Introduction
mobilEcho is the industry’s first and only mobile file management (MFM) software for enterprise iPad and iPhone users. mobilEcho enables enterprises to provide secure access to enterprise file servers for iPad and iPhone users, eliminating the need for work-arounds and third-party mobile applications that compromise the security of enterprise files and assets.
mobilEcho Server includes two components:
mobilEcho Server must be installed on each file server that needs to be made available to mobile clients. The mobilEcho File Server component handles core file server functionality and is required for mobile file access.
The mobilEcho Client Management Server component is installed with mobilEcho Server, but disabled by default. mobilEcho Client Management provides comprehensive tools to allow administrators to set policies and permissions for mobile devices that access their mobilEcho servers. These tools ensure IT has full control over mobile device access to corporate files. mobilEcho Client Management allows profiles to be assigned to Active Directory users or groups. Typical deployments need only one mobilEcho server to act as the mobilEcho Client Management Server.
System Requirements
mobilEcho Server can be installed on both server and workstation-class versions of the Windows operating system. For optimal results, your Windows machine should be running the latest service pack from Microsoft.
Windows System Requirements
- Windows server platforms: 2008 (inc. R2), 2003 (inc. R2)
- Windows workstation platforms: Windows 7, Vista, XP Pro SP3
Minimum Hardware Requirements
- Processor: Pentium 4
- Memory: 1 GB
Network Requirements
mobilEcho ensures that all data transfer is secure between the server and the client. All mobilEcho traffic is sent end-to-end as encrypted HTTPS. It doesn’t matter whether your user is accessing a file server from the office, over 3G or from a public Wi-Fi hotspot. The data is always encrypted and secure.
If you want to allow access from outside your firewall, there are several options:
- Port 443 access: mobilEcho uses HTTPS for encrypted transport, so it fits in naturally with common firewall rules allowing HTTPS traffic on port 443. If you allow port 443 access to your mobilEcho server, authorized iPad clients can connect while inside or outside of your firewall. mobilEcho can also be configured to use any other port you prefer.
- VPN: mobilEcho supports access through a VPN connection. Both the built in iOS VPN client and third-party VPN clients are supported. iOS management profiles can optionally be applied to devices using Mobile Device Management (MDM) systems or the Apple iPhone Configuration Utility to configure the certificate-based iOS “VPN-on-demand” feature, giving seamless access to mobilEcho servers and other corporate resources.
- Reverse proxy server: If you have a reverse proxy server set up, iPad clients can connect without the need for an open firewall port or a VPN connection. The mobilEcho client app supports reverse proxy pass-through authentication, username / password authentication, and certificate authentication. For details on adding certificates to the mobilEcho client app, click here .
The mobilEcho Client Management system also has the ability to configure the client application to only allow connections to servers with valid X.509 SSL certificates.
mobilEcho Topology
mobilEcho clients connect directly to your server rather than utilizing a third-party service, leaving you in control. mobilEcho server can be installed on existing file servers, allowing iPads and iPhones access files located on that server. These are typically the same files already available to PCs using Windows file sharing and Macs using ExtremeZ-IP File Server.
Clients access mobilEcho servers using their Active Directory user account. No additional accounts need to be configured within mobilEcho. mobilEcho also supports file access using local computer accounts configured on the Windows server mobilEcho is running on, in the event you need to give access to non-AD users. The mobilEcho Client Management features described below require AD user accounts.
A minimal mobilEcho deployment consists of a single Windows server running a default installation of mobilEcho. This default installation includes the mobilEcho File Server component enabled and the mobilEcho Client Management Server component installed, but disabled. This scenario allows devices running the mobilEcho client application to connect to this single file server, and leaves the configuration of client app settings and configuration of the servers the client will connect to, up to the iPad or iPhone user.
Fig 1. Single mobilEcho File Server, many mobilEcho clients
Any number of mobilEcho servers can later be added to the network and configured for access from the mobilEcho client app.
mobilEcho servers also have the ability to make files located on other servers available to mobile clients. By using mobilEcho's Network Reshare feature, shared volumes can be created on a mobilEcho server that point to a remote SMB file share. This feature allows access to multiple servers to be provided through a single mobilEcho server. The Network Reshare feature is included with annual Enterprise License Program (ELP) licenses.
Fig 2. Single mobilEcho File Server, also making remote files available using Network Reshare
Details on installing mobilEcho Server are included in the Installation section of this guide. Configuration of shared volumes and server settings are covered in the mobilEcho File Server section.
mobilEcho Client Management Server
If you wish to remotely manage your mobilEcho clients, a mobilEcho Server must have its mobilEcho Client Management Server component enabled. Client management allows you to create profiles per Active Directory user or group. These profiles can:
- Configure general application settings
- Assign servers, folders, and home directories to be displayed in the mobilEcho client
- Restrict what can be done with files
- Restrict the other third party apps that mobilEcho files can be opened into
- Set security requirements (server login frequency, application lock password, etc.)
- Disable the ability to store files on the device
- Disable the ability to include mobilEcho files in iTunes backups
- Remotely reset a user's application lock password
- Perform a remote wipe of the mobilEcho client app's local data and settings
- And many additional configuration and security options
On a typical network, only one mobilEcho Client Management Server is required. This server can perform the mobilEcho File Server and mobilEcho Client Management Server roles simultaneously.
A typical network employing client management might include one server with the mobilEcho File Server and mobilEcho Client Management Server components enabled, and several additional mobilEcho servers acting only as mobilEcho File Servers. In this scenario, all mobilEcho iPad clients are configured to be managed by the designated management server, and will contact this server each time the mobilEcho application is started, to check for any changed settings and to accept application lock password resets and remote wipe commands if necessary.
mobilEcho clients can be assigned a list of servers, specific folders within shared volumes, and home directories in their management profile. These resources will automatically appear in the mobilEcho app and the client app will contact these servers directly as needed for file access.
Details on enabling and configuring the mobilEcho Client Management Server are included in the mobilEcho Client Management Server section of this guide.
Fig 3. One mobilEcho File Server, one File Server + Client Management Server, many clients
Getting Help
In addition to this mobilEcho Server User Manual, GroupLogic offers several other sources of help.
You can visit GroupLogic at: http://www.grouplogic.com
You can find the latest release of mobilEcho at: http://support.grouplogic.com/?page_id=34
You can search the GroupLogic Knowledge Base at: http://www.grouplogic.com/knowledge
For the first year you own mobilEcho, technical support and upgrades are included in the price of the product. After your first year of free support, you can purchase extended support. For technical support services, submit a support request at http://www.grouplogic.com/support/requestform/ or call 1.703.528.1555, Monday through Friday, 8:00 am to 6:00 pm EST. Have your mobilEcho serial number ready for verification. In addition, you can send your questions to: support@grouplogic.com
The Maintenance and Support program includes important benefits -- e-mail and telephone technical support services for problems that you encounter, upgrades, bug fixes, and other incremental releases of the software.