MFP Whitepaper

IBM SoftwareWebSphere

Technical White Paper

An overview of IBM MobileFirst Platform Build, test, integrate, deploy and manage mobile applications

Contents

1 The IBM MobileFirst Platform

2 More efficient development

9 Optimizing user engagement

13 Securing your mobile channel at the user, application and device levels

17 Managing your mobile ecosystem

The IBM MobileFirst PlatformThe IBM® MobileFirst Platform is a standards-based mobile- middleware, categorized as a Mobile Enterprise Application Platform (MEAP) and Mobile Application Development Platform (MADP). IBM MobileFirst Platform Foundation core value-add is the connectivity to and extension of existing back-end systems also known as Systems of Records (SoR) with development, user engagement, security and management capabilities.

Track problems that affect UX

Manage and enforce app versions

Security

User engagement Operations

Back-end

Front-end

30% of the value and effort is visible (mobile UI)

70% of the value and effort lies under the surface

Short time to market

Web? Hybrid? Native?

Teamwork

Industrialize app dev

Integrate with SDLC

Ensuring continuedsupport in a quick-changing landscape

Dataprotection

Pushupgrades

Malwaredetection

integ

Userauthentication

Connect to back-end systems

Efficient and flexiblepush notifications

Offline availability

Track and use location

B2E app distribution

Mobile apps go much deeper than the front-end User Interface

2

WebSphereTechnical White PaperIBM Software

With the MobileFirst Platform, organizations can more effec-tively address the full lifecycle of mobile app development, delivery and on-going management.

The IBM MobileFirst Platform consists of three distinct offerings:

●● IBM MobileFirst Foundation to build, test, integrate, deploy, manage and better secure web, hybrid and native applications for desktop and mobile from standards-based technologies and tools

●● IBM MobileFirst App Scanning to detect code vulnerabili-ties earlier during development

●● IBM MobileFirst Quality Assurance to capture feedback from users and testers with sentiment analysis and frictionless bug reporting

DevelopObtain insight

Manage

Deploy

Instrument

Integrate

Test

Scan and certify

OperationalizeIntegrated DevOps

for Mobile

Design

X

The mobile application lifecycle

Application Center

Quality AssuranceApplicationScanning

Development Continuous Delivery

Studio Console

Server Run time

Application ScanningDetect code vulnerabilities at thetime of development

Quality AssuranceCollect beta test feedback, crashesand analyze user sentiment

FoundationDevelopment, Run time, Operations, Console and Private Store

IBM MobileFirst Platform overview

More efficient developmentWith MobileFirst Foundation, you can support a wide range of development approaches from native to hybrid as well as web approaches. Therefore, you can evaluate the best approach for each situation, according to skills, time and functionality, with-out being limited by a specific approach to mobile application development.

Developers can use tools of their choice—the provided com-mand line interface (CLI) enables integration with tools such as Xcode, Android Studio, Xamarin, or any other development tool developers want to use.

The MobileFirst platform also includes the IBM MobileFirst Studio, an Eclipse-based integrated development environment (IDE) that helps developers to conduct virtually all the coding and integration tasks required to develop rich and engaging applications. MobileFirst Studio is designed to augment Eclipse tools with a wide variety of enterprise-grade features delivered as plug-ins to streamline application development, debugging and testing as well as to facilitate enterprise connectivity.

3


Mobileweb site (browseraccess)

Nativeshell enclosingexternalm.site

Pre -packagedHTML5resources

HTML5 +native UI

Mostlynative, someHTML5screens

Purenative

HybridPure web Pure native

Web-native continuum

HTML5, JS, andCSS3 (full site or m.site) Quicker andcheaper way to mobile

•

•

• Sub-optimalexperience

HTML5, JS, and CSS Usually uses CordovaDownloadable,app storepresence, pushcapabilities

•

•

•

• Can use nativeAPIs

As previous•• + more

responsive,available offline

Web + nativecode

•

• Optimized user experience with native screens, controls, and navigation

App fullyadjusted to OS

•

• Some screens are multiplatform when makes sense

•

•

•

App fully adjusted to OS Best attainable user experience Unique developmenteffort per OS, costly to maintain

Approaches for the development of mobile apps

Regardless of how you choose to develop your apps, develop-ment complexity rises when you need to develop multiple apps in different versions, support multiple mobile operating systems, or enable many developers to work together on a rich app.

●● With the MobileFirst Foundation, developers can reduce the development cycle by automating app tests directly on their PC. They can reuse code across or within apps by using templates and components. Developers can integrate with SOAP, REST and SAP services in seconds without writing a line of code. In addition, they can efficiently tailor ready-to-use mobile build and test scripts to their corporate build framework and share the resulting applications with developers and testers.

●● All these capabilities are available for native, hybrid and web developers in a complete IDE or as a f lexible set of command-line tools.

●● Developers of hybrid applications can also benefit from greater f lexibility to build Cordova-based apps, where the IBM platform helps enable them to have control of the portions

4


Capability Objective-C for iOS

Java for Android C# for Windows Phone 8

C# for Windows 8

Integration with back-end systems through adapters √ √ √ √

MobileFirst Platform Authentication Framework √ √ √ √

Development Functional testing √ √ √ -

Application version enforcement √ √ √ √

Unified push and SMS notifications √ √ √ -

Location Services √ √ - -

On-Device Encrypted JSON Store √ √ - -

Log collection for analytics √ √ - -

Remote-controlled client-side log collection √ √ - -

Pure native developmentWith the pure native development approach, you can create applications that fully use the device capabilities without any compromise on performance and user experience. Such applications are written for a specific platform environment as Objective-C for iOS, Java for Android for Java ME or C# for Microsoft Windows Phone 8 and Microsoft Windows 8 and use MobileFirst Platform capabilities through its provided native APIs.

Command Line InterfaceTo help developers get a better tools experience, the CLI tool can be used to more easily create and manage both native and hybrid apps. The CLI enables developers to use their preferred text editors or alternative IDEs to create mobile applications.

The CLI does not require MobileFirst Studio for most stan-dard activities. The commands support tasks such as creating, adding and configuring with the MobileFirst Platform API library, adding the client-side MobileFirst Platform properties file and conducting the build and deployment of the MobileFirst Platform application. Adapter creation, deployment and local testing can be conducted within the command line. Administration of your MobileFirst Platform project can be done from CLI or REST services, or the MobileFirst Console, where you can more easily control the local server and observe the logs. Command-line tools can be used on their own, or in parallel with the MobileFirst Studio tools.

Everything that is generated by using the command-line inter-face is compatible with MobileFirst Studio. You can also use the CLI to integrate third-party tools such as ANT or Grunt to create your own tool chain for automated testing, build and deployment f lows.

MobileFirst Platform native capabilities

5


Native-device SDK integrationMobileFirst Studio is also designed to integrate with the software development kits (SDKs) of the mobile devices that the MobileFirst Platform supports including Android, iOS, Microsoft Windows 8, Microsoft Windows Phone and Blackberry. With this integration, developers can take full advantage of the native code capabilities, development tools, testing and debugging mechanisms that are native to the mobile SDKs, without leaving the development environment.

Automated mobile functional testingTo accelerate delivery cycles of mobile applications, you require fast and effective test cycles. MobileFirst Platform software includes integrated automated functional testing. This testing is available for Android and iOS native, hybrid and web applica-tions. Created for developers and testers, this capability is designed to automate functional testing of apps that are devel-oped with the MobileFirst Platform. First, developers or testers record a sequence of actions on a mobile device, emulator or simulator by using an instrumented recording-ready application to generate a test script. Next, developers or testers edit and enhance the script by using natural-language syntax to add veri-fication points and other instructions. Developers and testers can run the enhanced test script on demand on a real device, simulator or emulator. They can view and share the results by using a generated HTML report. Developers and testers can test MobileFirst Platform apps more rapidly and methodically at a reduced cost because of automated functionality testing. As a result, developers and testers can help enable higher-quality mobile apps.

Centralized buildThe IBM MobileFirst Platform Builder is a stand-alone appli-cation that can be more easily integrated with common central build services, such as IBM Rational® Jazz™ Builder,

Hudson and Luntbuild. Using the centralized build functional-ity, the different teams involved in the development, testing and quality assurance (QA) phases can work from one common version of the code without complex installation of dedicated mobile environments locally. Therefore, teams can more effec-tively enhance the collaboration and automation of the internal application development process.

Hybrid developmentFacing the constantly evolving fragmented ecosystem of mobile devices and operating systems, application development has become a costly, yet an unavoidable endeavor. This challenge has led to the creation of a market for cross-platform mobile development solutions that is rapidly growing.

Most solutions in the market today rely on limited proprietary tools delivering lowest-common denominator based on code cross compilation or interpretation from what you see is what you get (WYSIWYG) tools or prepackaged apps. The result is an unavoidable tradeoff between user experience and multiplat-form coverage. With the MobileFirst Platform hybrid develop-ment approach, applications can have any mix of standard native and web code, even in the same UI views. Hybrid appli-cations execute inside a native container and use the browser engine to display the HTML5/JavaScript and CSS part of the application interfaces and business logic. The native container, based on Apache Cordova also known as PhoneGap, grants application access to device capabilities that are not accessible to standard web applications, such as the accelerometer, camera and device local storage. Hybrid applications developed with the MobileFirst Platform can be distributed through public or private cross-platform application stores and developed either by using the provided MobileFirst Studio CLI or IDE tools. For example, the Mobile Browser Simulator enables advanced debugging earlier in the development cycle to further accelerate developments with multiple form factors preview side by side and Apache Cordova APIs simulation.

6


Because developers are not dependent on an intermediary build-time or runtime layer, such as a cross-compiler or inter-preter, native APIs are accessible upon release of new mobile operating system (OS) versions or third-party libraries. Furthermore, the applications web code is executed directly by the mobile browser, so developers have direct access to the HTML Document Object Model (DOM) and are free to use any JavaScript API or third-party JavaScript toolkits and frameworks.

There are several ways of combining native and web code in MobileFirst Platform hybrid applications, including:

●● Native and web code mix. With the MobileFirst Platform, you can mix virtually any set of native code with web code for different, or within the same screens or application logic. Some of the benefits include full use of native capabilities and optimized balance between code reuse and performance for user experience where needed.

●● Pre-packaged HTML5 resources. Unlike the following approach, the web resources are not loaded from an external website at run time but are packaged within the application itself, thus enabling improved application responsiveness and off-line operations support. In addition, you can enable greater cross-reuse across delivery channels with the com-bined use of responsive design and MobileFirst Platform skins.

●● Native shell application enclosing an external mobile website. With this approach, your mobile website is dis-played inside the native shell provided instead of the device browser allowing application access to the device native functionality through JavaScript APIs. There are drawbacks to this approach because of downgraded user experience with subpart response time and off-line modes.

Support for HTML5MobileFirst Platform software uses a standards-based approach that enables developers to write or import code, to circumvent the debugging and maintenance limitations of proprietary interpreters or code translators.

You can benefit from capabilities that include:

●● A cleaner, more readable and consistent HTML code●● Visual HTML editing in Rich Page Editor; HTML5 tags

and attributes are directly supported in RPE●● Access to rich media types including audio and video that are

usually available only by way of native code●● Use of advanced UI components, such as data pickers, sliders

and edit boxes that automatically support ellipsis and others—implemented natively by the browser

●● Use of Cascading Style Sheets 3 (CSS3) styles and CSS3-based animation to reduce application size and to improve application responsiveness

●● Application distribution channels that go beyond the different application stores and their time-consuming and limited restrictions

●● Support for location services●● Offline storage capabilities

Support for third-party JavaScript toolkits and UI frameworksIn addition to its support for HTML5, MobileFirst Platform software provides integration with the growing ecosystem of UI frameworks, such as Ionic, Angular or jQuery Mobile. Developers can pick the JavaScript UI framework of their choice and use it to develop their application within the MobileFirst Studio.

7


Rich Page Editor (RPE)Furthermore, the MobileFirst Studio ships with a WYSIWYG drag-and-drop for UI design and development. With these editing capabilities, developers can create pure HTML or HTML and JavaScript files by dragging HTML5, JQuery and Dojo mobile components from a built-in palette to the HTML canvas. Developers can use property sheets to control HTML and CSS properties. At the same time, with these editing capa-bilities, developers can enable direct editing of HTML and CSS files, updating the graphical canvas to visualize almost immediately the impact of their changes. These editing capabil-ities are integrated with the MobileFirst Platform optimization framework, making it possible for developers to view a specific application environment or to view a specific skin.

Screen templatesTo deliver an outstanding mobile UI experience, conformance to continuously evolving mobile patterns of behavior that are specific to each OS family is required. MobileFirst Platform software includes screen templates that automate the creation of mobile screens. The design of these screen templates is based on industry-proven methods.

Developers can choose from templates in four categories including:

●● Lists●● Authentication●● Navigation and search●● Configuration

Each screen template can be previewed live, used as is, or further refined using any combination of web and native technologies.

Optimization frameworkUnlike other alternative approaches, the MobileFirst Platform optimization framework enables developers to share the majority of the application code across multiple environments, without compromising platform-specific user experience or application functionality. Developers can share the common application code among multiple environments, while isolating environment-specific code in designated code branches that can overwrite or augment the commonly shared code. As a result, application logic remains consistent among the different envi-ronments, while the UI behaves natively and adheres to user expectations and the differentiated functionality and design guidelines of the device. Therefore, developers can strike the desired balance between development efficiency, application functionality and user experience. Hybrid application web portion of the code can be updated with the IBM MobileFirst Platform Direct Update mechanism. Further performance improvements with direct update are possible through differen-tial direct update where the end users receive only the web resources that have changed between updates instead of the entire web resource package.

Runtime skinsYou can further optimize your hybrid apps by using runtime skins. These skins are packaged with the application’s executable files and are applied to the mobile app during run time. With this capability combined with responsive design techniques, it is easier to automatically adjust the application appearance and behavior to different devices from the same OS family and better manage application code complexity.

Common scenarios that benefit from runtime skins include:

●● Different screen sizes and screen densities●● Different input method●● Different support levels for HTML5

8


The shell approachWhen different teams having varying degrees of expertise work on common mobile projects, the MobileFirst Platform shell approach can help separate concerns among teams. An external shell is a customizable container that provides JavaScript access to the native capabilities of the device. A dedicated expert team works on one or multiple shells for branding, security configu-rations, audits and authentication frameworks. Using such shell structure forces hybrid inner applications to automatically comply with its built-in policies as data access restriction, use of certain APIs and different branding.

With the corporate policies enforced by the shell, the inner applications can be more easily built by departmental develop-ment teams using well-known web technologies. Such teams are only required to focus on the user interface and business logic.

Desktop and mobile website developmentIn this model, the application that executes the device’s browser can be made platform independent and requires no installation, with simple access through a URL or bookmark. The downside is support for connected mode only, sub-part user experience with potentially response time and no access to the device functions such as camera or contact list.

Aspects of each development approachWith the MobileFirst Platform, you can select the most appro-priate development approach fitting your application context and objectives. Selecting the best development approach must be the first step of your application project.

The major aspects of the supported development approaches to help you decide which one best fits your needs include the following:

Comparison of mobile development approaches

Aspect Mobile website development

Native shell, external mobile website

Prepackaged HTML5 resources

Mixing web and native in code and UI

Pure native development

Easy to learn Easiest Easiest Medium Harder Hardest

Application performance Slowest Moderate Good Fastest Fastest

Device knowledge required None Some Some Some A lot

Development lifecycle - build, test, deploy

Shortest Shortest Medium Medium Longest

Application portability to other platforms

Highest High High Medium None

Support for native device functionality Some Most Most All All

Distribution with built-in mechanisms No No Yes Yes Yes

Ability to write extensions to device capabilities

No No Yes Yes Yes

9


Optimizing user engagementUsers value apps that help them complete tasks such as ordering takeout, hailing a taxi, or making a restaurant reserva-tion. To deliver this type of transactions, you require mobile application integration with existing back-end services and data.

Standardized back-end access with adaptersThe MobileFirst Platform enables mobile apps back-end con-nectivity over HTTP, JMS, SAP, Unstructured Supplementary Service Data (USSD) and SQL and you can further optimize connectivity by using IBM Integration Bus or IBM Cast Iron®. The MobileFirst Platform adapter architecture is designed to promote a decoupling of integration logic, which is hosted on the server side from the mobile application logic. As a result, with this IBM architecture, you can manage back-end services and mobile-apps-distinct evolution timelines.

Moreover, mobile apps often have to connect to services that were built long before mobile was in existence, which poses challenges in both data delivery and service security for the mobile channel. The MobileFirst Platform is designed to deliver ready-to-use data transformation capabilities to the JSON format to optimize payloads size and response time for the mobile applications. For instance, adapters can easily filter

out unneeded parts of large payloads from legacy services tar-geted at the traditional web channel. Furthermore, adapters can enable server-side service composition to reduce the number of requests to optimize application response time over slow mobile network.

In terms of integration security, the MobileFirst Platform pro-vides mobile-specific and fine-grained security controls that can be wrapped around legacy services. In addition, the MobileFirst Platform acts as a strong control point, enabling overview and management of mobile activities. This platform also includes built-in analytics for user actions and device and application properties with possible extension to monitor and act upon unusual usage patterns that might result from fraudulent repackaged apps.

Integration is the driver for the level of interaction many users expect from their mobile apps and the MobileFirst Platform provides a robust set of integration capabilities. With these features, you can use existing enterprise investment, optimize data delivery to sustain user interactions over unstable mobile networks and help reduce development cost by providing zero-code integration paths. In addition, you can improve organiza-tional insight into user experience through analytics.

Automated services discovery for SOAP and SAP

Generation of adapters for the discovery of SOAP automated services

10


With the MobileFirst Platform, you can further expedite the creation of mobile apps that call SAP NetWeaver Gateway and SOAP-based web services described by Web Services Description Language (WSDL). With the MobileFirst Platform services discovery wizard, developers can specify the back-end services called from the mobile app and generate application specific adapters for web, hybrid, or native app with near-zero coding. Further, developers can place them in the proper mobile app project folder.

Unified push notification and SMSThere are many differentiated characteristics of mobile apps but perhaps none more so than the notion of anywhere, anytime engagement. The MobileFirst Platform provides a unified API to send push notifications and SMS from the server to mobile apps, helping developers to more easily manage mobile plat-form fragmentation. In addition, they can develop a single set of logic to send push notifications across their target platforms.

The MobileFirst Platform provides the ability to send broadcast notification to all devices and targeted messages to a specific set of users, a specific device or a specific user. By using the device specific capabilities, the MobileFirst Platform also supports interactive push notifications for iOS8, Android L heads up notification and silent notifications for iOS7 onwards.

Location servicesIf push notifications deliver the means for engagement, location services deliver the ability to engage in context. The MobileFirst Platform is designed to help engage users based on their location by providing end-to-end services for detect-ing, transmitting and consuming location-based events in back-end business processes, decision management systems and analytics systems.

PollingAdapters

Back-endSystem

Back-endSystem

Message-based Adapters

UnifiedPush API

NotificationStateDatabase

UserDeviceDatabase

iOSDispatcher

AndroidDispatcher

WindowsPhoneDispatcher

SMSDispatcher

Apple PushServers(APN)

GooglePushServers(GCM)

MicrosoftPushServers

SMS/MMSBrokers

Administrative ConsoleNotification statistics, SMS subscription control

Worklight Client-sidePush Services

iOSPush API

AndroidPush API

WindowsPush API

BrokerAPI

Optional 2-way SMS



Unified Push Notifications

11


Traditional approaches constantly poll device GPS or triangulate and then send the resulting position to the back-end systems for decision-making. Whereas, the MobileFirst Platform delivers a location services framework that helps optimize development time, battery and network usage.

MobileFirst Platform geo-services architecture

MobileFirst Platform USSD architecture overview

Device Run time

Application code

Device location API Server location API

Worklight device run time Worklight server run time

Analytics and reporting

Set acquisitionpolicy and triggersTransmit events

Log activities andevent with deviceand app contexts

Events

Device context

Set event handlersGet device contextSet app context

Trigger callbacks Event callbacks

Adapter code

Worklight Server

Enterprisebackend

Worklight

HTTP/S

USSDGateway

Mobile User dials USSD short code e.g. *123#

Telco forwards this to a USSD gateway

Gateway maps the short code to a known URL provided by the enterprise and creates the USSD session

Worklight responds to the gateway request with the USSD menu options (configurable)

Enterprise

Adapter

12


IBM MobileFirst Platform Foundation location services provide both client-side and server-side services that deliver:

●● Points of interest and geo-fences definition and a more efficient, policy-based controlled acquisition of GPS, triangulation and Wi-Fi coordinates to save battery, whether the application is executing in the background or foreground

●● Events generation for action triggering based on location changes as when crossing a geo-fence and server-side logic to enable meaningful reaction to important geo events

●● More efficient communication with back-end systems and batch sends to optimize network use

●● Unified server-side API that enables developers to consume location events on the server and take action to facilitate enterprise systems integration into patterns of intelligent user engagement

The benefits of MobileFirst Platform location services are twofold to the organization. First, developers do not have to worry about efficient location data collection and transmission for the client because they can use MobileFirst Platform services. Second, developers can build one set of location-enriched engagement logic on the server and apply that logic to their mobile apps throughout platforms. This IBM platform’s location services help people at organizations more efficiently understand where app users are and more importantly execute business logic based on this contextual understanding.

Indoor location using iBeaconsYou can engage users based on their proximity to an enterprise beacon by delivering location-relevant messages, information, promotions and so on. The MobileFirst Platform provides REST APIs to register and manage the beacons on the server side. Similar to outdoor location triggers, the admin team creates triggers that are activated when a user is nearby enterprise beacons. Developers can retrieve a list of beacons and triggers by calling a WL Server API in an adapter

Unstructured Supplementary Service DataUSSD provides a cost-effective alternative to mobile apps in emerging markets where feature phones as opposed to smart-phones are still fairly common and data networks unreliable.

USSD is a protocol used by GSM cellular telephones to send text messages between a mobile phone and an application program in the network. USSD establishes a real-time session between the mobile phone and the application that handles the service.

The MobileFirst Platform is able to:

●● Accept incoming requests from a USSD gateway and map the USSD short codes as a user entering *123# to the corresponding MobileFirst Platform adapters

●● Construct and respond with USSD menu options●● Call corresponding back-end services through the

MobileFirst Platform adapters

The IBM MobileFirst Application Center cross-platform private app storeThe MobileFirst Application Center enables teams to set up an enterprise cross-platform private application store to help govern the distribution and management of pre-release and production-ready mobile applications. This MobileFirst private app store can manage MobileFirst and non-MobileFirst-based applications, including apps from public app store.

Administrators can make the most of existing authentication frameworks, including ACL and LDAP, to manage app distri-bution by department, job function, geography and other schema. Employees who access the MobileFirst Application Center from their mobile devices will only see the mobile apps that they are allowed to download and can rate apps and provide feedback to help future enhancements.

13


For development teams, the MobileFirst Application Center provides a more convenient way to distribute pre-release soft-ware to developers and testers. Feedback can be organized by device and by version to quickly isolate and resolve defects, whether those defects are device-specific or version-specific. The MobileFirst Application Center is designed to also inte-grate with software-build processes to automate the distribution of the latest releases to project teams, helping to accelerate the develop-test-debug cycle.

The MobileFirst Application Center provides:

●● Administrators with improved governance over the distribu-tion of mobile apps throughout the enterprise, including app hosted on public app stores;

●● Employees with easier access to the latest apps that are needed by their departments or job function and that are optimized for their device;

●● Developers with an easier way to distribute mobile builds and to elicit feedback from members of development and test teams

The MobileFirst Application Center is designed to manage native or hybrid applications for the Google Android platform, the Apple iOS platform, the Microsoft Windows Phone 8 plat-form, Microsoft Windows 8 and the BlackBerry OS 6 and OS 7 platform.

Securing your mobile channel at the user, application and device levelsSecurity is a clear priority for executives at organizations embarking on mobile implementations but it proves to be challenging. Up to 53 percent of enterprises report that they struggle to implement effective end-to-end mobile security measures.1

A key characteristic of the MobileFirst Platform security frame-work is its delegation to the existing security infrastructure to foster reuse and security standardization across delivery chan-nels. IBM MobileFirst Server is designed to integrate more seamlessly as a presentation tier into the existing enterprise infrastructure while supporting custom extensions to integrate with virtually any security mechanism. The IBM MobileFirst Foundation security framework provides a wire protocol that enables the combination of challenges and responses of multiple security checks during a single request-and-response round trip. With this IBM security framework, the number of client and server round trips can be reduced and the application logic from the security checks implementation can be separated.

The MobileFirst Platform facilitates stronger implementation of security measures at the user, data, application and device levels:

●● The MobileFirst Platform provides an open userauthentication framework to help you integrate your mobile apps with existing enterprise or third-party security systems. The MobileFirst Platform enables the basic authentication approach that uses the username and password. But the MobileFirst Platform also enables more complex schemes such as certificate-based authentication and multifactor authentication protocols with one-time passcodes, step-up authentication procedures and more. A typical example of multifactor authentication is the combination of device, application and user authentication. You can also integrate the MobileFirst Platform with existing enterprise certificate authority such as X509 Public Key Infrastructures (PKI) certificate creation back-end, to pass requests for the creation of certificates and use resulting certificates. Resulting X509 certificates stored on the devices help deliver enhanced user experience by streamlining user authentication steps as removing login and password steps for a particular app on a given device. X509 certificate creation software is provided if you do not already have one deployed. The MobileFirst Platform is also designed to support off-line authentication, single sign on (SSO) capabilities for multiple mobile apps to participate in a globally authenticated session.

14


●● The MobileFirst Platform helps more effectively secure data on the device with the JSON Store AES-256 encryption. You can further secure data on the device and in transit with the use of optional libraries to make them FIPS 140-2 compliant.

●● You can protect applications against repackaging attacks with app authentication by ensuring that mobile apps that connect to the MobileFirst Platform environment are known and trusted. With the MobileFirst Platform, you can also support integration with third-party jailbreak and malware detection libraries. These capabilities are complemented with the MobileFirst Platform direct update to automatically propa-gate updates of web portions of the hybrid mobile apps, thus helping to ensure latest security patches are deployed to users.

●● To protect against malicious changes to direct update, the MobileFirst Platform provides direct update authenticity verification, where the authenticity of the direct update package is verified before it is installed on the end user’s device.

●● The MobileFirst Platform also provides device provisioning capabilities which enable control over which device can access corporate back-end systems.

●● In addition to all of these capabilities, this IBM platform provides management controls through standard Java EE security controlled for role-based access to UI console, analytics console, CLI and REST APIs used for the automa-tion of tasks. They help administrators to mitigate risk in the face of unknown app vulnerabilities and recently lost devices. Furthermore, administrators can more quickly change access rules with fine-grained management of user or device or application triplets with disablement of all or given apps for all or given users or devices.

Proactively enforcesecurity updates

Remotedisable

Directupdate

Provide robust authenticationand authorization to secure users

Authenticationintegration framework

Dataprotection

realms

Coupling device id

with user id

Streamline corporate security approval

processes

Mobileplatform as

a trust factor

Protect from known application security threats

Codeobfuscation

SSL with server identity

verification

Proven platform security

Jailbreak and malware

detection

App authenticity

testing

Protect data on the device

Encryptedcache / DB

Offlineauthentication

Secure challenge-

response onstartup

MobileFirst Platform Security Framework

15


Mechanism Benefit Details

On-device encrypted storage

Help protect sensitive information from malware

attacks and device theft

●●

●●

●●

Uses AES256 and PCKS #5-generated encryption keys for

storing app-generated information on the device

Enables offline user authentication

Implemented in JavaScript that is highly obfuscated, with

optional native performance enhancements

Direct update Take action to help ensure timely propagation of

updated hybrid app versions to the entire install base

●● New versions of the code can be distributed without requiring

the manual update of the application and are applicable to

web resources

Remote disable Enforce timely adoption of critical security updates to

the entire install base

●● Server-side console enables configuration of allowed app versions.

Administrator can ask users to install security updates to the

native code.

Authentication framework

Help reduce overall cost and complexity of integration

with authentication infrastructure

●●

●●

●●

●●

●●

●●

Server-side architecture designed for integration with back-end

authentication infrastructure based on Java Authentication and

Authorization Service (JAAS) concepts, with authentication realms

Specify one SSL per HTTP adapter for enhanced flexibility

and security

Ready-to-implement integration with Kerberos, NTLM,

Basic and Digest authentication

Ability to encrypt server-to-server SOAP communication with X509

certificates, following the Web Services Security (WSS) standard

Client-side framework for asynchronous login requests on session

expiration

X509 certificates support

Server-side safeguards

Help prevent SQL injection and help protect against

cross-site request forgery (XSRF)

●●

●●

Prepared-statement enforcement

Validation of submitted data against session cookie

Enterprise SSO integration

Use existing enterprise authentication facilities and

user credentials and enable employee-owned

devices

●●

●●

●●

Client-side mechanism obtains and encrypts user credentials, sends

to the server with requests

Encryption incorporates user-supplied PIN, server-side secret

and device ID

Credentials cannot be retrieved from lost or stolen device

16


Mechanism Benefit Details

Device SSO ●● Enables a mobile user to authenticate one time to ●● Upon successful login, the authentication state is saved in the

integration

●●

●●

●●

gain access to multiple mobile applications from a

single device

Mobile users get a more-seamless experience

without having to explicitly log in to each

application

Enterprise teams can integrate authentication

services under a single umbrella, streamlining

governance and reducing help-desk costs that

are related to password resets and security

Developers can help eliminate redundant

development effort; they are no longer required

to build authentication into each application

independently

●●

database and used for validations in subsequent sessions

from the same device

No credentials are stored in the on-device database; only the state

of the authentication is stored, for improved security

Virtual private ●● Enable delivery and operation of mobile apps for ●● Client-side and server-side frameworks act as secure socket layer

network (VPN) employee-owned devices or device types that are (SSL)-based VPN

alternative●●

not allowed on the corporate network

Enable delivery when installation of VPN client on

mobile devices is not possible or when such

installation is complicated to manage

●●

●●

●●

Network access control and policies are preconfigured in the

client-side framework layer

Network access and security measures are updated using

server-side framework

On-device encrypted storage to help prevent compromise of

sensitive data

These capabilities are essential, but business leaders realize thatdelivering secure mobile apps is about more than securing the run time; security must be embedded into the development and app lifecycle management process. With MobileFirst Application Scanning, you can conduct a static code analysis of a mobile app, both native and web content, to detect potential vulnerabilities earlier during the development cycle

for data leakage, sensitive information exposure, high-risk API usage and more. This analysis can be an automated part of an organization’s continuous integration and build strategy and it can be run on demand as well. Static code analysis for mobile apps is an important part of raising an organization’s overall security posture. With MobileFirst Application Scanning this analysis is made easier to institutionalize as part of the mobile app lifecycle.

17


The MobileFirst Platform also integrates with:

●● IBM MaaS360® from IBM Fiberlink® to help support BYOD strategies with full device control through policies, app containerization and app security as copy and paste prevention

●● IBM Trusteer® to deliver a context-driven risk assessment and advanced malware and jailbreak detection

●● IBM DataPower® for scalable security enforcement points (PEP), traffic management, message validation, transport level communications protection and rate limitation through policies

●● ISAM for risk-based access (RBA) and single sign-on (SSO) using LTPA token, HTTP header, or OAuth

Clearly, security is an imperative for companies delivering mobile apps and it goes deeper than security measures employed for traditional web applications. The MobileFirst Platform provides a more comprehensive set of and integration with security-focused capabilities that help address both devel-opment and runtime concerns. Security officers and developers can use these capabilities to enhance their mobile security posture without spending considerable upfront and ongoing resources to match with what the MobileFirst Platform provides right off the shelf.

The MobileFirst Platform does not warrant that systems and products are immune from the malicious or illegal conduct of any party.

Managing your mobile ecosystemUnlike web application where you are in full control of the experience and versioning where users get the sanctioned version when connecting, mobile applications are a different challenge, with binaries executing on end-users devices, traditionally outside of your control. The MobileFirst Platform is designed to provide means to claim back control with its Mobile Application Management (MAM) capabilities while maintaining a higher level of insights with operational analytics.

Enterprises can hardcode the MobileFirst server address in the client application in which case all the users connect to the same server. An alternative will be for enterprises to distribute a single application to multiple groups of users and each user group connects to a locally hosted MobileFirst server. The MobileFirst Platform provides APIs to dynamically change the MobileFirst server address.

The MobileFirst ConsoleThe MobileFirst Console is a web-based user interface, also available through REST services, Ant tasks or CLI tools to more seamlessly integrate with your automation system of choice. The MobileFirst Console is dedicated to the ongoing administration of the MobileFirst Server and its deployed apps, adapters and push-notification services whether in development or production.

18


Supports multiple versions on the same platform

Device specific versions are uncoupled

Worklight console app management

Main management tasks include:

●● Deployment of mobile applications and adapters●● Fine-grained management of users, devices and applications ●● Black listing given devices when lost and managing their

provisioning, preventing access to given users when role changed or managing multiple versions of the same application

●● Remotely disabling applications by version and mobile-operating-system type

●● Management of notification messages on application startup when installation of new application version is requested

●● Control and monitor push-notification services, event sources and related applications.

●● Troubleshooting and problem determination with server-initiated client log collection for given devices, apps and users

Automated collection of user-adoption, device and app properties, user actions and back-end calls, JSONStore and back-end system calls performance, usage information, exceptions, crashes, logs and response time, with customizable dashboards for auditing and reporting purposes. All collected data can be easily exported for further analysis by external business intelligence tools.

19


Ready-to-use analytics helps address the following:

e rojects

with

oring of

ove her

s the lications

The MobileFirst Console can administer several runtimenvironments from several independent MobileFirst pdeployed to the same application server or cluster.

The MobileFirst Console includes role-based security different built-in profiles:

●● Monitor. This role includes read-only profile monitMobileFirst-deployed artifacts.

●● Operator. With this feature, you cannot add or remapplications and adapters but you can conduct all otmanagement operations

●● Deployer. This role includes the same capabilities aoperator role but also the capability of deploying appand adapters.

●● Administrator. This role includes all administrationoperations.

Operational analytics for usage insightsThe MobileFirst Platform provides an advanced operational analytics platform to automatically assemble and analyze user-adoption, device and app properties, user actions and back-end calls, JSONStore and back-end calls performance, usage information, exceptions, crashes, logs and response time. Search across logs and events collected from devices, apps and servers enable patterns and problems and platform-usage insights.

The following sources are combined into the analytics repository:

●● Interactions of any app-to-server activity; anything that is supported by the MobileFirst Platform client/server protocol, including push notification

●● Client-side logs and crashes●● Server-side logs that are captured in traditional MobileFirst

Platform log files

The IBM MobileFirst Server for analytics is provided as a WAR file for standard install and administration.

Using the MobileFirst Platform approach, developers can instrument mobile apps using the provided library for more efficient collection and streaming of information. Business leaders who optionally upgrade to the IBM Tealeaf® CX mobile platform can gain additional insight into mobile user-experience analytics. This insight includes session replays, device orientation, screen size and touch-screen interactions, to understand the behavior of mobile users for web and native applications. These insights empower organizational teams to diagnose and resolve customer struggles that can be difficult to identify and that inhibit application usability and effectiveness.

For more informationTo learn more about the IBM MobileFirst Platform, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/mobilefirst

Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing

http://www.ibm.com/software/products/en/ibm-worklight-platform

http://www.ibm.com/financing

© Copyright IBM Corporation 2014

IBM Corporation Software Group Route 100 Somers, NY 10589

Produced in the United States of America November 2014

IBM, the IBM logo, ibm.com, Cast Iron, DataPower, Jazz, Rational, Tealeaf, and Trusteer are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml

Fiberlink, MaaS360 are trademarks or registered trademarks of Fiberlink Communications Corporation, an IBM Company. Microsoft, Windows and Windows NT are trademarks of Microsoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

This document is current as of the initial date of publication and may be changed by IBM at any time.

It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs.

THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.

1The Upwardly Mobile Enterprise, IBM Institute for Business Value, October 2013

WSW14181-USEN-09

Please Recycle

http://www.ibm.com/legal/copytrade.shtml

Documents

MFP Whitepaper