The do-it-yourself approach to MDM

Open-source software has long been a part of every enterprise toolbox — and that includes managing mobile devices. Whether IT wants to go all in on open-source tools or integrate those tools  with commercial offerings, it’s possible to develop a do-it-yourself approach to mobile device management (MDM).

Given the impact of Broadcom’s acquisition of VMWare — and the shift of all its product lines to a subscription-only payment model — the DIY model is now particularly attractive. Not only can IT admins cut costs, particularly recurring costs, but they can avoid vendor lock-in and ever escalating expenses.

If you’re a VMWare customer facing the prospect of migrating your mobile management environment wholesale to something different, why not consider open-source tools as well as commercial and managed service provider alternatives?

Even if you’re not directly affected by VMWare’s pricing shift, there’s always the possibility other vendors could put your company in a similar situation. While that’s always been a potential issue, the shift to public cloud options for almost everything over the past decade has certainly ramped up IT cost worries.

Think about it: when was the last time it seemed feasible to run anything on premise?

Can you do MDM yourself?

The most important question about DIY MDM is whether it’s even feasible. The answer for most companies: a qualified yes. There are several solid, full-featured open-source options available — most are roll-it-out-yourself solutions, though some come with commercial add-ons, including support for managed service contracts.

Like most commercial MDM solutions, many of these are designed to manage Apple devices, though most support non-Apple hardware, too. Some are even designed specifically for companies with completely (or mostly) Android device fleets.

Companies in regulated industries, of course, face additional hurdles, because they not only require security and auditing functions — they also need to be able demonstrate them. In situations where there are specialized requirements, it might be easier and cost effective to manage devices with a commercial product.

It’s also important to make sure there’s a migration path to open-source options. One of the advantages of going with a commercial replacement is that you have access to engineers who can ensure the migration goes smoothly and either do some of the work for you or refer you to an MSP.

When you migrate to an open-source MDM option, you’re taking on more of that responsibility yourself (though there are still contractors MSPs that can help). Defining the path, however, is very much on IT decision makers and the tech team.

If that sounds daunting, this may not be the path for you.

The added workload goes beyond just an initial implementation; you’ll also be taking on more service and support in-house, including on- going maintenance to keep everything running and end user support. That means more costs. And if you find there’s one little issue that’s driving one of your admins — or the help desk — crazy because they can’t quite figure it out, you’ll have to rely on the open-source community to help figure out what’s going on.

Simply calling a vendor and asking them to take a look might not be in the cards. So while you’re saving money in the form of licensing and service fees, you’re spending time and energy that might end up costing you more than those fees — and those costs might be more difficult to quantify and predict.

Platforms and integration

If you’re comfortable taking on extra responsibilities and costs, the next big question is whether you can get the right tool — or more often, many tools — you need. This is where you need a detailed understanding of the mobile platforms you have to manage and every platform that needs to integrate with them for everything to work.

MDM isn’t an island. It integrates with a sometimes staggering number of enterprise components. Some, like identity management, are obvious; others like log management or incident response are less obvious when you think about successful mobility management.

Then there are the external platforms that need connections. Think identity management — Entra, Workspace, Okta — and  things like Apple Business Manager that you need to work well in both every day and unusual situations. Then tack on the network, security, auditing, load balancing, inventory, the help desk and various other services. You’re going to need something to connect with everything you already have, or you could find yourself saddled with multiple migrations.

You should also take into account the management and administration experience that’s required to be sure you’re not generating added work for those teams on a daily basis.

What, beyond Apple devices, do you need to manage?

The broadest use of MDM tools has always been to secure and manage Apple devices. iOS is the clear dominant platform for business, but it isn’t the only one. Android, ChromeOS, Windows and even Linux can be managed through MDM tools. Even wearable, appliance, and IoT platforms are becoming managed parts of the enterprise whole. Which ones do you need to support?

While not everything has to be managed — and not everything needs to be managed by the same tools — there are obvious advantages in working from a single or small number of interfaces.

Most commercial MDM vendors tend to be Apple-centric. (Some, like JAMF and Kandji, are Apple-only.) Open source might be appealing because it isn’t Apple focused. In fact, some of the biggest uses for open source MDM involves organizations that don’t have an Apple presence and need MDM to manage just Android devices.

Whether it’s because you need to manage something beyond iOS and macOS or because you don’t handle Apple products at all, clearly understanding what you manage is crucial if you build mobility support on open-source tools.

Working it out (or not)

I’ve recently been in touch with two organizations attempting to move to a collection of open-source tools, including MDM. Both experienced more challenges than anticipated, with support for IT staff being the biggest, followed by migration roadblocks. One decided the costs in terms of time, energy and disgruntled execs was too much. The other, a college, considers its deployment an “ongoing experiment,” though their CIO feels like they’ve made it over the hump, mostly thanks to the help of students that became part of the process.

This speaks to the fact that an entire team may be needed to overcome unexpected challenges and get everything up and running. This was a theme among those that I spoke with: there is a lot of up-front work (as with any migration), particularly in the planning and testing stages. And everyone I spoke to said that led to a longer and deeper testing process than might be needed for commercial software.

Who’s doing DIY MDM now?

I’ve noticed some common threads among the organizations taking this DIY journey. The majority were mid-size operations, colleges seem particularly enthusiastic about the idea, and younger IT teams seemed more willing to get into the weeds and comfortable with the inherent responsibility of doing so.

Those that went all-in on DIY had thing in common — they were growing from small to mid-size.

This doesn’t come as a big surprise. I’ve found that when small organizations with just handful of IT staffers — all doing a bit of everything — grow to become something larger with more defined roles, they often re-think how their team will work. They usually consider what they will need during and after that period of growth. And they’re more thoughtful about the tools they want to use as a foundation going forward.

Some options spelled out

There are several options in the open-source MDM and enterprise mobility space (and some have commercial options, too).

  1. Miradore
  2. MicroMDM
  3. nanoMDM
  4. Fleet
  5. Headwind
  6. OneMDM

If you need more help figuring out your migration, check out: 7 questions to ask when considering a new MDM. (These apply to both open source and commercial options.)

Copyright © 2024 IDG Communications, Inc.


This website uses cookies. By continuing to use this site, you accept our use of cookies.