RSS

Category Archives: Definitions

Understanding Mobile Device Enrollment

05 Nov

They say there are only two hard problems in computer science:

  1. Naming things
  2. Invalidating cache contents
  3. Off-by-one errors

I was reminded of the first problem as my company recently struggled to communicate clearly among ourselves and with vendors about the types of device enrollment in Mobile Device Management (MDM) systems.

I couldn’t find any industry-standard terms that applied here. If I’m wrong, I’d be happy to hear about it. If I’m right, maybe others will find the following names and definitions useful.

Enrollment Classes 

For enterprises, Apple Business Manager, Android Zero Touch Enrollment, and Samsung Knox are reliable, large-scale methods of enrolling devices in MDM management.  However, only authorized resellers can add devices to those systems.  A business buying a fleet of phones from a carrier or major retailer can rely on the reseller setting their phone up for easy management.   

However, an MVNO or other service provider cannot always establish the “chain of custody” necessary to prove ownership and get devices into those systems.  There are other methods, but they have limitations. Apple and Google have different procedures and names for their device enrollment processes. Platform-agnostic terminology can make it easier to talk about the end state of an enrolled device regardless of platform. Toward that end, we defined three classes of enrollment. 

  • Class A enrollment is the most secure and permanent. The MDM has nearly complete control of the device and after a factory reset the device will be automatically reenrolled in the MDM which can reestablish control. 
  • Class B enrollment is nearly as good.  The MDM has nearly complete control of the device, but a factory reset will disconnect the device from the MDM and require manual intervention to reenroll the device. 
  • Class C enrollment is useful but fairly weak. The MDM can control and monitor some aspects of the device, but the device holder has the ability to bypass the MDM controls and make changes that put the device or its user at risk. 

Class A 

Class A enrollment requires a device to be added to a zero-touch enrollment platform: Apple Business Manager (for iOS), Knox Mobile Enrollment (for Samsung), or Zero-Touch Enrollment (for Android, including Samsung). 

The zero-touch enrollment platforms are best suited for organizations managing large fleets of devices.  While some exceptions can be managed with effort, the usual path is that the organization buys devices from an “authorized reseller” who adds the devices to the platform for the organization. 

  • Advantages: Class A is sticky (even a factory reset doesn’t remove the device from the MDM) and easy (the devices are put in the portal by the reseller, and the organization doesn’t have to do anything to enroll them). 
  • Disadvantage: Class A is very difficult to add to existing devices. 

Class B 

Class B enrollment can be done to existing devices without concern for the zero-touch enrollment platforms. 

This is useful for organizations trying to onboard existing devices while maintaining tight control.  A Class B enrollment leaves the device “owned” by the MDM so it can enforce always-on VPN and other privileged policies. 

  • Advantages: Class B does not require the devices to be in a zero-touch enrollment platform, and it allows privileged policies to be enforced. 
  • Disadvantages: Class B requires touching every device, requires the device to be factory reset (“wiped”), and the device does not automatically reenroll after another factory reset. 

Class C 

Class C enrollment can be done to existing devices without the need to factory reset them. 

This can be useful for adding management to deployed devices.  However, because the device is not “owned” by the MDM, privileged policies like always-on VPN cannot be enforced. 

  • Advantage: Class C does not require a factory reset. 
  • Disadvantage: Class C does not prevent the user from disabling important policies like always-on VPN, or even from uninstalling the MDM client.  
 
Leave a comment

Posted by on November 5, 2025 in Definitions

 

Tags:

What is a Professional Software Engineer?

06 Oct

A software engineer works with software systems of significant scope or importance and a professional engineer works in areas that may affect public welfare, so a professional software engineer must work with software systems that may affect public welfare. Some examples of such systems include:

  • Banking (e.g., ATMs, point of sale systems, electronic transfers, online banking)
  • Infrastructure (e.g., the electric grid, railroad switches, traffic lights)
  • Medical devices (e.g., pacemakers, insulin pumps)
  • Home automation (e.g., smart thermostats, nanny cams)
  • Automobiles (a typical modern car has 10 computers)
  • Industrial automation and process control (mechanical assembly, food or chemical production, or even power generation)

A structural engineer evaluating the plans for a bridge uses material science to determine if there is enough steel and concrete to support the weight of the vehicles that are expected to pass over the bridge. A civil engineer can calculate whether a theatre has enough emergency exits for all the patrons. So, what does a software engineer look for in assessing the safety of software or a software-enabled device?

Critical software should be designed not just thrown together. You may put together a quick spreadsheet to determine if you can afford a kitchen renovation, but the firmware in your gas stove requires more care. A design should guide the implementation and accurately describe the system after it is built. Often this design explicitly states what the system cannot — or is not designed to — do and these constraints and exclusions are important. The directions for your coffeemaker likely say “for residential use only” or some similar admonition because it is not designed to be safe and reliable when used to make pot after pot of coffee in a restaurant.

It is important to use appropriate components to build the software. You wouldn’t build a bridge out of modeling clay and you shouldn’t build critical software with a weak language or function library.

Software code is a written creative work and it needs to be reviewed. This is very much like the process of editing books or magazine articles. It’s foolish to think that an author can produce a flawless work of prose or that a programmer can produce a flawless program. Even a single review is often insufficient to catch all errors so the level of scrutiny needs to be appropriate to the application. You won’t hire a technical editor for your text messages but you might have several people look over your PhD thesis.

Software that we rely on needs to be tested by a testing specialist. It is insufficient for the programmer to run through some use cases that he or she thinks represent typical scenarios. The aforementioned coffeemaker most likely has a UL label indicating that the design has been tested extensively to make sure it is safe for residential use. Similarly, software can be professionally and independently tested. Whether that testing is by a separate test group in the programmer’s company or by an outside lab will vary based on the safety requirements.

In many states, automobiles have to undergo periodic safety inspections. A car won’t run forever. Brakes and headlights and other critical parts age and your car needs maintenance to remain safe. The inspection, in part, ensures that such maintenance is not neglected. Software, too, can age. Heartbleed and other high-profile security problems are just one of the things to be concerned with. Software that is not maintained, that does not have a group or company standing behind it, is potentially dangerous. This support needn’t come from the original manufacturer — there are lots of historic cars still on the road, lovingly maintained by their owners — but it must exist.

A professional software engineer can and should assess the safety and reliability of software based on whether the system is well designed, well built, has been reviewed and tested, and is supported. Experience and judgement allow him or her to determine how much of each of these applies in each case.

 
Leave a comment

Posted by on October 6, 2015 in Definitions

 

Tags:

What is a Software Engineer?

25 Jan

Have you ever programmed your DVR to record your favorite show? Congratulations, you’re a programmer! But you are likely not skimming the classifieds looking for a job that requires familiarity with Java, Python, or Ruby on Rails.

If you are an accountant by vocation, you may have written a spreadsheet macro or two to make your job easier by automating some repetitive task. Again, that’s programming, but you wouldn’t consider yourself a computer programmer.

A computer programmer (or software developer) makes a living writing programs — programs that are the difference between computers (or devices with embedded computers like cars, DVRs, and pacemakers) and simple mechanical things like toasters or eyeglasses. A programmer often has fairly narrow, well-defined responsibilities. He or she may follow designs or specifications created by someone else to create a program for one specific purpose.

On the other hand, a software engineer has somewhat broader responsibilities, such as creating those specifications with consideration for how the program will interact with other programs or with users. The difference is very much like the difference between a bookkeeper and an accountant. IBM wouldn’t have a bookkeeper set up its chart of accounts and neither would you task a programmer with designing a large software system.

Admittedly, there is a fuzzy continuum involving software development and software engineering. And it isn’t always clear based on a field of study that someone will make a good software engineer. One of the best software engineers I’ve ever had the pleasure to work with was a civil engineer by education, but he brought engineering discipline to writing code for control systems and it was a beautiful thing to behold. Other software engineers I’ve worked with have had degrees in computer science, electrical engineering, and even social work. (Well, maybe that last guy wasn’t such a great engineer.) Software engineering is part talent (perhaps even art) but it requires discipline and intelligence, too.

Many programmers produce fine work for many applications of limited scope. But a software system that your business relies on should be designed — should be engineered — and a software engineer is the person for the job.

 
1 Comment

Posted by on January 25, 2015 in Definitions

 

What is a Professional Engineer?

07 Jan

Railroad buffs would say an “engineer” is the guy running the train, but most people would think it is someone who designs complex, useful things like bridges, cars, appliances, and computers. And they’d be right. Merriam-Webster says an engineer is:

a person who has scientific training and who designs and builds complicated products, machines, systems, or structures : a person who specializes in a branch of engineering

But what is a professional engineer? A Professional Engineer (or PE) — like a nurse, medical doctor, architect or CPA — holds a license that signifies a demonstrated level of education and professional knowledge in his or her area of practice.

Wikipedia notes:

Regulation and licensure in engineering is established by various jurisdictions of the world to encourage public welfare, safety, well-being and other interests of the general public, and to define the licensure process through which an engineer becomes authorized to practice engineering and/or provide engineering professional services to the public.

Specific to the United States, NCEES says:

Professional licensure protects the public by enforcing standards that restrict practice to qualified individuals who have met specific qualifications in education, work experience, and exams.

The exams are standardized but other requirements vary by state. Generally, becoming a Professional Engineer involves:

  1. Receiving a degree from an accredited school
  2. Passing the general Fundamentals of Engineering exam
  3. Accumulating relevant work experience
  4. Passing the Principles and Practice of Engineering exam in your discipline

PE exams exist for many disciplines including civil, electrical, mechanical, nuclear, and structural engineering, and many others. The common theme being that work in all these areas has the potential to affect the public welfare. (Note that some states issue discipline-specific licenses and others issue general Professional Engineer licenses, relying on the ethics of the PE to not practice outside his or her area of expertise.)

So, when you drive over a bridge or ride in an elevator or have an MRI, thank a Professional Engineer for making your experience uneventful and safe.

 
1 Comment

Posted by on January 7, 2015 in Definitions

 

Tags: ,