Introduction to Harmony Mobile Connector

Harmony Mobile Connector (previously known as SandBlast Mobile Connector) is a web-based application that integrates your Harmony Mobile dashboard and your on-premises Unified Endpoint Management (UEM) solution.

To secure the user Personally Identifiable Information (PII) within your organization’s environment, the Connector populates the Harmony Mobile dashboard with encrypted hash values instead of plain text for the device / user name, user email address, and device phone number.

This document describes how to install the Harmony Mobile Connector and provides the configuration instructions for different deployment scenarios.

Solution Architecture

 

Component

Description

1

Harmony Mobile Protect App

  • The Harmony Mobile Protect App is a lightweight app for iOS® and Android™ that gathers data and helps analyze threats to devices in an Enterprise environment. It monitors operating systems and information about apps and network connections and provides data to the solution, which it uses to identify suspicious or malicious behavior.

  • To protect user privacy, the App examines critical risk indicators found in the anonymized data it collects.

  • The App performs some analysis on the device while resource-intensive analysis is performed in the cloud. This approach minimizes impact on device performance and battery life without changing the end-user experience.

  • No Personal Information is processed by or stored in the App.

2

Harmony Mobile Connector

  • Harmony Mobile Connector is a proxy application that resides within the organization’s data center that provides an integration interface between your Harmony Mobile dashboard and your on-prem services. Supported on-prem services are UEM and SMTP.

3

UEM

  • Unified Endpoint Management

  • Device Management and Policy Enforcement System (generalized term to replace MDM/EMM).

4

Harmony Mobile Gateway

 

  • The cloud-based Check Point Harmony Mobile Gateway is a multi-tenant architecture to which mobile devices are registered.

  • The Gateway handles all solution communications with enrolled mobile devices and with the customer’s (organization’s) dashboard instance.

  • No Personal Information is processed by or stored in the Gateway.

5

Management Dashboard

 

 

 

 

 

  • The cloud-based web-GUI Check Point Harmony Mobile Management dashboard enables administration, provisioning, and monitoring of devices and policies and is configured as a per-customer instance.

  • The dashboard can be integrated with an existing UEM solution for automated policy enforcement on devices at risk.

  • When using this integration, the UEM serves as a repository with which the dashboard syncs enrolled devices and identities.

  • Personal Information1, such as user name, email address, and phone number, is processed by and may be stored in the dashboard.

6

Behavioral Risk Engine

  • The cloud-based Check Point Harmony Mobile Behavioral Risk Engine uses data it receives from the App about network, configuration, and operating system integrity data, and information about installed apps to perform in-depth mobile threat analysis.

  • The Engine uses this data to detect and analyze suspicious activity, and produces a risk score based on the threat type and severity.

  • The risk score determines if and what automatic mitigation action is needed to keep a device and its data protected.

  • No Personal Information1 is processed by or stored in the Engine.

7

ThreatCloud

  • ThreatCloud powers the Anti-Phishing, Safe Browsing, and URL Filtering technologies for Harmony Mobile.