SAP Afaria

SAP Afaria is a mobile device management software product. It helps large organizations connect mobile devices such as smartphones and tablet computers to the company network, and to simplify the information technology (IT) tasks associated with buying, deploying, securing and maintaining such devices.

History
XcelleNet originally developed the product that would eventually become Afaria, releasing the first version, called SessionXpress, in 1997. It was the first product of the company’s Net-Essentials product suite, and allowed system administrators to remotely manage client systems, including disks, files and sessions. XcelleNet renamed the product to RemoteWare Express later that same year (1997), to CONNECT:Manage in 1999, and finally to Afaria in 2000.

Sterling Commerce acquired XcelleNet in 1998, renaming the software CONNECT:Manage (and the group Sterling Commerce Managed Systems Division), but then divested itself a year later. XcelleNet, Inc. became an independent, privately held company in February 2000, and released version 3.5 of the product in May 2000, as Afaria for Handhelds, and version 4.0 in June 2000 as Afaria.

Network Computing magazine awarded its Editors Choice award to Afaria version 3.4 in July 2000, and version 4.51 in February 2002.

Sybase acquired XcelleNet in 2004. In 2012, Sybase Afaria became SAP Afaria, following the acquisition of Sybase by SAP.

Market intelligence firm International Data Corporation (IDC) first recognized Afaria as the leader in mobile device management in June 2001, and has continued to do so every year since, through 2011. In 2011, Gartner identified Afaria as one of the top mobile device management platforms in the first Gartner Magic Quadrant report on the mobile device management market. In the Gartner Quadrant for MDM of June 2014 SAP Afaria is in the Challengers Quadrant.
 * Version 7.0 SP7: Released October 2015 (as SAP Afaria SP7)
 * Version 7.0 SP6: Released September 2015 (as SAP Afaria SP6)
 * Version 7.0 SP5: Released August 2014 (as SAP Afaria SP5)
 * Version 7.0 SP4: Released December 2013 (as SAP Afaria SP4)
 * Version 7.0 SP2: Released December 2012 (as SAP Afaria SP2)
 * Version 7.0: Released April 2012 (as SAP Afaria)
 * Version 6.6: Released September 2010
 * Version 6.5: Released November 2009
 * Version 6.0: Released December 2008
 * Version 5.0: Released November 2003
 * Version 4.0: Released June 2000 (as Afaria)
 * Version 3.5: Released May 2000 (as Afaria for Handhelds)
 * Version 3.0: Released October 1999
 * Version 2.0: Released February 1999 (as CONNECT:Manage)
 * Version 1.2: Released October 1997 (as RemoteWare Express)
 * Version 1.0: Released February 1997 (as SessionXpress)

Design features
SAP Afaria uses a session-based approach when it communicates with mobile devices in the field. This allows it to circumvent issues related to intermittent connections caused by roaming devices that might lose their network connectivity during a data transmission in progress.

SAP Afaria organizes its tasks into worklists and sendlists. These are called channels. When a device, or "client," connects to the server (called a transmitter), the channels execute their tasks. Administrators manipulate the tasks in the channels using a graphical interface with a tree structure.

To download the device component of the software (called provisioning), an organization’s IT department sends an SMS or SMTP email to each device with a link to the Afaria server. End users (or IT) can click the link to start the download. Or users download the client from an online distribution platform and enter a short code that enrolls the device and applies policies.

Usage
Companies commonly use SAP Afaria to manage a large number of company-owned or employee-owned mobile devices that employees use for work. Due to the increasing popularity of smartphones and other mobile devices in the general population, many people now bring their own devices (BYOD) to work. Companies are finding that they must support the use of employees' personal mobile devices in conjunction with corporate email and other applications. An organization that does so benefits from the increased engagement and productivity of its workforce, as employees are able to more easily respond to work tasks when they’re away from the office.

Mobile network operators and service providers are two other types of companies that frequently employ mobile device management software such as SAP Afaria.

Security
Several security issues in SAP Afaria were identified. While the total number of those vulnerabilities is relatively small, most of them critical and can be used to access the system.

According to security researcher Dmitry Chastukhin, one of the vulnerabilities allowed attackers to take control of all mobile devices connected to it with by mimic a command sent from the server to a mobile client. This command is sent in the form of an SMS message, signed by a SHA256 hash.