MobileIron Core

Basic Information

Ivanti MobileIron Core, also known as Ivanti Endpoint Manager Mobile (EPMM), is a mobile management software engine providing Unified Endpoint Management (UEM) capabilities.

• Model: MobileIron Core (now Ivanti Endpoint Manager Mobile)
• Version: Versions are released periodically. Ivanti EPMM 11.12.0.0 was updated in November 2023.
• Release Date: Varies by version. Major updates occur regularly.
• Minimum Requirements:
  • **Virtual Machine (VMware ESXi 6.5, 6.7, 7.0; Hyper-V Server 2008-2016; KVM):**
  • CPU: Quad-core CPU, 2 GHz clock rate (minimum for host machine).
  • RAM: 16 GB (minimum for host machine), 8 GB guest memory for KVM.
  • Storage: Minimum 80 GB hard drive, with recommendations for high-performance tier I storage. Ivanti recommends configuring only one hard drive on the virtual machine.
  • VM OS Type: CentOS 7.4 (64-bit) for VMware. Ubuntu Server version 14.4 for KVM.
• Supported Operative Systems (for managed devices): Android, iOS, macOS, tvOS, and Windows.
• Latest Stable Version: Ivanti EPMM 11.12.0.0 (updated November 2023).
• End of Support Date: Varies by product version and component. For example, support for Android 8.x and below ends January 1, 2025. MobileIron Apps@Work for Windows reached end of support in December 2023.
• End of Life Date: Varies by product version and component. MobileIron Apps@Work for Windows reached end of life in July 2024.
• Auto-update Expiration Date: Not applicable to the software itself. Core offers automatic updates for device OS and platform support.
• License Type: Typically enterprise licensing, requiring an End-User Licensing Agreement.
• Deployment Model: On-premises as a virtual appliance (VMware, Hyper-V, KVM) or physical appliance. Supports integrated deployment for Android enterprise (GMS/Non-GMS) and MAM-only deployments.

Technical Requirements

Ivanti MobileIron Core operates as a virtual or physical appliance, with technical requirements primarily focused on the hosting environment.

• RAM: Minimum 16 GB for the host machine, with 8 GB guest memory for KVM deployments.
• Processor: Minimum quad-core CPU with a 2 GHz clock rate for the host machine.
• Storage: Minimum 80 GB hard drive for the virtual machine, with a strong recommendation for high-performance tier I storage. Ivanti advises configuring only one hard drive on the virtual machine.
• Display: Not directly applicable as Core is a server-side application managed via web interface.
• Ports:
  • 443 (HTTPS) for client communication and Admin Portal access.
  • 8443 for System Manager access.
  • 9997 for Mobile@Work for iOS/Android TLS handshake.
• Operating System:
  • VMware ESXi 6.5, 6.7, 7.0 (64-bit VM running CentOS 7.4 64-bit).
  • Microsoft Hyper-V Server 2008, 2008 R2, 2012, 2012 R2, 2016.
  • KVM (QEMU emulator version 2.0.0, Virtual Machine Manager version 0.9.5, running Ubuntu Server 14.4).

Analysis of Technical Requirements

The technical requirements for Ivanti MobileIron Core emphasize a robust virtualized environment, reflecting its role as a critical enterprise infrastructure component. Performance is directly tied to the underlying hardware's disk and CPU capabilities. The software itself does not have direct display or peripheral requirements, as management is web-based. Scalability is achieved by allocating more resources to the virtual machine or deploying additional instances, depending on the number of managed devices and usage patterns.

Support & Compatibility

Ivanti MobileIron Core offers broad compatibility across various mobile operating systems and integrates with numerous enterprise services.

• Latest Version: Ivanti EPMM 11.12.0.0.
• OS Support (for managed devices):
  • Android (minimum Android 9.0 from January 1, 2025).
  • iOS and iPadOS (versions 12-14 supported, 11 compatible).
  • macOS.
  • Windows (Windows 10 Pro/Enterprise versions 1703-2004, Windows 11, Windows HoloLens 1701, 1803).
  • tvOS.
• End of Support Date: Support dates are specific to each version of Core and its managed operating systems and components. For example, Android 8.x support ends January 1, 2025. MobileIron Apps@Work for Windows reached end of support in December 2023.
• Localization: Core supports numerous languages for messages sent to devices and client apps, including Chinese (Simplified/Traditional), Dutch, English, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazilian), Romanian, Russian, Slovak, and Spanish (Latin American).
• Available Drivers: Not applicable to the Core software itself. Core manages devices that utilize their own respective drivers.

Analysis of Overall Support & Compatibility Status

Ivanti MobileIron Core demonstrates strong compatibility with a wide array of mobile and desktop operating systems, which is crucial for a UEM solution. Regular updates ensure support for newer OS versions and features. However, users must actively monitor end-of-support and end-of-life announcements for specific OS versions and client applications to maintain full support and security. The extensive localization options enhance its usability in diverse global environments. The platform's ability to automatically update device and platform support without requiring a Core upgrade is a significant benefit.

Security Status

Ivanti MobileIron Core incorporates various security features but has also faced critical vulnerabilities.

• Security Features:
  • Mutual authentication (device and Core trust each other using certificates).
  • Certificate-based authentication for devices and portals (Admin, Self-Service User, System Manager).
  • MobileIron Threat Defense for protecting managed devices from mobile threats.
  • Support for stronger SSH algorithms.
  • Integration with Microsoft Intune for device compliance.
  • Ability to act as a local, intermediate, or proxy Certificate Authority.
  • Enforcement of device encryption and SD card encryption for Common Criteria mode.
• Known Vulnerabilities:
  • CVE-2023-25690: HTTP Request Smuggling in Apache httpd, affecting Core versions built before April 2023.
  • CVE-2023-35078: Critical authentication bypass, allowing unauthorized access and PII exposure.
  • CVE-2023-35081: Path traversal with privilege escalation and arbitrary file write.
  • CVE-2023-35082: Authentication bypass, allowing unauthorized remote access to PII and limited server changes. This impacts all versions of EPMM 11.10, 11.9, 11.8 and MobileIron Core 11.7 and below.
  • CVE-2025-4427 and CVE-2025-4428: Chained zero-day vulnerabilities enabling unauthenticated remote code execution, actively exploited in the wild (affecting on-premises EPMM deployments).
• Blacklist Status: Not applicable as a feature of Core itself. Core can enforce compliance policies that may blacklist non-compliant devices.
• Certifications: Ivanti Endpoint Manager Mobile Certification for administrators. Supports Common Criteria mode for Android devices.
• Encryption Support: TLS/SSL for secure communication (Portal HTTPS, Client TLS, iOS Enrollment certificates). Supports certificate-based authentication (EAP-TLS). Enforces device and SD card encryption.
• Authentication Methods:
  • Username and password (local users, default).
  • Certificate-based authentication (smart card, mutual authentication).
  • Kerberos Constrained Delegation and Kerberos Single Sign-On.
• General Recommendations: Ivanti strongly recommends upgrading to supported versions and applying RPM scripts or patches to address known vulnerabilities. Implementing mutual authentication and certificate-based authentication is advised for enhanced security.

Analysis on the Overall Security Rating

Ivanti MobileIron Core offers a comprehensive suite of security features essential for UEM, including robust authentication mechanisms and threat defense capabilities. However, the platform has recently been subject to several critical and actively exploited zero-day vulnerabilities (CVE-2023-35078, CVE-2023-35081, CVE-2023-35082, CVE-2025-4427, CVE-2025-4428). These vulnerabilities pose significant risks, including unauthorized access, data exposure, and remote code execution. This history necessitates a proactive and vigilant approach to patching, configuration, and monitoring by administrators. While the security features are strong in principle, the frequent discovery of critical flaws indicates a need for continuous security hardening and rapid response to vendor advisories. The overall security rating is highly dependent on the timely application of updates and adherence to best practices.

Performance & Benchmarks

Specific benchmark scores and real-world performance metrics for Ivanti MobileIron Core software are not typically published as standalone figures, as performance is highly dependent on the deployment environment and scale.

• Benchmark Scores: Not directly available for the software itself. Performance is measured by the underlying virtual or physical hardware.
• Real-world Performance Metrics: Performance scales with the allocated resources (CPU, RAM, high-performance storage) of the virtual or physical appliance and the number of managed devices.
• Power Consumption: Not applicable to the software. Power consumption is determined by the physical server hardware hosting the virtual appliance.
• Carbon Footprint: Not applicable to the software. The carbon footprint is determined by the physical server infrastructure.
• Comparison with Similar Assets: Ivanti MobileIron Core functions as a Unified Endpoint Management (UEM) solution, competing with other MDM/MAM/UEM platforms. Its performance is generally evaluated in terms of its ability to efficiently manage a large fleet of diverse devices, distribute applications, enforce policies, and secure corporate data without significant latency or resource bottlenecks on the managed endpoints or the Core server.

Analysis of the Overall Performance Status

The performance of Ivanti MobileIron Core is inherently tied to the specifications and optimization of its hosting environment. As a server-side application, its efficiency in managing mobile devices, applications, and content relies on adequate CPU, RAM, and, crucially, high-performance storage. Organizations deploying Core must provision sufficient resources to handle their specific scale and workload to ensure optimal responsiveness and reliability. While direct benchmarks are not provided for the software, its design as a UEM solution implies a focus on scalability and efficient resource utilization to support diverse enterprise mobility needs.

User Reviews & Feedback

User reviews and feedback for Ivanti MobileIron Core (now Ivanti Endpoint Manager Mobile) generally highlight its comprehensive capabilities as a UEM solution, while also pointing to areas for improvement, particularly concerning security updates and complexity.

• Strengths:
  • Comprehensive Unified Endpoint Management (UEM) features, including Mobile Device Management (MDM), Mobile Application Management (MAM), and Mobile Content Management (MCM).
  • Broad support for various operating systems (Android, iOS, macOS, Windows).
  • Robust security framework with mutual authentication and certificate management.
  • Ability to enforce granular security policies and device compliance.
  • Flexibility in deployment models (virtual appliance, on-premises).
• Weaknesses:
  • Recent history of critical vulnerabilities requiring urgent patching and updates.
  • Complexity in configuration and management, often requiring specialized training or professional services.
  • Potential for service disruption during necessary updates or patching processes.
  • Specific end-of-support dates for older OS versions or components can necessitate frequent upgrades of managed devices.
• Recommended Use Cases:
  • Organizations requiring centralized management and security for a diverse fleet of mobile devices, applications, and corporate data.
  • Enterprises needing to enforce strict compliance policies and secure access to internal resources.
  • Environments that benefit from robust authentication methods, including certificate-based and Kerberos authentication.
  • Companies with on-premises infrastructure preferences for their UEM solution.

Summary

Ivanti MobileIron Core, rebranded as Ivanti Endpoint Manager Mobile (EPMM), stands as a comprehensive Unified Endpoint Management (UEM) solution designed for secure management of mobile devices, applications, and content across diverse operating systems including Android, iOS, macOS, and Windows. Its strengths lie in its extensive feature set, offering robust MDM, MAM, and MCM capabilities, coupled with advanced security features like mutual certificate-based authentication, MobileIron Threat Defense, and integration with compliance tools. The platform supports various on-premises deployment models, primarily as a virtual appliance, with scalable technical requirements for RAM, CPU, and high-performance storage.

However, the asset has faced significant challenges, particularly concerning a series of critical and actively exploited vulnerabilities (e.g., CVE-2023-35078, CVE-2023-35081, CVE-2023-35082, CVE-2025-4427, CVE-2025-4428) that necessitate immediate attention through upgrades and patches. This highlights a key weakness: the imperative for vigilant security management and timely updates to mitigate substantial risks of unauthorized access and remote code execution. The complexity of its configuration and the need for continuous monitoring of end-of-support dates for various components and managed OS versions also present operational challenges.

Overall, Ivanti MobileIron Core is a powerful UEM tool for organizations prioritizing on-premises control and comprehensive endpoint management. Its effectiveness is heavily contingent on proactive security patching, adherence to vendor recommendations, and adequate resource allocation for its hosting environment. Organizations should carefully weigh its extensive features against the operational overhead of maintaining its security posture in light of recent vulnerability disclosures.

Note: The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.