Cortado Corporate Server 7.2 review

Mobile Device Management on your own server, focused on Apple and Samsung hardware

User space

Cortado meshes seamlessly with your Microsoft Exchange and Active Directory servers, so the easiest way to add users is to import them from Active Directory. You can also import users from an associated Blackberry Enterprise Server or individually create single users.

Once you've configured a user's settings to your satisfaction, you can copy them to other users or, better still, define Group Templates - settings that can be rolled out to entire groups of users at once. This is both Cortado's recommended method and the most practical way of assigning settings and policies to various user groups.

You can manually add devices at this stage, which can be helpful if you're commissioning a fleet of corporate phones or, if users are to add their own devices, select some users and click Send E-mail. Instructions for enrolling their device will be sent to them, and they can take it from there.

The MDM controls for Android are disappointing, with users getting little more more control compared to an Exchange server.

Android users, except those with Samsung devices, will first have to manually add the Cortado server's address to the Microsoft Exchange and ActiveSync account on their phone. If they don't currently have Exchange connected to their phone, they'll need to add it. The email supplies the required address and all other settings are standard.

With that done, users can connect to the User Self-Service Portal via the supplied URL, where they can download the Cortado app and certificate, giving them access to your business's shared files and storage. The portal could do with more built-in documentation to help standard Android users get up and running, and the supplied 26-page user guide didn't always match up with what we were seeing on-screen. Cortado assures us that it's in the process of being improved, but currently less-technical Android users in particular may find themselves lost during configuration.

The same portal provides users with access to apps you've rolled out across your MDM and any Microsoft SharePoint connection you've opted to provide access to. iOS users can also download a configuration file allowing them to use AirPrint to communicate with Cortado's shared printers.

The Cortado Workplace app has a better design than the self-service portal. The simple file-manager style main screen shows your phone's local drive, your home drive on the remote server and a secure drive, which provides an encrypted storage space on you phone. You can also search for files by name. Files can be copied, exported in zip format, emailed, opened in an external program for editing, and sent to any printer that you've associated with the user's account. While Cortado doesn't have any data backup capabilities, the Workplace app means that users can save their files on servers owned and run by your business, no matter where they are.

Admin interface

The web-based Cortado Management Console is well designed and easy to use. While many MDM services throw an endless array of barely-related tabs and menus at you, Cortado has a simple Control Panel with large, clearly labelled icons taking you to each of the main administration areas.

Group Templates allows you to set up user groups and define the settings and policies available to each. You can assign printers to your groups, choose which apps they have access to via the user portal, add network drives from your Active Directory system and configure settings such as the number of devices each user can have and what they're allowed to do with the files they have access to via Cortado Workplace.

Many of these settings are reproduced on the Users page, where they can be applied with greater granularity, allowing you to give one user permission to share files, while another cannot. You can also add new users and view selected users' devices in a tab that replicates a few key features of the Devices screen, including the ability to wipe or lock devices.

If a device has been jailbroken or is running a blacklisted app, which disables the Cortado Workplace app, you can even temporarily unlock it here. You can also enable GPS location - off by default to avoid accidental invasion of staff members' privacy - to help you find a lost device. Other tabs allow you to view a complete list of all apps on the device and show you the profiles and policies assigned to it. Policies and Profiles get their own pages.

There are four different categories of policies you can use. If you have an Apple Business and Education account and created policies using the iPhone Configuration Utility, you can import these. You can also create detailed iOS policies using Cortado's own policy creation screen, where you can do everything from disabling games to forcing secure password requirements. Options such as restricting use of the camera or YouTube are only suited to corporate device fleets, rather than Bring Your Own Device environments, but the ability to group users means you can mix and match high- and low-restriction device policies.

You can also configure detailed policies for Samsung Android devices, but all other devices, including standard Android phones and tablets, can only be controlled via a limited set of ActiveSync policies, allowing you to define password and encryption requirements and limit using of Bluetooth, Wi-Fi, downloadable attachments, the camera, and the SD card. Once created, policies can be assigned to users, groups, and devices. The Profiles screen allows you to roll out pre-configured settings to iOS and Samsung devices, transferring them to a user's device as soon as it's connected. These include Wi-Fi, VPN and Exchange profiles.

We found App distribution simple for both administrator and users. You add apps and authorised users can download them via the User Self-Service Portal as needed. A handful of apps from the Android and iOS stores are already in the portal, but you can add your own iOS, Android and Blackberry apps easily, either by linking to an app store or by uploading a non-store app. You can also add specific apps to a blacklist, causing the Cortado Workplace app to be locked until the app is removed. The somewhat deceptively named Intranet Apps page works similarly, but instead of apps, it provides your users with shortcut links to specified intranet pages.

Further screens allow you to view reports and usage statistics, configure global settings such as printing support and server settings, and manage server and Apple certificates. Getting the signed Apple certificate for iOS device management requires you to generate a partial certificate, send it off to Cortado for authorisation, and then upload it to Apple's portal for signing. This is less elegant than the automatically authorised certificates generated by SaaS rivals such as AirWatch, and you'll have to allow extra time to receive your certificate back.

Pricing and Verdict

Unlike some of its rivals, Cortado makes its pricing clear and transparent. You can either buy a perpetual license for a single named user, priced at105 (78) and including 12 months' support, or an annually renewable license for any user, priced at 54 (40). The former is particularly appealing if you have a stable workforce.

Cortado's management interface is among the best we've seen from an MDM, and it provides a number of extra features above and beyond mobile device management, such as cloud printing and secure access to remotely stored content.

We had no trouble getting the system running on our servers, and once installed and configured, it's pleasingly low-maintenance.

It's most capable when it comes to managing corporate fleets of either Apple or Samsung devices. Android, the dominant mobile operating system by a fair margin, gets short shrift when it comes to fine-grained MDM controls, getting little more control than you would from your Exchange server. We also encountered problems with the User Self-Service Portal, which had little internal documentation and didn't always work as expected during device configuration. Standard Android configuration in particular may prove challenging for users.

However, limited device support means that Cortado isn't as versatile as rival services such as IBM Fiberlink MaaS360, which is available in an on-premises version if you require the security of having everything running on your own servers.

Verdict

Cortado is best suited to medium-to-large enterprises with a respectable budget and either outsourced configuration or a full-time sysadmin with experience in MDM.

Windows Server 2008/2012 with Microsoft Exchange Server 2007/2010

K.G. Orphanides

K.G. is a journalist, technical writer, developer and software preservationist. Alongside the accumulated experience of over 20 years spent working with Linux and other free/libre/open source software, their areas of special interest include IT security, anti-malware and antivirus, VPNs, identity and password management, SaaS infrastructure and its alternatives.

You can get in touch with K.G. via email at reviews@kgorphanides.com.