New APIs in Apple's latest iPhone operating system make possible a new experience for network administrators: the ability to inventory, secure, and manage the iPhone and iPod touch as enterprise devices and to do so for hundreds or thousands of them.
With Monday's release of iOS 4, Apple provided hooks and on-board Mobile Device Management Service (MFMS) that, for the first time, let third-party device management applications access information directly on the iPhone 4, and exercise control over it.
[See also: First look at Apple iPhone 4 ]
In the past, there have been two basic options. One is the management and security provided by Microsoft Exchange Server, via Apple’s expanded but still limited support for Exchange Active Sync.
The second is Apple’s iPhone Configuration Utility 2.0, released in mid-2009. This version introduced some much needed figures but fell short of full-scale end-to-end system for managing the handsets, data, and users.
An Infoworld review of both tools found each one had some benefits the other lacked.
Today, three device management software vendors announced versions of their applications exploiting the new APIs. The applications are: Afaria, from Sybase; Mobile Device Manager, from AirWatch; and MobileIron Virtual Smartphone Platform, from MobileIron (a "Network World" 2010 Startup to Watch). All three are intended to provide centralized management for iOS 4 devices.
Most of these applications are adding or expanding iPhone management support to software that handles most of the leading mobile operating systems.
MobileIron is a server-based application for managing mobile devices. Administrators can create a usage or security policy on the server, assign it to individuals or groups, and then connect to the iOS mobile device management service. "We can pull information from MDMS or we can push information to the service," says Ojas Rege, vice president of products for MobileIron, Mountain View, Calif.
MobileIron and the other vendors initiate communications with the service through the Apple Push Notification Service (APNS). Once that notification is accepted, the server and device communicate directly via HTTPS, according to Rege.
The arrangement allows for an "agentless" approach – no iPhone application is needed. But MobileIron does offer one, downloaded from the App Store, that creates a management UI for the end user, when some kind of end user input or action is needed.
In some cases, functions that were done via Enterprise Active Sync can now be done directly via the third-party software and the handset, such as remotely wiping data from a lost or stolen iPhone.