How to configure and deploy the iPhone 3G for business, part 1
Apple provides some automated configuration of iPhones for the workplace through the use of configuration files, or profiles, that can be used to establish a number of typical configuration options. These could include requiring a passcode to access the phone, configuration of Exchange or IMAP/POP e-mail accounts, VPN configuration (for PPTP, L2TP and IPSec/Cisco VPNs), some configuration for access to Wi-Fi networks and the installation of certificates on the phone.
How the iPhone connects to a carrier's network using Access Point Name settings is also supported, although these settings should ideally be coordinated with your carrier if they're needed.
IPhone profiles are XML property list files that can be generated with either a Mac OS X application -- the iPhone Configuration Utility -- or a Web-based tool that can be installed on either a Mac or a Windows PC (examples of both are shown below).
While either tool can generate configuration files, the application interface also allows you to build a library of iPhones within your network -- complete with installed application and user information. And the Console viewer offers easy access to log files on the iPhone when it is connected to a computer, which is useful for troubleshooting problems and testing in-house applications. The application environment also allows for management and deployment of in-house applications.
There are two overall disappointments to Apple's implementation of configuration files for enterprise environments. First, the files are not pushed out over the air and automatically applied to iPhone clients. They must be sent to a client by e-mail or hosted on a Web server and loaded using the mobile Safari browser on the iPhone. This makes distribution a bit more cumbersome, both for the initial deployment and for later updates.
Second, users must choose to install profiles or updates (as shown below). You cannot enforce an updated profile. When an updated profile is received via e-mail or accessed via a Web server, users can choose whether to install the profile. Users can also delete profiles using the iPhone's Settings application, meaning there's no guarantee that profiles will be kept up to date -- or used at all.
Note: If you are hosting configuration files on a Web server other than Mac OS X Server 10.5.3 or higher, you will need to add support for the .mobileconfig extension MIME type of application/x-apple-aspen-config.
Similarly, with the exception of a passcode requirement, profiles don't do much to restrict iPhone features. There is, for example, no way to limit the installed applications users can access, and no way to restrict them to Wi-Fi networks specified in a profile (such as ones that are known to be secure). Profiles exist only to simplify the iPhone setup and enforce policies.
At least profiles can be digitally signed, thus ensuring that a user who gets a new or updated profile gets one that's legitimately issued by a company's IT staff. Profiles can be signed using certificates issued by a public certificate authority (such as VeriSign) or with a self-signed certificate, provided that you deploy a copy of the certificate to iPhones (which can be done using a profile).
Another note: Passcode policies can be enforced over the air using Exchange ActiveSync, which I'll cover in part 2 of this series. When both profiles and Exchange policies define passcode requirements, the strictest combination of the two is enforced by the iPhone.
One particularly useful feature is that a single iPhone can maintain multiple profiles. This allows you to configure and deploy different profiles for different functions. All iPhones will likely need the same series of certificates installed, for example, and that can be done with one profile. Only a specific group of users, however, may need VPN access configured, which can be done as a separate profile. This also allows you a bit more ease and flexibility in updating configurations, since you don't need to make changes to every existing profile and option.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts