How to configure and deploy the iPhone 3G for business, part 1
When using OS X's iPhone Configuration Utility, a list of available profiles (as well as their creation date) can be viewed and edited by selecting Configuration Profiles in the sidebar. The sidebar also has options for Provisioning Profiles and Applications -- both of which are used to deploy in-house applications and will be discussed in part 3 of this series -- and a Devices list of all iPhones that have been connected to the computer.
The Web-based configuration tool allows you to create profiles and export or e-mail profiles to users. It also lets you import and modify existing profiles. It does not, however, allow you to work with in-house applications or maintain a library of iPhones that have been connected to a computer.
By default, once the Web-based tool is installed, it can be accessed via the IP address of the computer on which it's running using port 3000 (for example, http://127.0.0.1:3000). A default username of "admin" with a password of "admin" allows access. Both the port and the username/password combination can be changed if needed. Apple's documentation (download PDF) explains how to do this in either Mac OS X or Windows.
The eight tabs available for creating a profile using either tool -- along with their options -- are the following.
General: This provides overall information about the profile, the ability to digitally sign it, the options to export it for storage or hosting on a Web server, the options for importing an existing profile for editing and the information on how to e-mail the profile directly to users. Specific options include:
- Name: The profile name displayed to users (required).
- Identifier: A unique alphanumeric string used to identify the profile for updates later provided to iPhones where the profile is already installed. The format is similar to that used for applications and Dashboard widgets in the form of com.example.profile (required).
- Organization: The organization for which the profile is being created.
- Description: A short description for users.
- Signature: A dialog used to select a certificate and private key used to digitally sign the profile.
- Delivery: Buttons for importing, exporting and e-mailing profiles.
Passcode: This, as the name implies, defines passcode policies for an iPhone. Options include:
- Require passcode on device: Prompts users to create a passcode to unlock the iPhone.
- Allow simple value: Permits basic repeated characters as a passcode.
- Require alphanumeric value: Requires passcode to include numbers and letters.
- Minimum passcode length.
- Minimum number of complex characters: Required number of nonalphanumeric characters.
- Maximum passcode age: Number of days after which a user must change the passcode.
- Passcode lock: Number of minutes (one to five) of inactivity after which the iPhone locks automatically.
- Maximum number of failed attempts: The number of failed attempts permitted when entering the passcode after which the iPhone will need to be authorized with iTunes to be used again. Note: For more than six attempts, a time delay before each following attempt will be imposed and increased with each failed attempt.
Wi-Fi: Allows you to define one or more Wi-Fi network configurations for the iPhone. Options include network SSID, whether the network is hidden and the security type for the network, including support for any security (or none), WEP and WPA/WPA2. Distinctions are made between personal and enterprise security types, with enterprise allowing configuration of authentication technologies, specification of usernames and use of certificates. Supported authentication protocols include TLS, LEAP, TTLS, PEAP and LEAP-FAST.
Note: The passwords for Wi-Fi networks cannot be included in profiles.
VPN: For establishing VPN configurations, the iPhone supports L2TP, PPTP and IPSec (Cisco) VPN protocols. The options for the protocols available in the profile configuration mirror those in most VPN clients.
For L2TP and PPTP, the iPhone supports authentication using both passwords and RSA SecurIDs, as well as the option to designate whether all traffic should be routed through the VPN connection or only traffic intended for destinations within the remote network. Apple's documentation explains more options for additional VPN support.
E-mail: Allows configuration of POP/IMAP e-mail accounts. You can opt to specify all settings, with the exception of a password (server settings, username, displayed e-mail address) for a user, or you can simply populate server settings. If you do not specify user details, users will be asked to enter them on the iPhone itself.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- Technology for Everyone A Kansas school district modernizes teaching and learning and paves the way to a one-to-one program with a comprehensive upgrade of its wireless... All Mobile/Wireless White Papers | Webcasts