Managing and securing iOS 4 devices at work
Beyond the security options, there are a number of ways to customize an iOS device for use with your company's network and resources. You can preconfigure access to Wi-Fi networks, VPN and e-mail servers. You can also pre-populate bookmarks for the mobile Safari browser to ensure that users can easily access internal (or external) Web-based resources. You can even specify Web pages or Web apps to appear as icons on a devices home screen for easier access.
In short, you can do a lot with configuration files to lock down an iPhone.
For more details about configuration profiles, check out Apple's documentation of the iPhone Configuration Utility. This is the free tool (available for Mac and Windows) that Apple developed for creating and testing configuration profiles. Apple also offers information about various management and deployment scenarios as well as overviews for iOS 4 business integration.
In addition to setting configurations through profiles, the MDM service allows you to query any managed device for more than 20 different pieces of data (including device- and carrier-specific details, as well as usage and verification that security policies are being enforced).
Beyond setting configuration profiles and querying devices, the MDM service allows you to take certain actions on managed devices. You can, for instance, force the device to lock and/or wipe all data. And you can temporarily remove a passcode (in case a remote user has forgotten it). If a passcode is required, the user will be required to create a new one.
You can also install or update configuration profiles as well as installed apps and enterprise application provisioning profiles and in-house apps. All this can be done in the background without user intervention, allowing you to make sure that software, configuration and security policies are in place.
(See below for a full list of the available management and monitoring capabilities of iOS 4.)
Enrolling iOS devices for management
Apple made the process of setting up device management pretty simple using SCEP. A user is instructed to visit a secure Web site and authenticate with his or her user account (typically an Active Directory account or some other LDAP-based directory service). This allows the iPhone to generate a certificate enrollment request and then an identity certificate for the device.
Using that identity certificate and the user's credentials to establish a secure connection, the device then processes the list of assigned configurations and presents them to the user. When the user agrees to the configurations, the device will download and install the related profiles and can be fully managed.
Management server options
Now that we've covered the what and the how of enterprise management, here's the list of vendors and the expected ship dates for their products:
- Absolute Manage: Expected availability in the third quarter of this year.
- Afaria by Sybase: iOS 4 beta program now in progress, with availability also expected in the third quarter.
- AirWatch: Availability listed as summer 2010.
- Good for Enterprise: Now available.
- MobileIron: Now available, and offering discounts to existing Good customers.
- Tangoe Mobile Device Manager: Now available.
- Tarmac by Equinux: Now available.
Note: Equinux is known for media and networking tools for Mac OS X and iOS. Tarmac is its first step into the realm of device management and is an iOS-specific solution. It lists a Mac as part of its system requirements, and overall it might be better for small and midsize organizations -- particularly those that have a strong Apple presence.
Apple's iOS 4
- Facebook blocks access to hidden iPad app
- LTE iPhone unlikely this year, says analyst
- Apple slams Amazon's Android e-store as 'inferior'
- Apple iOS: Why it's the most secure OS, period
- Apple launches iWork productivity apps for iPhone
- Analysts split on iPhone over-the-air-update buzz
- Apple's iOS 4.3 a welcome update for iPad, iPhone
- iOS 4.3 boosts first-gen iPad browser speed by 18%
- Update: Apple jumps gun, delivers early iOS 4.3 update for AT&T iPhone, iPad
- iPhone dev knocks Apple over vague new sub rules
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Macintosh White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!