Management and monitoring options for iOS devices
When building configurations, you can specify details about the following: Exchange or POP/IMAP mail servers; VPN configurations; Wi-Fi networks (including hidden networks and networks requiring a passcode or radius authentication); LDAP directories for contacts, access to a CalDAV and/or CardDAV server, public or private calendars that support iCal (.ics) subscriptions; carrier (APN) settings; digital certificates; and Web clips.
You can also mandate a variety of security policies, such as requiring an unlock passcode; allowing a simple passcode or requiring an alphanumeric passcode with a special characters; setting how long a passcode can be used; specifying the length of time before automatic screen locking takes place; setting the number of failed passcode attempts allowed before the device is wiped automatically; requiring that the backup created when syncing to iTunes be encrypted; and indicating whether users can remove configuration profiles.
When it comes to locking down an iOS device, you can restrict access to the following: app installation, the camera, screen captures, automatic mail sync while roaming, voice dialing while the device is locked, in-app purchases, items tagged by iTunes as explicit and access to the security settings for the mobile Safari browser. You can also keep users from launching Safari, YouTube, the iTunes Store and the App Store.
The goal is simple: You want to set as many parameters as needed to ensure that the device is as locked down as your company needs.
In addition to device management, MDM is a service that relies on Apple's push notification system to receive queries and instructions from a management server to interact with any iOS 4 device in the background. That it runs as an always-on background process is the reason third-party vendors couldn't create such a solution on their own.
You can build queries for a single device or multiple devices that encompass the following areas: unique device identifier (a value unique to each iOS device); the device name; iOS version; model name and hardware version; serial number; total storage capacity and available free space; IMEI number; the modem firmware version; SIM card ICCID; MAC addresses for both the Wi-Fi and Bluetooth receivers; current carrier (home carrier or roaming); the carrier identified by the installed SIM card as the primary carrier; the version of the carrier settings (APN) data; phone number; whether data roaming is allowed; the installed profiles; installed security certificates and their expiration dates; enforced restrictions; hardware encryption capability; whether a passcode is set; installed applications (including app identifier, name, version, and size); and any application provisioning profiles and their expiration dates -- something that's required for internal corporate iPhone apps distributed outside of the App Store.
Some final thoughts
It's still unclear whether iOS 4 will truly end the belief that the iPhone (and iPad) platform is more about personal entertainment than workplace functionality. It's also hard to know for now which smartphone and tablet platforms will have the staying power to dominate the market -- though I wouldn't bet against Apple. For now, it seems clear that workers and businesses will have a wide variety of choices over the next few years, with Apple being just one of many players trying to get their feet in the enterprise door.
Being able to effectively support and manage multiple platforms is crucial for any organization that wants an effective mobile strategy. For iOS 4 devices, and others, these tools offer ways to make the coming diversification easier to manage and secure. And while they certainly don't ensure that Apple's devices will be welcomed by IT shops, they do make them increasingly viable options for companies in the years ahead.
Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Ryan was also the co-author of O'Reilly's Essential Mac OS X Panther Server Administration.