September 25, 2016
Devices:All Devices »
19 Key Considerations for the iPad as Enterprise Mobile Device
Does the iPad fit into your enterprise, school, hospital or small business? Most of the news and opinion pieces about Apple's iPad, shipping April 3, written since the device was unveiled on Jan. 26th have focused on what the mobile device does well (functioning as a touch-screen tablet, Web surfing, and acting as an e-book store and reader) or the anticipated features that the iPad lacks (a front-facing camera and data service through a U.S. carrier other than AT&T being among the top of the list). There's also been a lot of debate over exactly what type of customer base Apple is targeting with the iPad and how that demographic will use it. Much of the coverage has focused on personal use, with some occasional speculation about potential roles for the iPad in education and telehealth. Although Apple seems to be hinting that the iPad can be a business tool through the use of an iPad-specific version of the company's iWork suite, the exact place for the iPad in business, in general, and in enterprise environments in particular still seems to be something that isn't really understood.Part of the reason for not knowing exactly how the iPad fits into the enterprise is that few details about enterprise support have been disclosed. This is despite Apple showing off the iPad with an ad during the Academy Awards and touting slick advances being brought to the iPhone OS, multi-touch and core applications. The information that is out there focuses primarily on consumer use and features. Based on what is known about the iPad and my experience working with all of Apple's products (including the iPhone and iPod touch) in business, education and enterprise environments, here are 19 key questions and issues that the iPad poses for mobile IT departments.
1. Will the iPad support mass deployments?One of the big challenges for IT departments in larger business and enterprise environments is how to efficiently roll out large numbers of computers or other devices. For computers (PC or Mac), there are a number of tools that allow a single set of applications and settings to be deployed very quickly to new or repurposed machines. This ensures that all machines meet baseline standards for network configuration, application sets, security requirements and other settings. It isn't clear if Apple, which provides solutions for mass deployments of Mac computers, will be providing similar tools for the iPad. Currently, however, this is a challenge for rolling out iPhones (or iPod touches) in enterprises because there are no real mass activation and deployment tools. To some extent, a technician must touch every device. Still, Apple has improved its deployment settings (including network, mail server, security policy, and access restriction settings) for iPhones though it's still primarily done by having IT do it directly on the devices or by e-mailing configuration profiles to users. With significant improvements in these areas with each major iPhone OS release, it is quite possible (but by no means certain) that Apple will offer better tools for all iPhone OS devices, including the iPad, though they may not be available when the iPad launches this spring.
2. What about provisioning software and mobile security certificates?One of the key requirements for securing computers and mobile devices is the use of security certificates. These allow a device and servers/network devices to establish a secure connection and to identify that those connections occur between legitimate devices and network resources.
All iPhone OS devices include a series of root certificates for verifying secure connection through public certificate authorities (typically used for e-commerce and banking sites). As with computers within a private network, it is possible to install organization-specific certificates on iPhones and iPod touches. This provisioning process can be done manually by a technician or, more easily, by creating a provisioning profile (a document specifying security certificates), which can be placed on an internal Web server or sent by e-mail to all iPhone users. This feature should certainly be included in the iPad.
3. How will the iPad interact with file/print and directory services systems within a network?From the information made public by Apple -- and discovered by developers poking around the latest iPhone SDK beta (which includes iPad development tools) -- the iPad will have some file sharing capabilities. The exact details of the iPad's file system are still murky, but it appears that each iPad application will have its own file space to store files it can read or create. The iPad appears to have the ability to be mounted similar to an external drive on a PC or Mac. The individual file stores then appear as directories/folders to which users can copy, move or delete files. There does not seem to be the ability to directly access file servers or even an overall file browser. The iPad looks to be a single-user device. So, there isn't likely to be direct integration with directory systems such as Active Directory or Apple's Open Directory. That said, the current iPhone OS supports accessing directory servers via LDAP for contact management, though the CardDAV standard or Exchange Global Address List are preferred.
4. Does the iPad support common online collaboration suites such as Exchange?Yes. The iPhone OS has supported Exchange using Microsoft's ActiveSync since the first major update in July of 2008. Apple has also built Exchange features into Mac OS X Snow Leopard, released last August. Currently Exchange support on the iPhone OS includes access to the Global Address List, shared calendaring, e-mail with push notification, some Exchange security policies, and the ability to remotely wipe data from a lost/stolen device. It seems obvious that the iPad will offer at least this same set of features. Beyond Exchange, Apple has built support for a handful of open standards-based collaborative technologies into the current iPhone OS. These include CardDAV for shared contacts and CalDAV for shared calendaring. Support for V-card and iCalendar files and subscriptions for contacts and calendar items respectively is also supported. IBM has an existing iPhone Lotus Notes application and is expected to be creating an iPad-specific version. Good Technology also offers Good for Enterprise, a server add-on for Exchange and Domino environments that is paired with a secure iPhone app. This app encrypts all data from collaborative suites stored on the iPhone (including contacts, calendar items, and e-mails). Given that encrypting data on the iPhone or iPod touch is often a concern for IT, Good for Enterprise offers a way to ensure that some of the most significant portions of confidential data remains secure.
5. Will there be client management and access restriction features available?Yes. The current iPhone OS allows IT to define configuration profiles for devices. These are implemented similarly to provisioning profiles for security certificates. They allow administrators to define a broad range of settings including network and server configurations, passcode and security requirements, automatic calendar subscriptions and access restrictions. Access restrictions can be used to disallow purchase/installation of apps and music/video from the iTunes Store, access to the built-in camera (iPhone only), and access to YouTube or the Safari Web browser. Given the more complex feature set of the iPad, it's likely that Apple may provide broader restrictions/management for the iPad.
6. What about encryption, remote wipe, and other mobile security policies?The iPhone OS supports a handful of security policies that can be implemented using configuration profiles (which can be set to require an administrator passcode to remove) or Exchange. When used with Exchange, remote wipe of data is supported and can be performed by the user (through Outlook Web Access) or an administrator using Exchange management tools. The iPhone 3GS offers whole device encryption, but that must be enabled on each device. Some iPhone OS tools can also encrypt their specific data (such as Good for Enterprise and the medical/dental telehealth practice suite MacPractice). It seems that at least this level of security options will be available on the iPad. Although a good starting point, the limited set of security policies and managed encryption options are often a concern when implementing the iPhone. Given that Apple has improved the device's security/enterprise scorecard with each major update, it seems likely that the next iPhone OS update and/or the iPad's specific version of the OS will beef up security.
7. Will there be VPN or other remote access capabilities?Initially, some analysts reported concern about the iPad as a business device because there was no mention of VPN as a feature. Since the iPhone OS has supported PPTP and L2TP for nearly two years (and IPSec since last summer), it's hard to believe that these features won't be included in the iPad. For other remote access options, SSL encryption is available and used by default where possible in the iPhone's existing collaborative tools. Finally, Apple's current server platform, Mac OS X Snow Leopard Server, includes a new Mobile Access Server that combines split DNS and TLS security to provide secure access to internal collaborative suites without compromising security by opening a large number of ports. Mobile Access Server also integrates with directory systems, including Active Directory, to leverage access via network user accounts.
8. Can the iPad function as a multi-user device?Not really. The device, like the iPhone, isn't designed to support multiple user accounts or user profiles. With the exception of devices that are routinely kept in a non-customized state and shared, similar to the kiosk use of a computer, the iPad will be appropriate to individual users only.
9. Will every iPad need to be tied to user's computer?Technically no. Again, similar to the iPhone, IT could provision, install software, and configure iPads and then hand them out to users. However, for any practical purpose, each iPad should be synced to a user's computer. Without syncing there is no way to install OS updates, backup data, or sync data without the use of a collaboration suite like Exchange.
TAGS:iPad, Apple, Apple tablet, mobile IT, mobile device