iPhone OS 4: Guide to Anticipated Mobile Management Functionality

Apple on April 8 previewed the upcoming iPhone OS 4 -- due for the iPhone and iPod touch this summer and the iPad this fall -- as the mobile industry awaits the unveiling of the now infamously leaked next-generation iPhone on June 7 at the annual Worldwide Developer Conference.

EnterpriseMobileToday.com recently highlighted 12 enterprise-friendly features announced for Apple's iPhone OS 4 that stand to significantly improve the ease of use and management of iPhone OS devices in enterprise and business environments.

Some of the features are distinctly aimed at enterprise adoption and management while others are more general and designed to empower iPhone and iPad users to work more productively with their devices.

While Apple identified a number of features specifically intended to aid IT departments in activating, deploying, and managing iPhone OS devices, the company has yet to provide specific details about how these features will work.

Here we outline the core enterprise features for IT and which details still remain murky as well as some speculation as to how Apple might implement them in iPhone OS 4 versus the current iPhone OS release.

In the Current iPhone OS Version

Deployment, Management and Configuring -- Initial configuration, roll out and on-going management are the hardest aspects of supporting any mobile device for businesses, with perhaps the exception of deploying, say, just two or three, iPhones. Each device must be activated using iTunes, meaning it will generally need to be touched at least once by an IT team member.

After activation, devices can be handed out to employees in their default state, but that will provide them only with the generic load of Apple's built-in apps. It will not include security settings, configurations for accessing any network services such as Wi-Fi networks or corporate VPNs. Nor will it provide internal or external Web bookmarks, or mail or collaboration server configurations. It also means no organization-specific security certificates to ensure secure identification when accessing internal resources.

Apple's iPhone Configuration Utility offers a decent solution for building iPhone configurations. It allows organizations to address these configuration concerns by providing the ability to complete configurations for individual devices or to implement a more general organization or department-wide configuration. But using the utility either requires IT to install configuration profiles or requires users to choose to install them. Users must also opt to install updates to these profiles as they are issued.

What Apple Promises in iPhone OS 4

Apple is promising that iPhone OS 4 will streamline and improve on the areas of deployment, management and configuring. Specifically, Apple is touting three major areas of improvement over the current iPhone enterprise features: deployment and provisioning, device management and security. Also on Apple's list of new enhancements: improved enterprise support for Exchange environments and the iPhone's Mail app.

iPhone Deployment and Configuration

Apple hasn't mentioned whether initial iPhone activation will be streamlined and become less dependent on iTunes. Although Apple may create and offer a way of to activate new mobile devices without using iTunes at all, I find it unlikely given the company has positioned iTunes not only for activation but also as the primary sync technology for iPhone OS devices.

Apple has said that it will provide the ability to install and update custom apps developed in-house by an organization using an Enterprise membership account for the iPhone Developer Program. It seems almost guaranteed that this will apply only to in-house apps and possibly to Web-based apps added to a device's home screen as Web-clip icons. It isn't clear if this will include the ability to provision a device with security certificates used to allow the device to access these apps (or to provide secure access to other internal network resources), but this seems likely.

If Apple does include the ability to push out (and presumably update) security certificates on a device, the company may also include the ability to push out configuration profiles to devices (for both initial configuration and configuration updates). This would be a drastic improvement over the current options.

Mobile Device Management

Apple may have even better choices for device management than over-the-air push of configuration profiles. A new Mobile Device Management service will be built into the future iPhone OS. Apple has been very vague about this service, saying only that it will offer hooks into the OS that a server solution can use to query and monitor the status of devices, lock or remotely wipe them and update device configurations.

It isn't clear whether these capabilities will be provided by an Apple-designed solution (similar to the Apple Remote Desktop management suite) for Mac computers or to RIM's BlackBerry Enterprise Server) or if the company will be simply providing the ability for third-party solutions. This could open up the field for an entire new crop of solutions as well as the ability for existing multi-platform device management suites to add iPhone support. Both solutions are possible and have their pros and cons.

A wide choice of tools may be better for many environments (particularly if an Apple solution requires a Mac or Mac OS X Server presence in a typically non-Mac environment). That said, an Apple-only solution might be more iPhone/iPad-centric in its design. If bundled with a future release of Apple's server platform, it would likely also be a relatively low-cost option. However that possibility most likely won't be available until the next major update of Apple's desktop and server operating systems, which is most likely a year a way at the earliest.

Mobile Security

Apple really seems to be taking security a bit more seriously for the iPhone OS. Right now, there's only whole-device encryption and only on the iPhone 3GS (though some existing suites offer the option to encrypt specific app data). Apple will probably include this capability but will also offer to use a user's pass code to encrypt core business data like e-mails and attachments.

Apple will also offer developers the ability to build similar encryption into their apps. While a significant improvement, it remains to be seen how many developers will take advantage of this or exactly how secure this will make sensitive information. Given that only in-house apps will be easily deployed and updated over the air, it may be that an organization will need to develop their own apps to truly take advantage of these features.

Exchange 2010 and Mail

Perhaps the easiest improvements to predict are those for Mail. Apple has made it pretty clear that Exchange 2010 support is being included as well as support for a unified inbox. The company has also indicated it will offer much better view options in Mail and improved options for handling attachments.

Overall, the lack of clarity about the future enterprise features of the iPhone OS clearly indicate the challenges any enterprise faces with Apple technology: the company never provides a complete roadmap for its solutions. On the plus side, Apple has gotten better at providing iPhone enterprise information once an update ships. So, within days of the official iPhone OS 4 release, plenty of details and resources will likely be available.


iPhone, Apple, iPhone OS 4, mobile security, mobile management