Mobile IT Guide to iPhone Deployment and Management with Apple's iOS 4 | Page 2

Another option when defining settings for network services that require user authentication (such as email or Exchange access, VPN login, and Wi-Fi network access), involves creating profiles that define all of a given user's credentials. Or, mobile IT can simply specify the appropriate server or access point names or addresses and related configuration options. This allows for global profiles rather than user-specific ones. When a profile is assigned for a service that requires credentials and none are specified, the user will be asked to provide their credentials on first access of the service.

The following network service configurations can be set or pre-populated using configuration profiles:

  • Exchange or POP/IMAP/SMTP mail servers (and optionally mail accounts;
  • VPN configurations;
  • Wi-Fi networks (including hidden networks and networks requiring a passcode or radius authentication);
  • LDAP directories for contact information, access to a CalDAV calendar server;
  • access to a CardDAV contacts server;
  • public or private calendars that support iCalendar (.ics) subscriptions;
  • carrier (APN) settings;
  • digital certificates; and
  • Web clips (Web pages or Web applications that appear as icons on the home screen).

The following security policies can also be set using configuration profiles:

  • require passcode;
  • allow simple passcode value;
  • require alphanumeric passcode;
  • minimum character length;
  • required number of complex characters;
  • maximum age and number of unique values allowed before reuse for passcodes;
  • length of time before automatic locking;
  • grace period before the device is locked;
  • number of failed passcode attempts before automatic wipe;
  • whether users can remove configuration profiles; and
  • whether the backup created when the device is synced to iTunes must be encrypted.

In addition to security policies, the iPhone Configuration Utility can be used to disable the following features of iOS: app installation, camera, screen capture, automatic mail sync while roaming, voice dialing while the device is locked, in-app purchases, items tagged by iTunes as explicit (music, podcasts, videos, and apps), access to the security settings for the mobile Safari browser as well as access to Safari as a whole, YouTube, and the iTunes Store and App Store apps.

Third-party management options

So now that we've covered the basics of how the iPhone Configuration Utility, the new MDM service, and management servers work together to form a unified mobile management solution, let's look at the actual server solutions that are available today as well as those that will be available in the coming months.

Since these tools all implement the same MDM service configuration profile capabilities their overall iOS management features are pretty similar. The real points of differentiation stem from their unique management consoles, ability to provide mobile management for other platforms, and their integration capabilities with other IT management solutions and systems.

Absolute Manage -- Brings iOS 4 management capabilities to existing enterprise lifecycle management and mobile security solutions for Windows and Mac workstations. Expected availability is the third quarter of 2010.

Afaria -- Sybase's mobile management platform. Afaria provides multi-platform management solutions enabling heterogeneous management of iOS, Android, Windows Mobile, BlackBerry and Palm devices. Sybase previously supported some iOS management features with the use of an installed application and is extending its capabilities to include Apple's MDM service. iOS 4 Beta program is currently progress with availability expected for the third quarter of 2010.

AirWatch -- Adding iOS support to a range of mobile device and lifecycle management solution that already includes support for Android, Windows Mobile, BlackBerry, and Symbian smartphones. AirWatch also offers solutions for traditional cell phones and other wireless devices that support 802.11 network access. Availability listed as summer 2010.

Good for Enterprise -- Has offered limited iOS support in the past with a secure messaging solution. The company has added MDM support and secure network access features capabilities for iOS 4 in addition to offering those solutions for other mobile platforms including Android, Windows Mobile, Symbian, and Palm. Currently available.

MobileIron -- Has expanded previous iOS capabilities to include MDM support. Offers heterogeneous mobile management and monitoring for iOS, BlackBerry, Windows Mobile, Symbian, and webOS (Android support planned but not yet available). Also offering a migration package for current Good customers. Currently available.

Tangoe Mobile Device Manager -- Offers mobile device management and lifecycle tracking (with some emphasis on cost control) for iOS devices as well as Android, BlackBerry, and Windows Mobile. In the current release, Tangoe has added support for iOS MDM management. Currently available.

Tarmac -- Unlike the other vendors, who offer a fairly broad range of enterprise technologies, equinux has a track record as a Mac software and iOS app developer probably most known for their VPN and home media tools). Tarmac is a new iOS-only management solution that company developed this year. Although it doesn't have the enterprise pedigree and integration with other lifecycle and mobile management solutions, its narrower focus will make it more attractive to small and medium sized organizations. The server component, however, is only available for Mac OS X (though Web-based management is supported for any major platform). Currently available.

With a very similar set of management capabilities being part of all these solutions because of their interaction with the MDM service, it may seem like you could pick any of them (and to a certain extent that's true). However, looking at the other mobile devices and related technologies in your organization and matching them with the additional features specific to these products is the best way for you to choose one.

While you're considering your options, I'd suggest looking at the other products from these vendors and see if they can meet your mobile or other technology management needs. Even if you may not roll out additional solutions alongside iOS management, this can give you a longer-term plan for all your systems and not just the iPhone.

Ryan Faas is a technology author and consultant specializing in Apple technologies in both the home, enterprise and mobile space. His most recent book is "The iPhone for Work." You can find additional information about his work and consulting services as well as follow him on Twitter by visiting the Ryan Faas Web site.


iPhone, Apple, iOS 4, mobile management, mobile deployment
Previous 12