Company owned and managed iPad deployment
gattmandoo
I have about 40 company owned iPads. We are using for internal meetings only instead of printing paper hand outs. At the moment we manually manage all of these devices with iTunes. We manaullay add the documents for the meetings with iTunes file copy. Bring the iPads to the meetings then collect them after the meetings and manually remove the documents.
There are a few problems with this.
1. We do not have our MDM profile on the devices to keep them secure in teh event they get lost or stolen.
2. We individally configured each device one at a time.
I have recently started using Apple Configurator and like what it can do. Especially when we return the devices to the base station and restore a clean back up wiping all of the content from the device. I have been testing with integrating our MDM (MobileIron) with Apple Configurator and have it working but a few things I run into. We force an iOS lock screen passcode. I need to extend that passcode for longer than 15 minutes before the device locks for this group of iPads. Also, when I return the iPads to the Configurator station and restore it forces me to enter a NEW passcode every time on every device. I would like to try and keep the passcodes the same and never have them change or at least change them every few months instead of every day. Last is there a way to push the new dociuments for our meetings to the devices in the correct app from Configurator?
Any ideas, suggestions are welcome!
Thanks,
Jeff
- Login or register to post comments
Post to Twitter
thomrburg
Configurator THEN MDM...don't go back and forth.
Document distribution:
If you have an existing Sharepoint infrastructure, you may want to take a look at MobileIron's new Docs@Work feature. This would get you out of having to distribute docs to each device manually using iTunes or Configurator. Docs@Work solves the issue of DLP also since documents accessed through it cannot be attached to email or otherwise opened in another app. If the device is lost or stolen, it can be wiped as well.
MDM Integration
As for Configurator/MobileIron integration, you can now export your enrollment profile from the VSP and import it into Configurator. This feature, coupled with Bulk Registration, allows devices to be enrolled automatically once they are connected to either wifi or cellular data and the enrollment profile is deployed to the devices.
Lock passcode/inactivity timeout
Lock passcode will be required if you are deploying any profiles with encrypted info like Wifi settings or email that is generated by SCEP...this is an iOS limitation. As for the inactivity timeout, I can't recall what version since VSP 5.0 allows 'never' to be selected in the security policy, but it's there now and works (I'm running VSP 5.5) . Keep in mind that any Exchange profile you're deploying may compete with your security policy, so make sure the settings are identical for inactivity timeouts. Also, if you only want this "never" policy to apply to a particular label, create a new security policy, a new label with your devices, and apply the label to the new security policy. The new security policy has a higher priority by default over the default security policy for the rest of your org.
Lastly, get out of the habit of using Configurator for lifecycle management of devices. Only use it for initial staging and deployment. Use what you paid for with MobileIron for lifecycle management...it'll be a much better experience and less plug/unplug burden on your part.
-T
--
Thomas Burgess
@thomrburg | www.thomrburg.tk
T. Reid Lewis
mobilEcho easily syncs, protects & removes meeting materials
Hi Jeff,
With the caveat that I represent GroupLogic, the creator of mobilEcho, I suggest you consider mobilEcho for your meeting materials workflow requirements.
mobilEcho easily syncs, protects & removes meeting materials:
Best of all, you can try all of this yourself with the free Trial version of mobilEcho in about an hour.
Reply to me with any questions, to arrange a demo.
Learn more here:
http://www.grouplogic.com/enterprise-file-sharing/ipad-file-system
Download the Trial software from here:
http://www.grouplogic.com/enterprise-file-sharing/ipad-file-system/free-...
Thanks for posting to EnterpriseiOS.com! Thanks, Aaron, for a great site.
- Reid
T. Reid Lewis
Co-Founder
GroupLogic, Inc.
1100 N. Glebe Rd, Suite 800, Arlington, VA 22201 USA
Email: reidlewis@grouplogic.com Web: http://www.grouplogic.com
LinkedIn: http://www.linkedin.com/in/reidlewis
Twitter: http://www.twitter.com/grouplogic
Creators and publishers of:
activEcho: File Sharing and Syncing for Enterprise http://www.grouplogic.com/activecho
mobilEcho: Mobile File Management for iPhone & iPad http://www.grouplogic.com/mobilecho
ArchiveConnect: Macintosh integration for file archiving solutions http://www.grouplogic.com/archiveconnect
ExtremeZ-IP: Macintosh file & print server for Windows http://www.grouplogic.com/extremez-ip
MassTransit: automated file transfer solution for Windows & Macintosh http://www.grouplogic.com/masstransit
sjacomella
easy way...scalable and affordable
Have a look at http://www.notifymdm.eu
it does not matter if you intend to use sharepoint or not, a way to sahre docs is implemented in to the system or you can implement sharepoint as a "container" in to your devices,
Sergio
UrTheManNowDog
small ipad deployment
you can have the device auto lock at 15 minutes and still write the provision payload for the passcode lock not to execute for a longer amount of time.
you need to build the configuration profile payloads, and/or create an iTunes Backup and import both into configurator, create a first article, and deploy from that.
you may also consider buying the 10.8 Server.app, and using the profile manager for the MDM portion, create the profile there, and have each user open the xxx.com/MyDevices portal enroll the device, the server will push certs and creds and your config data to the device. and for the document push, the server.app supports file sharing, ftp, and wiki.
depending on the application you are using to build the meeting information, Pages, Numbers and Keynote are in the cloud, so you can use it that way.
UrTheManNowDog
small ipad deployment
you can have the device auto lock at 15 minutes and still write the provision payload for the passcode lock not to execute for a longer amount of time.
you need to build the configuration profile payloads, and/or create an iTunes Backup and import both into configurator, create a first article, and deploy from that.
you may also consider buying the 10.8 Server.app, and using the profile manager for the MDM portion, create the profile there, and have each user open the xxx.com/MyDevices portal enroll the device, the server will push certs and creds and your config data to the device. and for the document push, the server.app supports file sharing, ftp, and wiki.
depending on the application you are using to build the meeting information, Pages, Numbers and Keynote are in the cloud, so you can use it that way.
UrTheManNowDog
solution
I have about 40 company owned iPads. We are using for internal meetings only instead of printing paper hand outs. At the moment we manually manage all of these devices with iTunes. We manaullay add the documents for the meetings with iTunes file copy. Bring the iPads to the meetings then collect them after the meetings and manually remove the documents.
There are a few problems with this.
1. We do not have our MDM profile on the devices to keep them secure in teh event they get lost or stolen.
2. We individally configured each device one at a time.
I have recently started using Apple Configurator and like what it can do. Especially when we return the devices to the base station and restore a clean back up wiping all of the content from the device. I have been testing with integrating our MDM (MobileIron) with Apple Configurator and have it working but a few things I run into. We force an iOS lock screen passcode. I need to extend that passcode for longer than 15 minutes before the device locks for this group of iPads. Also, when I return the iPads to the Configurator station and restore it forces me to enter a NEW passcode every time on every device. I would like to try and keep the passcodes the same and never have them change or at least change them every few months instead of every day. Last is there a way to push the new dociuments for our meetings to the devices in the correct app from Configurator?
Any ideas, suggestions are welcome!
Thanks,
Jeff
you can have the device auto lock at 15 minutes and still write the provision payload for the passcode lock not to execute for a longer amount of time.
you need to build the configuration profile payloads, and/or create an iTunes Backup and import both into configurator, create a first article, and deploy from that.
you may also consider buying the 10.8 Server.app, and using the profile manager for the MDM portion, create the profile there, and have each user open the xxx.com/MyDevices portal enroll the device, the server will push certs and creds and your config data to the device. and for the document push, the server.app supports file sharing, ftp, and wiki.
depending on the application you are using to build the meeting information, Pages, Numbers and Keynote are in the cloud, so you can use it that way.
gattmandoo
mobileEcho
FYI - I forgot to mention we are already a mobilEcho customer. Fantastic product! and does solve teh issue. There is some reasoning behind why I am trying to get around it for this deployment of iPads. My users did not want to have to log into the devices for every meeting (long story). On another mobiloEcho note I can't wait until you guys release the Mobile Iron AppConnect version!!! Soon I hope?
T. Reid Lewis
mobilEcho easily syncs, protects & removes meeting materials
> FYI - I forgot to mention we are already a mobilEcho customer. Fantastic product! and does solve teh issue.
Thanks! I'm glad that you like mobilEcho and agree that it might be used to meet these requirements by distributing meeting documents.
> There is some reasoning behind why I am trying to get around it for this deployment of iPads. My users did not want to have to log into the devices for every meeting (long story).
I'd like to hear the long story so we can design a resolution into a future version of mobilEcho. If they are using their own iPads, then the requirement to "log in" again is your authentication policy, right? If they are using "special meeting iPads" then you can define a different policy that balances security and the need to make it easy to log in. If its something else, please explain. Why not write to me directly reidlewis at grouplogic dot com?
> On another mobiloEcho note I can't wait until you guys release the Mobile Iron AppConnect version!!! Soon I hope?
Me too! Stay tuned!
- Reid