The eBook "Managing iOS Devices with Lion Server" is now available on the iBooks store and the Kindle store, and soon on peachpit.com.
The $4.99 ($3.99 for Kindle) is a steal considering the weeks I put into preparing this. I really hope you find it useful.
I also wrote the official description below, and I think it captures it perfectly; there's not much about using Profiles for managing Macs other than remotely locking and wiping them (which is vey cool). It really is all about managing iOS devices.
Learn how to use Profile Manager, a feature included in OS X Lion Server, to configure and remotely manage iOS devices (including iPad, iPhone, and iPod touch) and Macs running Lion. With this eBook, you will learn how to use Profile Manager's web-based tools to configure user settings for services such as Mail, Calendar, VPN, and Wi-Fi; define passcode settings to prevent unauthorized access to data stored on your users' devices; and remotely wipe devices if they go missing. The Profile Manager uses the Apple Push Notification Service (APNS), so you can immediately push configuration changes to your devices, as long as they have some kind of network connectivity. Why do all the work yourself? Show your users how easy it is for them to use the self-service web portal to download and install the configuration profiles you've carefully crafted for them, and how to remotely lock or wipe their own devices without your intervention. This eBook includes the knowledge you need to configure your Lion Server to be an Open Directory master, use an appropriate SSL certificate, provide Profile Manager services, and perform basic troubleshooting.
It's 339 pages on my iPhone 4.
Apple today introduced its Volume Purchase Program for Business Apps. The program, available "soon," answers a simple question that has had no satisfactory answer: How does a company buy apps for its users?
- Businesses must have a Dun & Bradstreet number to participate, and go through a validation process.
- Admins will be asked to create a new Apple ID for exclusive use with the Business VPP.
- There are no minimum or maximum quantities for purchase.
- Only paid apps are available through VPP. Free apps should be downloaded by the device user.
- Payment must be made via corporate credit card or PayPal. (There seems to be no mechanism for purchase orders at this time.)
The program seems to follow the contours of the Education VPP system, introduced last year. The enrollment process, which is not yet online, is outlined in a PDF. Here's what they say about distribution:
Distributing apps purchased through the Volume Purchase Program is easy. For each app you purchase you’ll receive a redemption code to authorize the app download. The program website delivers these redemption codes in a spreadsheet format that contains multiple codes, one for each app in the quantity purchased. Each time a code is redeemed, the spreadsheet is updated on the program website so you can track the number of codes that have been redeemed by your users. The spreadsheet also includes a redemption URL with the redemption code embedded in the link so users don’t have to type or enter the redemption code manually when downloading apps.
Apple suggests that you email these URLs to each user, but I'd rather poke my eye with a stick. Alternatively, expect your MDM Provider to allow for VPP Integration. Casper Suite and Absolute Manage MDM already has this feature, and I hope others quickly jump on board.
So the user clicks on the link, they visit the Apple store, "purchase" the app, and the redemption code is used in lieu of payment. Then the app downloads and installs.
Read the documentation closely, and you'll find a second new initiative: Apple is releasing private app distribution for businesses. The idea here is to combine custom app development but use VPP for distribution, creating a new market strategy for enterprise-focused developers. (And Apple will happily take its 30% cut for the service.) Sound interesting?
Any outstanding questions? Do you like the plan? Please add your comments below.
I'm very happy to announce that Zenprise has added their data to our Comparison of MDM Providers. We are now at 800 boxes with / ticks.
As this feature has grown, we've seeing some areas where we can improve the chart. Please visit MDM Comparison 2.0 Beta to see where we are going, and contribute your suggestions.
Has your company built a great app? But you don't want it on the app store? In-house App Deployment is for you. There are two ways to go:
Several companies make a living building private app catalogs for businesses. These sites typically require an enterprise subscription to Apple's iOS Developer Program.
Do It Yourself
(I haven't done all these steps myself. Hopefully some of you can fill in whatever gaps exist.)
Once you have established your iOS Developer Enterprise Program, everything you need to know is listed under the Provisioning Portal.
The rough steps for in-house app distribution are:
- Identify internal development resources
- Establish a cross-functional team to establish security, design & look and feel guidelines
- Download Xcode from AppStore or via free iOS Developer Program
- Build an app in Xcode
- Sign up for the iOS Enterprise Developer Program (not the standard program)
iOS Developer Enterprise Program
Requires DUNS number
Enrolling employee must have binding authority to enter into contracts
This employee becomes the Team Agent
Legal contact at your company to verify enrolling employee & their binding authority
Budget 10 - 15 business days for enrollment
From Apple's iOS Provisioning Portal
- Create App ID (performed by Team Agent)
- Register development devices (Team Agent)
- Create Development Provisioning Profile (Team Agent)
- Create Developer code signing Certificate
- Add Provisioning Profile & Developer Certificate in Xcode
Note that with iOS 4, provisioning profiles are read only at boot. So here is what will happen: MDM will install both profile and app, but then the app will seem to disappear. The system is simply hiding the app because it is not aware of the provisioning profile. Just reboot the device to have the app function.
EoIS member Haruhiko Nishi has released a prototype system for managing iOS devices as Open Source. The code works through an ActiveSync connection to your device, which can manage some restrictions and policies. There's a bit of discussion in our forum about this already.
The demo is quite interesting. See our forums for the URL. Thanks, Hanishi!
A huge THANK YOU to mobilEcho and all the attendees at last night's meetup shindig. The entire industry was represented: education, enterprise, developers, MDM, MAM, MFM, and your MOM. And as you can see from the photo above, even the bartender got into the spirit.
Let's do this again next year, shall we?
(Photo by Arek Dreyer. Thanks Arek!)
Yesterday's announcements bring up several questions regarding enterprise use of iOS 5.
- Can enterprises pre-load configurations and certificates to allow "PC Free" deployments?
- Do Over-The-Air software updates depend on iCloud for data backup and restore?
- User cy2k asks: What, if any, changes are there to MDM and mobileconfig.
- Can iCloud be disabled or restricted using MDM?
- Who holds the private keys to the iCloud?
- Can there be "private" iClouds for sensitive information?
- Is there the ability to record an iMessage conversation?
Add your thoughts and further questions below.
(A reminder about this site's policy: We aim to bring together all players in this community and therefore will not publish information covered by non-disclosure agreements. But we'll try to compile the best information available publicly.)
iCloud is Apple's announced cloud service.
In addition to Address Book, calendar, mail, iBooks, music, and photos, iCloud supports a number of innovative features.
Just looking at the WWDC Keynote, iCloud appears to be the file system that's been missing from iOS since the beginning. Files are sync'd wirelessly and in the background to all devices. (Sounds like Dropbox.)
IT appears Apps needs to be updated to work with iCloud, using iCloud storage APIs. Works on all iOS devices, and Macs and PCs too.
No word on security yet, or on enterprise sharing features. (Likely this is consumer-only at the beginning.)
5 GB base storage for mail and documents (does not count purchased music, apps, or books). More storage is probably available at an additional fee.
iCloud is in Beta now, shipping with iOS 5 this fall.
I'm here at WWDC, where there are several fantastic announcements for the enterprise community.
- No iTunes activation required ("PC Free")
- Over the Air OS Updates
- Delta updates will be much smaller
- S/MIME encrypted mail
- Improved Mail offline support
- BBM-like messaging: "iMessage" to all iOS devices. Includes delivery & read receipts.
- iPad 2 AirPlay integration displays fullscreen wireless to Apple TV, etc.
- Daily backups to iCloud over WiFi
Coming this fall. will support all iOS Devices which are currently supported.
More information coming (at least, the information not under NDA).
What is your favorite feature?
Any iOS administrator with a real deployment in operation can tell you this: Today's MDM solutions are only a fraction of the puzzle. In the real world, a complete solution is much more complicated.
Physical Device Management, specifically imaging and deployment, is the biggest pain point today. For iOS it is all manual work: iTunes, cables, mouse clicks, etc. Alternatives are desperately needed if today's pilots will scale.
Policy Management is a relatively mature space, as these things go. There are quite a few vendors, such as MobileIron, AirWatch, and Casper Suite. Although these vendors often bleed into other domains, they focus on policy management.
Application Management is a pretty sparse field. Companies such as Apperian and AppCentral allow for hosted enterprise app catalogs, but these are disconnected from other management services. MDM providers can offer private app catalogs as well, but these don't offer update services.
The big players today want to own the entire space, one-size-fits-all. They are thinking of what RIM did with BES. But this strategy ends up with a mobile environment without many options for the user. And like it or not, user choice is one of the foundations of the iOS platform. (Think of the App Store with nearly 400,000 apps.)
Instead, I believe we would be better off with a small set of standards that encourage independence and interoperability. Let each company make its choice for file or app or policy management. Encourage innovation and differentiation.
And how does this look?
Automatic Provisioning: I think many of us share the same dream: A newly provisioned device should automatically install certificates, policies, apps, configurations and documents appropriate for that user. Wouldn't that be nice? I don't think it would even be difficult, technically. Apple would need to integrate MDM enrollment into device registration. (Easy for me to say, right?)
Pluggable App Policies: MDM systems are pretty good today for setting up device restrictions, imagine if they were able to reach into application configurations. This is already done for SSL VPNs, where a configuration profile can pass policies to Cisco, Juniper and F5 iOS VPN clients. mobilEcho has a similar model for centralized configuration through their own server. The only way to extend this to the huge number of apps is to create a standard way of plugging into MDM consoles. App developers could, if they wanted to be included, develop their own console plug-in to this spec. Their app would then query the OS for installed MDM profiles and then request an config from the MDM server.
Policy-based Access Controls: File management on iOS is today just way too leaky. Any app can implement "Open In..." with a single line of Objective-C. But "Open In" simply makes another copy somewhere else. This is a policy and version control nightmare. So how many copies of that P&L statement do you want around? Imagine if a consortium of app developers agreed on a standard for policy-based file management. A push is already on for such a standard. I look forward to hearing more about it.
Next week will be a big one for us: How will iOS 5, iCloud, and Lion change this landscape? Stay tuned.
Ryan Faas has an in Computerworld on what to expect from WWDC 2011.
He doesn't mention one thing to expect... drinks Wednesday night!. Join us at 7:30 PM on, at the Tunnel Top Bar, 601 Bush Street. This is sponsored by Group Logic (buying the drinks) and Tekserve (my employer) for the EiOS community.
I hope to see you there.
- Access file servers from iPad as easily as from your Windows or Mac laptop
- Secure (encrypt) the data at rest and data in motion
- Manage over the air (OTA) the configuration of mobilEcho
The mobilEcho Solution
- Server – software that runs on Windows to proxy the file access of the iPad apps based on existing Access Control Lists (ACLs)
- Protocol – designed specifically for mobile users with limited bandwidth, high performance expectations and to encrypt traffic at all times
- App – that provides Windows Explorer / Mac Finder like navigation of file servers, preview and open in encryption of all files and configuration data and
- Management – governs mobilEcho app behavior with configuration templates for each Active Directory (AD) User or Group
- Download and install the mobilEcho server software available from Group Logic
- Define configuration "Profiles" for AD Users and/or Groups that need file access
- Download to the iPad the mobilEcho app which is free from the App Store
- Configure mobilEcho over the air based on your Active Directory Group Membership
- Browse files and folders on the server
- Preview files and open in other apps for editing
- Save files created or edited on the iPad to the server
- Store files locally for offline use
- Enhance mobile user productivity
- Access existing files (content) on storage your organization controls and manages
- Avoid paying for redundant cloud storage
- Maintain security and governance of your organization's information
- Empower remote management of files on mobile devices
If you shoot me an E-mail I'll make sure to save one in your size.
See you there.
About This Site
- Comparison of MDM Providers (434,334)
- Complete List of iOS User-Agent Strings (154,413)
- Apple Configurator vs. MDM (85,403)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (84,914)
- Mobile Device Management (58,065)
- Absolute Manage (48,217)
- AirWatch (48,046)
- Apple Profile Manager (42,740)
- Gartner Magic Quadrant for MDM (2012, 2011) (35,361)
- iOS Device Management Open Source Way (35,067)
Comparison of MDM Providers
Mobile Management Provider changed by mladen.hajak 24 weeks ago
Forum topic comment by MissyC 24 weeks ago
Mobile Management Provider changed by sginevan 24 weeks ago
Mobile Management Provider changed by amy01 24 weeks ago
Mobile Management Provider changed by JAMFSoftware 24 weeks ago
Mobile Management Provider changed by nashaway 24 weeks ago
Mobile Management Provider changed by adrianthomas 24 weeks ago
Mobile Management Provider comment by adrianthomas 24 weeks ago
Mobile Management Provider changed by Bo225 24 weeks ago
Wiki Page changed by Aaron Freimark 24 weeks ago
Story added by Aaron Freimark 25 weeks ago
Forum topic comment by Aaron Freimark 25 weeks ago
Forum topic added by wakaka 25 weeks ago
Wiki Page changed by Aaron Freimark 25 weeks ago