Muddying the Consumerization of IT

Aaron Freimark's picture
No votes yet

This week CIO.com published an interview with me on muddying the consumerization of IT. The story includes the following quote:

Interestingly, a lot of IT guys are rooting for Android. The reason, I think, is that there's some unexpressed hope that they can lock down the Android OS. They can put on what they want. They can do the monitoring. They can do the auditing. They can reconfigure and redeploy with their own image.

Of course, that's missing the point. It's no longer consumerization of IT, but goes back to the traditional models where IT has control all over again. If you think you have trouble supporting Android with its fragmentation now, just wait until businesses start getting a hold of the source code and recompiling it.

My point is to celebrate and embrace the tremendous innovations we've seen in the consumer space. Attempts by business to control these technologies only slow down innovation and make emoyees much less productive.

What do you think? Does this reflect the situation in your company? Please comment below.

Presenting iPad apps in web conferences with the Epiphan VGA2USB-LR adapter

No votes yet

If you work in the mobile Apps space, I'll bet that you often need to present iPad Apps & slideshows from your iPad in web conferences such as Citrix Go To Meeting and WebEx. Let me share my recommendation as to how to accomplish these presentations with high quality and low hassle.

As the president of a GroupLogic, a software firm not associated with any of the products I will recommend here, my colleagues and I have had great success with the Epiphan VGA2USB-LR adapter. When combined with video capture software (I use Evocam), the VGA2USB makes web conferences and recording easy and consistently delivers high quality.

Until my colleagues found the Epiphan, we struggled with a document camera from Ipevo and were always fooling with the adjustable arm and sitting in the dark to reduce the glare from office lights. Even in the best lighting (we purchased a photo stand that shielded the lights) the Ipevo left a lot to be desired for sharing the iPad screen.

You will need to spend the extra money for the 30 fps "LR" version which at $799 is worth the extra money over the $299 basic version that does 10 fps. The slower 10 fps frame rate makes scrolling visibly very unappealing to your viewing audience so I strongly advise that you buy the LR.

Here are the links to these products:

Epiphan VGA2USB-LR adapter http://www.epiphan.com/products/frame-grabbers/vga2usb-lr

EvoCam 4.0.1 http://www.evological.com/evocam.html

Apple Releases Over-The-Air iOS 5.0.1 Update

No votes yet

Apple today released a minor update to iOS 5. This update applies to all devices running iOS 5: iPad and iPad 2, iPhone 3GS, iPhone 4 and 4S, and iPod touch 3rd and 4th Generation. Security information can be found on Apple's support site.

This update is notable as it is Apple's first delivered over-the-air. Reports indicate no issues so far. You must be connected to a wifi network (not cell) to download. Also, you need at least 50% battery life (or be plugged in) to update.

For enterprise environments, you can't prevent or force this update on your managed devices. However, you can use MDM queries to check the versions of your devices, and set policies accordingly.

Any experiences yet?

iOS Calendar Issues

icanseeclearlynow's picture
No votes yet

I am new to this forum so I apologize if this is a repeat...

We have recorded multiple incidents of meetings dropping off of iOS calendars, but still appearing on the Outlook client. We have traced it to users with delegates that manage their calendar (some even manage their own) and more often than not, the meeting event is a recurring one that has been edited or moved in some way. We have instances of a single occurrence of a recurring meeting dropping off and the entire series. We have not been able to reproduce this issue with users that do not have delegates, that is unless the meeting invite they received comes from someone who does have a delegate.

Note: Exchange 2007 environment.

We have heard that one resolution could be disabling Cached Exchange Mode for the troubled users, but the loss of functionality has been determined to be unacceptable.

This is a sensitive issue because users that have delegates are often... senior management. Any help or direction would be greatly appreciated.

Thank you.

Android Orphans: Examining Smartphone Obsolescence

No votes yet

Blogger Michael DeGusta compiled the release and upgrade history of every Android phone released through mid-2010. It is impressive, and not in a good way.

(via Daring Fireball)

Hosted Certificate Authorities / PKI

Aaron Freimark's picture
No votes yet

Hi folks.

To unlock some of the most interesting iOS features for enterprise, you need to use a Certificate Authority (CA) to create, manage, and distribute identity certificates to your devices. (Actually, the deployment is typically done through [[MDM]). With this infrastructure in place, you can teach your servers to recognize valid certificates, allowing secure VPN, email, WIFi and intranet access without password authentication. However, many businesses do not have this infrastructure, known as PKI, in place.

I'm curious about experiences with hosted PKI. It would have to be simple to use -- that's the point.

Any of you have experience you'd like to share? Any successful hosted PKI/MDM integrations?

Head-to-head: AirWatch vs. Maas360

Tippet5x's picture
No votes yet

Hello

I was looking for some real world feedback, that could help with a decision.
Price between the two are close. Airwatch does offer multi language interface and the option to route 443 to their environment and the back. No software installed in my environment.

I don't think maas360 has that option but I heard their up port is better

Thank you

APNS Certificates Without a Developer Membership?

No votes yet

Hi All,

To play with Mobile Device Management, you need an Apple Push Notification Service certificate. And to get one of those, you've always needed a paid membership in the iOS Developer Program. Until now, it seems.

Check this out: https://identity.apple.com/pushcert/

If this is true, it would be great news!

(It seems you can also manage the APNS certs that you got when using Apple Profile Manager).

Cheers,
Oliver

Apple's iOS 5 Changes to .mobileconfig Enhance Security and Add Features (updated)

No votes yet

(Update: AirWatch sent a useful summary of the changes. I've added them below.)

With the release of iOS 5, Apple has added some new features to its .mobileconfig specification. This is the fundamental specification for how Mobile Device Management services interface with the iPhone and iPad. This is the reason why so many MDM providers offer similar features. MDM providers are limited to providing new features until Apple updates this spec. So when Apple adds keys here, expect MDM providers to follow -- and the best to follow quickly.

Email

The most significant changes are with email payloads. A set of new keys allow for enhanced security.

PreventMove, if set to true, forces this email account into a fence. That is, messages received by this account cannot be moved into another account. This also prevents forwarding or replying from a different account than the original account.

PreventAppSheet, if set to true, prevents this account from being used in third-party applications.

SMIMEEnabled, and its companions SMIMESigningCertificateUUID and SMIMEEncryptionCertificateUUID, allow for signed and encrypted mail. SCEP-based credentials managed by the MDM system may be used here.

iCloud

There are a number of new keys for allows control over iCloud.

allowCloudBackup permits or disables iCloud device backup.

allowCloudDocumentSync will disable document syncing, while allowCloudKeyValueSync will disable key-value syncing, for apps that use that iCloud technology (not every app is document-based). Finally, allowPhotoStream can be used to disable iCloud storage of device photos.

Restrictions

forceITunesStorePasswordEntry prevents iTunes from saving your backup password. So you'll need to add it every time.

allowUntrustedTLSPrompt enhances SSL security by rejecting invalid certificates. The default behavior is to prompt the user, who may not think before tapping.

Here's a biggie: You can now disable voice and/or data roaming.

Wi-Fi

Wi-Fi payloads gain an AutoJoin keyword. It also more specifically describes known Wi-Fi networks by allowing specification of the EncryptionType and ProxyType.

Query

Battery Life can now be queried.

Carrots and Sticks

No votes yet

"Carrots and Sticks" is a methodology of balancing the "stick" of security-enhancing restrictions with the "carrot" of user access to otherwise restricted data.

By design, users may opt-out of Mobile Device Management at any time. Settings > General > Profiles > Global MDM Profile > Remove. Individual configuration profiles may be password protected, but the root MDM certificate is always removable without anything more than the device passcode. And once that is removed, all child profiles are also removed. There is no programmatic way to prevent this.

One solution is to make MDM more attractive for the users. These are the "carrots." Here are some ways to do that.

  • Deploy managed apps (new to iOS 5) using MDM. Managed apps are sent over the air as art of the MDM package. If MDM is removed, these apps can be set to disappear as well.
  • Develop in-house apps using Apple's iOS Developer Program, and distribute the deployment certificate only by MDM.
  • Use a Public Key Infrastructure to grant access to VPN, Exchange, Wi-Fi, etc. Deploy user credentials through MDM only.
  • Slightly different than using PKI to grant access to corporate resources, more MDMs are offering DMZ based components to their solution which are in-line proxies prior to their Exchange, Domino, Office365, Google Apps services. These proxies/filters check with the MDM to ensure compliancy prior to allowing the device through. By using this, users are blocked & required to enroll in MDM to get to the corporate email resources.

Got more carrots, Doc? Edit this wiki page and add them here.

Demonstrating Over-the-Air App Deployment in iOS 5

No votes yet

Perhaps the biggest enterprise feature yet uncovered in iOS 5 is Over-the-Air app deployment. It's not quite "push"; but I'll call it "push-like".

Here's how it working, using JAMF's Casper Suite. JAMF updated their software today to support the latest iOS 5 technologies.

First, log into the MDM console.

Under Management, click "Mobile Device App Catalog".

Click "Add App".

iPhone Configuration Utility Updated to 3.4

No votes yet

Briefly: Apple's updated their iPhone Configuration Utility to include the .mobileconfig features of iOS 5.

The update is currently available via Software Update. We'll post a download link when available.


iOS 5 is Out

No votes yet

Apple has released iOS 5, the latest version of the operating system for its iPads, iPhones and iPod touches. The release is available for all current and many earlier models. See our table of iOS Devices for the list of upgradable models. The update is available via iTunes, but hopefully this is the last time we'll need a PC for updating.

iOS 5 brings a laundry list of features, including:

  • A new Notification Center for text messages, email, and other alerts
  • iMessage (think Apple's answer to BBM)
  • New MDM features (story to follow)

Over the next few days, we'll be exploring how this update affects Enterprise users. (Yes it does, and in some big ways.)

Please post your experiences in the comments below.

iPhone 4S Nifty Features for Business Users

No votes yet

Today's Apple product intro is now available online. In case you haven't heard, they announced the iPhone 4S, available on October 14. There are some nifty features in the iPhone 4S for business users. I'll have more tomorrow, but my short list is:

  1. Siri for a 24-hour personal assistant that won't break up your marriage
  2. Long battery life
  3. Quicker download speeds without the 4G downsides
  4. AirPlay -- fantastic for wireless presentations
  5. GSM+CDMA go-anywhere world phone
  6. Quicker dual-core A5 processor for background VPN and innovative apps

What did you think?

Completely Revised Comparison of Mobile Device Management Providers

No votes yet

We're happy to announce the re-release our popular Comparison of MDM Providers'. While the original comparison was built by an HTML table, the new page sits atop a wiki-enabled database. This allows MDM providers and users to modify and improve the data on each provider.

We've also added several MDM solutions: Apple, MaaS360, and SOTI.

?1317009962

If you're favorite MDM provide is missing from this list, we encourage you to add them yourself using a simple form. We hope you find this change useful.

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Comparison of MDM Providers

Recent Activity

Who's New