EiOS will be on the panel "Your Business, Your App" this Friday, in NYC

No votes yet

This Friday, September 30, I have the honor of being a part of a distinguished panel discussion titled "Your Business, Your App." Members of the Enterprise iOS community are invited to register for this special event.

The luncheon and panel will be at Ogilvy, 636 11th Avenue, between 46th And 47th Streets, in New York City. The panel includes:

  • Joe Zeff of Joe Zeff Design, creative studio that helps companies merge content, technology and business opportunities through iPad apps. Their specialty is consumer engagement, leveraging the power of storytelling to help publishers, corporations and agencies forge deeper relationships with their audiences.
  • Jason Richelson of ShopKeep.com, a cloud-based point-of-sale service that allows small retail businesses to replace their cash registers with iPads and ring up customers, collect sales tax, print receipts, accept credit cards and manage inventory and customers.
  • Jamie Manalio of Rust Labs, dedicated to exploring new technologies for custom hardware and A/V installations, creating custom interactive presentations for private and public events, programming applications for smart phones.
  • Joseph Wachs of [x]cube LABS, a specialty mobile app development firm offering end-to-end solutions across a wide range of mobile applications; from games to enterprise apps, across all major mobile platforms, including iPhone, BlackBerry, and Android, as well as the iPad.
  • Irven Cassio of Luxottica Group, a retail technologist - with a focus on convergence, multichannel integration, social media, fashion, design and marketing.

The event is being sponsored by my employer, Tekserve, New York's largest independent Apple consultancy and retailer.

Update: We've posted a video and some Q&A of the event on this site.

EiOS and Tekserve in CIO

No votes yet

CIO Magazine has published an interview with me about the iPad Culture Shock for IT. I would sincerely appreciate your thoughts on the topic.

Managing iOS Devices with Lion Server

No votes yet

The eBook "Managing iOS Devices with Lion Server" is now available on the iBooks store and the Kindle store, and soon on peachpit.com.

The $4.99 ($3.99 for Kindle) is a steal considering the weeks I put into preparing this. I really hope you find it useful.

I also wrote the official description below, and I think it captures it perfectly; there's not much about using Profiles for managing Macs other than remotely locking and wiping them (which is vey cool). It really is all about managing iOS devices.

Learn how to use Profile Manager, a feature included in OS X Lion Server, to configure and remotely manage iOS devices (including iPad, iPhone, and iPod touch) and Macs running Lion. With this eBook, you will learn how to use Profile Manager's web-based tools to configure user settings for services such as Mail, Calendar, VPN, and Wi-Fi; define passcode settings to prevent unauthorized access to data stored on your users' devices; and remotely wipe devices if they go missing. The Profile Manager uses the Apple Push Notification Service (APNS), so you can immediately push configuration changes to your devices, as long as they have some kind of network connectivity. Why do all the work yourself? Show your users how easy it is for them to use the self-service web portal to download and install the configuration profiles you've carefully crafted for them, and how to remotely lock or wipe their own devices without your intervention. This eBook includes the knowledge you need to configure your Lion Server to be an Open Directory master, use an appropriate SSL certificate, provide Profile Manager services, and perform basic troubleshooting.

It's 339 pages on my iPhone 4.

Apple Introduces App Store Volume Purchasing for Business

No votes yet

Apple today introduced its Volume Purchase Program for Business Apps. The program, available "soon," answers a simple question that has had no satisfactory answer: How does a company buy apps for its users?

Some notes:

  • Businesses must have a Dun & Bradstreet number to participate, and go through a validation process.
  • Admins will be asked to create a new Apple ID for exclusive use with the Business VPP.
  • There are no minimum or maximum quantities for purchase.
  • Only paid apps are available through VPP. Free apps should be downloaded by the device user.
  • Payment must be made via corporate credit card or PayPal. (There seems to be no mechanism for purchase orders at this time.)

The program seems to follow the contours of the Education VPP system, introduced last year. The enrollment process, which is not yet online, is outlined in a PDF. Here's what they say about distribution:

Distributing apps purchased through the Volume Purchase Program is easy. For each app you purchase you’ll receive a redemption code to authorize the app download. The program website delivers these redemption codes in a spreadsheet format that contains multiple codes, one for each app in the quantity purchased. Each time a code is redeemed, the spreadsheet is updated on the program website so you can track the number of codes that have been redeemed by your users. The spreadsheet also includes a redemption URL with the redemption code embedded in the link so users don’t have to type or enter the redemption code manually when downloading apps.

Apple suggests that you email these URLs to each user, but I'd rather poke my eye with a stick. Alternatively, expect your MDM Provider to allow for VPP Integration. Casper Suite and Absolute Manage MDM already has this feature, and I hope others quickly jump on board.

So the user clicks on the link, they visit the Apple store, "purchase" the app, and the redemption code is used in lieu of payment. Then the app downloads and installs.

Read the documentation closely, and you'll find a second new initiative: Apple is releasing private app distribution for businesses. The idea here is to combine custom app development but use VPP for distribution, creating a new market strategy for enterprise-focused developers. (And Apple will happily take its 30% cut for the service.) Sound interesting?

Any outstanding questions? Do you like the plan? Please add your comments below.

Zenprise expands our Comparison of Mobile Device Management Providers

No votes yet

I'm very happy to announce that Zenprise has added their data to our Comparison of MDM Providers. We are now at 800 boxes with / ticks.

As this feature has grown, we've seeing some areas where we can improve the chart. Please visit MDM Comparison 2.0 Beta to see where we are going, and contribute your suggestions.

In-house App Deployment

Your rating: None (3 votes)

Has your company built a great app? But you don't want it on the app store? In-house App Deployment is for you. There are two ways to go:

Outsource It

Several companies make a living building private app catalogs for businesses (like this mobile application development company). These sites typically require an enterprise subscription to Apple's iOS Developer Program.

Do It Yourself

(I haven't done all these steps myself. Hopefully some of you can fill in whatever gaps exist.)

Once you have established your iOS Developer Enterprise Program, everything you need to know is listed under the Provisioning Portal.

The rough steps for in-house app distribution are:

  1. Identify internal development resources
  2. Establish a cross-functional team to establish security, design & look and feel guidelines
  3. Download Xcode from AppStore or via free iOS Developer Program
  4. Build an app in Xcode
  5. Sign up for the iOS Enterprise Developer Program (not the standard program)

iOS Developer Enterprise Program
Requires DUNS number
Enrolling employee must have binding authority to enter into contracts
This employee becomes the Team Agent
Legal contact at your company to verify enrolling employee & their binding authority
Budget 10 - 15 business days for enrollment

From Apple's iOS Provisioning Portal

  1. Create App ID (performed by Team Agent)
  2. Register development devices (Team Agent)
  3. Create Development Provisioning Profile (Team Agent)
  4. Create Developer code signing Certificate
  5. Add Provisioning Profile & Developer Certificate in Xcode

To add the app to your device, you must also add the provisioning profile. This may be done with either the iPhone Configuration Utility or with most Mobile Device Management systems.

Note that with iOS 4, provisioning profiles are read only at boot. So here is what will happen: MDM will install both profile and app, but then the app will seem to disappear. The system is simply hiding the app because it is not aware of the provisioning profile. Just reboot the device to have the app function.

McAfee EMM added to our Mobile Device Management Comparison

No votes yet

Our member andrer9999 was kind enough to fill in the blanks for our enormous Comparison of MDM Providers. Thank you!

Open Source iOS Device Management

No votes yet

EoIS member Haruhiko Nishi has released a prototype system for managing iOS devices as Open Source. The code works through an ActiveSync connection to your device, which can manage some restrictions and policies. There's a bit of discussion in our forum about this already.

The demo is quite interesting. See our forums for the URL. Thanks, Hanishi!

Thank You!

No votes yet

A huge THANK YOU to mobilEcho and all the attendees at last night's meetup shindig. The entire industry was represented: education, enterprise, developers, MDM, MAM, MFM, and your MOM. And as you can see from the photo above, even the bartender got into the spirit.

Let's do this again next year, shall we?

(Photo by Arek Dreyer. Thanks Arek!)

iOS 5 Questions

Aaron Freimark's picture
No votes yet

Yesterday's announcements bring up several questions regarding enterprise use of iOS 5.

  1. Can enterprises pre-load configurations and certificates to allow "PC Free" deployments?
  2. Do Over-The-Air software updates depend on iCloud for data backup and restore?
  3. User cy2k asks: What, if any, changes are there to MDM and mobileconfig.
  4. Can iCloud be disabled or restricted using MDM?
  5. Who holds the private keys to the iCloud?
  6. Can there be "private" iClouds for sensitive information?
  7. Is there the ability to record an iMessage conversation?

Add your thoughts and further questions below.

(A reminder about this site's policy: We aim to bring together all players in this community and therefore will not publish information covered by non-disclosure agreements. But we'll try to compile the best information available publicly.)

Enterprise iOS Meetup on Wednesday

No votes yet

iCloud

No votes yet

iCloud is Apple's announced cloud service.

In addition to Address Book, calendar, mail, iBooks, music, and photos, iCloud supports a number of innovative features.

Document Storage

Just looking at the WWDC Keynote, iCloud appears to be the file system that's been missing from iOS since the beginning. Files are sync'd wirelessly and in the background to all devices. (Sounds like Dropbox.)

IT appears Apps needs to be updated to work with iCloud, using iCloud storage APIs. Works on all iOS devices, and Macs and PCs too.

No word on security yet, or on enterprise sharing features. (Likely this is consumer-only at the beginning.)

Storage

5 GB base storage for mail and documents (does not count purchased music, apps, or books). More storage is probably available at an additional fee.

iCloud is in Beta now, shipping with iOS 5 this fall.

iOS 5 Announcements

Aaron Freimark's picture
No votes yet

I'm here at WWDC, where there are several fantastic announcements for the enterprise community.

  • No iTunes activation required ("PC Free")
  • Over the Air OS Updates
  • Delta updates will be much smaller
  • S/MIME encrypted mail
  • Improved Mail offline support
  • BBM-like messaging: "iMessage" to all iOS devices. Includes delivery & read receipts.
  • iPad 2 AirPlay integration displays fullscreen wireless to Apple TV, etc.
  • Daily backups to iCloud over WiFi

Coming this fall. will support all iOS Devices which are currently supported.
More information coming (at least, the information not under NDA).

What is your favorite feature?

Toward Complete Mobile Device Management

No votes yet

Any iOS administrator with a real deployment in operation can tell you this: Today's MDM solutions are only a fraction of the puzzle. In the real world, a complete solution is much more complicated.

Physical Device Management, specifically imaging and deployment, is the biggest pain point today. For iOS it is all manual work: iTunes, cables, mouse clicks, etc. Alternatives are desperately needed if today's pilots will scale.

Policy Management is a relatively mature space, as these things go. There are quite a few vendors, such as MobileIron, AirWatch, and Casper Suite. Although these vendors often bleed into other domains, they focus on policy management.

Application Management is a pretty sparse field. Companies such as Apperian and AppCentral allow for hosted enterprise app catalogs, but these are disconnected from other management services. MDM providers can offer private app catalogs as well, but these don't offer update services.

File Management, to manage the distribution and policies on centralized files, is relatively new. There are a few nascent tools such as mobilEcho and SilverSync in this space.

The big players today want to own the entire space, one-size-fits-all. They are thinking of what RIM did with BES. But this strategy ends up with a mobile environment without many options for the user. And like it or not, user choice is one of the foundations of the iOS platform. (Think of the App Store with nearly 400,000 apps.)

Instead, I believe we would be better off with a small set of standards that encourage independence and interoperability. Let each company make its choice for file or app or policy management. Encourage innovation and differentiation.

And how does this look?

Automatic Provisioning: I think many of us share the same dream: A newly provisioned device should automatically install certificates, policies, apps, configurations and documents appropriate for that user. Wouldn't that be nice? I don't think it would even be difficult, technically. Apple would need to integrate MDM enrollment into device registration. (Easy for me to say, right?)

Pluggable App Policies: MDM systems are pretty good today for setting up device restrictions, imagine if they were able to reach into application configurations. This is already done for SSL VPNs, where a configuration profile can pass policies to Cisco, Juniper and F5 iOS VPN clients. mobilEcho has a similar model for centralized configuration through their own server. The only way to extend this to the huge number of apps is to create a standard way of plugging into MDM consoles. App developers could, if they wanted to be included, develop their own console plug-in to this spec. Their app would then query the OS for installed MDM profiles and then request an config from the MDM server.

Policy-based Access Controls: File management on iOS is today just way too leaky. Any app can implement "Open In..." with a single line of Objective-C. But "Open In" simply makes another copy somewhere else. This is a policy and version control nightmare. So how many copies of that P&L statement do you want around? Imagine if a consortium of app developers agreed on a standard for policy-based file management. A push is already on for such a standard. I look forward to hearing more about it.

Next week will be a big one for us: How will iOS 5, iCloud, and Lion change this landscape? Stay tuned.

What to expect from WWDC

No votes yet

Ryan Faas has an in Computerworld on what to expect from WWDC 2011.

He doesn't mention one thing to expect... drinks Wednesday night!. Join us at 7:30 PM on, at the Tunnel Top Bar, 601 Bush Street. This is sponsored by Group Logic (buying the drinks) and Tekserve (my employer) for the EiOS community.

I hope to see you there.

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Comparison of MDM Providers

Recent Activity

Who's New