Thank You!

Your rating: None (2 votes)

A huge THANK YOU to mobilEcho and all the attendees at last night's meetup shindig. The entire industry was represented: education, enterprise, developers, MDM, MAM, MFM, and your MOM. And as you can see from the photo above, even the bartender got into the spirit.

Let's do this again next year, shall we?

(Photo by Arek Dreyer. Thanks Arek!)

iOS 5 Questions

Aaron Freimark's picture
No votes yet

Yesterday's announcements bring up several questions regarding enterprise use of iOS 5.

  1. Can enterprises pre-load configurations and certificates to allow "PC Free" deployments?
  2. Do Over-The-Air software updates depend on iCloud for data backup and restore?
  3. User cy2k asks: What, if any, changes are there to MDM and mobileconfig.
  4. Can iCloud be disabled or restricted using MDM?
  5. Who holds the private keys to the iCloud?
  6. Can there be "private" iClouds for sensitive information?
  7. Is there the ability to record an iMessage conversation?

Add your thoughts and further questions below.

(A reminder about this site's policy: We aim to bring together all players in this community and therefore will not publish information covered by non-disclosure agreements. But we'll try to compile the best information available publicly.)

Enterprise iOS Meetup on Wednesday

Your rating: None (2 votes)


No votes yet

iCloud is Apple's announced cloud service.

In addition to Address Book, calendar, mail, iBooks, music, and photos, iCloud supports a number of innovative features.

Document Storage

Just looking at the WWDC Keynote, iCloud appears to be the file system that's been missing from iOS since the beginning. Files are sync'd wirelessly and in the background to all devices. (Sounds like Dropbox.)

IT appears Apps needs to be updated to work with iCloud, using iCloud storage APIs. Works on all iOS devices, and Macs and PCs too.

No word on security yet, or on enterprise sharing features. (Likely this is consumer-only at the beginning.)


5 GB base storage for mail and documents (does not count purchased music, apps, or books). More storage is probably available at an additional fee.

iCloud is in Beta now, shipping with iOS 5 this fall.

iOS 5 Announcements

Aaron Freimark's picture
No votes yet

I'm here at WWDC, where there are several fantastic announcements for the enterprise community.

  • No iTunes activation required ("PC Free")
  • Over the Air OS Updates
  • Delta updates will be much smaller
  • S/MIME encrypted mail
  • Improved Mail offline support
  • BBM-like messaging: "iMessage" to all iOS devices. Includes delivery & read receipts.
  • iPad 2 AirPlay integration displays fullscreen wireless to Apple TV, etc.
  • Daily backups to iCloud over WiFi

Coming this fall. will support all iOS Devices which are currently supported.
More information coming (at least, the information not under NDA).

What is your favorite feature?

Toward Complete Mobile Device Management

Your rating: None (2 votes)

Any iOS administrator with a real deployment in operation can tell you this: Today's MDM solutions are only a fraction of the puzzle. In the real world, a complete solution is much more complicated.

Physical Device Management, specifically imaging and deployment, is the biggest pain point today. For iOS it is all manual work: iTunes, cables, mouse clicks, etc. Alternatives are desperately needed if today's pilots will scale.

Policy Management is a relatively mature space, as these things go. There are quite a few vendors, such as MobileIron, AirWatch, and Casper Suite. Although these vendors often bleed into other domains, they focus on policy management.

Application Management is a pretty sparse field. Companies such as Apperian and AppCentral allow for hosted enterprise app catalogs, but these are disconnected from other management services. MDM providers can offer private app catalogs as well, but these don't offer update services.

File Management, to manage the distribution and policies on centralized files, is relatively new. There are a few nascent tools such as mobilEcho and SilverSync in this space.

The big players today want to own the entire space, one-size-fits-all. They are thinking of what RIM did with BES. But this strategy ends up with a mobile environment without many options for the user. And like it or not, user choice is one of the foundations of the iOS platform. (Think of the App Store with nearly 400,000 apps.)

Instead, I believe we would be better off with a small set of standards that encourage independence and interoperability. Let each company make its choice for file or app or policy management. Encourage innovation and differentiation.

And how does this look?

Automatic Provisioning: I think many of us share the same dream: A newly provisioned device should automatically install certificates, policies, apps, configurations and documents appropriate for that user. Wouldn't that be nice? I don't think it would even be difficult, technically. Apple would need to integrate MDM enrollment into device registration. (Easy for me to say, right?)

Pluggable App Policies: MDM systems are pretty good today for setting up device restrictions, imagine if they were able to reach into application configurations. This is already done for SSL VPNs, where a configuration profile can pass policies to Cisco, Juniper and F5 iOS VPN clients. mobilEcho has a similar model for centralized configuration through their own server. The only way to extend this to the huge number of apps is to create a standard way of plugging into MDM consoles. App developers could, if they wanted to be included, develop their own console plug-in to this spec. Their app would then query the OS for installed MDM profiles and then request an config from the MDM server.

Policy-based Access Controls: File management on iOS is today just way too leaky. Any app can implement "Open In..." with a single line of Objective-C. But "Open In" simply makes another copy somewhere else. This is a policy and version control nightmare. So how many copies of that P&L statement do you want around? Imagine if a consortium of app developers agreed on a standard for policy-based file management. A push is already on for such a standard. I look forward to hearing more about it.

Next week will be a big one for us: How will iOS 5, iCloud, and Lion change this landscape? Stay tuned.

What to expect from WWDC

Your rating: None (2 votes)

Ryan Faas has an in Computerworld on what to expect from WWDC 2011.

He doesn't mention one thing to expect... drinks Wednesday night!. Join us at 7:30 PM on, at the Tunnel Top Bar, 601 Bush Street. This is sponsored by Group Logic (buying the drinks) and Tekserve (my employer) for the EiOS community.

I hope to see you there.

mobilEcho — Mobile File Management

Your rating: None (1 vote)

The Concept

  • Access file servers from iPad as easily as from your Windows or Mac laptop
  • Secure (encrypt) the data at rest and data in motion
  • Manage over the air (OTA) the configuration of mobilEcho

The mobilEcho Solution

  • Server – software that runs on Windows to proxy the file access of the iPad apps based on existing Access Control Lists (ACLs)
  • Protocol – designed specifically for mobile users with limited bandwidth, high performance expectations and to encrypt traffic at all times
  • App – that provides Windows Explorer / Mac Finder like navigation of file servers, preview and open in encryption of all files and configuration data and
  • Management – governs mobilEcho app behavior with configuration templates for each Active Directory (AD) User or Group

Set Up

  • Download and install the mobilEcho server software available from Group Logic
  • Define configuration "Profiles" for AD Users and/or Groups that need file access

  • Download to the iPad the mobilEcho app which is free from the App Store
  • Configure mobilEcho over the air based on your Active Directory Group Membership


  • Browse files and folders on the server
  • Preview files and open in other apps for editing
  • Save files created or edited on the iPad to the server
  • Store files locally for offline use


  • Enhance mobile user productivity
  • Access existing files (content) on storage your organization controls and manages
  • Avoid paying for redundant cloud storage
  • Maintain security and governance of your organization's information
  • Empower remote management of files on mobile devices

Enterprise iOS T-Shirts Coming to WWDC

Your rating: None (2 votes)

You can't have an Internet community without T-Shirts, and our shirts are on their way. They will make their debut on Wednesday, June 8, at our WWDC Meetup. These are courtesy my employer, Tekserve.

If you shoot me an E-mail I'll make sure to save one in your size.

See you there.

The Remote Access Choice: VPN or APN?

Your rating: None (4 votes)

(This article originally appeared in the blog iOS4Business, by Mathieu Bernier.)

When you’re working on an iPhone/iPad deployment project you will always come to the point where your customer or yourself asks, "How can I secure remote access to my company?"

The first answer that comes to mind is "Configure a VPN tunnel." But an underestimated way to secure the access to your internal assets is through the use of Access Point Names, or APNs.

What is an APN?

APNs are gateways typically hosted by your mobile phone carrier, allowing your mobile to browse Internet using the mobile network. In general, APNs are shared between users and you don’t even know that your phone uses this gateway to access Internet. But if you’re a big company and you prefer to have your own private APN hosted by your carrier, you can rent one for all your devices.


The big advantage is that when you use a private APN, the VPN tunnel is configured between the APN gateway and your VPN gateway. That takes away the battery problem you can encounter with traditionnal VPN deployments.

That’s the basic configuration offered by your provider. Usualy you can deploy more secured and scalable architecture, with redundancy, MPLS links if you have one etc… These APNs are usualy RADIUS compatible so you can, on your side, restrict access to your network only to devices registered in your fleet.


There are three main disadvantages using APN :

  1. First, the price. The rent is starting around 900 euros/month in France for a no-failover, simple configuration.
  2. You need to rent an APN in each country where you want to deploy your fleet.
  3. All your 3G data traffic is going to be redirected on your own network, in and out, so you need to make sure that your infrastructure can support this traffic growth.


APNs can be set using the iPhone Configuration Utility or using most Mobile Device Management software.

On-Demand VPN Explained

Your rating: None (2 votes)

(This article originally appeared in the blog iOS4Business, by Mathieu Bernier.)

VPN On-Demand is the Holy Grail, for Apple. When you ask an Apple representative for a VPN solution, what you get in return is: VPN On-Demand. So, let’s discover what’s behind that door with a short procedure using iPhone Configuration Utility.

(I won’t cover the configuration of the VPN gateway in this article. You need to make sure that your VPN gateway is properly configured to accept Certificates authenticated connections.)

I. The Concept

The first thing you need to know about VPN On-Demand (VPoD) is : it’s a very simple concept.

  1. It allows administrators to define a Hosts Domain realm behind which all hosts must be accessed via a VPN connection.
  2. Whenever an application try to access one of the server behind that realm, the iOS device automaticaly starts the VPN tunnel.

That’s VPN "On-Demand".

II. Requirements

In order to make VPN On-Demand work properly, you need :

  • A compatible VPN gateway (Cisco, or any Cisco IPSec compatible third-party gateway, F5 SSL, JunOS Pulse etc …)
  • An enterprise Certificate Authority
  • The Authority CA Certificate
  • A personnal certificate delivered by the Certificates Authority

III. Certificates

The first thing you need to do is to import the CA Certificate and your personal Certificate in the iOS configuration profile.
It’s fairly easy to do that.

  1. Open the iPhone Configuration Utility on your desktop

  2. Go to "Certificates"

  3. Click on "Configure"

  4. You need to get your personal Certificate and (if you use a company-wide Certificate Authority) the CA Certificate of your authority. First, import your personal certificate. Enter the password of your choice (remember it !) and click OK.
  5. Do the same for the CA Certificate. It should not ask you for a password this time.
  6. Now you have imported both certificates in your profile.

IV. "On-Demand" Configuration

A few settings are required to configure the VPN On-Demand in the profile.

  1. Go to VPN

  2. Enter the VPN gateway and authentication settings values.

  3. Choose _Certificate_ as the authentication method for the device. Then select your personal certificate you imported earlier.

  4. Enable _VPN On-Demand_ option and add a new realm in the list

    Screen shot 2011-05-23 at 6.31.06 AM.png

In this example we created a realm "*" with an action set to "Always establish". So now, any application trying to access a server behind "" will automaticaly setup a VPN tunnel to access it.

Upload the profile to your device, and then you are ready.

Simple as it looks like.

iOS Devices

Your rating: None (18 votes)

This page lists all known iOS devices and the latest firmware downloads for each.

Friendly Name Identifier Introduced Download
iPhone 8 Plus (GSM) iPhone10,5 2017-09-02 11.0.3 (15A432)
iPhone 8 Plus (Global) iPhone10,5 2017-09-02 11.0.3 (15A432)
iPhone 8 (Global) iPhone10,4 2017-09-02 11.0.3 (15A432)
iPhone 8 (GSM) iPhone10,4 2017-09-02 11.0.3 (15A432)
iPad Pro 2 (12.9-inch, WiFi) iPad 2017-05-23 11.0.3 (15A432)
iPad Pro 2 (12.9-inch, Cellular) iPad 2017-05-23 11.0.3 (15A432)
iPad Pro (10.5-inch, WiFi) iPad 2017-05-23 11.0.3 (15A432)
iPad Pro (10.5-inch, Cellular) iPad 2017-05-23 11.0.3 (15A432)
iPad 5 (WiFi) iPad 2017-03-20 11.0.3 (15A432)
iPad 5 (Cellular) iPad 2017-03-20 11.0.3 (15A432)
iPhone 7 Plus (GSM) iPhone9,2 2016-09-03 11.0.3 (15A432)
iPhone 7 Plus (Global) iPhone9,2 2016-09-03 11.0.3 (15A432)
iPhone 7 (GSM) iPhone9,1 2016-09-03 11.0.3 (15A432)
iPhone 7 (Global) iPhone9,1 2016-09-03 11.0.3 (15A432)
iPhone SE iPhone8,4 2016-03-15 11.0.3 (15A432)
iPad Pro 9.7-inch (Cellular) iPad6,4 2016-03-15 11.0.3 (15A432)
iPad Pro 9.7-inch (WiFi) iPad6,3 2016-03-15 11.0.3 (15A432)
iPad Pro 12.9-inch (Cellular) iPad6,8 2015-10-16 11.0.3 (15A432)
iPad Pro 12.9-inch (WiFi) iPad6,7 2015-10-16 11.0.3 (15A432)
iPhone 6s+ iPhone8,2 2015-09-09 11.0.3 (15A432)
iPhone 6s iPhone8,1 2015-09-09 11.0.3 (15A432)
iPad Mini 4 (Cellular) iPad5,2 2015-09-09 11.0.3 (15A432)
iPad Mini 4 (WiFi) iPad5,1 2015-09-09 11.0.3 (15A432)
iPod touch 6 iPod7,1 2015-06-26 11.0.3 (15A432)
iPad Air 2 (Cellular) iPad5,4 2014-10-13 11.0.3 (15A432)
iPad Air 2 (WiFi) iPad5,3 2014-10-13 11.0.3 (15A432)
iPad Mini 3 (China) iPad4,9 2014-10-13 11.0.3 (15A432)
iPad Mini 3 (Cellular) iPad4,8 2014-10-13 11.0.3 (15A432)
iPad Mini 3 (WiFi) iPad4,7 2014-10-13 11.0.3 (15A432)
iPhone 6 iPhone7,2 2014-09-09 11.0.3 (15A432)
iPhone 6+ iPhone7,1 2014-09-09 11.0.3 (15A432)
iPad Mini 2 (China) iPad4,6 2014-03-04 11.0.3 (15A432)
iPad Air (China) iPad4,3 2014-03-04 11.0.3 (15A432)
iPad Mini 2 (Cellular) iPad4,5 2013-10-16 11.0.3 (15A432)
iPad Mini 2 (WiFi) iPad4,4 2013-10-16 11.0.3 (15A432)
iPad Air (Cellular) iPad4,2 2013-10-16 11.0.3 (15A432)
iPad Air (WiFi) iPad4,1 2013-10-16 11.0.3 (15A432)
iPhone 5s (Global) iPhone6,2 2013-09-14 11.0.3 (15A432)
iPhone 5s (GSM) iPhone6,1 2013-09-14 11.0.3 (15A432)
Apple TV 4 (2015) AppleTV5,3 2015-10-29 11.0 (15J381)
iPhone 5c (Global) iPhone5,4 2013-09-14 10.3.3 (14G60)
iPhone 5c (GSM) iPhone5,3 2013-09-14 10.3.3 (14G60)
iPad 4 (Global) iPad3,6 2012-11-06 10.3.3 (14G60)
iPad 4 (GSM) iPad3,5 2012-11-06 10.3.3 (14G60)
iPad 4 (WiFi) iPad3,4 2012-10-29 10.3.3 (14G60)
iPhone 5 (Global) iPhone5,2 2012-09-14 10.3.3 (14G60)
iPhone 5 (GSM) iPhone5,1 2012-09-14 10.3.3 (14G60)
Apple TV 3 (2013) AppleTV3,2 2013-01-25 8.4.2 (12H606)
Apple TV 3 AppleTV3,1 2012-02-29 8.4.2 (12H606)
iPad Mini (Global) iPad2,7 2012-11-06 9.3.5 (13G36)
iPad Mini (GSM) iPad2,6 2012-11-06 9.3.5 (13G36)
iPad Mini (WiFi) iPad2,5 2012-10-29 9.3.5 (13G36)
iPod touch 5 iPod5,1 2012-09-14 9.3.5 (13G36)
iPad 3 (GSM) iPad3,3 2012-02-29 9.3.5 (13G36)
iPad 3 (CDMA) iPad3,2 2012-02-29 9.3.5 (13G36)
iPad 3 (WiFi) iPad3,1 2012-02-29 9.3.5 (13G36)
iPad 2 (Mid 2012) iPad2,4 2012-02-29 9.3.5 (13G36)
iPhone 4[S] iPhone4,1 2011-10-07 9.3.5 (13G36)
iPad 2 (CDMA) iPad2,3 2011-03-03 9.3.5 (13G36)
iPad 2 (GSM) iPad2,2 2011-03-03 9.3.5 (13G36)
iPad 2 (WiFi) iPad2,1 2011-03-03 9.3.5 (13G36)
Apple Watch (42mm) Watch1,2 2015-02-25 1.0.1 (12S632)
Apple Watch (38mm) Watch1,1 2015-02-25 1.0.1 (12S632)
Apple TV 2G AppleTV2,1 2010-09-27 7.1.2 (11D258)
iPhone 4 (GSM / 2012) iPhone3,2 2012-09-14 7.1.2 (11D257)
iPhone 4 (CDMA) iPhone3,3 2011-01-27 7.1.2 (11D257)
iPhone 4 (GSM) iPhone3,1 2010-06-17 7.1.2 (11D257)
iPod touch 4 iPod4,1 2010-08-31 6.1.6 (10B500)
iPhone 3G[S] iPhone2,1 2009-06-10 6.1.6 (10B500)
iPad 1 iPad1,1 2010-03-29 5.1.1 (9B206)
iPod touch 3 iPod3,1 2009-09-04 5.1.1 (9B206)
iPod touch 2G iPod2,1 2008-09-05 4.2.1 (8C148)
iPhone 3G iPhone1,2 2008-07-08 4.2.1 (8C148)
iPod touch 1G iPod1,1 2007-09-11 1.1.5 (4B1)
iPhone 2G iPhone1,1 2007-06-28 3.1.3 (7E18)
Apple Watch Series 1 (42mm) Watch2,7
Apple Watch Series 1 (38mm) Watch2,6
Apple Watch Series 2 (42mm) Watch2,4
Apple Watch Series 2 (38mm) Watch2,3

Firmware versions and links courtesy of the API at

Help with App Store App Deployment, Licensing & Costs

maxwell's picture
No votes yet

Hello there,

Can anyone help share their experiences with deploying App Store apps in a business? I thought it would be best to summarise my experience and knowledge so far:

  1. Firstly we have a Mobile Device Management server in place (, which we use to manage our fleet of 200 Windows PDAs. It also happens to support iOS devices, we are happy with the level of control but are struggling with App Store apps.
  2. Under Apple's Terms of Sale I understand that apps can only be used for "personal, non-commercial use". So I take it that we cannot buy apps for business, without breaching the agreement? It really doesn't make any sense that there is a "Business" section in the App Store either. I don't think I'm the only one to struggle
  3. Even if there was an enterprise agreement or it was ok - how would we deploy the Apps centrally? It seems the only ways are:
    • have the employee create a personal iTunes account, and then re-imburse the costs
    • have the employee create a business itunes account, and then cover the costs as expenses on company credit card
    • create a central IT dept account, and the "gift" the app

    In any case, the user ends up as the owner of thes software, and so when they leave they take it with them - which isn't what we want.

  4. Having an employee own the software, I understand this means there is a UK benefit in kind tax liabilty on the company. Does any one else have a method for managing this?
  5. Given the above would HM Revenue & Customs view the device as mixed use and then create another tax liabilty?
  6. Is it right that the only way to back up the device, documents, and app data is through iTunes?

If anyone can help, or share their experiences it would be greatly appreciated.

I am currently speaking with Vodafone, an Apple consultancy firm, Apple Business, and our Tax Officer - so I will update when I have any more info.



iOS 4.3.3 Stunts Location Services Caching

Your rating: None (2 votes)

In response to the recent publicity concerning location services caching, Apple has released iOS 4.3.3 (and iOS 4.2.8 for you poor Verizon folks). From the release notes:

This update contains changes to the iOS crowd-sourced location database cache including:

  • Reduces the size of the cache
  • No longer backs the cache up to iTunes
  • Deletes the cache entirely when Location Services is turned off

Products compatible with this software update:

  • iPhone 4 (GSM model)
  • iPhone 3GS
  • iPad 2
  • iPad
  • iPod touch (4th generation)
  • iPod touch (3rd generation)

This update is available via iTunes.

As always, has direct download links.

Raise a Glass at the 1st Ever WWDC Enterprise iOS Meetup

Your rating: None (2 votes)

Are you one of the lucky 5,000 going to WWDC? Well then, come out for a beer, won't you?

Wednesday, June 8 @ 7:30 PM (and on)
Tunnel Top Bar
601 Bush Street

It is easy to get there. From the Apple Store on Market just walk up Stockton 5 blocks. All iOS administrators are invited. Best of all, Group Logic is generously buying the drinks. Thanks also to Tekserve (my employer) for organizing.

The owner of the Tunnel Top is a guy named Ludvig, who says the bar in "the style of Northern France/Spain." I have absolutely no idea what this means. Come find out on June 8!

Recent Activity