Posts Tagged ‘Activesync’

iPhone 4 in business

Thursday, June 10th, 2010

With the iPhone rapidly becoming an accepted business phone for many companies, I’ve been interested to read about the changes that the forthcoming iPhone 4 and iOS 4 will bring.

To be honest there isn’t a huge amount of info out there, but the info that is available is quite positive.  There’s a page on apple.com with some basic details.  The main areas that Apple seem to be addressing are security and management, both of which have been question marks in the past.  Specifically the talk about:

Data Protection
Security enhancements in iPhone OS 4 protect email messages and attachments stored on iPhone 3GS by using the device passcode as an encryption key. New data protection APIs can be used for custom and commercial apps so that business-critical information is protected even if a device is compromised.

This is good news, but I still think Apple need to be clearer about exactly what sort of encryption is used etc.  The 3GS’s are meant to be encrypted, but there’s pretty strong indications that this isn’t quite as strong as you would hope [1, 2, 3].  If Apple can get this right it’ll open a lot of doors from them in business, as they’re still some way behind RIM’s Blackberry and Microsoft’s Windows Phone platforms.   Both of these offer significantly more control over encryption, and in combination with device management tools can both be configured to accredited security levels (up to ‘RESTRICTED’ I believe).

Mobile Device Management
Deploying and managing large iPhone fleets will be even easier with iPhone OS 4. New Mobile Device Management APIs can be integrated with third-party solutions to wirelessly configure and update settings, monitor compliance with corporate policies, and even wipe or lock managed iPhone devices.

To their credit Apple have supported a level of device management for a while through their implementation of Microsoft’s ActiveSync.  This at least allows basic policy enforcement on devices connecting in through Exchange.  By providing more complete API’s into a management interface however hopefully iPhones will begin to support a much wider range of management features.  The obvious gaps currently are around password/pin polices, encryption and granular control of features and functionality.  There are a number of products in the market to manage mobile devices [1, 2, 3], so hopefully we’ll see these begin to support the iPhone as well.

Wireless App Distribution
iPhone OS 4 enables enterprises to securely host and wirelessly distribute in-house apps to employees over Wi-Fi and 3G. Apps can be updated without requiring users to connect to their computers.

This has the potential to unlock the iPhone/iPad to a new group of developers.  Previously it’s been quite tricky to develop in house Line of Business applications,  and critically, to distribute them out to a fleet of devices.  The ability to deploy in-house apps over the air will make this much more attractive to organisations. 

SSL VPN Support
SSL VPN support in iPhone OS 4 gives users another way to securely access enterprise resources. These new protocols can even be leveraged to connect seamlessly to a corporate network via VPN on Demand. Forthcoming apps from Juniper and Cisco will support SSL VPN on iPhone.

VPN support is obviously a nice thing to have, but I’d be interested to hear how often this is used.  In a world where you’re developing and using internal applications it’ll be a very useful tool if those aren’t published to the internet, but for basic email etc generally the existing ActiveSync connection probably offers enough transport security.  I guess web access policies could also influence the use of VPN’s if you wanted to force your users through a company proxy server of some sort.

Improved Mail
iPhone OS 4 allows users to set up multiple Exchange ActiveSync accounts and now works with Exchange Server 2010. With the new unified inbox feature, users can see messages from all their email accounts conveniently displayed in a single inbox, or they can quickly switch between inboxes to see messages from any single account. If users receive an attachment that they want to save or edit, Mail now lets you open attachments with compatible apps from the App Store.

Again, I think the mail changes are more ‘nice to haves’ rather than significant improvements to the business features.  Though the unified inbox is very well implemented when you see it in use.  With the support for multiple ActiveSync accounts, it will be interesting to see how they have implemented the policy management.  If you have two ActiveSync connections, each with difference policy enforcement settings, which one wins?  Is it whichever is more secure?  If so who decided what the more secure value is?  I also wonder if this could potentially allow information to leak from one system to another.  If mail is synced from one company onto the iPhone, could it then potentially be synced back down to a separate mailbox with the iPhone acting as a hub?  I can see how that might be useful for personal contacts, but for potentially sensitive emails etc, it could be a problem.

Tags: , , , , , , , ,
Posted in Tech | 1 Comment »

Back to work…

Sunday, January 4th, 2009

Despite my best efforts to catch the flu, it’s looking like Monday morning will bring with it my first working week of 2009 (booooo!).  It’s  set to be a busy start of the year, with quite a lot of projects and work carrying over from December.  As well as the big Enterprise Architecture project I’ve been working on there are a host of smaller things that will be taking up my time.

I’ll be following up with Apple and O2 on the iPhone Exchange ActiveSync issues we’ve been seeing.  Hopefully now we have some repeatable scenarios we can provide to Apple we’ll be able to help fix the issues.

There’s some ongoing work to streamline our supply chain for desktop (and laptop) computers.  This has been hanging around for months and although nothing is actually ‘broken’ there’s a general feeling that we can do even better.  We should be able to work with our suppliers to cut some slack from the supply process and with any luck cut some costs at the same time.  In truth this isn’t strictly my job anymore, but as it’s what I used to look after I’m giving the guys a helping hand.  Plus it should put us in really good stead for the Desktop/Windows 7 work we have pencilled in over the next year.

By far the most varied – and time consuming – chunk of work is the ongoing programme of work my team has put together for the remainder of the 2008 FY and 2009.  Ensuring the these projects make a successful transition from our drawing board into actual working projects is incredibly important.  Our project guys are all pretty good, but there’s a lot of projects to keep track of.  One thing we need to do better is to both better publicise – and ‘market’ -  the roadmap of work coming up (and it’s implications/benefits) and also ensure the we have a clearer view of the status of the programme and it’s component projects.  Again nothing is broken as such, but I’m a stickler for the details and making things better! :)  Fortunately some of this ties in nicely with the Enterprise Architecture so I should be able to bring it all together into something more consistent.

Hopefully I’ll be able to get my hands dirty in a few more technical projects this year as well.  Whilst I enjoy the higher level architecture work, I do miss the more immediate satisfaction of getting a script to run or seeing your freshly installed system work for the first time.  I won’t get too much time for this, but if I pick the right projects I’ll be able to get stuck in.  We’re doing some good work on the development side with Agile working, it’d be great to try and translate some of this into the more infrastructure related projects that are my background.

So a busy January awaits… It’s good fun work, but I’m still not looking forward to the alarm clock going off at 6am on Monday!

Tags: , , , , , ,
Posted in Tech, Work | No Comments »

iPhone and Exchange Calendar Problems

Friday, December 12th, 2008

A couple of weeks ago I posted about some problems I’d been seeing with my iPhone not quite syncing all of the changes to my mailbox.  At work we’ve been doing a bit more investigation around this after we found that a few of the guys out in the business with iPhones were having similar problems. 

So far we’ve been able to identify and replicate some pretty significant issues with how the iPhone deals with calendars and mailboxes that have recurring meetings and delegates – i.e. someone like a personal assistant who also has access to a calendar and mailbox.   The end result is that people can end up with:

  • - Missing calendar entries on their phone (even though they exist in Outlook)
  • - Calendar entries on their phone for deleted/cancelled meetings
  • - Multiple calendar entries for the same meeting

Having seen this happen it can be pretty frustrating for the end users.  These particular problems will only effect a fairly limited number of people – how many people have PA’s and deligates?  But those that do tend to be relatively senior. 

There are some known issues with how the Activesync protocol deals with delegates in Exchange 2003, but the iPhone seems to have more problems with it than other Exchange Activesync clients. 

There is some mention of this problem on the Apple support forums, but no information about a fix.  Hopefully now that we have some repeatable scenarios we can help resolve the problem.

(Cheers to the guys at work who did the testing!)

Tags: , , , , ,
Posted in MS, Tech, Work | 5 Comments »

iPhone’s ActiveSync not quite as active as you’d expect?

Tuesday, November 11th, 2008

Does anyone else have the problem of their iPhone not always syncing changes between itself and Exchange? 

I’ve noticed that the mailbox on my iPhone doesn’t always pick up on changes that I might make on my Outlook client or Webmail.  So for example at the moment my iPhone is showing 10 new meeting invitations that I have already accepted and replied to.  I’ve also just had to re-read 14 emails to stop them being highlighted as unread.

It seems an odd problem to me… but a few people here have found the same.  I thought I would see if anyone else had noticed this (it could be our instance of exchange?)

Tags: , , ,
Posted in Home, Tech, Work | 3 Comments »

iPhone Web Configuration Utility

Thursday, July 10th, 2008

Apple have just released the new configuration utilities for the new iPhones.  As I covered a few weeks ago, these will allow enterprises to develop specific configuration files for iPhones within their infrastructures.  It’s a very welcome move, like many businesses I’ve certainly seen a number of business requests for iPhones and the prospect of managing another platform could have been quite daunting.

iPhone Web Configuration Utility for Mac
iPhone Web Configuration Utility for Windows
iPhone Configuration Utility 1.0 Mac OS X

Each of these tools will allow you to create xml configuration files that can be either emailed to the devices or opened from the web browser.  The Configuration Utility 1.0 however can also track and install provisioning profiles and authorized applications, and capture device information including console logs.

Tags: , , , , ,
Posted in Uncategorized | 2 Comments »