My Digital Life

Following it’s announcement on Monday I think its fair to say that the 3G iPhone has stirred up quite a bit of interest with people.  And rightly so I believe.

In preparation for the inevitable requests from people out in our business I thought I would do a little digging into what Enterprise support Apple have built in this time round. 

With the original iPhone business users were pretty much ignored.  There was no real support for businesses, even to the point were (in the UK at least) you had to be an individual to buy one - it was available on personal contracts only, there were no businesses tariffs at all.

Here’s a few notes on what I found in case it’s useful:

Exchange Support
Apple have licensed Exchange ActiveSync from Microsoft so can connect directly to exchange for push email, calendars and contacts.  Providing you already have Exchange (2003 or 2007) adding iPhone support should be trivial.  From the device perspective it shouldn’t be any different to setting up a Windows Smartphone.

In addition to messaging support, the iPhone now also supports ActiveSync security policies for:

- Remote wipe
- Password Enforcement
- Forcing password complexity
- Forcing alphanumeric passwords
- Specifying password length
- Defining inactivity times before the phone ‘locks’

These are increasingly important to business, especially with the current media attention on data loss and privacy.

Device Configuration
To help reduce the support overhead of deploying smartphones companies (us included) often make arrangements to have company specific settings applied by some for of automated process.  This is so that end users can be up and running as soon as possible when, and hopefully ensure everything is set up correctly avoiding extra support calls etc.

For the iPhone 2.0 software apple has built in support for remote deployment of configuration using either email or a website.

You use an iPhone Configuration Utility to build up a preferred config, and then export that setup as an XML config file.  That file can then be:

- hosted on a website that users can browse to
- Emailed to the user as an attachment

In both cases the end user will need to open or run the attachment/file.  During the installation they will be prompted for any additional information needed such as passwords.

it would have been nice to have seen some support for over-the-air config like Windows Smartphones, but its a pretty good solution nonetheless.

Within the configuration utility you can configure:

- Exchange settings (server, domain, account etc)
- Wireless settings (network, authentication etc)
- VPN Settings (server, account, passwords, groups, proxies etc)
- Password policy (complexity, attempts, length, age, timeout (etc)
- Email settings (POP, IMAP, servers, accounts etc)
- Certificates (Deploy PKCS1 and PKCS12 certs)
- Policy and Restrictions (Control 3rd party apps, iTunes, content etc)

The device also allows these settings to be signed so that you can be sure they are from your company and not a rouge source.  This might be particularly important.

Virtual Private Networks
iPhone 2.0 now has built in support most of the common VPN protocols:

- PPTP
- L2TP/IPSec
- Cisco IPSec

and authentication methods:

- MS-CHAPv2 (standard passwords)
- RSA SecureID
- CRYPTOCard
- Certificates (PKCS1 and PKCS12)
- Shared Secret

The settings for both can be deployed using the Configuration Utility described above.

Wireless
The iPhone now supports the following wireless security protocols:

- WEP
- WPA Personal
- WPA Enterprise
- WPA2 Personal
- WPA2 Enterprise

It also supports the following 802.1x authentication protocols:

- EAP-TLS
- EAP-TTLS
- EAP-FAST
- PEAPv0 (EAP-MSCHAPv2)
- PEAPv1 (EAP-GTC)
- LEAP

All of these can be setup with an configuration profile and applied using the Configuration utility over email or the web.

IMAP Mail
For organisations not using Exchange the iPhone provides support for IMAP so should be able to access more or less any email system that allows it.  Within this is support for encryption and X.509 root certificates. 

There also appears to be some support for enterprise application distribution, but I’ve not found too much info about that yet so will probably add some more info on this later.

Overall I think apple has done a good job here.  It’s hard to say for sure without having an iPhone to test with, but for now it looks like it supports most of the things we currently look to do with our Windows Smartphones.  Perhaps its not quite as much as we’d look to do if implementing something like Mobile Device Manager or B2M’s mProdigy, and I’d like to see support for data encryption, but it’s a great start an should make the lives of Enterprise IT departments quite a bit easier.  They might not become preferred device’ within companies, but there’s certainly no major reasons why they shouldn’t exist happily within the Enterprise any more.

The big question for me at the moment is how O2 will see them to business customers and what costs will be involved - especially for customers with existing contracts and data agreements.

I’ve been playing about with the Mesh preview for a week or so now and overall I’m pretty impressed.  Unfortunately I’ve not had time to look at the dev side of things (or it could be that I couldn’t code my way out of a paper bag…) but its clear from talking to developer buddies that they’re equally interested. 

Anyway, I was chatting about Mesh earlier and the subject of Office and other ‘business’ apps came up.  Or more specifically what, if anything, Mesh would mean to them.

I guess the most obvious place that Mesh could integrated is Groove.  It’s one of Ray Ozzies former projects and has more than a little in common with Mesh - or at least the functionality provided in the preview. 

The most common use  of Groove is peer to peer, you’d create a workspace or share a folder with a number of people, but there’d be no central point where the data was kept waiting for other people to come online when you were away. 

There is however the option to use Groove Enterprise Services to provide the equivalent of the cloud Mesh, a centralised service that clients could sync with which would then be available to pass on changes to other users as they came online.  Using Mesh as the sync provider for new iterations of Groove would seem to make sense.  The question to my mind is quite how that might work. 

One option would be to allow clients to sync directly with the Mesh cloud.  Although that would be the obvious and easiest solution it may not always suit enterprises.  Clients would all be syncing directly to the Internet over the corporate network, not ideal unless you have huge bandwidth.  Some companies may also be unhappy about having a copy of all their synced data sat outside of their network.

One way to provide enterprises with some additional flexibility might be to provide some form of internal Mesh - an internal Mesh cloud that clients can sync with privately.  Potentially this cloud could then sync with the main Mesh cloud in a controlled way to allow a company to better manage the bandwidth over it’s Internet connection.

How would such a Mesh cloud be delivered?  Maybe as part of Exchange or SharePoint?

One of the examples Ori Amiga gave in his Channel 9 video showed how updates made to data in an application could be synced in near real-time to other Mesh clients.  In his example he used a family tree application, but for some reason it reminded me of the Excel Calculation services in SharePoint 2007. 

ECS allows you to maintain a central version of an Excel worksheet and show updates in real-time via a SharePoint webpart (that’s a huge simplification I know).  Presumably if Excel was able to use Mesh, changes to shared workbooks could be synced with other users of that workbook.  How useful that might be I’m not sure - I’m not a huge Excel user - but the same could apply to PowerPoint or Word.

The other day I read a blog post about using Mesh as a messaging platform, unfortunately I can’t find it now to reference it.  The gist of the post was that Mesh and Feedsync provide the basis for simple IM and email tools. 

Thinking it through a bit more though surely Mesh would make a great platform for an enterprise Twitter style messaging platform?  This could be a component for Outlook or Communicator that connects directly to Live Mesh or possibly connect the notional local cloud I mentioned up above. 

Of course this all just speculation, but given the obvious investment MS has made in Mesh it would seem sensible to use the framework in some of its other products.