My Digital Life - Technology, cars, and other nonsense

iPhone in the Enterprise

Following it’s announcement on Monday I think its fair to say that the 3G iPhone has stirred up quite a bit of interest with people. And rightly so I believe.

In preparation for the inevitable requests from people out in our business I thought I would do a little digging into what Enterprise support Apple have built in this time round.

With the original iPhone business users were pretty much ignored. There was no real support for businesses, even to the point were (in the UK at least) you had to be an individual to buy one – it was available on personal contracts only, there were no businesses tariffs at all.

Here’s a few notes on what I found in case it’s useful:

Exchange Support
Apple have licensed Exchange ActiveSync from Microsoft so can connect directly to exchange for push email, calendars and contacts. Providing you already have Exchange (2003 or 2007) adding iPhone support should be trivial. From the device perspective it shouldn’t be any different to setting up a Windows Smartphone.

In addition to messaging support, the iPhone now also supports ActiveSync security policies for:

– Remote wipe
– Password Enforcement
– Forcing password complexity
– Forcing alphanumeric passwords
– Specifying password length
– Defining inactivity times before the phone ‘locks’

These are increasingly important to business, especially with the current media attention on data loss and privacy.

Device Configuration
To help reduce the support overhead of deploying smartphones companies (us included) often make arrangements to have company specific settings applied by some for of automated process. This is so that end users can be up and running as soon as possible when, and hopefully ensure everything is set up correctly avoiding extra support calls etc.

For the iPhone 2.0 software apple has built in support for remote deployment of configuration using either email or a website.

You use an iPhone Configuration Utility to build up a preferred config, and then export that setup as an XML config file. That file can then be:

– hosted on a website that users can browse to
– Emailed to the user as an attachment

In both cases the end user will need to open or run the attachment/file. During the installation they will be prompted for any additional information needed such as passwords.

it would have been nice to have seen some support for over-the-air config like Windows Smartphones, but its a pretty good solution nonetheless.

Within the configuration utility you can configure:

– Exchange settings (server, domain, account etc)
– Wireless settings (network, authentication etc)
– VPN Settings (server, account, passwords, groups, proxies etc)
– Password policy (complexity, attempts, length, age, timeout (etc)
– Email settings (POP, IMAP, servers, accounts etc)
– Certificates (Deploy PKCS1 and PKCS12 certs)
– Policy and Restrictions (Control 3rd party apps, iTunes, content etc)

The device also allows these settings to be signed so that you can be sure they are from your company and not a rouge source. This might be particularly important.

Virtual Private Networks
iPhone 2.0 now has built in support most of the common VPN protocols:

– PPTP
– L2TP/IPSec
– Cisco IPSec

and authentication methods:

– MS-CHAPv2 (standard passwords)
– RSA SecureID
– CRYPTOCard
– Certificates (PKCS1 and PKCS12)
– Shared Secret

The settings for both can be deployed using the Configuration Utility described above.

Wireless
The iPhone now supports the following wireless security protocols:

– WEP
– WPA Personal
– WPA Enterprise
– WPA2 Personal
– WPA2 Enterprise

It also supports the following 802.1x authentication protocols:

– EAP-TLS
– EAP-TTLS
– EAP-FAST
– PEAPv0 (EAP-MSCHAPv2)
– PEAPv1 (EAP-GTC)
– LEAP

All of these can be setup with an configuration profile and applied using the Configuration utility over email or the web.

IMAP Mail
For organisations not using Exchange the iPhone provides support for IMAP so should be able to access more or less any email system that allows it. Within this is support for encryption and X.509 root certificates.

There also appears to be some support for enterprise application distribution, but I’ve not found too much info about that yet so will probably add some more info on this later.

Overall I think apple has done a good job here. It’s hard to say for sure without having an iPhone to test with, but for now it looks like it supports most of the things we currently look to do with our Windows Smartphones. Perhaps its not quite as much as we’d look to do if implementing something like Mobile Device Manager or B2M’s mProdigy, and I’d like to see support for data encryption, but it’s a great start an should make the lives of Enterprise IT departments quite a bit easier. They might not become preferred device’ within companies, but there’s certainly no major reasons why they shouldn’t exist happily within the Enterprise any more.

The big question for me at the moment is how O2 will see them to business customers and what costs will be involved – especially for customers with existing contracts and data agreements.

Hyperlinks in Deepzoom

I’ve just been playing with Deepzoom as a way of publishing some information I’ve been working on over the past few weeks. It’s a very powerful tool and it’s giving me a great way of publishing every level of detail – whatever the intended audience – in one place. I’ll try to strip out the company specific stuff and put an example on here at some point.

Anyways… the question I have is, does anyone know if it is (or will be) possible to embed hyperlinks into Deepzoom? There are a few times where it would have been useful to be able to link out to related word docs. I’m only using the beta composer tool at the moment so you’ll have to forgive my ignorance!

MOM 2005 Management Pack for Server 2008

Something that surprised me about the Server 2008 launch was that there aren’t any MOM management packs available for it yet. I’m sure people we busy getting the OS itself ready, but this won’t help adoption of the OS by enterprises.

I’m told that the MP hasn’t yet gone through beta testing but it targeted for release in Q4 of 2008.

File Virtualisation and the cloud

There’s a great post over on arstechnica asked for a home storage cloud that would seamlessly link together all his home storage.

"So I’m ready for some cloud storage. But I don’t want all my gadgets to connect to some distant cloud. Rather, I want them to be the cloud, so that my data surrounds me like some mist with a life of its own, instead of sitting in these little isolated balls that I have to juggle."

While I was reading though it two things came to mind, the first was Mesh and other cloud storage services. After all why have storage in your home if you can get it cheaper in the cloud.

Of course for home media use cloud storage itself isn’t much help, you need the data locally. That’s where Mesh could play a part by taking care of syncing data across devices via the cloud. However in this scenario either all the data would be on all the devices or you’d need to setup and maintain lots of individual folders. Oh… and 5GB isn’t going to hold much music these days.

The second thing that came to mind was a File Virtualisation solution I saw last year from Acopia (now owned by f5). File virtualisation provides a lay of abstraction between clients that create and consume data and the storage devices that it is stored on.

Essentially the virtualisation layer provides a single namespace that all clients connect to. As this layer is abstracted from where and how the data is physically stored the data can be located in the best place for that data. What’s more it can be dynamically moved around physical storage devices without these changes ever being visible to the clients.

This lets you do very clever things. You can automatically determine what the most accessed files are an move them to your fastest storage. The least accessed ones you can move to cheap, slow storage. Don’t want MP3’s clogging up you file servers? (well it is an enterprise solution…) That’s fine, just define a rule that says all MP3’s should be hosted on a single cheap NAS somewhere. Need to move all the data off a SAN that’s seen better days? No worries, setup a rule or task and it’ll be moved without the clients ever seeing a thing.

Ok… so for now this sort of thing is the realm of Enterprises. And Enterprises with deep pockets. But, it is – I think – what Jon is looking for in his article – his digital mist (I like that term!). Probably more so than Mesh, at least for now.

However… if Mesh is providing a ring of devices on which you’d like to store your data. It’s not too hard to see someone writing an equivalent of the Acopia ‘rulebase’ to manage a set of devices linked using the Mesh framework.

Could be quite useful in a few years.

(I was impressed that in replying to the post on arstechnica I had to sign-in using an account I created in 1999!)

Fisker Karma

I was just looking through some car news and noticed this, the Fisker Karma:

It’s a rather clever hybrid sports car, it even has solar panels in the roof to boost the batteries. But… it is just me or does the front look a little like the Joker?

Fortunately the rest of the car looks great: