What iPhone 4.0 means for IT
In the week since Apple offered a glance at its forthcoming iPhone OS 4.0 update, whatever talk hasn’t centered around the promised multitasking features is focusing instead on Apple’s iAd advertising platform. But if you use the phone in a business setting or if you’re responsible for supporting iPhone-toting employees—Apple’s preview offers plenty of hints for what to expect when iPhone 4.0 arrives later this summer.
The trouble is, we’re talking about hints and not concrete details. The challenge anytime Apple rolls out information well ahead of a product release is that the details can be decidedly sparse. So long as you keep that in mind and are willing to apply a bit of logical speculation, though, you can get a pretty good idea of what to expect from the iPhone 4.0 update on the IT front.
To date, managing devices in an IT setting has proven to be one of the major weaknesses of the iPhone. (When I say “iPhone,” assume I mean any device that runs the iPhone OS, including the iPad.) Right out of the box, you need to use iTunes to set up the iPhone—there’s no choice.
But even after the initial setup, you hit a series of roadbumps. For example, with a bit of effort, you can set up a way to do the post-provisioning setup wirelessly. But what if your company has any in-house applications? You have to use iTunes. You can install configuration profiles wirelessly, but major updates require iTunes. It’s a case of two steps forward, one step back.
Some of those bumps will go away in iPhone OS 4, as businesses gain the ability to distribute applications wirelessly. If you’re running a business with hundreds—or thousands—of devices to manage, this capability is more than a little important.
Being able to push applications out from a central location via Wi-Fi or 3G means far less work, and less time worrying about iTunes being up to date—or even installed. (Mac users may not be able to imagine a computer without iTunes, but on the Windows side, it’s a different story. And if you’re using Linux, iTunes isn’t even an option.)
Along with wireless application distribution, Apple also plans to update the iPhone OS to be more compatible with third-party management frameworks, such as the ones from Sybase. The idea here is that Apple will build in the hooks these management vendors need so that their customers can do things like wirelessly configure devices, keep tabs on device compliance with company policies, and remotely wipe or lock devices outside of Mobile Me and Exchange ActiveSync.
For individual users, or even smaller small businesses, none of this is a big deal. But for larger companies, these are hugely important capabilities. It’s also not hard to see the need for this in educational markets where Apple probably hopes to get entire schools crammed full of iPads. Giving those schools a way to wirelessly manage those devices would be an important sales point, especially if you can go from box to student without ever needing to touch iTunes. If you can update the device wirelessly, even better.
The iPhone OS has also taken its share of knocks over security. Some of these criticisms have been overblown—or just plain wrong—but other security concerns are certainly valid. Take the lack of encryption in pre-3GS models or the way the encryption was set up on the 3GS—once you get past the passcode, all the data on the device is completely available. Encryption has been more of a "keep them out if they steal the phone and can't get past the passphrase" philosophy: Better than nothing, but not great.
With iPhone 4.0, Apple seems to be changing the way it implements encryption ever so slightly. It looks as if Apple is giving users the ability to use a personal passphrase as an encryption key for data on the device for things like e-mail and attachments. Apple is also implementing new APIs to allow developers to encrypt their data as well, so if someone gets ahold of your iPhone, it’s hopefully that much harder for them to get to your data.
But some things remain unclear about this forthcoming change. Does it mean Apple will allow you to encrypt your entire device, where the hardware supports it, without using the hard key that is the same for all devices, or will this ride on top of existing encryption? Will this allow two-factor authentication vendors to implement smart cards so that access to your device is even more secure? We don’t know, and, as of yet, Apple’s not telling.
Along with encryption changes, Apple will add more support for SSL VPNs. Now, since I’ve seen a lot of reports mangle this, let’s be clear here:
- The iPhone has had VPN access for some time now, with a rather nice little Cisco client in the 3.x timeframe.
- You could use SSL VPNs prior to iPhone OS 4, but you were limited to going through a Web page. There was no “native client.”
With version 4, Apple looks to be increasing the support for SSL VPNs so that the connection experience is more seamless and tap into capabilities like VPN-on-demand so that things “just work.” Juniper and Cisco have been mentioned in conjunction with this new support, so they’re likely to be early supporters of this feature. Hopefully, other vendors like F5 will follow suit.
During its iPhone 4.0 event last week, Apple talked about features such as support for multiple Exchange ActiveSync (EAS) accounts and support for Exchange 2010. Still, the devil’s in the details. Does support for Exchange 2010 mean it will work the same way things worked with an Exchange 2007 or 2003 server, or that there will be support for Exchange 2010-specific features? We don’t know.
I did note a few more features by carefully reading the smaller points on a feature slide during Steve Jobs’ presentation. A particular pain point for CalDAV users—like everyone using Apple’s iCal server—involves creating meetings for CalDAV calendars. You can do that now with EAS accounts, but not being able to do it with CalDAV has been really annoying. Version 4 will have support for the new CardDAV standard, which is a nice bullet point, but given the state of the standard and current implementations, not terribly impressive.
Will iCal in version 4 finally support shared calendars ala iCal on the desktop? Will you be able to set which shared calendars you want to see? Will you be able to set delegation to your own calendars on the device? We don’t know. Same thing for shared mail folders and shared address book folders.
One feature I’d love to see, but I doubt I shall on current hardware, is support for Kerberos and Single - Signon. Even if you have Single - Signon on the desktop, password changes are a pain on iPhones. (Amusingly, since EAS combines mail/calendar/contacts in one service, a password change here only requires changing it in one place. With IMAP/CalDAV/CardDAV, you have to change your password separately for each account. Single - Signon would make that problem pretty much go away. Barring that, allowing you to “group” accounts for things like user ID and password setups would be more than mildly handy.
Finally, what about Apple’s own management applications? While the iPhone Configuration Utility is handy for building profiles for devices, it’s not something I’d want to manage hundreds or thousands of devices with. Will Apple update its own tools that run under Mac OS X 10.6 and Mac OS X 10.6 Server or will we have to wait until Mac OS X 10.7 to see these changes? Again, it’s unclear.
Overall, I’m more than pleased by the changes I saw both in the iPhone OS 4.0 event video and on Apple’s Website. Even with a fairly large amount of unanswered questions, the improvements in iPhone OS 4 are going to make the sysadmin’s life more than a little easier, and that is something that always pleases me, regardless of the source.
[John C. Welch is IT Director for The Zimmerman Agency, and a long-time Mac IT pundit.]