uklug 2011 - ios devices in the enterprise

Presenter: René Winkelmeyer Company: midpoints | purify it

iOS devices in the enterprise

•  René Winkelmeyer

•  Senior Consultant at midpoints | purify it

•  IBM Design Partner for Notes/Domino NEXT

•  IBM Design Partner for Mobile

•  OpenNTF projects

•  File Navigator (http://filenavigator.openntf.org)

•  Contact •  Skype/Twitter/LinkedIn/Facebook: muenzpraeger •  http://blog.winkelmeyer.com •  [email protected] / [email protected]

About the speaker

•  midpoints | purify it (http://www.midpoints.de)

•  IBM Advanced Business Partner

•  Apple Enterprise Developer Partner

•  we mobilize notes

•  IBM Lotus Traveler administration add-ons

•  IBM Lotus Traveler deployments

•  E-Mail-Management consulting

•  Notes/Domino, RCP, XPages development

About the speaker

•  Why do YOU need to be engaged about iOS devices?

•  Using iOS devices with IBM Lotus Traveler

•  iOS enterprise capabilities

•  Over-The-Air-Deployment & MDM

Agenda

let‘s see demos for that





Agenda

Why do YOU need to be engaged?


You‘ve got iOS devices and your users want mail (and more)!

Be the king!


Mobile devices mean: configure the device manually. Everything: VPN, Mail, WiFi and so on. And what about security? And about „BYOD“?


Step 1: Define standards Step 2: Configure policies Step 3: Device Enrollment Step 4: Manage devices


Step 1: Define standards Step 2: Configure policies Configuration profiles Step 3: Device Enrollment OTA Enrollment Step 4: Manage devices Mobile Device Management





Agenda

Using iOS devices with Lotus Traveler

•  Till now you need to activate ANY iOS device via iTunes (activate mode)

•  see the “iPhone Enterprise Deployment Guide”, Chapter 4

•  BUT

•  there are serious rumors, that Apple will implement OTA-Activation with iOS 5 !!!


•  IBM is leveraging the ActiveSync protocol for syncing mail, calendar and contacts, which is implemented per default on any iOS device.

•  “Normally” your users need to use the Traveler server and their http username and password to authenticate – and to install the “configuration profile”.


•  IBM Lotus Traveler does NOT solve ALL of you’re administration and security requirements like

•  realtime black- and whitelisting on a device basis

•  distributed administration (allow local administrators or the 1st level suppurt access to the Traveler server)






Agenda

iOS enterprise capabilities

•  Traveler does NOT serve YOUR requirements for a real enterprise deployment.

•  IMHO it’s not the job of IBM to deliver it.

•  The good news: Apple is (the only!) hardware provider which has currently real good configuration capabilities for their devices.

•  The bad news: They don’t have an enterprise-ready software for that.


•  For small environments you may use the “iPCU” – the iPhone Configuration Utility (despite the name it’s although for any iOS device).

•  You can create profiles with it.

•  But you don’t get a real OTA deployment.


•  A “profile” is a XML file, which follows the plist DTD. They file extension is “.mobileconfig”.

•  Those settings can be

•  Mail settings: Exchange Traveler, IMAP, POP3

•  Certificates

•  VPN

•  WiFi

•  Passcode

•  Restrictions

•  …


•  You can deploy those iPCU profiles via

•  USB

•  Mail

•  HTTP download

•  For a secure deployment they should be encrypted and signed!






Agenda

Over-The-Air deployment & MDM


D E M O

7. Confirm installation

6. Profile installation 6. Profile installation

5. Individual encrypted profile

5. Individual encrypted profile

3. Identify device 3. Identify device

2. Login 2. Login

1. Open URL 1. Open URL

Profile Service

4. Enroll Identity (SCEP)

Certificate Authority

4. Enroll Identity (SCEP)


•  Mobile Device Management allows you

•  transparent OTA management of your iOS devices (through HTTPS)

•  Remote commands

•  Install/remove profiles seamless

•  Lock / erase device

•  reset passcode

•  Queries

•  Network information

•  Device information

•  App information


4. Bind to MDM server

4. Bind to MDM server

3. Install MDM Profile

3. Install MDM Profile

2. Create MDM Profile 2. Create MDM Profile

1. OTA Enrollment 1. OTA Enrollment

Notification Service

MDM Server

Initial setup



D E M O

4. Queries + commands via Profile-Payload

Notification Service

4. Queries + commands via Profile-Payload

3. Connect to MDM

3. Connect to MDM

2. Device notification

2. Device notification

1. Send MDM Push 1. Send MDM Push

MDM Server

Active Management


•  iOS devices are enterprise ready.

•  YOU need device management to have a valuable and secure iOS experience.

•  Get the most out of you business with iOS devices, OTA and custom applications. It’s really worth!

Conclusion

Conclusion

Thank you!

If I’m not overdue: let’s switch to Q&A!

•  René Winkelmeyer •  Skype/Twitter/LinkedIn/Facebook: muenzpraeger •  http://blog.winkelmeyer.com •  http://www.xing.de/Rene_Winkelmeyer •  [email protected] / [email protected]

•  midpoints | purify it •  http://www.midpoints.de •  [email protected]

Contact

•  iTunes deployment •  http://images.apple.com/iphone/business/docs/iPhone_iTunes.pdf

•  Device Deployment •  http://images.apple.com/iphone/business/docs/iPhone_Business.pdf

•  Security •  http://images.apple.com/iphone/business/docs/iPhone_Security.pdf

•  Mobile Device Management •  http://images.apple.com/iphone/business/docs/iPhone_MDM.pdf

•  Certificates •  http://images.apple.com/ipad/business/docs/iPad_Certificates.pdf

Resources

uklug 2011 - ios devices in the enterprise

Technology

ios devices

real enterprise deployment

mobile devices

enterpriseready software

traveler server

exchange traveler

job of ibm

ibm design partner