Top 3 iPhone Features for the Enterprise

by Greg Crisp on 09/03/09 at 3:58 am

Greg Crisp is a consultant specializing in iPhone, mobile, and web-based systems. He is also a Senior Editor for iPhoneCTO.

Early editions of the iPhone were targeted specifically at the consumer and did not include features needed for the corporate environment. This has changed since the release of iPhone OS version 2.0 (currently 2.2.1). A number of features have been included with corporate enterprise in mind. iPhone can now work directly with Microsoft’s Exchange Server and connect to secured, corporate networks. There are also tools for centrally managing company-owned devices, to simplify administration and assist with security compliance. Let’s take a look at some of the most useful, enterprise features of iPhone 2.0.

Microsoft Exchange

iPhones have always been able to connect to Exchange servers via the IMAP protocol. Unfortunately, many sites do not enable the IMAP protocol in Exchange due to perceived security concerns, or at least do not allow it to be accessed from the public Internet. Also, IMAP with Exchange only allow access to email and does not support the other groupware features valued by corporate end-users.

Starting with release 2.0, iPhone featured the ability to connect with Exchange servers via Exchange ActiveSync. This is the same option that allows Windows Mobile based devices to connect with an Exchange server. With ActiveSync, iPhones not only get access to push-email, not supported using IMAP with Exchange, but also calendars and contacts. iPhone users can also respond to calendar invites which update their Exchange calendars based on their response.

iPhone’s Exchange support also includes some additional corporate security features. A lost or stolen iPhone can be remote-wiped via the Exchange administration tool. This deletes personal data and effectively “bricks” the device, at least until it can be connected to iTunes and reformatted. Any sensitive corporate data is deleted. ActiveSync also provides corporate administrators the ability to specify and enforce strong password policies for the connection to Exchange.

Exchange ActiveSync for iPhone supports Microsoft Exchange Server 2003 Service Pack 2 or later, and Microsoft Exchange Server 2007 Service Pack 1 or later.

Certain other Exchange features such as tasks and notes are NOT supported which will be a problem for end-users who rely on them. The iPhone itself does not have a built-in task manager and could be remedied in the future.

Secure Wireless and Virtual Private Networks

With version 2.0 (and later), iPhone started supporting connectivity to secured, corporate network resources including wireless Local Area Networks (WLAN’s) and Virtual Private Networks (VPN’s).

iPhone has included support for Wi-Fi networks since its first release. Version 2.0 introduced the ability to connect Wi-Fi to corporate WLAN’s using more advanced security protocols. WPA2 Enterprise with 128-bit AES encryption is supported to secure network traffic. 802.1x authentication is supported and integration with existing network authentication schemes should be easily accomplished with support for standard protocols including EAP-TLS, EAP-TTLS, EAP-FAST, PEAPv0, PEAPv1, and LEAP.

When working from remote locations, iPhone supports several standard VPN protocols including Cisco IPSec, L2TP over IPSec, and PPTP. If an enterprise network already supports one or more of these protocols for remote access, iPhone 2.0 should be able to connect with no additional software.

For easy remote access authentication, iPhone supports x.509 certificates. For more secure installations, RSA SecurID and CRYPTOCard are both supported and allow the end-user to enter their one-time-pass key directly on the iPhone when they connect to the VPN.

Centralized Configuration Management

With iPhone 2.0 and later, IP administrators can create “Configuration Profiles” which are downloaded to individual devices and contain the settings needed by the typical corporate end-user to access network resources via the iPhone.

Apple provides the “iPhone Configuration Utility” as either a web-based application (installed on a corporate web server) or a native Mac OS X application. This utility creates and manages iPhone Configuration Profiles which are XML files that contain sets of configurations to be applied to corporate iPhones.

What can be included in an iPhone Configuration Profile?:

Exchange settings

Wireless settings

VPN settings

Non-Exchange email settings

Passcode policies

Certificates (for access to WLAN’s and VPN’s

Configuration Profiles can be digitally signed to prevent tampering.

Once created, Configuration Profiles are downloaded by accessing a web server from the device or they can be emailed to the end-user’s email account. Obviously, until email is configured on the device, the latter may not be effective. When installed on the device the Configuration Profile applies those settings included.

—

Though there are always things to improve, version 2.0 provides the support for enterprise features that make it a compelling replacement for Windows Mobile or Blackberry-based devices in the corporate IT infrastructure. For more information on iPhone’s enterprise features, visit http://www.apple.com/iphone/enterprise/