UPDATED JUNE 25, 2010 -- There's one big new reason today for corporate IT to embrace the use of iPhones, iPod Touches, and iPads for business email and network access: Apple has released iOS 4.0 (the new name for the iPhone operating system). iOS 4 includes enterprise management capabilities for the iPhone 3G, 3G S, and 4; the second-generation and later models of the iPod Touch; and the iPad. (iOS 4 won't be available for the iPad until this fall.) And the major mobile management tool providers have simultaneously announced iOS 4-specific updates to their products.
iOS 4 allows IT to install security and policy profiles onto iOS devices without user intervention using the Apple Push Notification Service protocol, and to monitor and audit policy adherence. It also lets businesses provision their own iOS apps without going through the Apple App Store as long as these in-house apps have a valid signature from Apple (so they still have to go through Apple's approval process). It lets iPhones, iPod Touches, and iPads support multiple Exchange accounts. And it allows "sandboxes," such as for email clients, apps, policies, and VPN data, that encrypt these blocks of information separately from the devicewide encryption on newer iPhones, newer iPod Touches, and iPads.
[ Read InfoWorld's first-look review of the iPhone 4. | Get the best iPhone and iPad apps for pros with our business iPhone apps finder. | Keep up on key mobile developments and insights with the Mobile Edge blog and Mobilize newsletter. ]
What the updated mobile management tools offer
Several providers of mobile management tools -- AirWatch, Good Technology, MobileIron, Sybase, Tangoe, and Zenprise -- have announced new management tools to take advantage of iOS 4's capabilities. The companies' server-based tools integrate with Microsoft Exchange, LDAP, and Active Directory to enforce Exchange ActiveSync (EAS) policies, track access, and validate user permissions, and they all install EAS policy profiles and certificates directly onto iPhones, iPod Touches, and iPads without user intervention. The tools also track which devices have which profiles and apps installed, so IT has an audit trail for compliance monitoring.
By contrast, Apple's free iPhone Configuration Utility requires users to click a profile link from a Web site or email to install the profile, and it does not track whether profiles were actually installed on individual devices. The iOS' supported EAS and iPhone Configuration policies include on-device encryption (not supported by pre-2009 iOS devices), forced camera turn-off, access restriction to specified Wi-Fi access points, various password rules such as complex passwords, forced turn-off of App Store access, use of digital certicates, use of VPNs, and remote wipe.
The companies' mobile management tools also can manage other types of mobile devices, including RIM BlackBerry (through BES integration), Microsoft Windows Mobile, and Google Android.
These iOS 4-oriented tools also provide additional capabilities using a combination of a local iOS client on the mobile device and capabilities on the back-end server. Here's what MobileIron, Good, and AirWatch are adding beyond the common capabilities.
MobileIron Server's extra capabilities
MobileIron Server's current capabilities will work with iOS 4 devices, such as the ability to selectively wipe information (for example, leaving users' personal email while wiping corporate email) and to provision a catalog of recommended App Store apps. By October the server will support several new iOS 4-specific capabilities, the company says, in addition to the ability to install policy profiles without user intervention and deploy in-house apps without going through the Apple App Store: