Is the iPhone ready for the enterprise now?
The new 3G iPhone’s higher data speed and improved location services are compelling, but enterprise administrators should focus more intently on the new software features Apple released in its 2.0 iPhone code.
eWEEK Labs’ tests show that the software upgrade provides many of the features needed to power any mobile device for business use, but it still lacks a few capabilities that may or may not be addressed in software by Apple or third-party developers down the road.
The new enterprise-friendly features focus on improved connections to data and on the security of both those connections and the device itself.
Among the new enterprise features included in the new release are Exchange ActiveSync for over-the-air synchronization of e-Mail, Calendar and Contacts; the new Cisco Systems IP Security VPN client for secured access to enterprise applications; WPA (Wi-Fi Protected Access)/WPA2 Enterprise support for Wi-Fi security; digital certificates; and restricted access to on-device applications.
The new software, which comes preinstalled on the iPhone 3G and is available as a free update for first-generation iPhones, can be downloaded and installed from iTunes. The upgrade process will delete all data, settings and media stored on the iPhone, so users should be sure to synchronize their devices prior to initiating the upgrade.
iPhone 2.0 Raises Device’s Enterprise Profile
=Over-the-Air Sync}
Apple has finally introduced over-the-air synchronization of e-Mail, Calendar and Contacts with its twin support for Exchange ActiveSync and the new Apple MobileMe synchronization and PIM (personal information manager) service. This will enable enterprises to avoid using iTunes for synchronization services, although administrators will find they still need the media player to upgrade the software again down the road or to deploy applications from a private store.
When configuring Exchange ActiveSync on the iPhone, I just input my e-mail address, user name and password into the Mail configuration page to start, followed by the FQDN (fully qualified domain name) for my OWA (Outlook Web Access) server. The setup wizard then asked what data I wanted to sync.
If a user elects to sync data from Contacts or Calendar, ActiveSync will overwrite the data that already exists in the iPhone’s store. Enterprises deploying iPhones for work purposes will likely not care (as the iPhone would be an IT-deployed device), but users importing Exchange data on their own should back up any of this data on the device before finishing the ActiveSync install.
By default, ActiveSync-enabled e-mail is set to Push, with the e-mail server delivering mail as it arrives on the server. However, in my tests, I found that Push drastically shortened the battery life of my first-generation iPhone.
After a year of use, my iPhone battery lasts two to three days with normal use patterns. I expected a negligible amount of drain, but, after a single night set to Push, my iPhone battery drained more than 50 percent. In fact, after a couple days, I turned off the Push capability and settled for regular manual synchronizations. (Users also can set the iPhone to fetch data at 15-, 30- or 60-minute intervals.)
Despite my hasty retreat from Push capabilities, I found e-mail much more responsive via ActiveSync than via IMAP-particularly when deleting e-mails. iPhone 2.0 also makes batch deletes possible on all e-mail accounts, as users can select radio buttons next to messages targeted for deletion to remove them en masse.
I was pleased to see that ActiveSync tied the corporate Exchange directory to my Contacts database, without adding the whole shebang to my local store. When searching in the Contacts application (which now has its own icon on the iPhone main screen), I could press the Groups button to access my corporate directory when online. I could also find corporate contacts directly from the new contact search field or from the “To” field when sending an e-mail from my ActiveSync-enabled account.
The Calendar application remains largely the same, although users will find a new icon at the bottom of the screen that triggers an alert when there are pending invitations.
iPhone 2.0 Raises Device’s Enterprise Profile
=Security Improvements}
The ActiveSync support also provides the ability to remotely wipe a device if it is lost or stolen. That said, remote wipe should not be considered an Apple feature per se, as you can’t do it with any of the recently released iPhone management applications. If you need to remotely wipe an iPhone, you can do it from the Exchange ActiveSync Mobile Administrator Web Tool for Exchange 2003 environments or from the Exchange Management Console, OWA or the WebTool for Exchange 2007.
This reliance on Exchange for remote wipe is more than a little disappointing, as organizations that do not use Exchange are locked out from this very necessary capability with the iPhone.
In addition, the iPhone does not yet offer on-device encryption capabilities. This is somewhat offset by the fact that the iPhone can’t copy e-mail attachments to a local store or to an external storage device. However, those files are still findable in the e-mail applications, and many passwords for Web applications may be stored on the device. Therefore, device security relies solely on the device lock pass code.
The addition of the Cisco IPSec VPN client is most welcome, allowing remote users to access their companies’ internal Web applications when using either EDGE (Enhanced Data for Global Evolution) or Wi-Fi radio.
From the on-device configuration page, I was able to create profiles that allowed me to connect to two different Cisco VPN concentrators. Cisco VPN configuration is fairly straightforward: I just needed to input the address of the VPN concentrator, my account name and password, and the certificate or group password used for authentication. However, I was disappointed to find that the iPhone would not import the Cisco configuration files that many administrators use to configure VPN client on laptops.
With profiles created, a VPN dialog box appears on the primary Settings screen, which quickly linked me to a screen from where I could select which VPN profile to use and to enable the encrypted connection. The tunnel will stay active even when the iPhone has been locked, although it will close down automatically after a few minutes of inactivity.
When the VPN feature works, it works great. However, when something goes wrong, the iPhone presents a bare minimum of information to help someone troubleshoot the connection. For instance, the VPN page shows that the device is connected via a particular profile, but users cannot tell what their IP address is for the connection, nor can they see if any traffic is successfully passing inbound or outbound.
iPhone 2.0 does bolster Wi-Fi security, adding support for enterprise-grade, certificate-based wireless security standards. In addition to its existing support for WEP (Wired Equivalent Privacy) and the preshared key flavors of WPA and WPA2, Apple has added support for PEAP v0 and v1, LEAP, TTLS, TLS and EAP-FAST.
iPhone 2.0 Raises Device’s Enterprise Profile
=Document Support}
Document support is enhanced somewhat with the iPhone 2.0 software. With the upgrade I could open PowerPoint presentations and Microsoft Word documents (in the DOCX format), in addition to the legacy Word and Excel, and PDF and JPG documents I could open with the old iPhone software.
Documents can be viewed in either portrait or landscape mode, but users can only view these documents; the iPhone still does not have the ability to download and save the files locally or to edit them.
Apple has also introduced a few features that could help administrators control personal use of a business iPhone. The new Restrictions feature allows administrators to lock out the use of the Safari Web Browser and YouTube, and to deny access to either the App Store or the iTunes store. By enabling these restrictions, the applications are removed entirely from the user’s screen, and the controls are protected by a four-digit pass code.
Administrators can also prohibit users from playing media content tagged as explicit in this same manner.
Senior Analyst Andrew Garcia can be reached at agarcia@eweek.com.