Original PDF Flash format iphone-in-business-device-configuration-overview  


Iphone In Business Device Configuration Overview

iPhone in Business
Device Confi guration
Overview
Deploying iPhone across your organization is easy with the use of confi guration
profi les. Confi guration profi les are Xml fi les that contain confi guration information
and settings that permit iPhone to work with your enterprise systems.
iPhone Confi guration utility 2.0 lets you easily create, encrypt and install confi guration
profi les. it can also track and install provisioning profi les and authorized applications,
and capture device information including console logs. the iPhone Confi guration
utility is available for Windows and mac OS X.
Confi guration Profi le Components
Passcode policies
Protect your enterprise data by confi guring device passcode policies and requiring
their use.
Supported passcode policies:
• require passcode
Restrictions
• Allow simple value
in addition to passcode policies, confi guration profi les can be used to restrict certain
• require alphanumeric value
device features.
• Passcode length
• Number of complex characters
Wi-Fi settings
• Passcode age
Whether you are confi guring iPhone to connect to a private network or for rADiuS
• “time before” auto-lock
authentication to enterprise wireless access points, configuration profiles can be
• Number of unique passcodes
deployed to streamline access to Wi-Fi networks.
before reuse
• grace period for device lock
VPN settings
• Number of failed attempts
Confi gure VPN server settings including accounts, proxies, and authentication settings
before wipe
for your corporate private networks.
Available restrictions
Email settings
• Access to explicit media in itunes
Confi gure imAP or POP mail settings, including incoming and outgoing mail servers.
Store
• use of Safari
Exchange settings
• use of Youtube
include server, domain, and account information in a confi guration profi le so that your
• Access to itunes Store
users can connect via microsoft exchange ActiveSync.
• use of App Store and itunes to
install applications
LDAP
• use of the camera (can also be
Confi gure access to lDAP directories for contact look-up in mail, Address Book, and SmS.
controlled with an exchange policy)
CalDAV
Provide these settings to synchronize calendar data with your company’s CalDAV
server wirelessly.
2
Web Clips
Place icons on your user’s home screen to provide quick access to internal or external
websites.
Credentials
ensure the identity of your users and control access to key enterprise services such as
microsoft exchange ActiveSync, VPN, and WPA2 enterprise Wi-Fi networks on iPhone.
Advanced
edit these settings to modify the Access Point Name (APN) on iPhone. APN proxy
settings can be specifi ed using a confi guration profi le as well.
Protecting Confi guration Profi les
Security options
When preparing to deploy your confi guration settings, you’ll need to export your
confi guration profi le from the iPhone Confi guration utility. the fi le that is created
has a .mobileconfi g extension. this fi le can be created with three di∂ erent levels of
security. With any of these methods, you should make sure that when the profi le is
distributed, it is accessible only to authorized users.
Unsigned—A plain text .mobileconfi g fi le is created. it can be installed on any device.
Some content in the fi le is obfuscated to prevent casual snooping if the fi le is examined.
this profi le will appear as unsigned and will prompt the user with a security message.
Signed—the .mobileconfi g fi le is signed and will not be installed by a device if it is
altered. Once installed, the profi le can only be updated by a profi le that has the same
identifi er and is signed by the same instance of the iPhone Confi guration utility. like
unsigned profi les, some of the information in the signed profi le is obfuscated to prevent
casual snooping if the fi le is examined.
Signed and encrypted—the profi le is signed so it cannot be altered, and all of its
contents are encrypted so the profi le cannot be examined. encrypted profiles can be
distributed via desktop synchronization using the iPhone Configuration utility or by
Over-the-Air enrollment and Configuration. An encrypted confi guration profi le can
only be installed on the device for which it was created.
Controlling the removal of profi les
When creating a confi guration profi le, you have the option of controlling whether or not
it can be removed by the user. You can lock the profi le so that once it has been installed,
its removal requires an administrative password or a full reset of the device.
3
Deploying Confi guration Profi les
Confi guration profi les can be distributed using four di∂ erent deployment methods.
Desktop installation via USB
iPhone confi guration profi les can be installed through a uSB connection with the
iPhone Confi guration utility. When you install directly onto a device using uSB, the
confi guration profi le is automatically signed and encrypted.
1. Connect the device to your computer using a uSB cable.
2. Select the iPhone from the Devices list, and then click the Confi guration Profi les tab.
3. Select a confi guration profi le from the list, and then click install.
4. On the device, tap install to install the profi le.
Email
You can distribute confi guration profi les using email. users install the profi le by
receiving the message on their device, then tapping the attachment to install it.
1. export the profi le from the iPhone Confi guration utility.
2. Attach the confi guration profi le (uncompressed) to an email and send to user(s).
3. users install the profi le by tapping the fi le directly from the message body in mail
on iPhone.
Website
You can distribute confi guration profi les using a website. users install the profi le by
downloading it using Safari on their device.
1. export the profi le from the iPhone Confi guration utility.
2. Host the confi guration profi le (uncompressed) on a secure site accessible to user(s).
3. users navigate to the website using Safari on iPhone and tap the fi le to initiate
installation on iPhone.
Over-the-Air Enrollment and Distribution
You can distribute encrypted confi guration profi les over the air using a secure
enrollment and confi guration process enabled by the Simple Certifi cate enrollment
Protocol (SCeP).
For more information about Over-the-Air enrollment and SCeP, visit
www.apple.com/iphone/enterprise/integration.html
© 2009 Apple inc. All rights reserved. Apple, the Apple logo, itunes, mac, mac OS, and Safari are trademarks of Apple inc.,
registered in the u.S. and other countries. iPhone is a trademark of Apple inc. itunes Store is a service mark of Apple inc.,
registered in the u.S. and other countries. Other product and company names mentioned herein may be trademarks of their
respective companies. Product specifi cations are subject to change without notice. this material is provided for information
purposes only; Apple assumes no liability related to its use. June 2009 l410438A