Deploying the IPhone 3G for Business, Part 1
When using OS X's iPhone Configuration Utility, a list of available profiles (as well as their creation date) can be viewed and edited by selecting Configuration Profiles in the sidebar. The sidebar also has options for Provisioning Profiles and Applications -- both of which are used to deploy in-house applications and will be discussed in part 3 of this series -- and a Devices list of all iPhones that have been connected to the computer.
The Web-based configuration tool allows you to create profiles and export or e-mail profiles to users. It also lets you import and modify existing profiles. It does not, however, allow you to work with in-house applications or maintain a library of iPhones that have been connected to a computer.
By default, once the Web-based tool is installed, it can be accessed via the IP address of the computer on which it's running using port 3000 (for example, http://127.0.0.1:3000). A default username of "admin" with a password of "admin" allows access. Both the port and the username/password combination can be changed if needed. Apple's documentation (download PDF) explains how to do this in either Mac OS X or Windows.
The eight tabs available for creating a profile using either tool -- along with their options -- are the following.
General: This provides overall information about the profile, the ability to digitally sign it, the options to export it for storage or hosting on a Web server, the options for importing an existing profile for editing and the information on how to e-mail the profile directly to users. Specific options include:
Name: The profile name displayed to users (required).
Identifier: A unique alphanumeric string used to identify the profile for updates later provided to iPhones where the profile is already installed. The format is similar to that used for applications and Dashboard widgets in the form of com.example.profile (required).
Organization: The organization for which the profile is being created.
Description: A short description for users.
Signature: A dialog used to select a certificate and private key used to digitally sign the profile.
Delivery: Buttons for importing, exporting and e-mailing profiles.
Passcode: This, as the name implies, defines passcode policies for an iPhone. Options include:
Require passcode on device: Prompts users to create a passcode to unlock the iPhone.
Allow simple value: Permits basic repeated characters as a passcode.
Require alphanumeric value: Requires passcode to include numbers and letters.
Minimum passcode length.
Minimum number of complex characters: Required number of nonalphanumeric characters.
Maximum passcode age: Number of days after which a user must change the passcode.
Passcode lock: Number of minutes (one to five) of inactivity after which the iPhone locks automatically.
Maximum number of failed attempts: The number of failed attempts permitted when entering the passcode after which the iPhone will need to be authorized with iTunes to be used again. Note: For more than six attempts, a time delay before each following attempt will be imposed and increased with each failed attempt.
Wi-Fi: Allows you to define one or more Wi-Fi network configurations for the iPhone. Options include network SSID, whether the network is hidden and the security type for the network, including support for any security (or none), WEP and WPA/WPA2. Distinctions are made between personal and enterprise security types, with enterprise allowing configuration of authentication technologies, specification of usernames and use of certificates. Supported authentication protocols include TLS, LEAP, TTLS, PEAP and LEAP-FAST.
Note: The passwords for Wi-Fi networks cannot be included in profiles.
VPN: For establishing VPN configurations, the iPhone supports L2TP, PPTP and IPSec (Cisco) VPN protocols. The options for the protocols available in the profile configuration mirror those in most VPN clients.
For L2TP and PPTP, the iPhone supports authentication using both passwords and RSA SecurIDs, as well as the option to designate whether all traffic should be routed through the VPN connection or only traffic intended for destinations within the remote network. Apple's documentation explains more options for additional VPN support.
E-mail: Allows configuration of POP/IMAP e-mail accounts. You can opt to specify all settings, with the exception of a password (server settings, username, displayed e-mail address) for a user, or you can simply populate server settings. If you do not specify user details, users will be asked to enter them on the iPhone itself.
Exchange: Allows configuration of Exchange ActiveSync. You must provide information for the server hosting Exchange ActiveSync.
Optionally, you can enter a custom name for the account to be displayed on the iPhone (the default is Exchange ActiveSync). You can also specify the use of SSL for communication. As with the E-mail tab, you can specify user account information (in the form of domain\username) and e-mail address, or you can just enter the server information.
Credentials: Used to deploy certificates to iPhones. You will need to specify a certificate file. You can specify either PKCS1 (.cer, etc.) or PKCS12 (.p12) formats.
Advanced: Used to configure APN settings. You'll want to contact your carrier for detailed instructions if you need to use these options.