Apple recently has improved its mobile device management features, but IT groups are discovering a new set of challenges when they start to move to larger numbers of iOS devices, MacIT conference attendees are confirming this week.
Marin County Day School, in Corte Madera, Calif., ran a pilot program of about 60 iOS devices for students in 2011. From an IT viewpoint, it was a continuous discovery of the current limitations of Apple's tools. The small staff was backing up each iPad individually, says IT director Robert Bardenhagen.
"Scaling is a problem," he says. That's daunting because the K-8 school, like many enterprises, is eager to expand the population of iOS devices.
Another issue was Apple's model of users pulling apps individually from the iTunes App Store. Bardenhagen, with an IT manager's viewpoint, is looking at a push model, which would let IT create, maintain and update an institutional software image on the devices.
Configuration profiles are XML files that load settings and authorization information to Apple's device management tools include the iPhone Configuration Utility (IPCU) and, with Lion Server, a feature called Profile Manager, which uses enterprise directory services and the Apple Push Notification Service to create XML files, called configuration profiles, that load settings and authorization information for both Mac OS X and iOS devices. [Apple's support page for Profile Manager is here]
Profile Manager handles application installs, policy settings, security and some asset tracking, says Derick Okihara, IT technician for Mid-Pacific Institute, a Honolulu, Hawaii, private coeducational college preparatory school, for preschool through 12th grade. At this week's MacIT conference, Okihara gave an overview of Apple's iOS configuration and management tools.
Profile Manager is missing a number of features: There's not remote control capability, no backup for iOS devices, and it can't block iOS firmware updates. In relatively small deployments these might not be missed.
"When you're dealing with thousands of devices, you have a need for some features that Profile Manager lacks," Okihara says. Features such as the number and name of installed iOS apps, in conveniently organized alphabetical listings.
But what Profile Manager does offer is powerful advance for IT managers. "For me, managing iOS devices is the real tipping point for bringing in Lion Server," says Benjamin Levy, principal, Solutions Consulting, a Los Angeles IT consultancy specializing in the Apple platforms. "It's a pretty strong benefit!"
The rise of iOS as a primary enabler for enterprise mobility creates some strange environments.
One IT manager, who works for a federal contractor and requested anonymity, explains she has been placed in charge of administering 350 iPads and iPhones that were handed out by fiat, with no plans to support or manage them. The desktop and backend infrastructures are all Microsoft-based. All the devices have Wi-Fi although, according to policy, employees are forbidden to use it for security reasons.
Lacking even Lion Server, her iOS management is entirely manual. The user population, many of them scientists, have little familiarity with iOS or even iTunes. "I have to hold their hands when they update via iTunes," she says.
As a result of MacIT talks, she's looking at buying an inexpensive Mac Mini to run Lion Server so she can exploit Profile Manager.
Another complicated issue is trying to coordinate the company's procurement and reimbursement policies in the federal space with individual iTunes accounts for buying apps. She says she's met twice a week for weeks trying to hash out how to handle something that ought to be simple.
But, in general, enterprise concerns about iOS management are addressable, says consultant Benjamin Levy. "For iOS, Apple has very strong tools and procedures for management, configuration and deployment, as well as creation of in-house apps," Levy says. "There is a healthy market of third-party tools as well."
Resources for managing iOS mobile devices
(from a MacIT presentation by Derick Okihara, downloadable via DropBox)
* "Managing iOS devices with OS X Lion Server," by Arek Dreyer
* "In order to utilize MDM capabilities built-in to iOS 4, your organization must enroll in the iOS Developer Enterprise Program (iDEP) iOS Developer Program. See Apple IOS Enterprise Developer Program Overview for requirements. The regular iOS Developer Program is for publishing apps to the iTunes App Store."
* Apple White Paper: "iOS 4 Education Deployment Guide" [with lots of information relevant for non-education deployments]