Apple iPhone Configuration Utility 2.0

The iPhone Configuration Utility allows the administrator to define common settings governing password policy, Server ActiveSync, certificates, wireless access points, VPN connectivity, LDAP access and more in a single configuration file and deploy those configuration settings to any number of iPhone devices.

With the release of OS 3.0 for the iPhone, the Configuration Utility has been updated to version 2.0 to reflect the new features available in the operating system. For an overview of the new features available in OS 3.0, read this article - http://blog.brightpointuk.co.uk/whats-new-enterprise-os-30-iphone

The iPhone Configuration Utility can be downloaded from the Apple web site for both Windows and Mac platforms - http://www.apple.com/support/iphone/enterprise/

More information on using the utility is available in the iPhone Enterprise Deployment Guide - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

General

This section defines the name and description of the configuration profile. The Security field allows the administrator to define whether the profile can be removed from the device by the user.

Passcode

This section defines the password policy - whether or not a password is required on the device, what strength that password should be, how many attempts the user has to enter their password correctly before the device is wiped, and how long the device can remain unlocked for without user interaction before the device will lock itself automatically.
How often a password must be changed, or whether passwords can be re-used can also be defined.

Restrictions

This section defines whether third party applications can be installed on the device by the user as well as controlling access to the Safari web browser, You Tube and the device camera.

WiFi

This section defines any wireless access points required, including authentication settings. Supported standards include:

• WEP
• WPA Personal
• WPA Enterprise
• WPA2 Personal
• WPA2 Enterprise
• EAP-TLS
• EAP-TTLS
• EAP-FAST
• EAP-SIM
• PEAP v0, PEAP v1
• LEAP

VPN

This section defines PPTP, L2TP or Cisco IPSec VPN server settings, including Proxy Settings if required.

Email

This section defines POP and IMAP email account settings.

Exchange

This section defines Exchange Server ActiveSync account settings.

LDAP

This section defines LDAP server settings for contact lookup.

CalDAV

This section defines server and account settings for a web-based calendar server using the CalDAV access protocol. NOTE - this is not a protocol used by Microsoft Exchange.

Subscribed Calendars

This section should be used in conjunction with the above CalDAV section - specific shared calendars are defined here rather than the server itself.

Web Clips

Web Clips are links added to the iPhone home page that allow fast access to favourite web pages. URLs, names and icons can be defined here.

Credentials

This section allows the administrator to add any required certificate files to the configuration package.

SCEP

This section allows the administrator to define SCEP server settings. SCEP is the Simple Certificate Enrollment Protocol and allows devices to be registered and authenticated automatically provided that they possess the appropriate certificate in order to be able to correctly respond to a challenge. Once authenticated the mobileconfig configuration file containing the remainder of the device settings can be downloaded to the device.

Advanced

This section defines cellular access point (GPRS / 3G) details, including Proxy Server settings if required.

Once the required profile settings have been defined, the configuration can be exported to a single configuration file, digitally signed if desired:

This configuration file can be deployed to a connected device directly via USB, or can be downloaded to the device from a web server or as an email attachment.

Apple iPhone Configuration Utility 3.0

Apple have released version 3 of the iPhone Configuration Utility, the tool that enables administrators to create deployable packages containing customised settings for Email, VPN, WiFi and device usage, etc and then deploy those packages to any number of iPhone devices, simplifying device setup and removing the need for users to contact the IT department as well as ensuring compliance.
The latest version of the tool can be downloaded here - http://support.apple.com/kb/DL851
This latest version of the tool provides support for iPhone OS 4 and the new functionality available in the new platform.

As before, various aspects of the device's configuration and functionality can be preconfigured by creating a configuration profile, including:

• Mobile Internet access point settings

  

• Password policy - length, complexity, age, history, number of failed attempts etc

  

• Restrictions - application installation, camera, screenshot capture, web browsing, youtube, itunes, movies, tv shows, etc

  

• WiFi

  

• VPN

  

• Email - POP / IMAP

  

• Exchange ActiveSync
• LDAP directory access
• CalDAV calendar access
• WebClips - shortcuts to web content
• Certificates
• Mobile Device Management

Exchange ActiveSync

Expanded elements of the Exchange ActiveSync protocol version 12.1 can now be configured, including:

All Exchange versions

• Enforce password on device
• Minimum password length
• Maximum failed password attempts
• Require both numbers and letters
• Inactivity time in minutes

Exchange 2007 / 2010

• Allow or prohibit simple password
• Password expiration
• Password history
• Policy refresh interval
• Minimum number of complex characters in password
• Require manual syncing while roaming
• Allow camera
• Require device encryption

Remote wipe of devices is also supported from Exchange.

Once saved, configuration profiles can be deployed to devices via email, by posting to a web server or locally via USB.

Mobile Device Management

iPhone OS 3.x or later supports over the air enrolment and configuration. New to version 3.0 of the iPhone Configuration Utility is the ability to enter details of the mobile device management server into a configuration profile, as well as the ability to specify which configuration items should be available via the DM server.
Support is also included for the Apple Push Notification Service (APNS), allowing the administrator to specify that should changes be made to the configuration profile, the DM server can be alerted to the change and push them to enrolled devices automatically.

Enrolment is the mechanism by which a device is authenticated before a configuration profile can then be delivered. This ensures that only trusted devices receive configuration settings. Because configuration profiles can also be locked and encrypted, once installed they cannot be removed or edited by the user, or shared with others.

The enrolment process can be deployed using web services and a certificate authority, and also requires a mechanism for user authentication. A typical end-to-end process would run as follows:

• The URL of the device management server is distributed via SMS or email
• The user accesses the link via the Safari web browser on the device. The web service will prompt the user to authenticate (which may be tied into Active Directory authentication)
• The web service issues an encrypted mobileconfig profile to the device which is installed automatically but not applied. The profile then requests one or more of a number of device attributes (iOS version, MAC address, IMEI number or SIM number)
• The device responds with the requested information, signing the response with its own (Apple-issued) certificate
• The web service issues an SCEP (Simple Certificate Enrolment Protocol) response with instructions on how to generate an RSA 1024 certificate request, and where to send it for certification
• The device sends the certificate request to the certification authority
• The CA creates the certificate and issues it to the device
• The device is then able to decrypt the encrypted mobileconfig profile

In a nutshell, then, although the iPhone supports over the air enrolment and configuration, this is not an out-of-the-box tool supplied by Apple - there is an amount of development and integration work to be done before devices can successfully authenticate with and access your network.

Fortunately, a number of device management vendors have already integrated this functionality of the iPhone into their own products, removing the need to do any integration work yourself, and enabling management of iPhone devices alongside other platforms within a single management interface. Vendors include Sybase Afaria, DME by Excitor as well as Fromdistance. Visit the device management section of the blog for more information.

For more information on the iPhone Configuration Utility, download the Apple Enterprise Deployment Guide - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

Configuring MacOS Snow Leopard access to Exchange 2007

As has already been much-publicised, MacOS 10.6, or "Snow Leopard", can access Exchange 2007 mailboxes to provide integration with the Mac's native email, contact and calendar applications: Mail, Address Book and iCal.

Only Exchange 2007 is supported, not Exchange 2003, and only Exchange 2007 servers running SP1 update 4 or later. At the time of writing, the public release candidate of Exchange 2010 appears to work fine.

The Mail, Address Book and iCal applications need to be configured separately. If the Exchange server in question is using a self-issued, or non root-trusted certificate, to avoid being prompted to accept the certificate each time a connection is established to the server, the root certificate of the CA which issued the certificate to the Exchange server should be added to the System folder within the Keychain application:

When running the Mail application for the first time, or when adding a new account within the Preferences pane, you will be prompted to enter your email address:

The setup wizard will attempt to determine the appropriate server and authentication settings to use based on your email address. Should any of the settings not be determined automatically, you will be prompted to complete them:

Complete the fields as required - the server address is typically the same as that used by Outlook Web Access (webmail) and the username is that used when logging into your desktop PC at the start of the day:

If prompted for a domain, again this is the same as that used when logging into your PC at the beginning of the day and should be entered in the username field in the format 'domain\username'

Once configured, your email messages will be downloaded automatically:

To edit your account settings once they have been defined, select the Accounts tab within the Preferences view:

Options pertaining to Junk Mail, Sent Items and Drafts can be defined:

The amount of data that is synchronised (entire messages with attachments, messages, or message headers) can be defined:

In order to configure Address Book and iCal access, similar settings must be entered when adding accounts:

Configuring the Cisco VPN client on the iPhone

This article was written using version 3.1.3 of the iPhone software.

Tap on the Settings icon and select General:

Select Network:

Select VPN:

Select the option to Add VPN Configuration:

Select the IPSec tab.

Enter in a name for the connection as well as the name or address of the VPN server. Depending on whether using certificate or group-based authentication, enter in the remaining connection settings as required. Contact your network administrator if you are unsure as to what settings to use.

When finished, save the new configuration.

To initiate the VPN connection quickly and easily from now on, a toggle switch for the VPN connection will be displayed on the main Settings page:

Connect to a Cisco VPN server from Mac OS Snow Leopard

MacOS 10.6, or Snow Leopard, features an integrated Cisco VPN client, able to connect to an IPSec Cisco VPN appliance.

To configure the VPN client, open the System Preferences and select Network. Click on the + symbol to add a new connection:

Select VPN as the Interface type, and Cisco IPSec as the VPN type. Enter a name for the connection and click Create:

Enter in the name or IP address of the VPN server as well as your VPN username and password - depending on how the authentication mechanism has been configured this may be your Windows login credentials or a separate account. Click on the Authentication Settings button:

Enter in the Group Name and Shared Secret details as provided by your network administrator, click OK.

Click Apply to save the changes. To initiate the connection, click the Connect button. After a few moments, provided that you have a connection to the Internet and the settings have been entered correctly, you will be connected:

To be able to connect and disconnect the VPN from the menu bar, tick the option to "Show VPN status in menu bar".

Connect to an SSH-based VPN via VNC from an Iphone

I have blogged previously about how to deploy an SSH-based VPN solution (http://blog.brightpointuk.co.uk/deploying-ssh-based-vpn-solution) enabling safe remote control of corporate assets without needing to worry about the health status of the machine doing the remote controlling.
It is possible to access the same SSH VPN server from an iPhone device using the iSSH application.

iSSH is not free, it must be purchased via the iTunes App Market, but once installed configuration is quick and simple and works via both WiFi and 3G connections.

Launch the iSSH client and select the option to add a new configuration:

Enter in a name for the configuration as well as the external IP address or DNS name of the SSH server.
Specify the port that the SSH service runs on as well as the username and password that should be used to log into the server.

Scroll down and set the options to SSH and VNC:

Specify the password for the VNC connection on the remote host to be accessed, as well as the host's internal IP address and the port that the VNC server is running on.

Initiate the connection, you will now be able to remotely control the target host via VNC from your iPhone:

Enterprise deployment of the iPhone with XML configuration scripts

It is not possible to use an iPhone until you have first connected it to a PC that has iTunes installed and run through the activation process.

iTunes will then run the user through a wizard which will activate the device for service (the same also applies to the iPod Touch).

If the iPhone is being rolled out across a business, this means that the administrator must decide whether to install iTunes on each iPhone user’s PC, or activate all devices themselves on their own PC with iTunes installed.

NOTE – iTunes is only required for the activation process. Once activated, iTunes is not required to enable the device to access corporate systems, only to synchronise music, photos and videos.

iTunes is required, however, to install applications and software updates onto the device.

The direct push capability of Microsoft Exchange Server is only available via a cellular data connection. Although the iPod Touch can access Exchange via a WiFi connection to the Internet, this is a ‘pull’ connection rather than ‘push’.

NOTE – if your organization does not use Mircosoft Exchange, it is still possible to use the iPhone and iPod Touch with POP and IMAP-based email servers. Calendar and Contact entries can also be synchronized with the Address Book and iCal applications on MacOS and with Microsoft Outlook on a Windows PC via iTunes.

Configuring Devices

If you are only deploying a small number of devices, it may be preferable to allow users to configure their own devices. However, should a large number of devices be deployed, there are tools available to help.

The use of configuration profiles allows for a number of settings to be quickly and easily deployed to a large number of devices.

A configuration profile is an XML document that contains settings on Email, WiFi connections, VPN settings, certificates and security policy settings.

Profiles are distributed to devices either via email, as an attachment, or via a web link.

Configuration Profiles are created using the iPhone Configuration Utility, an application for both MacOS and Windows available for free download from the Apple web site:

http://www.apple.com/support/iphone/enterprise/

The interface for the utility looks like this:

A full explanation of the Configuration Utility can be downloaded from the Apple web site:

http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf

The General tab allows you enter a name and identifying information for the Profile.

The Passcode Settings tab allows the administrator to define an on-device password usage policy:

The maximum number of failed attempts field allows the administrator to define how many times the device password can be entered incorrectly before the device becomes unusable. By default, after six unsuccessful attempts the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, the device is locked and must be reauthorised via iTunes.

The WiFi tab allows the administrator to define WiFi access points to be used by the device:

The VPN tab contains information on Virtual Private Network connection settings:

The Email Settings tab contains information on POP and IMAP-based email account settings:

The Exchange tab is where the settings relating to Server ActiveSync are entered:

You will notice the lack of a field to enter Domain information. This should be included in the Username field in the from "domain\username".

The Credentials tab is used to publish certificates to the device. CER, DER, CRT, P12 and PFX certificates types are supported.

The Advanced tab allows the administrator to define cellular access point settings:

Once the profile has been configured within the Utility, it can be Exported, which will create a ".mobileconfig" file (which can then be uploaded to a web site), or emailed as an attachment.

Update - the Apple iPhone Enterprise Configuration Utility has been updated to version 2.0 - http://blog.brightpointuk.co.uk/apple-iphone-configuration-utility-20

NTR Connect for iPhone

NTR Connect is a remote control solution for both Windows and Mac that enables you to remotely access your home or work PC from a web browser, or from your iPhone.
Similar in functionality to the better-known LogMeIn solution, whereas the LogMeIn client for the iPhone costs in the region of £18.00, the NTRConnect client is free.

The desktop agent is free to download, and account creation is also free and takes a few minutes. Visit www.ntrconnect to download and install the agent.
When run for the first time, you will be prompted to enter your account details and register the computer with the service, entering a descriptive name to identify the machine. Once installed, the agent runs on MacOS as a standalone application:

The client application for the iPhone can be downloaded free directly from the App Store. When launched, you will be prompted to sign in:

And you will then be displayed a list of registered computers:

Tapping the machine's entry will connect you to the computer:

A number of options are available, such as limiting the number of colours displayed to improve performance over low-bandwidth connections:

Piwik Web Analytics for iPhone

I have blogged previously about the open source Piwik web analytics software package, which enables webmasters to keep track of visitors to their web sites, including where those visitors came from, which search engines referred them, what keywords they typed in, which other web sites referred them or what marketing campaigns drove their traffic. In short, it's a great little utility and a worthy rival to Google Analytics.

A client is available for the Android platform which I have also blogged about previously.
It is also possible to access Piwik analytical data from your iPhone. Although the Android client can parse the web site data by accessing the standard Piwik URL, the method I have found for the iPhone whilst trawling the web, involves uploading an additional PHP-based component to the Piwik web site.

Download a ZIP file from this link - http://www.inovatis.fr/images/Piwik4iPhone0.11.zip

Extract the contents of the zip file and upload the contents to a subfolder of your Piwik installation called, say, "iphone".

Edit the contents of the config.php file to include the authentication key for your Piwik web site (located in the Admin --> Users section of the Piwik web interface) as well as the full URL to the new web site (along the lines of http://(piwik_web_server)/piwik/iphone/) - including a trailing "/".

Now from your iPhone simply open Safari and browse to the URL:

Setting up Exchange ActiveSync on the Apple iPhone

The information and screenshots in this guide were sourced from the Apple setup guide available for download from the Apple web site: http://www.apple.com/iphone/enterprise/integration.html

From the Home screen tap Settings

Tap Mail, Contacts, Calendars

Tap Add Account

Tap Microsoft Exchange

Enter your email address, domain, username and password. The description field can contain anything meaningful to you to identify the email account. "Work Email" might be an example.

Tap Next when all fields have been completed. The device will now attempt to ascertain the correct server settings to use automatically based on the email address entered. This feature requires Exchange 2007 and also requires that the 'autodiscover' feature is enabled and configured correctly. Should the device not be able to determine the server information automatically the following screen will be displayed:

Tap Accept.

Enter the server information and tap Next.

Select the folders which you want to synchronise. Tap Save to complete the setup procedure and begin the initial synchronisation with the server.

If your administrator has enforced a password policy on the server, you will be prompted to enter a password on the device:

Enter your desired password twice. You are now set up to synchronise with your Exchange server. Tap Next to configure further options:

Taking screenshots of the iPhone

There are two simple methods of capturing screenshots of the iPhone.
The first method simply involves pressing and holding the home button by pressing the power button once. An image of the screen will be saved to the Photos folder automatically.

The second method involves downloading and installing the iPhone SDK from the Apple Developer web site.
Once installed, load the XCode application:

Connect the iPhone via the supplied USB cable, you will be prompted whether or not you want to use the device for development purposes:

Select to the option to Use for development

In the XCode Organizer window, click on the Screenshots tab:

You can now capture screenshots and save them to the Finder simply by dragging and dropping:

Use your iPhone as a WiFi remote with VLC Media Player on Mac OS X

The iPhone can be used as remote control devices for the free VLC Media Player application on both Windows and MacOS. In this post I am using a Mac Mini running Snow Leopard and VLC Media Player 1.0.5 ....and an iPhone 3GS running version 4.0 of the iOS.

Configure the Firewall

If your Mac's firewall is enabled, you will need to allow the VLC application to accept incoming requests - this is configured within the Security System Preferences:

Configure VLC Media Player

Within VLC Media Player on the Mac, select the option to add a Web Interface:

Now launch the VLC Preferences pane and select the option to view All Preferences. Scroll to Interface -> HTTP and enter in the IP address of the Mac's wireless adapter:

Configure the Wireless Router

If your wireless access point is configured to only allow specific MAC addresses, you will need to locate the MAC address of your iPhone (Settings --> General --> About) and add it to your access point:

Add this address to your wireless router.

Configure the iPhone

The VLC Remote application is free to download from the iTunes App Store.

Ensure that the iPhone is connected to the same wireless network as the Mac and is assigned an IP address on the same local network (or on a network that can route to the destination network). NOTE - the destination machine to be controlled does not itself necessarily need to be connected to the network wirelessly, provided that it is on the same network as the wireless access point.

Launch the VLC Remote application on the iPhone and select the option to Add a Computer. Add a new VLC Server and enter in the IP address of the Mac to be controlled:

You will now be connected to your Mac's VLC Media Player and be able to stop, pause and play media files as well as access any Playlists configured:

NOTE - to locate the IP address of the target machine, on that machine open the Network System Preferences and open the Advanced properties of the network adapter:

Limited additional options are available, including how far ahead a skip command takes you:

Using the iPhone as a Bluetooth Modem on MacOS X

In order to use the iPhone as a modem (to "tether" it with your laptop), you will first need to activate the service on your account with your mobile operator.

When activated, you will have the option of enabling Internet Tethering in the Network Settings menu:

To use the iPhone as a modem via Bluetooth, you must first turn on the Bluetooth service on the device, this is located under the General settings menu:

Once Bluetooth is activated, you can then enable the Internet Tethering:

On the Mac, launch the Setup Bluetooth Device wizard:

The Mac will then search for available Bluetooth devices within range and display a list of those devices it can detect, select the iPhone:

The Mac will generate a random PIN for the Bluetooth connection:

Enter the same PIN onto the iPhone when prompted:

The Mac will install a new Bluetooth network adapter for the connection:

Select the option to open the Network Preferences, the new Network Adapter will be displayed:

To initiate Internet sharing from the Mac, press the Connect button:

After a few moments your Mac will be connected to the Internet via the iPhone's data connection. You can now close the Bluetooth Setup wizard:

Using the iPhone as a USB Modem on Mac OS X

In order to use the iPhone as a USB modem (to "tether" it with your laptop), you will first need to activate the service on your account with your mobile operator.

When activated, you will have the option of enabling Internet Tethering in the Network Settings menu:

The iPhone also supports modem tethering via Bluetooth, if using the device via USB only select the option for USB only

Connect the iPhone to your Mac with Tethering turned on, the Mac will detect a new network adapter automatically:

Select the option to Open Network Preferences, the new Network Adapter will be listed:

Select the option to Apply the changes. Your Mac will now be connected to the Internet via your iPhone's data connection.

Using the iPhone as a WiFi remote for iTunes

Using the free Apple Remote application, available for download from the iTunes App Store, it is possible to remotely access your iTunes library on the desktop and search for, play, stop, pause and skip tracks.

The iPhone will need to be connected to the same wireless network as the desktop computer, and the computer will need to be configured to accept incoming connections to iTunes on any firewall software that is running.

Launching the iPhone application will prompt you to add a library:

You will assigned a 4-digit code to use to complete the pairing process. The application will then search for all available iTunes instances on the same local wireless network. In iTunes on the desktop, the option to enable a Remote Device will be displayed:

Selecting the device will prompt you to enter the same 4-digit code into the computer:

The iTunes library will then be displayed on the iPhone:

And you will be able to browse and control the playback of your music:

Viscosity OpenVPN client for MacOS

OpenVPN is a free, open source SSL-based virtual private networking solution that I have posted about previously (http://blog.brightpointuk.co.uk/openvpn). Although it is possible to configure access to an OpenVPN server from a Mac manually, and there are free GUI-based clients available, such as Tunnelblick (http://code.google.com/p/tunnelblick/), these require that you create the connection script manually and have a working knowledge of how the OpenVPN server has been deployed.

Viscosity (http://www.viscosityvpn.com/) is a GUI-based VPN client for the Mac that is easy to configure and unobtrusive when running. Connection settings can be installed in a single package for enterprise deployments and the client can be integrated the Growl notification platform for MacOS.

Multiple connections can be defined. Creating a connection, assuming that the OpenVPN server has been deployed with the standard configuration, requires simply that you enter in the name or IP address of the server, and specify the path to your key files:

Should you wish to adjust the default settings, advanced configuration options are available:

Once created, connections can be launched quickly and easily directly from the menu bar:

You will be prompted to enter your password (which can be saved to the Keychain if you do not wish to be prompted for it again):

Once connected the menu bar icon will change to reflect the connection status:

Read more on the Viscosity web site.

What's new for the Enterprise in iPhone OS 4?

The next version of the iPhone operating system, and a new iPhone model, is expected this summer. Current iPhone 3G and 3GS models will be upgradeable to the new OS. So how can the Enterprise expect to benefit from the next version of the iPhone?
I have blogged previously about the Exchange and Device Management capabilities of the current platform, but when compared with solutions such as BlackBerry and Windows Mobile / Windows Phone, the iPhone does not provide all of the integration and security features that help IT administrators sleep at night.

Apple have detailed the new business features that iPhone OS 4 will include on their web site - http://www.apple.com/iphone/business/preview-iphone-os/

New features include:

Multi-tasking

• Application developers will be able to access up to 7 multi-tasking engines, crucially enabling the holy grail of running applications in the background. This has significant implications for device management vendors as it means their client application will be able to run permanently in the background and will not be circumvented each time the user, say, receives a phone call as happens with the current 3.x platform. Messaging and other notification-based services will also benefit from this welcome addition. From a simple usability perspective it means you'll be able to listen to music whilst trawling through emails, or reading an e-book (see below).

Data Protection

• Email messages and attachments can be encrypted using the device passcode as an encryption key

Wireless application distribution

• OS 4 will support OTA delivery of corporate-hosted applications via either WiFi or 3G without requiring users to connect their device to iTunes on a PC or Mac

Exchange Email

• Multiple Exchange ActiveSync accounts will be supported as well as official support for Exchange 2010 server. A new unified Inbox displays all messages in one location, as well as allowing users to view messages by account if preferred

Device Management

• In addition to the existing iPhone Enterprise Configuration Utility, which provides the IT administrator the ability to create device configuration profiles including Exchange ActiveSync, password, VPN and WiFi settings as well as hardware and software restrictions, iPhone OS 4 will include APIs to enable third party device management solutions to configure devices

SSL VPN Support

• In addition to the PPTP, L2TP and Cisco IPSec VPN client capability of the iPhone, OS 4 will also provide support for SSL VPNs. Apple reference support for the Juniper and Cisco SSL VPN solutions, personally support for the OpenVPN solution would be attractive.

For general users, the iPhone OS 4 will also offer the ability to arrange application icons into folders, and it will be possible to install a greater number of applications on devices.
The iBooks application will allow users to browse for, download and read e-book publications on the device and sync those books with the desktop via iTunes.

The addition of multi-tasking for the iPhone, and the opening up of API integration to Apple's own configuration provisioning utility will hopefully open up a wealth of device management capabilities for the platform.
Personally, for the business user on the go I would like to see enhancements to the Exchange email client, including the ability to define synchronisation schedules (as opposed to simply 'on and off') as well as the ability to edit Out Of Office message text and status (as is already possible on the Android platform if you're lucky enough to have the HTC Desire or any of the Microsoft Windows Phone devices)

iPhone OS 4 is expected for release this summer.

What's new for the enterprise in OS 3.0 for the iPhone?

Version 3.0 of the iPhone operating system is now available for download from Apple. This latest release of the OS brings several new features including MMS support, Copy & Paste, Search, USB tethering (modem usage), among others. But what about for the enterprise: will this latest OS make the handset more attractive to system admins who until now may have preferred Windows Mobile, Symbian or BlackBerry?

I have blogged previously about the iPhone Enterprise Configuration Utility (http://blog.brightpointuk.co.uk/enterprise-deployment-iphone-xml-configu...), which allows you to define common settings relating to password usage, Server ActiveSync, VPN profiles, Wireless Access Points and Certificates and save that set of configurations to a unique XML-based package that can then be rolled out to any number of devices. The iPhone Configuration Utility version 2.0 has been updated to include the new features available in this new version of the operating system.

Here are some of the highlights:

• CalDAV calendar wireless syncing is now supported - enabling read-only access to shared calendars or colleague's calendars using the CalDAV protocol (note - this does not apply to Microsoft Exchange)
• LDAP server support for contact look-up in mail, address book and SMS - meaning that you start to type in a contact into an email or text message, then have the device query a corporate address book for any matches
• Configuration profiles can be encrypted and locked to a device so that their removal requires an administrative password
• iPhone Configuration Utility 2.0 now allows you to add and remove encrypted configuration profiles directly onto devices that are connected to your PC by USB
• Online Certificate Status Protocol (OCSP) is now supported for certificate revocation
• On-demand certificate-based VPN connections are now supported
• VPN proxy server information can now be defined via the configuration utility
• Microsoft Exchange users can invite users to meetings
• The camera can be disabled via a device configuration policy
• The length of time a device can be left unlocked with no user interaction can be defined via a device configuration policy
• Email messages and calendar events can be searched on the local device
• Email can also be searched remotely on Exchange 2007 or IMAP servers or the MobileMe service
• Email subfolders can be synced via Server ActiveSync
• GPRS / 3G / WiFi proxy server information can now be defined via the configuration utility
• Cisco IPSec VPN infrastructure is now supported
• 802.1x EAP-SIM wireless authentication protocol is now supported
• Devices can now be authenticated and enrolled over the air using a Simple Certificate Enrollment Protocol server (SCEP)
• Web Clips can be installed onto devices via the configuration utility. Web Clips are added to the Home Screen and provide users fast access to favourite web pages
• iTunes can now store device backups in encrypted format (iTunes version 8.2 or later)

More information can be found online in the Apple iPhone Enterprise Deployment Guide available for download here - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

It is perhaps important to note the features that are NOT available on the iPhone when used in conjunction with an Exchange server:

• Task synchronisation
• Editing Out of Office message text

As before, when activating a new iPhone device, unless the SIM card has been activated already, the device must be connected to a PC with iTunes installed to complete the activation process.

The iPhone Configuration Utility can be downloaded from the Apple web site for both Windows and Mac platforms - http://www.apple.com/support/iphone/enterprise/

Winebottler - run Windows apps on MacOS

It is already possible to run Windows on Mac computers, either by booting into the operating system via BootCamp, or by running a virtualised machine image using tools such as Microsoft Virtual PC (for PowerPC Macs) or Intel-based tools such as VMWare Fusion and Parallels Desktop. Applications can even be run in individual windows on the Mac desktop without the need to see the entire Windows desktop.

One drawback of this approach is that the entire Windows operating system needs to be loaded in the background, so that even if you are only accessing a relatively small application, a lot of the Mac's memory and processor performance is being utilised.

Wine

Ever since Apple began using Intel processors in their computers, an open source project known as Wine has made it possible to run Windows applications on MacOS directly, independently of the Windows operating system.

Wine works well on both MacOS Tiger (10.4) and Leopard (10.5), but not so well on Snow Leopard (10.6) - individual pre-requisite packages needing to be manually compiled to run in a 32-bit environment rather than default 64-bit: I'll come onto Snow Leopard in a moment.
You must be using an Intel-based Mac in order to use Wine, will require the XCode tools installed from the OS X installation disc, and will also require MacPorts installed (http://www.macports.org)

Once MacPorts has been installed, configure the PATH environment for your user account with the following command in Terminal:

echo export PATH=/opt/local/bin:/opt/local/sbin:\$PATH$'\n'export
 MANPATH=/opt/local/man:\$MANPATH | sudo tee -a /etc/profile

You can now download and install Wine and all pre-requisite packages with the following command:

sudo port install wine-devel

Alternatively you can use an application such as PortAuthority (http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html) to manage your MacPorts via a GUI:

Once installed, a virtual Windows environment will be created in a hidden directory in your User folder on the Mac called 'Wine':

To run a self-contained Windows executable file, such as MineSweeper, say, simply save the EXE file to your Mac somewhere, then load the Terminal and navigate to that folder. Run the file using Wine with the following command:

wine winmine.exe

If all has gone according to plan, you will see MineSweeper load in an X11 window:

If you want to install a Windows-based application, follow the same procedure, except copying the installer file to the Mac and invoking it via Wine at the command prompt:

wine setup.exe

In this example I'm installing the VMWare Server Console for Windows application. By running the setup.exe in Wine I see the installer wizard in an X11 window:

Once installed, you will see the new program files in the virtual Windows environment in the Wine directory:

You can now locate the installed program EXE file and launch this within Wine using the same command format in Terminal:

wine vmware.exe

Clever stuff.

WineBottler

WineBottler (http://winebottler.kronenberg.org/) is the new home of the Wine project and has added a GUI to the platform as well as Snow Leopard support. The package is still in beta stage at the moment and still requires an Intel processor and the XCode tools to be installed on your Mac.

Once installed on the mac, EXE files are associated with Wine automatically:

Running an EXE file will prompt you whether or not to just run the file, or to create an application installation package:

Again, running a self-contained application such as Notepad.exe, will simply load:

If you want to install an application, the procedure is slightly different. Within WineBottler you can create what are called 'Prefixes'. The procedure in the background is effectively the same, but Bottler allows you to add an icon for the application in your Mac Applications folder, and add pre-built Wine ports of pre-requisite Microsoft software, such as the DotNet Framework, to that application.

To create a Prefix, launch WineBottler:

Browse to where you have saved the installer EXE file (or MSI files are also supported, although I haven't tried one yet):

Specify the name of the resulting .app package you want to create as well as where to put it:

The package will then run the installer and you will see the installer in an X11 window as before:

Once the installer has completed, should the Windows application contain more than one EXE file in the Program Files directory, you can specify which one should be launched:

The prefix is then created, and an icon added to the Applications folder, using the appropriate icon:

Just amazing!

Within the WineBottler application are also links to download pre-compiled Prefixes, including builds of Internet Explorer 7 and 8.

Prefix packages can also be built to include all of the required Microsoft packages as well as the Wine package itself, so that built files can then be run on other Macs that don't have Wine installed.

If you have resisted seriously considering using the Mac platform because of that 'one app' that only runs on Windows - this may be a solution for you.

iPhone OS 4 Exchange ActiveSync Hotfix

Since the release of version 4 of the iPhone operating system (iOS4), there have been a number of reports of an inability to synchronise with Microsoft Exchange, or intermittent synchronisation failures coupled with administrators reporting increased load on their Exchange servers.

Whilst I have not experienced this problem myself, the issue has been tracked back to the default time interval within which the iPhone will attempt to synchronise with Exchange before timing out and initiating a new session. Apple have released an updated configuration profile which increases this period to 240 seconds which is hoped to resolve the issue.
The issue is detailed on the Apple web site in support article 3398 (http://support.apple.com/kb/TS3398) and the configuration profile is available for download here - http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/TS3398/Defau...

The "mobileconfig" file can be emailed to users and installed onto the device simply by selecting it, or users can paste the above link into the Safari web browser on the iPhone itself.

Once installed, the device should be powered off and on again to apply the new profile.

Google have also responded to reports from users of an inability to synchronise GMail accounts via the Exchange ActiveSync protocol from iOS4 devices by applying an update to their mail servers. It is now possible to sync GMail using the following details:

• Exchange Server Address - m.google.com
• Username - full Google email address
• Password - Google account password
• Domain - (optional) google

After installation, the new profile will be listed (and can be removed) under Settings --> General --> Profile.