IT813: App Deployment Strategies for iOS
Derick Okihara, IT Technician, Mid-Pacific Institute
Apple makes beautiful hardware, but it's the software that really makes devices like iPhones and iPads so popular. With over 700,000 apps available, how do we get these apps on to a user's device in a manageable fashion? This session will cover the different app ownership models, volume purchasing, and several different app deployment strategies with both Apple and third party solutions. At our organization, we deployed applications to 1600 iPads, and this session will cover exactly how we did it without breaking a sweat. Some of the tools we'll cover include iTunes, Apple Configurator, OS X Server's Profile Manager, and also the third party tool JAMF's Casper Suite. With these deployment strategies in hand, you'll still have time left over to play Angry Birds.
Presentation PDF: IT813_Okihara.pdf
This week Apple has acknowledged two bugs in iOS 6.1.
First, accepting an exception to a recurring calendar event may cause excessive Exchange server activity. Says Apple:
Apple has identified a fix and will make it available in an upcoming software update. In the meantime, you can avoid this bug by not responding to an exception to a recurring event on your iOS device. If you do experience the symptoms described above, disable then reenable the Exchange calendar on your iOS device
The second bug allows access to parts of the iPad or iPhone even when the device is locked. Note that the hack described allows access only to the device's contacts, photos, and voicemail. Apple Data Protection is not broken, so data remains encrypted.
These issues are also present in the 6.1.1 update for the iPhone 4S.
I have about 40 company owned iPads. We are using for internal meetings only instead of printing paper hand outs. At the moment we manually manage all of these devices with iTunes. We manaullay add the documents for the meetings with iTunes file copy. Bring the iPads to the meetings then collect them after the meetings and manually remove the documents.
There are a few problems with this.
1. We do not have our MDM profile on the devices to keep them secure in teh event they get lost or stolen.
2. We individally configured each device one at a time.
I have recently started using Apple Configurator and like what it can do. Especially when we return the devices to the base station and restore a clean back up wiping all of the content from the device. I have been testing with integrating our MDM (MobileIron) with Apple Configurator and have it working but a few things I run into. We force an iOS lock screen passcode. I need to extend that passcode for longer than 15 minutes before the device locks for this group of iPads. Also, when I return the iPads to the Configurator station and restore it forces me to enter a NEW passcode every time on every device. I would like to try and keep the passcodes the same and never have them change or at least change them every few months instead of every day. Last is there a way to push the new dociuments for our meetings to the devices in the correct app from Configurator?
Any ideas, suggestions are welcome!
I've been wondering about this for a long time,
My intentions are to offer an App to a specific company.
That Company is not located in Australia, Canada, France, Germany, Italy, Japan, New Zealand, Spain, United Kingdom, and United States as mentioned in http://www.apple.com/business/vpp/.
However, if I'm correct, they do have a D-UD number and are a recognized company and probably do have Apple-IDs.
Since Enterprise Volume Purchase Program is not available to that company simply because its not in those countries mentioned above,
What are my Options?
I want to:
1- Make my app available to that company somehow, either through AppStore or without.
2- At the moment, I hold an Individual's License - ( iOS Developer Program Standard - $99 )
3- I don't mind what the purchase options, either via Apple or without.
Any any help is appreciated.
Our West Coast Enterprise iOS Meetup is ON for tomorrow night! We welcome all Macworld/MacIT attendees and friends. We'll have drinks sponsored by Tekserve, dancing girls, and a show featuring trained tigers. You can't miss this once-in-a-lifetime spectacle!
When: Thursday 1/31 from 8-10 PM
Where: 83 Proof, 83 First Street, between Market & Mission, San Francisco
Who's Invited: All readers and contributors, present and future, of Enterprise iOS
Apple today released a number of updates to iOS. Use General > Software Update to update individual devices.
- Links to downloadable IPSW images are over at http://ios.e-lite.org.
- About the security content of iOS 6.1 Software Update
- About the security content of Apple TV 5.2
The Apple TV update contains support for bluetooth keyboards. Hmmm...
UPDATE: It turns out that this expiration extension does not actually extend the life-time of individual distribution profiles. Please see the comments below this article for more details.
I discovered this today and figured it was worth sharing with the Enterprise iOS community because it has such a profound impact on Enterprise app deployment strategies...
If you have ever dealt with iOS Enterprise In House distribution, you have undoubtably had to deal with the dreaded "Provisioning Profile Is About To Expire" message that appears on user devices every day for 30 days until the expiring profile is removed or the expiration date lapses.
I was pleased to find out today that Apple has changed the life of the underlying iOS Enterprise Distribution Certificate expiration date from one year to three years!
This means you only have to deal with this (nightmare) every three years instead of every one year.
Practically speaking, this means the recommended enterprise app update lifecycle (in which you have users update their apps and/or remove the old provisioning profile) changes from six months to 1.5 years; a much more reasonable timeframe.
It appears that Apple made this change at the beginning of 2013 or late 2012; either way it seems like this change has been made across all enterprise iOS Developer accounts.
I'm using Apple Configurator to deploy iPads with a third-party app installed as well.
After preparing the iPads in Apple Configurator, I have to touch each iPad in order to
configure the settings of the third party app.
Is there a way to pre-configure the settings of a third-party app before installing it
on an iOS device using Apple Configurator or MDM? If so, how do you do this?
Thanks in advance,
Here are the details for the live, in-the-flesh Enterprise iOS meetup in San Francisco on Thursday, January 31. (I'll be in town at the MacIT Conference.)
When: Thursday 1/31 from 8-10 PM
Where: 83 Proof, 83 First Street, between Market & Mission
Who's Invited: All readers and contributors, present and future, of Enterprise iOS
Who's Buying: Tekserve!
When I started this sire two years ago I wasn't sure how long it would last. At that time, nobody had the job title "iOS Administrator." Now, we're over 20K unique visitors each month. Our Comparison of MDM Providers has been viewed over 220,000 times. And our forums receive a healthy number of questions and knowledgable answers.
I'm proud of how far we've come! Come help me celebrate, discuss the state of the technology, and directions to take the site in 2013.
Thanks to all of you who make the community what it is. Looking forward to seeing you on Thursday!
Really Useful links from Apple Support!! - Everyone who admins Apple devices needs these!
VPP Program Links
Volume Purchase Program Education Store
Volume Purchase Program Overview
Volume Purchase Program FAQ
Apple Configurator: Using Volume Purchase Program (VPP) Redemption Codes
iTunes Store Customer Service - Volume Purchase Program for Business customers
Apple Configurator Resources
Introduction and how to video
Education Seminars and Events (Video Links)
Download Apple Configurator
Apple Configurator: Backing up and restoring data
Apple Configurator Help
Apple Configurator - Using VPP Help
Apple Configurator - Coordinating Device Names
iPhone Configuration Utility Links
iOS 5 Deployment Guide (the guide for iOS 6 hasn’t been released yet)
iPhone Configuration Utility 3.3 for Mac OS X
iPhone Configuration Utility 3.3 for Windows
iOS Deployment Resources
iPhone Configuration Profile Reference
iPhone Configuration Utility Guide
iPhone in Business: Device Configuration Overview
iPhone OS: Enterprise Deployment Guide
iPhone Support: Enterprise
For Additional Questions:
Contact name/phone number
AppleID being used
1.800.275.2273 - AppleCare Consumer Line
1.800.800.2775 - AppleCare Education
1.866.752.7753 - AppleCare Enterprise Server Support
Related to my master's thesis at University of Koblenz-Landau - Chair of Media and Service Management (http://www.uni-koblenz-landau.de/koblenz/fb4/institute/ifm/agkilian/home-en) - I carry out a survey among Apple iOS, Android and Facebook app developers.
I would be very happy if you would participate in my survey, which takes about 10 minutes.
Here is the link to the questionnaire (valid until 03.02.2013):
Btw: Among all participants, we are raffling vouchers for Apple iTunes, Google Play, and Amazon with a total value of € 200!
Thank you for your support!
We have the following network setup:
Windows 2003 & 2008 Domain, Exchange & AD servers.
Wireless running WPA2 Enterprise / 802.18, PEAP with AES across Cisco ISE with Certificate.
When a user is connected with an iPhone; pulling Exchange mail (with ActiveSync) & browsing the web changes his domain password on Windows based laptop/desktop, the iPhone Exchange email immediately prompts for a new password, but the wireless connection itself does not, it will after a reboot of device, re-enable of the wireless connection or fairly long extended period of time, this is obviously a security risk as outlined in post: http://enterpriseios.com/forum/topic/Exchange_Passwords_after_iOS_501_Up... - the reason for the new post is the difference in exchange mail prompting for new password, but wireless connection now.
Is this Apple iOS standard or is there a fix for this either on the Windows AD/Domain side or device config?
How and where does resolution of conflicting restrictions or multiple email settings take place?
In theory, the resolution could take place on an MDM server or on the device. So where does it take place? I have seen reference to a file called the ProfileTruth.plist. What do people know about this file and where is it generated?
I am assisting with the rollout of a large number of iPads in several schools.
For the limited pilots we have done so far, we have used MacBooks as sync stations and one Apple ID per sync station. We have spreadsheets of VPP codes to comply with licensing, but they are essentially unused.
Ideally we would like to do installation and updating of apps over the air and gather reporting data, and as such want to use an MDM. I really like the idea that specific groups will get certain apps. However, i am seeing several roadblocks that are due to Apple's restrictions and the limitations of their API:
- how can we push apps and app updates without requiring the kids to confirm and enter an Apple ID and password?
- how can we get all of these student iPads to look the same post deployment so that the teachers have consistency? Essentially folders would need to be moved, etc.
- how to view iPads like with ARD?
- Even if we were to stick with the sync station model, the new EULA for iBooks doesn't let us use purchased iBooks on all of the same devices. Textbooks will be a major component of this project.
About This Site
- Comparison of MDM Providers (487,571)
- Complete List of iOS User-Agent Strings (181,369)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (108,455)
- Apple Configurator vs. MDM (94,418)
- Mobile Device Management (64,501)
- AirWatch (52,797)
- Absolute Manage (50,497)
- Apple Profile Manager (48,645)
- Gartner Magic Quadrant for MDM (2012, 2011) (43,493)
- iOS Device Management Open Source Way (39,501)
Comparison of MDM Providers
Forum topic comment by daybreaker01 4 hours ago
Forum topic comment by usher.br 14 hours ago
Forum topic comment by coombes69 15 hours ago
Forum topic comment by dronf 1 day ago
Forum topic comment by usher.br 1 day ago
Forum topic comment by HCCSC John H 1 day ago
Wiki Page comment by tray 2 days ago
Forum topic comment by bevo_79 2 days ago