iPhone Configuration Utility 2.0

21.08.2009

In ICU version 1, you could only hand out configuration profiles by directly connecting the iPhone to the workstation running the ICU, emailing the profile to the user, or having the user go to a Web site and downloading the file onto their iPhone. That left the process either in the hands of IT (direct connection to the iPhone), or required the user to install the profile.

In a true Over the Air (OTA) setup, the user goes to a secure URL in Safari, authenticates to that URL, and then the configuration proceeds from there. Usually the only other information anyone had to enter was their e-mail address and password. This was a feature that was not really well-implemented in the first version of the ICU, and something that a lot of companies wanted.

For example, one of the disadvantages to the e-mail profile was that the e-mail could ONLY be opened on the iPhone. Well, if you haven't set up the iPhone for e-mail, you then had to send a company provisioning protocol to a device on an external e-mail account which meant the device had to have at least one e-mail account set up. For a personal phone, this may have happened, maybe not. For a company issued phone You had to provision the device to provision the device. Not a great option.

The Web site option helped a little, but then making sure that the wrong people can't get to the profile starts adding layers of complexity to the process, and the user still had to manually accept the profile, etc. It was slightly better in practice, but not by much.

With the ICU 2, Apple has provided a way for a company to deal with provisioning in a more automatic OTA manner, and it's based around SCEP, or the Simple Certificate Enrollment Protocol. This allows a company to set up an SCEP server, and by using device specific items, such as the IMEI number, the device MAC address, and a challenge token, (read: Password/Passcode), a company can then pretty much automatically configure the device, and the only additional information the user has to enter are things that are specific to them, such as e-mail address and e-mail password.

Zur Startseite