Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iPad

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 12, 2010, 08:45 AM   #1
MacDann
macrumors 6502a
 
Join Date: Mar 2007
Location: Not the end of the Earth, but you can see it from here
iPads, Active Directory, and the Enterprise

I have been charged with writing a proposal to adopt iPads into our enterprise environment that is currently 100% Windows (Primarily XP but slowly migrating to Windows 7.)

This is a K-12 education environment, and the proposed adoption is for student use.

We currently use Active Directory for authentication, control and management of our hardware and user accounts.

As I look over the documentation from Apple in their business white papers, I see mention of the use of certificates, but little or nothing relating to Active Directory.

If anyone here is currently using an iPad in an AD environment, I would like to hear about their experiences. I have people on staff who are familiar with the use of certificates, so I don't see that being a problem. What does concern me is the security aspect, especially authentication and the control of devices and updates that we currently perform through the use of group policies and AD.

Thanks in advance for the help,

MD
__________________
Intel Mac Pro 1,1; 20" C2D iMac; 17" C2D iMac; 16GB iPad 2+3G; G4 QS 733 w/400G RAID;2- TV 2; 2-16GB iPhone 4; 8G iPod Touch, 3G PR Nano, 3G 20G iPod
MacDann is offline   0 Reply With Quote
Old Dec 12, 2010, 09:00 AM   #2
tunerX
macrumors 6502
 
Join Date: Nov 2009
The iPad is a standalone device. There isn't a way to tie it into a proprietary directory service like active directory.

Once the user has access to the UI they have complete control of the device unless you have apps and such allow the use of passwords. Again those passwords will be single user.

You can use some functions of LDAP and tie that in with MS LDAP for basic directory services but nothing as holistic as AD and group policy management. Your only safety would be using content filtering appliances, firewalls, and keeping the iPad infrastructure isolated from the enterprise core aside from certain ports and protocols.
__________________
Stuff!
tunerX is offline   0 Reply With Quote
Old Dec 12, 2010, 09:16 AM   #3
MacDann
Thread Starter
macrumors 6502a
 
Join Date: Mar 2007
Location: Not the end of the Earth, but you can see it from here
Based on what I have been able to determine at this point, you have confirmed my fears. With no multiple user capabilities, nor the ability to authenticate through AD, these things are going to be a real handful to manage. Granted, they are being proposed to be deployed at one site only, which would make management a *little* easier, the problems created by these issues is really going to to make then a totally separate environment, or so it would seem.

Thanks a bunch - you have aggregated a lot of issues into one document.

MD


Quote:
Originally Posted by tunerX View Post
The iPad is a standalone device. There isn't a way to tie it into a proprietary directory service like active directory.

Once the user has access to the UI they have complete control of the device unless you have apps and such allow the use of passwords. Again those passwords will be single user.

You can use some functions of LDAP and tie that in with MS LDAP for basic directory services but nothing as holistic as AD and group policy management. Your only safety would be using content filtering appliances, firewalls, and keeping the iPad infrastructure isolated from the enterprise core aside from certain ports and protocols.
__________________
Intel Mac Pro 1,1; 20" C2D iMac; 17" C2D iMac; 16GB iPad 2+3G; G4 QS 733 w/400G RAID;2- TV 2; 2-16GB iPhone 4; 8G iPod Touch, 3G PR Nano, 3G 20G iPod
MacDann is offline   0 Reply With Quote
Old Dec 12, 2010, 10:40 PM   #4
PhoneI
macrumors 65816
 
Join Date: Mar 2008
If you are using ActiveSync to sync your IPad devices to a corporate Exchange email system, you will need to enable the users in Active Directory to complete the sync.

In addition, you can require user account credentials if you are connecting to a corporate wireless infrastructure.
PhoneI is offline   0 Reply With Quote
Old Mar 17, 2012, 02:24 PM   #5
JS207
macrumors newbie
 
Join Date: Mar 2012
iPad / Active Directory integration now available

I just noticed that there is a new free offering out there called Centrify Express for mobile that integrates iPads and iPhones into Active Directory (ie they join the domain like a Win or Mac system) and you get AD authentication, group policies for iOS settings, use ADUC to wipe/lock devices, etc. You might want to check it out here https://www.centrify.com/mobile/free...management.asp .... I read about it on cultofmac here http://www.cultofmac.com/146569/cent...-free-feature/
JS207 is offline   0 Reply With Quote
Old Mar 17, 2012, 02:27 PM   #6
Bankerts
macrumors member
 
Join Date: Sep 2008
Have no fear. Use an MDM provider like Mobile Iron or Airwatch which talks to your AD. Close down your exchange and wireless so they need certificate-level authentication and push the certificates via MDM.

Works great for the 8000+ iDevices my company has deployed.
Bankerts is offline   0 Reply With Quote
Old Mar 17, 2012, 02:37 PM   #7
mattpreston11
macrumors 6502a
 
Join Date: Nov 2007
This is why blackberrys are still huge.
__________________
11.6'' MBA 2012
iPhone 4S
mattpreston11 is offline   0 Reply With Quote
Old Jan 17, 2013, 09:47 AM   #8
russmcintire
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by Bankerts View Post
Have no fear. Use an MDM provider like Mobile Iron or Airwatch which talks to your AD. Close down your exchange and wireless so they need certificate-level authentication and push the certificates via MDM.

Works great for the 8000+ iDevices my company has deployed.
Do you or your company have any documentation for setting this up? We are exploring this and are not sure how to proceed.
russmcintire is offline   0 Reply With Quote
Old Jan 17, 2013, 09:49 AM   #9
Ratatapa
macrumors 6502a
 
Join Date: Apr 2011
We used Ipad in our environment (Car sells)

They go into the backyard with the customer, then from WIFI they RDP into the server to calculate the price in from of the client
Ratatapa is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPad

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Active directory integration for Macs vrtigo1 Mac OS X Server, Xserve, and Networking 10 May 22, 2014 10:08 PM
Active directory and changing passwords pctomm Mac OS X Server, Xserve, and Networking 1 Aug 27, 2013 01:36 PM
Active Directory MonsterRain OS X 10.8 Mountain Lion 1 Aug 8, 2013 12:09 PM
MacBook Pro 10.8.2 with Active Directory MsCasey99 MacBook Pro 3 Jan 30, 2013 02:54 PM
Manage iPhones/iPads in the Enterprise Indy500fan1977 iPhone 2 Sep 8, 2012 10:32 AM

Forum Jump

All times are GMT -5. The time now is 06:45 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC