Does anyone here work in a reasonably large enterprise that is supporting iPhones as a blackberry alternative? I work at a fairly large law firm (550+ lawyers) and some of my colleagues and I want to swap our blackberries for iPhones. Unfortunately, we are running into the usual resistance from the IT department. Has anyone got any tips on how to convince them it won't be the major pain they fear? Any examples of iPhone roll outs I can point to? We're running Exchange 2002 SP2 so there is no issue on having a compatible backend. I'm hoping it's just a matter of convincing them that setting up and managing the security policies won't be noticeably burdensome. To help in that regard, it would be ideal if there was an IT manager of a similarly sized institution somewhere in North America that I could point to and say: "Look, he did it. Why can't you?"
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Enterprise iPhones
- Thread starter Echinda
- Start date
- Sort by reaction score
Are you running a separate Exchange ActiveSync server? EAS is not built into versions of Exchange prior to 2007, if I recall. My organization runs EAS alongside Exchange 2003 SP2, and I'm using that for my iPhone, although we also run a separate Exchange 2007 environment. I work in IT myself, and I'll tell you that supporting the iPhone isn't just turning on a few services. You have to make sure your staff can support the devices before you start handing them out in a broad manner.
I'm not saying this to take a swipe at you, but it's users such as yourself who will ask for a device because it sounds simple to you, but then when you get it and subsequently have a problem, you're going to expect your IT team to help you fix it. If your IT team is going to help you with that problem, they have to have a group of team members who have been trained to a point that they have an advanced knowledge of the device, and how the backend works in addition to the 'end user experience' of the device. All of that training takes time, and time is money.
Who's paying for that training at your company?
It may not be an implementation hurdle that the IT department is trying to avoid, but a security issue. That is the case here at the college I work at. The iPhone cannot be directly managed by a centralized server and it does not encrypt the data stored on it such as email. In a sensitive place like a law firm I'm sure security is the #1 priority for the IT guys, and security wise the iPhone just doesn't do as good a job as the BB currently does.
Why don't you try, "I'm a revenue stream, IT is not" for starters. Are you a partner? If so, should be a no-brainer.
IT folk by my experience are L-a-z-y and will do as little as they can and want their lives as easy as possible. Change is good and the only constant in life including re-locating to another company's IT department. Remind them of that one.
I work for a company of about 500 people. This company didn't turn on anything to allow the iPhone to work. They had it setup for the web interface. We just had to enter that URL as the server address, then our Username/Domain and password and it works perfectly. In fact IT was unaware we had access and is asking those of us with iPhones if there is anything they can do to assist us (they are feeling useless since we never had to talk to them about setting up).
TEG
TEG
I'm in a large company that doesn't currently support iPhones, but some of us are trying to get such support. We are based on Lotus Notes and not Exchange, so it's an extra hurdle to overcome. Currently I can do VPN web access and get my company email that way, but it's cumbersome.
There is no Exchange 2002, so you might want to have you facts straight before you talk to IT. We have Exchange support on our iPhones, but then I'm the admin for our Exchange server and all our Macs
There is no Exchange 2002, so you might want to have you facts straight before you talk to IT. We have Exchange support on our iPhones, but then I'm the admin for our Exchange server and all our Macs
Hahaha...you beat me to it.
Actually EAS was included in E2K3
http://technet.microsoft.com/en-us/library/bb124307.aspx
It is the job of your IT department to secure and support the source of that revenue stream. When arrogant people who do not know better stand up and say things like you do, they eventually find themselves getting lots of free publicity.
"E-mails containing the details of high profile case against XYZ corp were leaked to the internet today. The source appears to be from a FORMER partner's iPhone from the law firm of I'm A Revenue Stream P.L.L.C. We understand that the iPhone in question was lost in a NYC cab. The spokesman for the firm declined to make a statement except to state that said partner and the IT Manager are no longer with the firm."
Take the advice of people here on this forum that know better than you. If your company does not support it, there is probably a reason. When you force them to support a product that's not ready for prime time, you push the price of that cost center up and they spend more of that precious revenue stream you are so proud of. In places like law firms and in medical practice, the iPhone will not meet necessary compliance measures that are necessary to said industries.
You may have some lazy IT guys, but don't speak generally about all IT guys.....or we'll have to start talking in general about lawyers.
Clearly touched a nerve here.
Yes, i'm a partner, but no I'm not the kind to start swinging my status around like a stick. If there are genuine security issues, I'm willing to drop the issue because no gadget is worth my license if sensitive email is sent in the clear. But are there genuine security issues?
Apple indicates that with ActiveSync you get 128-bit SSL encryption and remote enforcement of security policies, including the all important remote wipe if your iPhone wanders off.
How is that worse than Blackberry? Sure, RIM uses 3DES, but from what I've read there is a lot of FUD being spread around about whether that gives you any meaningful increase in security over 128-bit SSL (which is not just iPhone's solution but the standard for Windows Mobile devices). And ActiveSync supports 3DES, so I wonder whether that is lurking in the iPhone solution as well?
And yes, I typed a "2" instead of a "3" when saying which flavor of exchange we're running. Now that people have had their fun with that monumental blunder, perhaps someone could point out where the problem actually is with iPhone's security. The only info given so far was either wrong or patronizing crud along the lines of "Trust IT, they know what they're doing."
I worked in IT before I went to law school and I'm sympathetic to the crap they put up with from the tech-challenged who want some more Ghz added to their hard drive. But I'm also well aware of the bureaucratic mindset that tends to creep in once a preferred solution has been landed on. I just want some rationality to bring to the decision of whether to support iPhone. So far all I'm getting from our IT group is "It's not a budget line item, so unless you want to scrap the VOIP project it's not happening". The complete lack of proportionality evident in that response is what I'm trying to deal with.
I'm not looking for an enterprise wide roll-out. I just want them to adopt the iPhone as a non-preferred solution, turn on the data pipe, enforce the necessary security policies and tell users that if they want one (a) they buy it themselves and (b) iPhone support will be limited to server side issues.
Doesn't seem to be quite the same as a 1200 terminal VOIP project across 10 offices on 3 continents in my mind, but what do I know, I'm just a user.
Yes, i'm a partner, but no I'm not the kind to start swinging my status around like a stick. If there are genuine security issues, I'm willing to drop the issue because no gadget is worth my license if sensitive email is sent in the clear. But are there genuine security issues?
Apple indicates that with ActiveSync you get 128-bit SSL encryption and remote enforcement of security policies, including the all important remote wipe if your iPhone wanders off.
How is that worse than Blackberry? Sure, RIM uses 3DES, but from what I've read there is a lot of FUD being spread around about whether that gives you any meaningful increase in security over 128-bit SSL (which is not just iPhone's solution but the standard for Windows Mobile devices). And ActiveSync supports 3DES, so I wonder whether that is lurking in the iPhone solution as well?
And yes, I typed a "2" instead of a "3" when saying which flavor of exchange we're running. Now that people have had their fun with that monumental blunder, perhaps someone could point out where the problem actually is with iPhone's security. The only info given so far was either wrong or patronizing crud along the lines of "Trust IT, they know what they're doing."
I worked in IT before I went to law school and I'm sympathetic to the crap they put up with from the tech-challenged who want some more Ghz added to their hard drive. But I'm also well aware of the bureaucratic mindset that tends to creep in once a preferred solution has been landed on. I just want some rationality to bring to the decision of whether to support iPhone. So far all I'm getting from our IT group is "It's not a budget line item, so unless you want to scrap the VOIP project it's not happening". The complete lack of proportionality evident in that response is what I'm trying to deal with.
I'm not looking for an enterprise wide roll-out. I just want them to adopt the iPhone as a non-preferred solution, turn on the data pipe, enforce the necessary security policies and tell users that if they want one (a) they buy it themselves and (b) iPhone support will be limited to server side issues.
Doesn't seem to be quite the same as a 1200 terminal VOIP project across 10 offices on 3 continents in my mind, but what do I know, I'm just a user.
That's only encryption in the transport of the data between your phone and the server.
The iPhone does not support "full device encryption", where the BlackBerry does. The data on your iPhone isn't encrypted once it reaches the phone (i.e., not encrypted in memory). On a BlackBerry, that data is encrypted, so there's less risk of someone gaining access to the memory inside the device outside of normal channels.
The remote device wipe feature is nice, however again, not all IT departments will know where to find it or how to use it. It also relies on the end user reporting the device loss/theft to the IT department in a timely manner. Most cell users don't use the PIN or password locking feature of their phone due to convenience. With the BlackBerry infrastructure, that option can be mandated, disallowing users from disabling it.
I think you might have created some confusion here when you stated that you wanted to point at a similar sized enterprise that rolled out the iPhone and say "they did it, why can't you", that may have lead to the impression that you were looking for an enterprise roll out. I agree it's not the same as a huge VOIP project, but then again, I'm just an evil IT guy so what do I know?
I think the only problem with the iPhone for corporates at the moment is the lack of policy support which Windows mobiles and BlackBerrys do have. I am in the opposite position of being a consultant trying to move my client from Blackberry Enterprise (700 devices) to an iPhone solution. Their main argument which is that they have a significant investment in BBs both from a device and license point of view. We have however reached a middle ground compromise where any users who ditch their BBs and switch to iPhones then they are no longer entitled to support for their mobile messaging. My client isn't under any sort of security compliance requirements so this approach is acceptable to them. IT departments that have to deal with secrecy issues and things like Sarbanes-Oxley regulations might not be so easily convinced.
There is no Exchange 2002, so you might want to have you facts straight before you talk to IT. We have Exchange support on our iPhones, but then I'm the admin for our Exchange server and all our Macs
You're just the guy I want to pick the brains of then. If you don't mind it would be very useful if you could let me know the following:
Have you had any issues enforcing security policies on iPhones over ActiveSync? Or in other words, does security on the iPhone work as advertised here: http://www.apple.com/iphone/enterprise/integration.html
How many man hours would be involved in gearing up to have 5 iPhones run as a test group?
Are there any particular stumbling blocks you ran into when rolling out iPhones?
Does syncing to Exchange act as advertised (other than mail, do calendar and contacts survive the sync intact)?
Short answers, long answers, any answers are appreciated. Thanks in advance.
Hmm. That's not what Apple says (see link above). Are you thinking of pre-iPhone 2.0?
We aren't.
It's a major undertaking to get new equipment and software to the users. We've been sitting on Office 2007 since it came out waiting for final approval to buy the licenses and roll it out. So far we've only be able to go live with Outlook/Exchange and that is a migration from Lotus.
Believe me, a lot of us in the IT departments would love to see the iPhone along with many other pieces of equipment and software made available.
Indeed, but unfortunately my client extended their BB contract before the launch of 2.0. I still haven't had the opportunity to test 2.0 in with ActiveSync policies so I can't say if they apply the same way as on Windows mobiles.
You have this functionality if you use the iPhone Configuration Utility. The following is available under the "passcode" section, and I'm pretty sure once you enable this it can't be taken off:
- Require passcode on device
Require passcode on device Enforce the use of a passcode before using the device - Allow simple value
Permit the use of character repetition (e.g. 'A4A4')
allowed - Require alphanumeric
Restrict passcodes to numbers and letters - Minimum passcode length
Smallest number of passcode characters allowed - Minimum number of complex characters
Smallest number of non-alphanumeric characters allowed - Maximum passcode age (in days)
Days after which passcode must be changed - Passcode lock (in minutes)
Device automatically locks when time period elapses - Maximum number of failed attempts
Device cannot be unlocked once reached (no data loss)
While all of these are nice security features, without data encryption on the iPhone itself it doesn't put many hurdles in the way of someone who really knows what they're doing.
This is what the IT department of a major NY law firm had to say about iPhone support:
"Recently, there has been significant news coverage of corporate e-mail
support on the new iPhone 3G (and the original model with upgraded
software). The Firm was selected as a beta site and has tested this
feature extensively for the past few months. One of the most critical
elements of our testing was the reliability of message delivery from the
Firm e-mail system to the iPhone. Our experience has uncovered that
e-mail delivery to the iPhone is not as reliable as delivery to a
Blackberry, and that there are not yet sufficient tools for monitoring and
supporting iPhone e-mail delivery.
Based on the concern that unreliable e-mail delivery could negatively
impact the critical issues of communication with and responsiveness to our
clients, the Firm has determined not to support the iPhone for e-mail at
this time. We will continue to work closely with Apple and Microsoft and
monitor improvements in the iPhone integration with our e-mail system.
Should it become a more viable option, we will reconsider its support in
the future."
Cheers.
"Recently, there has been significant news coverage of corporate e-mail
support on the new iPhone 3G (and the original model with upgraded
software). The Firm was selected as a beta site and has tested this
feature extensively for the past few months. One of the most critical
elements of our testing was the reliability of message delivery from the
Firm e-mail system to the iPhone. Our experience has uncovered that
e-mail delivery to the iPhone is not as reliable as delivery to a
Blackberry, and that there are not yet sufficient tools for monitoring and
supporting iPhone e-mail delivery.
Based on the concern that unreliable e-mail delivery could negatively
impact the critical issues of communication with and responsiveness to our
clients, the Firm has determined not to support the iPhone for e-mail at
this time. We will continue to work closely with Apple and Microsoft and
monitor improvements in the iPhone integration with our e-mail system.
Should it become a more viable option, we will reconsider its support in
the future."
Cheers.
and what happens when they decide to support your 1 off product and it in turn brings down your mail system, i'm not saying it is going to happen and i don't think it would but those are things the IT director has to take into consideration, nothing is ever as simple and checking a check box or clicking a button. there is almost always something that will go wrong, and your IT director has to take that into consideration before making a change in the infrastructure, there has to be a roll back plan, and all that stuff
you can't expect him to just do it on a whim simply because you and your 3 friends want it done, it is his job to make sure the day to day business operations run smoothly
as for your earlier comments about IT not being a revenue stream, without IT you has no e-mail, phones, Excel, Word, all those nice databases you keep your contact info, etc. that you use everyday to conduct business, IT brings plenty of value to a company, and if you want an example look no further than WalMart, they are as successful as they are because of their IT, without their IT, they wouldn't be able to do half the things that they do. so go ahead and call IT people LAZY, and when you're calling them for support at 2:00am because you can't figure out where the "any key" is, and someone actually picks up the phone to help you, remember how little you think of them
I think you might have created some confusion here when you stated that you wanted to point at a similar sized enterprise that rolled out the iPhone and say "they did it, why can't you", that may have lead to the impression that you were looking for an enterprise roll out. I agree it's not the same as a huge VOIP project, but then again, I'm just an evil IT guy so what do I know?
You're right. I should have been clearer. I was looking for an enterprise roll-out so I could say "Look, they did 500. Why can't we test 5?"
But I'm less jazzed about the whole idea now that I read what stlblufan passed along.
This whole thing started because my bberry's scrollwheel is dying and I need to replace it. Ah, well. I guess I get a "Bold" then.
I'm currently trying to get my company to pilot the 3G iPhone as an optional alternative to the BlackBerry. It would be a fairly easy implementation considering we currently have AT&T as our service provider for our BlackBerry devices and we have EAS implemented.
The push back thus far, besides concerns over centralized management and security, has been the lack of MS Office Communicator (MSOC) support on the iPhone and the iPhone keypad.
We use a MSOC client on our BlackBerry devices for chat, collaboration and presence and I've been asked if the iPhone can support the same functionality. Currently, I do not believe it does.
A criticism of the iPhone keypad is that you can't really use it with your thumbs like you do a BlackBerry device. We've got hundreds of employees who have become very proficient at typing away on their BlackBerry keypads with their thumbs and there is a concern they will never be as efficient on the iPhone keypad as they are on the BlackBerry keypad.
Another criticism of the iPhone keypad is that it has no tactile feedback like there is on a BlackBerry device where you are touching and pressing actual keys and this lack of tactile feedback would lead to more typing mistakes and a loss of typing efficiency.
So I still have some challenges to overcome, but my hope is to get a few pilot 3G iPhone devices in-house, let some folks try them out first hand, see what they think and go from there.
The push back thus far, besides concerns over centralized management and security, has been the lack of MS Office Communicator (MSOC) support on the iPhone and the iPhone keypad.
We use a MSOC client on our BlackBerry devices for chat, collaboration and presence and I've been asked if the iPhone can support the same functionality. Currently, I do not believe it does.
A criticism of the iPhone keypad is that you can't really use it with your thumbs like you do a BlackBerry device. We've got hundreds of employees who have become very proficient at typing away on their BlackBerry keypads with their thumbs and there is a concern they will never be as efficient on the iPhone keypad as they are on the BlackBerry keypad.
Another criticism of the iPhone keypad is that it has no tactile feedback like there is on a BlackBerry device where you are touching and pressing actual keys and this lack of tactile feedback would lead to more typing mistakes and a loss of typing efficiency.
So I still have some challenges to overcome, but my hope is to get a few pilot 3G iPhone devices in-house, let some folks try them out first hand, see what they think and go from there.