Enterprise iPhones

Discussion in 'iPhone' started by Echinda, Jul 31, 2008.

  1. Echinda macrumors regular

    Apr 24, 2003
    Does anyone here work in a reasonably large enterprise that is supporting iPhones as a blackberry alternative? I work at a fairly large law firm (550+ lawyers) and some of my colleagues and I want to swap our blackberries for iPhones. Unfortunately, we are running into the usual resistance from the IT department. Has anyone got any tips on how to convince them it won't be the major pain they fear? Any examples of iPhone roll outs I can point to? We're running Exchange 2002 SP2 so there is no issue on having a compatible backend. I'm hoping it's just a matter of convincing them that setting up and managing the security policies won't be noticeably burdensome. To help in that regard, it would be ideal if there was an IT manager of a similarly sized institution somewhere in North America that I could point to and say: "Look, he did it. Why can't you?"
  2. SHIFTLife macrumors 6502

    Jul 24, 2008
    Are you running a separate Exchange ActiveSync server? EAS is not built into versions of Exchange prior to 2007, if I recall. My organization runs EAS alongside Exchange 2003 SP2, and I'm using that for my iPhone, although we also run a separate Exchange 2007 environment. I work in IT myself, and I'll tell you that supporting the iPhone isn't just turning on a few services. You have to make sure your staff can support the devices before you start handing them out in a broad manner.

    I'm not saying this to take a swipe at you, but it's users such as yourself who will ask for a device because it sounds simple to you, but then when you get it and subsequently have a problem, you're going to expect your IT team to help you fix it. If your IT team is going to help you with that problem, they have to have a group of team members who have been trained to a point that they have an advanced knowledge of the device, and how the backend works in addition to the 'end user experience' of the device. All of that training takes time, and time is money.

    Who's paying for that training at your company?
  3. PoitNarf macrumors 65816


    May 28, 2007
    Northern NJ
    It may not be an implementation hurdle that the IT department is trying to avoid, but a security issue. That is the case here at the college I work at. The iPhone cannot be directly managed by a centralized server and it does not encrypt the data stored on it such as email. In a sensitive place like a law firm I'm sure security is the #1 priority for the IT guys, and security wise the iPhone just doesn't do as good a job as the BB currently does.
  4. joneill55 macrumors 6502

    Sep 11, 2007

    Why don't you try, "I'm a revenue stream, IT is not" for starters. Are you a partner? If so, should be a no-brainer.

    IT folk by my experience are L-a-z-y and will do as little as they can and want their lives as easy as possible. Change is good and the only constant in life including re-locating to another company's IT department. Remind them of that one.
  5. TEG macrumors 604


    Jan 21, 2002
    Langley, Washington
    I work for a company of about 500 people. This company didn't turn on anything to allow the iPhone to work. They had it setup for the web interface. We just had to enter that URL as the server address, then our Username/Domain and password and it works perfectly. In fact IT was unaware we had access and is asking those of us with iPhones if there is anything they can do to assist us (they are feeling useless since we never had to talk to them about setting up).

  6. gauchogolfer macrumors 603


    Jan 28, 2005
    American Riviera
    I'm in a large company that doesn't currently support iPhones, but some of us are trying to get such support. We are based on Lotus Notes and not Exchange, so it's an extra hurdle to overcome. Currently I can do VPN web access and get my company email that way, but it's cumbersome.
  7. Sky Blue Guest

    Sky Blue

    Jan 8, 2005
    There is no Exchange 2002, so you might want to have you facts straight before you talk to IT. We have Exchange support on our iPhones, but then I'm the admin for our Exchange server and all our Macs :p
  8. Geckotek macrumors G3


    Jul 22, 2008
    Hahaha...you beat me to it.

    Actually EAS was included in E2K3


    It is the job of your IT department to secure and support the source of that revenue stream. When arrogant people who do not know better stand up and say things like you do, they eventually find themselves getting lots of free publicity.

    "E-mails containing the details of high profile case against XYZ corp were leaked to the internet today. The source appears to be from a FORMER partner's iPhone from the law firm of I'm A Revenue Stream P.L.L.C. We understand that the iPhone in question was lost in a NYC cab. The spokesman for the firm declined to make a statement except to state that said partner and the IT Manager are no longer with the firm."

    Take the advice of people here on this forum that know better than you. If your company does not support it, there is probably a reason. When you force them to support a product that's not ready for prime time, you push the price of that cost center up and they spend more of that precious revenue stream you are so proud of. In places like law firms and in medical practice, the iPhone will not meet necessary compliance measures that are necessary to said industries.

    You may have some lazy IT guys, but don't speak generally about all IT guys.....or we'll have to start talking in general about lawyers.
  9. Echinda thread starter macrumors regular

    Apr 24, 2003
    Clearly touched a nerve here.

    Yes, i'm a partner, but no I'm not the kind to start swinging my status around like a stick. If there are genuine security issues, I'm willing to drop the issue because no gadget is worth my license if sensitive email is sent in the clear. But are there genuine security issues?

    Apple indicates that with ActiveSync you get 128-bit SSL encryption and remote enforcement of security policies, including the all important remote wipe if your iPhone wanders off.

    How is that worse than Blackberry? Sure, RIM uses 3DES, but from what I've read there is a lot of FUD being spread around about whether that gives you any meaningful increase in security over 128-bit SSL (which is not just iPhone's solution but the standard for Windows Mobile devices). And ActiveSync supports 3DES, so I wonder whether that is lurking in the iPhone solution as well?

    And yes, I typed a "2" instead of a "3" when saying which flavor of exchange we're running. Now that people have had their fun with that monumental blunder, perhaps someone could point out where the problem actually is with iPhone's security. The only info given so far was either wrong or patronizing crud along the lines of "Trust IT, they know what they're doing."

    I worked in IT before I went to law school and I'm sympathetic to the crap they put up with from the tech-challenged who want some more Ghz added to their hard drive. But I'm also well aware of the bureaucratic mindset that tends to creep in once a preferred solution has been landed on. I just want some rationality to bring to the decision of whether to support iPhone. So far all I'm getting from our IT group is "It's not a budget line item, so unless you want to scrap the VOIP project it's not happening". The complete lack of proportionality evident in that response is what I'm trying to deal with.

    I'm not looking for an enterprise wide roll-out. I just want them to adopt the iPhone as a non-preferred solution, turn on the data pipe, enforce the necessary security policies and tell users that if they want one (a) they buy it themselves and (b) iPhone support will be limited to server side issues.

    Doesn't seem to be quite the same as a 1200 terminal VOIP project across 10 offices on 3 continents in my mind, but what do I know, I'm just a user.
  10. SHIFTLife macrumors 6502

    Jul 24, 2008
    That's only encryption in the transport of the data between your phone and the server.

    The iPhone does not support "full device encryption", where the BlackBerry does. The data on your iPhone isn't encrypted once it reaches the phone (i.e., not encrypted in memory). On a BlackBerry, that data is encrypted, so there's less risk of someone gaining access to the memory inside the device outside of normal channels.

    The remote device wipe feature is nice, however again, not all IT departments will know where to find it or how to use it. It also relies on the end user reporting the device loss/theft to the IT department in a timely manner. Most cell users don't use the PIN or password locking feature of their phone due to convenience. With the BlackBerry infrastructure, that option can be mandated, disallowing users from disabling it.

    I think you might have created some confusion here when you stated that you wanted to point at a similar sized enterprise that rolled out the iPhone and say "they did it, why can't you", that may have lead to the impression that you were looking for an enterprise roll out. I agree it's not the same as a huge VOIP project, but then again, I'm just an evil IT guy so what do I know? ;)
  11. steveza macrumors 68000


    Feb 20, 2008
    I think the only problem with the iPhone for corporates at the moment is the lack of policy support which Windows mobiles and BlackBerrys do have. I am in the opposite position of being a consultant trying to move my client from Blackberry Enterprise (700 devices) to an iPhone solution. Their main argument which is that they have a significant investment in BBs both from a device and license point of view. We have however reached a middle ground compromise where any users who ditch their BBs and switch to iPhones then they are no longer entitled to support for their mobile messaging. My client isn't under any sort of security compliance requirements so this approach is acceptable to them. IT departments that have to deal with secrecy issues and things like Sarbanes-Oxley regulations might not be so easily convinced.
  12. Echinda thread starter macrumors regular

    Apr 24, 2003
    You're just the guy I want to pick the brains of then. If you don't mind it would be very useful if you could let me know the following:

    Have you had any issues enforcing security policies on iPhones over ActiveSync? Or in other words, does security on the iPhone work as advertised here: http://www.apple.com/iphone/enterprise/integration.html

    How many man hours would be involved in gearing up to have 5 iPhones run as a test group?

    Are there any particular stumbling blocks you ran into when rolling out iPhones?

    Does syncing to Exchange act as advertised (other than mail, do calendar and contacts survive the sync intact)?

    Short answers, long answers, any answers are appreciated. Thanks in advance.
  13. Echinda thread starter macrumors regular

    Apr 24, 2003
    Hmm. That's not what Apple says (see link above). Are you thinking of pre-iPhone 2.0?
  14. TonyMil macrumors member

    Jul 21, 2008
    We aren't.
    It's a major undertaking to get new equipment and software to the users. We've been sitting on Office 2007 since it came out waiting for final approval to buy the licenses and roll it out. So far we've only be able to go live with Outlook/Exchange and that is a migration from Lotus.

    Believe me, a lot of us in the IT departments would love to see the iPhone along with many other pieces of equipment and software made available.
  15. steveza macrumors 68000


    Feb 20, 2008
    Indeed, but unfortunately my client extended their BB contract before the launch of 2.0. I still haven't had the opportunity to test 2.0 in with ActiveSync policies so I can't say if they apply the same way as on Windows mobiles.
  16. PoitNarf macrumors 65816


    May 28, 2007
    Northern NJ
    You have this functionality if you use the iPhone Configuration Utility. The following is available under the "passcode" section, and I'm pretty sure once you enable this it can't be taken off:

    • Require passcode on device
      Require passcode on device Enforce the use of a passcode before using the device​
    • Allow simple value
      Permit the use of character repetition (e.g. 'A4A4')
    • Require alphanumeric
      Restrict passcodes to numbers and letters​
    • Minimum passcode length
      Smallest number of passcode characters allowed​
    • Minimum number of complex characters
      Smallest number of non-alphanumeric characters allowed​
    • Maximum passcode age (in days)
      Days after which passcode must be changed​
    • Passcode lock (in minutes)
      Device automatically locks when time period elapses​
    • Maximum number of failed attempts
      Device cannot be unlocked once reached (no data loss)​

    While all of these are nice security features, without data encryption on the iPhone itself it doesn't put many hurdles in the way of someone who really knows what they're doing.
  17. stlblufan macrumors regular


    Jul 14, 2008
    New York City
    This is what the IT department of a major NY law firm had to say about iPhone support:

    "Recently, there has been significant news coverage of corporate e-mail
    support on the new iPhone 3G (and the original model with upgraded
    software). The Firm was selected as a beta site and has tested this
    feature extensively for the past few months. One of the most critical
    elements of our testing was the reliability of message delivery from the
    Firm e-mail system to the iPhone. Our experience has uncovered that
    e-mail delivery to the iPhone is not as reliable as delivery to a
    Blackberry, and that there are not yet sufficient tools for monitoring and
    supporting iPhone e-mail delivery.

    Based on the concern that unreliable e-mail delivery could negatively
    impact the critical issues of communication with and responsiveness to our
    clients, the Firm has determined not to support the iPhone for e-mail at
    this time. We will continue to work closely with Apple and Microsoft and
    monitor improvements in the iPhone integration with our e-mail system.
    Should it become a more viable option, we will reconsider its support in
    the future."

  18. tritonj macrumors 6502a

    Jun 12, 2008
    and what happens when they decide to support your 1 off product and it in turn brings down your mail system, i'm not saying it is going to happen and i don't think it would but those are things the IT director has to take into consideration, nothing is ever as simple and checking a check box or clicking a button. there is almost always something that will go wrong, and your IT director has to take that into consideration before making a change in the infrastructure, there has to be a roll back plan, and all that stuff

    you can't expect him to just do it on a whim simply because you and your 3 friends want it done, it is his job to make sure the day to day business operations run smoothly

    as for your earlier comments about IT not being a revenue stream, without IT you has no e-mail, phones, Excel, Word, all those nice databases you keep your contact info, etc. that you use everyday to conduct business, IT brings plenty of value to a company, and if you want an example look no further than WalMart, they are as successful as they are because of their IT, without their IT, they wouldn't be able to do half the things that they do. so go ahead and call IT people LAZY, and when you're calling them for support at 2:00am because you can't figure out where the "any key" is, and someone actually picks up the phone to help you, remember how little you think of them
  19. Echinda thread starter macrumors regular

    Apr 24, 2003
    Thanks. Not great news, but exactly the kind of info I was looking for.
  20. Echinda thread starter macrumors regular

    Apr 24, 2003
    Dude - read the headers. That wasn't me.
  21. PoitNarf macrumors 65816


    May 28, 2007
    Northern NJ
    or spellcheck ;)
  22. joneill55 macrumors 6502

    Sep 11, 2007
    Lazy mazy's.
  23. Echinda thread starter macrumors regular

    Apr 24, 2003
    You're right. I should have been clearer. I was looking for an enterprise roll-out so I could say "Look, they did 500. Why can't we test 5?"

    But I'm less jazzed about the whole idea now that I read what stlblufan passed along.

    This whole thing started because my bberry's scrollwheel is dying and I need to replace it. Ah, well. I guess I get a "Bold" then.
  24. joneill55 macrumors 6502

    Sep 11, 2007
    sory i dide knot spelll corectly for you you spellin nazi
  25. BlackMax macrumors 6502a


    Jan 14, 2007
    North Carolina
    I'm currently trying to get my company to pilot the 3G iPhone as an optional alternative to the BlackBerry. It would be a fairly easy implementation considering we currently have AT&T as our service provider for our BlackBerry devices and we have EAS implemented.

    The push back thus far, besides concerns over centralized management and security, has been the lack of MS Office Communicator (MSOC) support on the iPhone and the iPhone keypad.

    We use a MSOC client on our BlackBerry devices for chat, collaboration and presence and I've been asked if the iPhone can support the same functionality. Currently, I do not believe it does.

    A criticism of the iPhone keypad is that you can't really use it with your thumbs like you do a BlackBerry device. We've got hundreds of employees who have become very proficient at typing away on their BlackBerry keypads with their thumbs and there is a concern they will never be as efficient on the iPhone keypad as they are on the BlackBerry keypad.

    Another criticism of the iPhone keypad is that it has no tactile feedback like there is on a BlackBerry device where you are touching and pressing actual keys and this lack of tactile feedback would lead to more typing mistakes and a loss of typing efficiency.

    So I still have some challenges to overcome, but my hope is to get a few pilot 3G iPhone devices in-house, let some folks try them out first hand, see what they think and go from there.

Share This Page