Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPads, Active Directory, and the Enterprise

MacDann

MacDann

macrumors 6502a
Original poster
Mar 27, 2007
888
246
Can see the end of the Earth from here
I have been charged with writing a proposal to adopt iPads into our enterprise environment that is currently 100% Windows (Primarily XP but slowly migrating to Windows 7.)

This is a K-12 education environment, and the proposed adoption is for student use.

We currently use Active Directory for authentication, control and management of our hardware and user accounts.

As I look over the documentation from Apple in their business white papers, I see mention of the use of certificates, but little or nothing relating to Active Directory.

If anyone here is currently using an iPad in an AD environment, I would like to hear about their experiences. I have people on staff who are familiar with the use of certificates, so I don't see that being a problem. What does concern me is the security aspect, especially authentication and the control of devices and updates that we currently perform through the use of group policies and AD.

Thanks in advance for the help,

MD
 
The iPad is a standalone device. There isn't a way to tie it into a proprietary directory service like active directory.

Once the user has access to the UI they have complete control of the device unless you have apps and such allow the use of passwords. Again those passwords will be single user.

You can use some functions of LDAP and tie that in with MS LDAP for basic directory services but nothing as holistic as AD and group policy management. Your only safety would be using content filtering appliances, firewalls, and keeping the iPad infrastructure isolated from the enterprise core aside from certain ports and protocols.
 
Based on what I have been able to determine at this point, you have confirmed my fears. With no multiple user capabilities, nor the ability to authenticate through AD, these things are going to be a real handful to manage. Granted, they are being proposed to be deployed at one site only, which would make management a *little* easier, the problems created by these issues is really going to to make then a totally separate environment, or so it would seem.

Thanks a bunch - you have aggregated a lot of issues into one document.

MD


tunerX said:
The iPad is a standalone device. There isn't a way to tie it into a proprietary directory service like active directory.

Once the user has access to the UI they have complete control of the device unless you have apps and such allow the use of passwords. Again those passwords will be single user.

You can use some functions of LDAP and tie that in with MS LDAP for basic directory services but nothing as holistic as AD and group policy management. Your only safety would be using content filtering appliances, firewalls, and keeping the iPad infrastructure isolated from the enterprise core aside from certain ports and protocols.
Click to expand...
 
If you are using ActiveSync to sync your IPad devices to a corporate Exchange email system, you will need to enable the users in Active Directory to complete the sync.

In addition, you can require user account credentials if you are connecting to a corporate wireless infrastructure.
 
iPad / Active Directory integration now available

I just noticed that there is a new free offering out there called Centrify Express for mobile that integrates iPads and iPhones into Active Directory (ie they join the domain like a Win or Mac system) and you get AD authentication, group policies for iOS settings, use ADUC to wipe/lock devices, etc. You might want to check it out here https://www.centrify.com/mobile/free-mobile-device-security-management.asp .... I read about it on cultofmac here http://www.cultofmac.com/146569/cen...windows-it-pros-and-does-it-for-free-feature/
 
Have no fear. Use an MDM provider like Mobile Iron or Airwatch which talks to your AD. Close down your exchange and wireless so they need certificate-level authentication and push the certificates via MDM.

Works great for the 8000+ iDevices my company has deployed.
 
Bankerts said:
Have no fear. Use an MDM provider like Mobile Iron or Airwatch which talks to your AD. Close down your exchange and wireless so they need certificate-level authentication and push the certificates via MDM.

Works great for the 8000+ iDevices my company has deployed.
Click to expand...

Do you or your company have any documentation for setting this up? We are exploring this and are not sure how to proceed.
 
We used Ipad in our environment (Car sells)

They go into the backyard with the customer, then from WIFI they RDP into the server to calculate the price in from of the client
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back