My IT Department's response to the iPhone

[surferfromuk]

It was really easy for me to get my IT department to configure my MB (Entourage) and iphone (IMAP) to work with Exchange - I reminded them who does payroll. I even have the Remote Desktop beta up and running (so I could do payroll on vacation ).

I won't bother them for ActiveSync, though. I'm connected enough without getting email every second. I can't imagine they will let anyone else have it, either. Poor guys do spend a crazy amount of time supporting laptops and Windows Mobile devices, and Exchange administration is a PITA.

check out cord for remote desktop...it's great...

http://cord.sourceforge.net/

Do you vpn into the exchange server ? It drives our PC guys nuts when they see how quick and easy it is on the mac to pptp into an exchange server...

 

[rjohnstone]

What? The iPhone just uses Exchange...

That's nice, but we use Notes.

Like I said, this was "my" companies reasoning.

 

[diamond.g]

2 words Sarbanes-Oxley. there are strict rules in place that must be followed now you can't simply make a major change to the IT infrastructure on a whim anymore, if the auditors come and they ask to see the paper trail and you don't have it you risk failing an audit and getting fined. and there is personal liability here for certain executives, so those executives will be really upset with you if you caused them to get fined.

I am not aware of any SOX rules that affect installing and buying of IT equipment. Is there anything you can point me to?

 

[TonyHoyle]

Hell, we're a company of 5 people and we won't be doing it. Activesync would require opening 6 ports directly to a server on the internal domain.. which aint gonna happen.

Also it would require an upgrade from Exchange 2000 to 2007, which just isn't going to happen either on both cost and feasability grounds.

So it doesn't surprise me one bit that companies won't do it. It's *not* a trivial thing you're asking for.

OTOH we're mostly a mac shop these days and forwarding important stuff to a mobileme account is probably the way to go.

 

[BongoBanger]

The whole "walled garden, enterprise app" arguement is BS... A corporate developer's license allows the company to build and sign any app they want for the $199 digital signature license key thing. At that point, any "corporate signed" iPhone can run ANY corporate signed app.

Provided Apple actually allow it to be sold. Hence the walled garden.

 

[gnasher729]

Provided Apple actually allow it to be sold. Hence the walled garden.

He is talking about the corporate license. Company XYZ can buy a corporate license for $299. With that, they can turn iPhones into XYZ company iPhones, and install any application written by the XYZ company on all those iPhones. They also get complete control over those iPhones, like being able to erase the iPhone remotely if it is lost or stolen. Once XYZ has their corporate license, they can do with it what they want, with no interference from Apple at all.

 

[rdowns]

My IT dept. told me no way they'd let iPhones access email. Hell, I'm just a lowly VP. When I convinced an Exec. VP and CEO to get one, IT was knocking on my door to set it up. Needless to say, they'll be supporting push email very soon.

 

[tritonj]

I am not aware of any SOX rules that affect installing and buying of IT equipment. Is there anything you can point me to?

i'm not talking about buying equipment or even installing equipment. SOX requires that you setup policies and procedures, for everything from e-mail retention, disaster recovery, backup strategy, external access, etc. and adding the ability to connect an iPhone to an Exchange server would certainly qualify as a change in the network infrastructure. since you may or may not have to open up ports in the firewall, buy a certificate, regulate who has access to the service, etc. so you would have to follow the policies and procedures that are laid out for those things.

so while there isn't a rule against connecting an iPhone to an Exchange server there are a bunch of other things that have to be considered before it can be done

 

[BongoBanger]

He is talking about the corporate license. Company XYZ can buy a corporate license for $299. With that, they can turn iPhones into XYZ company iPhones, and install any application written by the XYZ company on all those iPhones. They also get complete control over those iPhones, like being able to erase the iPhone remotely if it is lost or stolen. Once XYZ has their corporate license, they can do with it what they want, with no interference from Apple at all.

Can you link me to that because I don't think that's the case:

From the SDK blurb:

Users can download free applications at no charge to either the user or developer, or purchase priced applications with just one click. Enterprise customers will be able to create a secure, private page on the App Store accessible only by their employees. Apple will cover all credit card, web hosting, infrastructure and DRM costs associated with offering applications on the App Store. Third party iPhone and iPod touch applications must be approved by Apple and will be available exclusively through the App Store.

So companies can have a private page but their apps still have to be approved by Apple and distributed through iTunes.

 

[Eraserhead]

That's nice, but we use Notes.

Looks like that is coming to the iPhone too (source).

Hell, we're a company of 5 people and we won't be doing it. Activesync would require opening 6 ports directly to a server on the internal domain.. which aint gonna happen.

How does that fit with this then:

It is a fairly easy setup with Exchange server 2003. There are a number of sites online with the walkthrough for admins. I have personally set it up for 3 or 4 of my clients to access using their windows mobile client devices using active sync. Once setup properly you just put the server address in and the username and password and voila! There is no additional cost or licensing. No additional ports to open either. It might take a half hour tops to configure on the server, then 5 mins on each device. Easy Cheesy.

Emphasis mine.

EDIT:
I'd like to add that any IT department making a final decision on the 3G iPhone before July 11th are a bunch of fools. You don't know exactly how it'll work until the fat lady sings so why bother trying?

 

[Phil A.]

Hell, we're a company of 5 people and we won't be doing it. Activesync would require opening 6 ports directly to a server on the internal domain.. which aint gonna happen.

Also it would require an upgrade from Exchange 2000 to 2007, which just isn't going to happen either on both cost and feasability grounds.

So it doesn't surprise me one bit that companies won't do it. It's *not* a trivial thing you're asking for.

OTOH we're mostly a mac shop these days and forwarding important stuff to a mobileme account is probably the way to go.

Same here, but what we did was go for a hosted exchange service instead (complete with ActiveSync). That way, someone else gets the headaches of supporting Exchange and we just get our e-mail

 

[diamond.g]

i'm not talking about buying equipment or even installing equipment. SOX requires that you setup policies and procedures, for everything from e-mail retention, disaster recovery, backup strategy, external access, etc. and adding the ability to connect an iPhone to an Exchange server would certainly qualify as a change in the network infrastructure. since you may or may not have to open up ports in the firewall, buy a certificate, regulate who has access to the service, etc. so you would have to follow the policies and procedures that are laid out for those things.

so while there isn't a rule against connecting an iPhone to an Exchange server there are a bunch of other things that have to be considered before it can be done

That is just it, I know there are various governmental requirements for the stuff you are talking about but never had I heard of SOX requiring that stuff. I thought SOX was all about finances. Which unless you are making changes to a financial system none of this exchange stuff should have any bearing on. I was just asking where I can find this policy on the things you listed.

 

[tritonj]

That is just it, I know there are various governmental requirements for the stuff you are talking about but never had I heard of SOX requiring that stuff. I thought SOX was all about finances. Which unless you are making changes to a financial system none of this exchange stuff should have any bearing on. I was just asking where I can find this policy on the things you listed.

well because nowadays everything on a computer SOX kinda gets in the back door so to speak in regards regulating parts of IT. so if all finances were still done on paper then SOX would have no bearing on IT. but since IT is central to just about every business then there is no way around it. telephones aren't even important anymore, e-mail has replaced it in a business, if e-mail went down, operations would almost come to a halt, while if phones went down business continues. wasn't true a few years back but nowadays everything goes around e-mail

 

[Eraserhead]

^^

Just because business uses email and computers a lot doesn't mean there is a financial reasons to document changes to the IT system.

 

[tritonj]

^^

Just because business uses email and computers a lot doesn't mean there is a financial reasons to document changes to the IT system.

so keeping the financials secured isn't a good reason to document IT system changes?

 

[Eraserhead]

so keeping the financials secured isn't a good reason to document IT system changes?

Well obviously you should document changes. But that doesn't have to be done in a formal manner and doesn't have anything to do with the SOX legislation.

 

[Requiemm]

As someone who managed a fleet of Blackberrys, Treos and other Windows Mobile devices through OWA, BES and Goodlink, I felt I might enter the fray.

Ask your IT people if anyone in your company syncs a windows mobile device over the air. If they do, then the iPhone will sync without any other work. From all reports, the iphone will sync through activesync just like a Windows mobile device.

At ACC (American College of Cardiology), our WM devices connected through activesync in the following manner:

Server name: owa.acc.org
Username: clloyd
Password: xxxxxx

Just adding a bit to the stew.....

 

[marksman]

I am not aware of any SOX rules that affect installing and buying of IT equipment. Is there anything you can point me to?

LOL. What is this world coming to when everyone blames everything on SOX.

It is the dumbest excuse ever. Apple's mis-use of it is wrong, and there is nothing that keeps you from throwing up an infrastructure for IT willy-nilly.

Why do people come up with this stuff?

 

[tritonj]

Well obviously you should document changes. But that doesn't have to be done in a formal manner and doesn't have anything to do with the SOX legislation.

well how else do you document if not in a formal manner? on a cocktail napkin perhaps?

http://en.wikipedia.org/wiki/Inform...controls_and_the_Sarbanes-Oxley_Act_.28SOX.29

take a look at the IT section, it isn't as informal as you think, i've gone through enough of these audits to know that it is very serious and if an auditors asks for documentation on a change and you don't have it, it does not look good. but this is getting a bit off topic now
--

back to the topic at hand, there nothing that prevents a company from implementing active sync for any device that will accept it. but if the company doesn't already do it and has to set it up, then depending on the types of policies/prodcedures they have already established, this can either be a very easy or difficult task

 

[2002cbr600f4i]

Provided Apple actually allow it to be sold. Hence the walled garden.

WRONG....

The ENTERPRISE developer license gives you ALL the tools and license to deploy corporate developed apps on Corporate digitally signed iPhones. That's the whole point of the "Enterprise" desitribution. You don't have to do it through the App Store.


Taken from: http://developer.apple.com/iphone/program/


"Enterprise Program $299

The Enterprise Program is for developers who are creating proprietary, in-house applications for iPhone and iPod touch."

 

[marksman]

i'm not talking about buying equipment or even installing equipment. SOX requires that you setup policies and procedures, for everything from e-mail retention, disaster recovery, backup strategy, external access, etc. and adding the ability to connect an iPhone to an Exchange server would certainly qualify as a change in the network infrastructure. since you may or may not have to open up ports in the firewall, buy a certificate, regulate who has access to the service, etc. so you would have to follow the policies and procedures that are laid out for those things.

so while there isn't a rule against connecting an iPhone to an Exchange server there are a bunch of other things that have to be considered before it can be done

SOX relates to accounting practices. While some IT functions may fall under the scope as they DIRECTLY relate to managing a companies accounting, I don't see how an e-mail system would have any relevancy or impact because of that.

 

[tritonj]

SOX relates to accounting practices. While some IT functions may fall under the scope as they DIRECTLY relate to managing a companies accounting, I don't see how an e-mail system would have any relevancy or impact because of that.

if a company keeps some sort of financial information in a spreadsheet, whether it be inventory, projections, etc, and the way they distribute is through e-mail of the use of a public folder, then wouldn't it fall into SoX? so now the financial information is on the e-mail server so access to that system has to be controlled, while it probably already had controls based on other normal IT practices there is now a SoX element to it, as well, albeit indirectly.


SoX does not directly regulate anything in IT, because every company is different and does things differently, they do not legislate practices either, but what they do tell you is here are the rules, and you get figure out how they apply to you.

 

[gkarris]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420.1 (KHTML, like Gecko) Version/3.0 Mobile/4A102 Safari/419.3)

Ours is Blackberry also. It's cheaper per user compared to Exchange Mobile.

I did overhear an SVP that he's getting an iPhone so I assume the company will get the few higher-ups Exchange Mobile licenses.

I am also pretty sure you have to have a device license for each iPhone (or active sync device). This is in addition to each user/mailbox license. Or at least I am pretty sure that is the case with Exchange 2007.

It is a fairly easy setup with Exchange server 2003. There are a number of sites online with the walkthrough for admins. I have personally set it up for 3 or 4 of my clients to access using their windows mobile client devices using active sync. Once setup properly you just put the server address in and the username and password and voila! There is no additional cost or licensing. No additional ports to open either. It might take a half hour tops to configure on the server, then 5 mins on each device. Easy Cheesy.

Actually, that would depend on the license type you have from Microsoft. The Gates-Ballmer Company charges our company per mobile device and per month on Active Sync (I understand it's called "Exchange Mobile").

I tried setting someone up with a T-Mobile Dash with the Exchange Server settings - didn't work. I called our Data Center and they said she has to use a Blackberry. We don't have any Exchange Mobile licenses.

Blackberry Enterprise Mobile is much cheaper....

 

[diamond.g]

well because nowadays everything on a computer SOX kinda gets in the back door so to speak in regards regulating parts of IT. so if all finances were still done on paper then SOX would have no bearing on IT. but since IT is central to just about every business then there is no way around it. telephones aren't even important anymore, e-mail has replaced it in a business, if e-mail went down, operations would almost come to a halt, while if phones went down business continues. wasn't true a few years back but nowadays everything goes around e-mail

well how else do you document if not in a formal manner? on a cocktail napkin perhaps?

http://en.wikipedia.org/wiki/Inform...controls_and_the_Sarbanes-Oxley_Act_.28SOX.29

take a look at the IT section, it isn't as informal as you think, i've gone through enough of these audits to know that it is very serious and if an auditors asks for documentation on a change and you don't have it, it does not look good. but this is getting a bit off topic now
--

back to the topic at hand, there nothing that prevents a company from implementing active sync for any device that will accept it. but if the company doesn't already do it and has to set it up, then depending on the types of policies/prodcedures they have already established, this can either be a very easy or difficult task

Thanks for the links. Of course since I deal in government IT systems I guess I wouldn't run into the SOX stuff that you guys have to deal with (or at least I haven't yet).

Exchange 2007 licensing is more convoluted than 2003. From what I can tell you need to have a standard and enterprise license for full control of your active sync clients. But it doesn't look like you actually need a separate license for each user and device. I will have to give MS a ring on it in the morning, not that I can implement the iPhone (or any mobile device for that matter) as I work on classified systems, but just as a good to know kind of thing.

 

[tritonj]

Thanks for the links. Of course since I deal in government IT systems I guess I wouldn't run into the SOX stuff that you guys have to deal with (or at least I haven't yet).

Exchange 2007 licensing is more convoluted than 2003. From what I can tell you need to have a standard and enterprise license for full control of your active sync clients. But it doesn't look like you actually need a separate license for each user and device. I will have to give MS a ring on it in the morning, not that I can implement the iPhone (or any mobile device for that matter) as I work on classified systems, but just as a good to know kind of thing.

i don't envy you, i'll bet the regulations you have to deal with are insane, i did work for a government contractor and we couldn't even hold open doors for people, unless we saw their badges or knew who they were and knew for a fact they were allowed into that building, each person always had to swipe their card to get in and out