July 06, 2010, 8:00 AM — Setting both my Clara Pellerism, and the iPhone 4 reception/antenna 'problem' aside, (given that I know more about RF than the average bear, I'm somewhat less worked up about the results of basic physics than your typical gadget site), there is, for me at least a far more pressing problem: Where are the updated versions of the iPhone Configuration Utility and the iOS configuration/management docs?
iOS 4 and the iPhone 4 both have considerable enhancements over earlier versions, and as those of us at the recent Apple WWDC learned, those enhancements apply to management. But, right now, almost none of the documentation on iPhone deployment has been updated for iOS4, and the iPhone Configuration Utility is still left on version 2.2, which came out for iOS 3.X. The only updated documentation I can find is Over-the-Air Profile Delivery and Configuration, on Apple's iPhone developer site. (You don't need to be an iPhone developer to access this link, it's publicly available.)
However, this is not something for one of Apple's larger markets, K-12 districts, who rely heavily on "it just works". As the document itself says:
This document assumes a basic knowledge of Ruby programming, XML, property lists, the iPhone Configuration Utility, and OpenSSL.
. Even worse, if you read the docs, you quickly realize that you can't really set up a full-on OTA approach with SCEP, (Simple Certificate Enrollment Protocol), on Apple hardware with Mac OS X Server. From the "Creating a Profile Server for Over-The-Air Enrollment and Configuration" section:
The process of enrollment requires deployment of standard x.509 identity certificates to iPhone users. To do this, you will need a CA (certificate authority) to issue the device credentials using the Simple Certificate Enrollment Protocol (SCEP).
Cisco IOS and Microsoft Server 2003 (with the add-on for certificate services) both support SCEP. There are also a number of hosted PKI services that support SCEP, such as Verisign, Entrust, and RSA. For links to PKI, SCEP, and related topics read the “See Also” section in “Introduction.”
So, to set up an OTA enrollment configuration system, using Apple's protocol of choice, SCEP, you either have to have Cisco hardware, (and the knowledge of how to set up SCEP on said hardware, then the background to apply the info in Apple's documentation to said setup), or, you have to set up bloody Windows Server to do it. Even sillier, Apple's documentation talks about Windows Server 2003. Guys, it's 2010. Microsoft has just released Exchange 2010. You're almost two generations behind, in terms of Windows Server. I suppose I should be properly grateful that you aren't still talking about NT4 or Windows 2000, but, this is just a bit ridiculous.
Of course, it's even more ridiculous when you realize that as of right now, there's no way that I know of to do this from Apple hardware and Apple server operating systems. This may get better in the next version of Mac OS X Server, but guess what? We have to manage these things now. Not in a year or so. Now. What do the people with Mac OS X Server who don't have Cisco gear or Windows Server 2003 do? How do they manage their setups? "Oh, just buy, install, and learn how to run Windows/Cisco gear, and if you are going the Windows route, you have to use an old version of Windows, and set up an Active Directory infrastructure"? Seriously?
Then there's the iPhone Configuration Utility. I've already discovered some problems with it, and iOS4, especially with regard to intermediate certificates. They install fine on iOS 3.X, but fail on iOS 4. Why? I don't know. You don't get a lot of info beyond "couldn't install cert, FAIL" from the process.
Both the iPhone 4 and iOS 4 have been out for more than a couple of days now. There's really no excuse for this lack of good documentation in terms of managing them. It's even worse when you realize that Apple has been pushing SCEP since the last WWDC, you know, the one that happened just before Mac OS X 10.6 and Mac OS X 10.6 Server were released. In all that time, Apple has decided to do...well, what is essentially nothing to assist those IT people supporting iOS and devices that run it in setting up OTA configuration setups, (beyond hacktacular setups that use Apache to let people download and install profiles, a spectacularly tedious and manual process). There's been nothing done to use Mac OS X Server as a SCEP server. There's been nothing from Apple at all. In fact, the best thing I've seen comes from a Windows Admin. I think it's a bit ridiculous that to set up Apple devices, you need Windows, or rather pricely network security appliances.
I understand that documentation is time-consuming, expensive, and has no obvious ROI. It's also absolutely critical, and Apple's tardiness in providing proper IT-level documentation for this product is nigh-unacceptable.