Index
A
ADCS (Active Directory Certificate Services) role, 127–128
Advanced settings, Configuration Profiles
section, iPCU, 49
Afaria (Sybase), 114
Amazon’s S3 service, 91
AnyConnect settings, Cisco, SCEP implementation, 138–139
Apple Push Notification Certificate
MDM (Mobile Device Management), 169–170
Apple Push Notification Server, 168
Apple Push Notification Service, 150
AppleScript
basics, 64
configuration profile class, 66–75
dictionary, 65
display dialog/dialog reply, 70–71
elements, 66–67
properties, 66–75
records, 66–73
repeat loops, 73
resources, 64
script editors, 65
scripting iPCU, 65–76
restrictions payload, 67, 69, 71, 75
theProfile, 66–76
user names, 68–75
AppleScript Editor (Mac OS X 10.6), 65
AppleScriptObjC and Cocoa APIs, 58
AppleScript Users’ email list, 64
Apple Training Series: AppleScript 1-2-3, 64
applications
iTunes, 5
MDM (Mobile Device Management), 162–163
OTA (over-the-air) distribution, 96
wireless distribution
App Store issues, 220
developer issues, 219
with MDM (Mobile Device Management), 206–213, 218
with web servers, 194–200, 201, 218
Applications section, iPCU, 15–16, 25–27
App Store products
versus enterprise apps, 19
removing, 27
wireless app distribution
issues, 220
managing, 212–213
ASA devices, Cisco, SCEP implementation, 137, 140
authentication, SCEP, 102–103
B–C
Bucket Explorer (S3 service), 91
CA (Certificate Authority), 60
CalDAV
Configuration Profiles section, iPCU, 44
iTunes, 7
calendars
syncing with iTunes, 6–7
CardDAV
Configuration Profiles section, iPCU, 45
iTunes, 7
MDM (Mobile Device Management), 161
Casper (JAMF Software)
MDM (Mobile Device Management), 113, 116–117, 176–182
Apple Push Notification Certificate, 179
email settings, 178
initial enrollment profile, 182
LDAP (Lightweight Directory Access Protocol), 176–177
Mac OS X Server 10.6, 113–118, 172–175
SCEP (Simple Certificate Enrollment Protocol) server, 113–118, 180–181
wireless app distribution
initial setup, 206–207
installing apps, 208–209
managing App Store apps, 212–213
updating apps, 210–211
certificates
Apple Push Notification Certificate, 114, 169–170
CA (Certificate Authority), 60
CSR (certificate signing request), 103–106
MDM (Mobile Device Management), 162–163
SCEP (Simple Certificate Enrollment Protocol), 103–106
Mac OS X Server 10.6, 112
Mac OS X Server 10.7, 119–123
Windows Server 2008, 126–130
Cheeseman, Bill, 64
Cisco
IOS (Internetwork Operating System) versus iOS, 135
SCEP implementation
AnyConnect settings, 138–139
overview, 137
testing, 141
Cocoa APIs, 58
configuration profiles
AppleScript programming language
basics, 64
configuration profile class, 66–75
dictionary, 65
display dialog/dialog reply, 70–71
elements, 66–67
iPCU scripting, 65–76
iPCU scripting, CalDAV payload, 68–69, 72, 75
iPCU scripting, email payload, 68–69, 71, 75
iPCU scripting, restrictions payload, 67, 69, 71, 75
properties, 66–75
records, 66–73
repeat loops, 73
resources, 64
script editors, 65
theProfile, 66–76
user names, 68–75
disadvantages, 146
installing
email method, 84–87
tethered method, 82–83
MDM (Mobile Device Management), 149–150
CardDAV, 161
inventory, 162–163
with MDM versus without MDM, 160
.mobileconfig file
basics, 52–54
NSData blob, 58
payload sections, 55–58
OTA (over-the-air) distribution
with SCEP, 100–107
from web servers, Amazon’s S3 service, 91
from web servers, server setup, 92–93
signing/encrypting profiles, 60
Configuration Profiles section, iPCU, 15–17
Advanced settings, 49
CalDAV settings, 44
CardDAV settings, 45
Credentials settings, 48
EAS (Exchange ActiveSync) settings, 38–40
Email settings, 37–38
General settings, 30–32
LDAP (Lightweight Directory Access Protocol) settings, 41–43
MDM (Mobile Device Management) settings, 49
Passcode settings, 33
Restrictions settings, 34
SCEP (Simple Certificate Enrollment Protocol) settings, 48
VPN settings, 36
Web Clips settings, 47
Wi-Fi settings, 35
CardDAV/LDAP, 7
CardDAV settings, 45
syncing with iTunes, 6–7
Credentials settings, Configuration Profiles section, iPCU, 48
CSR (certificate signing request), 103–106
D
data storage on personal devices
encryption recommended, 5
security risks, 4
<dict></dict> blocks, 53–54, 59
distribution profiles, 24
E
EAS (Exchange ActiveSync) settings, Configuration Profiles section, iPCU, 38–40
Casper, 178
email payload, scripting iPCU, 68–69, 71, 75
Email settings, Configuration Profiles section, iPCU, 37–38
installing configuration profiles, 84–87
syncing with iTunes, 6–7
Enterprise Deployment Guide, 57
Exchange ActiveSync (EAS) settings, Configuration Profiles section, iPCU, 38–40
F–H
firewall planning, MDM (Mobile Device Management), 168
General settings Configuration Profiles section, iPCU, 30–32
Gmail and Path Prefix settings, 38
Good, 114
Google’s Exchange ActiveSync, 38
I
IIS (Internet Information Services), 127, 129
IMAP
Configuration Profiles section, iPCU, 39–40
versus POP standards, 39–40
iTunes, 7–8
iOS Developer Enterprise Program, registration of devices, 20
iOS versus IOS Cisco (Internetwork Operating System), 135
iPad
IMAP versus POP standards, 8
profiles, installing, 83
iPCU (iPhone Configuration Utility)
Applications section, 15–16
applications, installing/uninstalling, 25–27
App Store products, removing, 27
App Store products, versus enterprise apps, 19
Configuration Profiles section, 15–17
Advanced settings, 49
CalDAV settings, 44
CardDAV settings, 45
Credentials settings, 48
EAS (Exchange ActiveSync) settings, 38–40
Email settings, 37–38
General settings, 30–32
LDAP (Lightweight Directory Access Protocol) settings, 41–43
MDM (Mobile Device Management) settings, 49
Passcode settings, 33
profiles, installing, 82–87
profiles, locking, 188
profiles, scripting with AppleScript, 63–76
Restrictions settings, 34
SCEP (Simple Certificate Enrollment Protocol) settings, 48
VPN settings, 36
Web Clips settings, 47
Wi-Fi settings, 35
installing/uninstalling apps and profiles, 25–27
uploading multiple devices, 22–24
disadvantages, 146
versus iTunes device management, 13
platforms supported, 14
Provisioning Profiles section, 15
applying distribution profiles, 24
installing provisioning profiles, 21, 25–27
resources, 14
summary section, 15
iPhone
IMAP versus POP standards, 8
manual device settings, 9
NDES/Windows Server 2008 problem, 128
iPhone Business Resources page (Apple.com), 14
iPhone Configuration Utility (iPCU)
Applications section, 15–16
applications, installing/uninstalling, 25–27
App Store products, removing, 27
App Store products, versus enterprise apps, 19
Configuration Profiles section, 15–17
Advanced settings, 49
CalDAV settings, 44
CardDAV settings, 45
Credentials settings, 48
EAS (Exchange ActiveSync) settings, 38–40
Email settings, 37–38
General settings, 30–32
LDAP (Lightweight Directory Access Protocol) settings, 41–43
MDM (Mobile Device Management)
settings, 49
Passcode settings, 33
profiles, installing, 82–87
profiles, locking, 188
profiles, scripting with AppleScript, 63–76
Restrictions settings, 34
SCEP (Simple Certificate Enrollment Protocol) settings, 48
VPN settings, 36
Web Clips settings, 47
Wi-Fi settings, 35
installing/uninstalling apps and profiles, 25–27
uploading multiple devices, 22–24
disadvantages, 146
versus iTunes device management, 13
platforms supported, 14
Provisioning Profiles section, 15
applying distribution profiles, 24
installing provisioning profiles, 21, 25–27
resources, 14
summary section, 15
iPhone Support—Enterprise page (Apple.com), 14
iTunes
application management, 5
data storage on personal devices
encryption recommended, 5
security risks, 4
device management, 5–8
versus iPCU, 13
limitations, 4
manual device settings, 9
device summary settings, 5
OTA (over-the-air) connections unavailable, 4
SMB (small-to-medium businesses) configuration, 4
SOHO (small office/home office) configuration, 4
syncing
calendar and contacts accounts, 6–7
email accounts, 6–7
USB connection, 4
J
JAMF Software’s Casper
MDM (Mobile Device Management), 113, 116–117, 176–182
Apple Push Notification Certificate, 179
email settings, 178
initial enrollment profile, 182
LDAP (Lightweight Directory Access Protocol), 176–177
Mac OS X Server 10.6, 113–118, 172–175
SCEP (Simple Certificate Enrollment Protocol) server, 113–118, 180–181
wireless app distribution
initial setup, 206–207
installing apps, 208–209
managing App Store apps, 212–213
updating apps, 210–211
JSS Setup Utility, 181
k–L
keys, PKI (Public Key Infrastructure), 107
LANRev. See Absolute Manage
Late Night Software’s Script Debugger, 65
LDAP (Lightweight Directory Access Protocol)
Casper, 176–177
Configuration Profiles section, iPCU, 41–43
iTunes, 7
M
Mac OS X Server 10.6
MDM (Mobile Device Management), 172–175
SCEP (Simple Certificate Enrollment Protocol), 112–113
Mac OS X Server 10.7
MDM (Mobile Device Management), 171
SCEP (Simple Certificate Enrollment Protocol), 119–123
wireless app distribution, 206
MacScripter, 64
MDM. See Mobile Device Management
.mobileconfig file
basics, 52–54
NSData blob, 58
payload sections, 55–58
scripting with AppleScript, 64–76
signing and encrypting, 60
Mobile Device Management (MDM)
advantages, 154
Apple Push Notification Service, 150
Apple Push Notification Certificate, 179
email settings, 178
initial enrollment profile, 182
LDAP (Lightweight Directory Access Protocol), 176–177
Mac OS X Server 10.6, 172–175
SCEP server, 180–181
complexity, 186–187
configuration profiles, 149–150
CardDAV, 161
device inventory/information-gathering, 162–163
locking, 188
with MDM versus without MDM, 160
initial enrollment, 148
iPCU, Configuration Profiles section settings, 49
overview, 147
passcodes, 155–160
servers
advantages/disadvantages of running own server, 166
Apple Push Notification Certificate, 169–170
Apple Push Notification Server, 168
Casper, 176–182
firewall planning, 168
Mac OS X Server 10.6, 172–175
Mac OS X Server 10.7, 171
size, 167
Windows Server 2008, SCEP implementation, 129–131
wireless app distribution
infrastructure considerations, 218
initial setup, 206–207
installing apps, 208–209
managing App Store apps, 212–213, 220
updating apps, 210–211
N–O
NDES (Network Device Enrollment Service), 127–128
NSData blob, 58
Objective-C and Cocoa APIs, 58
Open Directory implementation, 122–123
OTA (over-the-air) distribution
applications, 96
configuration profiles
with SCEP, 100–107
from web servers, Amazon’s S3 service, 91
from web servers, server setup, 92–93
disadvantages, 146
unavailable, 4
P–Q
passcodes
MDM (Mobile Device Management), 155–160
Passcode settings, Configuration Profiles section, iPCU, 33
Path Prefix and Gmail settings, 38
PayloadDescription key, 54
PayloadRemovalDisallowed, 53–54
Payload UUID (universally unique Identification) number, 53–55, 57
PKI (Public Key Infrastructure), 107
POP versus IMAP standards
Configuration Profiles section, iPCU, 37
iTunes, 7–8
private keys, 107
Profile Manager service, Mac OS X Server 10.7
SCEP (Simple Certificate Enrollment Protocol), 119, 122–123
wireless app distribution, 206
provisioning profiles
wireless apps, 206–207
provisioning portal, 20–21, 206
registering devices, 195
iOS Developer Enterprise Program, 20, 195
iOS Developer Program, 20
Provisioning Profiles section, iPCU, 15
applying distribution profiles, 24
installing provisioning profiles, 21
Public Key Infrastructure (PKI), 107
public keys, 107
Python and Cocoa APIs, 58
R
registering devices, 195
iOS Developer Enterprise Program, 20, 195
iOS Developer Program, 20
RemovalPassword key, 54
Restrictions settings, Configuration Profiles section, iPCU, 34
Ruby and Cocoa APIs, 58
S
S3 service (Amazon), 91
SCEP (Simple Certificate Enrollment Protocol)
background and basics, 100–101
Casper, 113–118
Cisco
AnyConnect settings, 138–139
overview, 137
testing, 141
authentication, 102–103
certificate enrollment, 103–106
disadvantages, 146
iPCU, Configuration Profiles section settings, 48
Mac OS X Server 10.6, 112–113
Mac OS X Server 10.7, 119–123
OpenSCEP, 113
security difficulty, 136
SSL (Secure Sockets Layer), 136
Windows Server 2008
Absolute Manage, 129–131
ADCS (Active Directory Certificate Services) role, 127–128
Certification Authority, 127
IIS (Internet Information Services), 127, 129
MDM (Mobile Device Management) server, 129–131
NDES (Network Device Enrollment Service), 127–128
SCEP (Simple Certificate Enrollment Protocol) server, Casper, 180–181
Script Debugger (Late Night Software), 65
Script Editor (Mac OS X early versions), 65
Simple Certificate Enrollment Protocol (SCEP)
background and basics, 100–101
Casper, 113–118
Cisco
AnyConnect settings, 138–139
overview, 137
testing, 141
configuration profiles
authentication, 102–103
certificate enrollment, 103–106
disadvantages, 146
iPCU, Configuration Profiles section settings, 48
Mac OS X Server 10.6, 112–113
Mac OS X Server 10.7, 119–123
OpenSCEP, 113
security difficulty, 136
SSL (Secure Sockets Layer), 136
Windows Server 2008
Absolute Manage, 129–131
ADCS (Active Directory Certificate Services) role, 127–128
Certification Authority, 127
IIS (Internet Information Services), 127, 129
MDM (Mobile Device Management) server, 129–131
NDES (Network Device Enrollment Service), 127–128
SMB (small-to-medium businesses) configuration, 4
Soghoian, Sal, 64
SOHO (small office/home office) configuration, 4
Standard Additions, 65
display dialog/dialog reply, 70–71
Sybase’s Afaria, 114
syncing with iTunes
calendar and contacts accounts, 6–7
email accounts, 6–7
T–V
tethered installation of configuration profiles, 82–83
USB connection, 4
uuidgen utility, 53–54
UUID (universally unique identification) numbers, 53–54
VPN settings, Configuration Profiles section, iPCU, 36
W–Z
Web Clips settings, Configuration Profiles section, iPCU, 47
Wi-Fi settings, Configuration Profiles section, iPCU, 35
Windows Server 2008, SCEP implementation
Absolute Manage, 129–131
ADCS (Active Directory Certificate Services) role, 127–128
Certification Authority, 127
IIS (Internet Information Services), 127, 129
MDM (Mobile Device Management) server, 129–131
NDES (Network Device Enrollment Service), 127–128
wireless app distribution
App Store issues, 220
developer issues, 219
with MDM (Mobile Device Management)
infrastructure considerations, 218
initial setup, 206–207
installing apps, 208–209
managing App Store apps, 212–213, 220
updating apps, 210–211
with web servers
accessing app distribution web page, 201
background, 194–195
infrastructure considerations, 218
installing apps, 202–203
jailbroken distribution, 196
preparing apps, 197–200
registering devices, 195
requirements, 194–196
Wi-Fi versus cellular, 194
wired versus wireless distribution, 195