eWEEK Labs’ tests
show that iPhone 2.0 update offers over-the-air sync and security
improvements.Is the iPhone ready for the enterprise now?

The new 3G iPhone’s higher data speed and improved location services
are compelling, but enterprise administrators should focus more
intently on the new software features Apple released in its 2.0 iPhone
code.

eWEEK Labs’ tests show that the software upgrade provides many of the
features needed to power any mobile device for business use, but it
still lacks a few capabilities that may or may not be addressed in
software by Apple or third-party developers down the road.

The new enterprise-friendly features focus on improved connections to
data and on the security of both those connections and the device
itself.

Among the new enterprise features included in the new release are
Exchange ActiveSync for over-the–air synchronization of e-Mail,
Calendar and Contacts; the new Cisco Systems IP Security VPN client for
secured access to enterprise applications; WPA (Wi-Fi Protected
Access)/WPA2 Enterprise support for Wi-Fi security; digital
certificates; and restricted access to on-device applications.

The new software, which comes preinstalled on the iPhone 3G and is
available as a free update for first-generation iPhones, can be
downloaded and installed from iTunes. The upgrade process will delete
all data, settings and media stored on the iPhone, so users should be
sure to synchronize their devices prior to initiating the upgrade.

Apple has finally introduced over-the-air synchronization of e-Mail,
Calendar and Contacts with its twin support for Exchange ActiveSync and
the new Apple MobileMe synchronization and PIM (personal information
manager) service. This will enable enterprises to avoid using iTunes
for synchronization services, although administrators will find they
still need the media player to upgrade the software again down the road
or to deploy applications from a private store.

When configuring Exchange ActiveSync on the iPhone, I just input my
e-mail address, user name and password into the Mail configuration page
to start, followed by the FQDN (fully qualified domain name) for my OWA
(Outlook Web Access) server. The setup wizard then asked what data I
wanted to sync.

If a user elects to sync data from Contacts or Calendar, ActiveSync
will overwrite the data that already exists in the iPhone’s store.
Enterprises deploying iPhones for work purposes will likely not care
(as the iPhone would be an IT-deployed device), but users importing
Exchange data on their own should back up any of this data on the
device before finishing the ActiveSync install.

By default, ActiveSync-enabled e-mail is set to Push, with the e-mail
server delivering mail as it arrives on the server. However, in my
tests, I found that Push drastically shortened the battery life of my
first-generation iPhone.

After a year of use, my iPhone battery lasts two to three days with
normal use patterns. I expected a negligible amount of drain, but,
after a single night set to Push, my iPhone battery drained more than
50 percent. In fact, after a couple days, I turned off the Push
capability and settled for regular manual synchronizations. (Users also
can set the iPhone to fetch data at 15-, 30- or 60-minute intervals.)

Despite my hasty retreat from Push capabilities, I found e-mail much
more responsive via ActiveSync than via IMAP—particularly when deleting
e-mails. iPhone 2.0 also makes batch deletes possible on all e-mail
accounts, as users can select radio buttons next to messages targeted
for deletion to remove them en masse.

I was pleased to see that ActiveSync tied the corporate Exchange
directory to my Contacts database, without adding the whole shebang to
my local store. When searching in the Contacts application (which now
has its own icon on the iPhone main screen), I could press the Groups
button to access my corporate directory when online. I could also find
corporate contacts directly from the new contact search field or from
the “To” field when sending an e-mail from my ActiveSync-enabled
account.

The Calendar application remains largely the same, although users will
find a new icon at the bottom of the screen that triggers an alert when
there are pending invitations.

The ActiveSync support also provides the ability to remotely wipe a
device if it is lost or stolen. That said, remote wipe should not be
considered an Apple feature per se, as you can’t do it with any of the
recently released iPhone management applications. If you need to
remotely wipe an iPhone, you can do it from the Exchange ActiveSync
Mobile Administrator Web Tool for Exchange 2003 environments or from
the Exchange Management Console, OWA or the WebTool for Exchange 2007.

This reliance on Exchange for remote wipe is more than a little
disappointing, as organizations that do not use Exchange are locked out
from this very necessary capability with the iPhone.

In addition, the iPhone does not yet offer on-device encryption
capabilities. This is somewhat offset by the fact that the iPhone can’t
copy e-mail attachments to a local store or to an external storage
device. However, those files are still findable in the e-mail
applications, and many passwords for Web applications may be stored on
the device. Therefore, device security relies solely on the device lock
pass code.

The addition of the Cisco IPSec VPN client is most welcome, allowing
remote users to access their companies’ internal Web applications when
using either EDGE (Enhanced Data for Global Evolution) or Wi-Fi radio.

From the on-device configuration page, I was able to create profiles
that allowed me to connect to two different Cisco VPN concentrators.
Cisco VPN configuration is fairly straightforward: I just needed to
input the address of the VPN concentrator, my account name and
password, and the certificate or group password used for
authentication. However, I was disappointed to find that the iPhone
would not import the Cisco configuration files that many administrators
use to configure VPN client on laptops.

With profiles created, a VPN dialog box appears on the primary Settings
screen, which quickly linked me to a screen from where I could select
which VPN profile to use and to enable the encrypted connection. The
tunnel will stay active even when the iPhone has been locked, although
it will close down automatically after a few minutes of inactivity.

When the VPN feature works, it works great. However, when something
goes wrong, the iPhone presents a bare minimum of information to help
someone troubleshoot the connection. For instance, the VPN page shows
that the device is connected via a particular profile, but users cannot
tell what their IP address is for the connection, nor can they see if
any traffic is successfully passing inbound or outbound.

iPhone 2.0 does bolster Wi-Fi security, adding support for
enterprise-grade, certificate-based wireless security standards. In
addition to its existing support for WEP (Wired Equivalent Privacy) and
the preshared key flavors of WPA and WPA2, Apple has added support for
PEAP v0 and v1, LEAP, TTLS, TLS and EAP-FAST.

Document support is enhanced somewhat with the iPhone 2.0 software.
With the upgrade I could open PowerPoint presentations and Microsoft
Word documents (in the DOCX format), in addition to the legacy Word and
Excel, and PDF and JPG documents I could open with the old iPhone
software.

Documents can be viewed in either portrait or landscape mode, but users
can only view these documents; the iPhone still does not have the
ability to download and save the files locally or to edit them.

Apple has also introduced a few features that could help administrators
control personal use of a business iPhone. The new Restrictions feature
allows administrators to lock out the use of the Safari Web Browser and
YouTube, and to deny access to either the App Store or the iTunes
store. By enabling these restrictions, the applications are removed
entirely from the user’s screen, and the controls are protected by a
four-digit pass code.

Administrators can also prohibit users from playing media content tagged as explicit in this same manner.

Senior Analyst Andrew Garcia can be reached at agarcia@eweek.com.