Hi I'd like to share my little demo site which can control iOS 4.x devices whose MS Exchange settings are configured to the server address you find below. It may not be a perfect MDM solution and you'll find it very primitive if you compare it to the MDM solution that Apple provides, as mine relies on the ActiveSync configuration settings. However, since it does not use APNS at all, you have the control of the devices connected to the server that services the device management using ActiveSync Protocol.
ActiveSync happens to be not just another data synchronization protocol, it has mobile deice management command subset which I used for the demo site to control iPhone/iPad.
ActiveSync is widely supported by smartphones currently available and those that will become available soon, not to mention Windows Phone 7 should be fully compatible to the Provisioning policeis. So the ActiveSync way is not limited to the iOS devices. I find the device management capability supported by genuine MS Exchange is not easy to use and intuitive at all. By default you can find a way to remote wipe(factory reset) the device in case the device is stolen, but how other security policies are enforced is not found easily.(I think you need to prepare a script for most of the neat restriction features) and this can be done only by the system's administrator;i.e. do you need an administrator who clicks the mouse button to execute the policy enforcement?
I have implemented the ActiveSync using Jetty(Java Servlet Container). Because it is a Java implementation and will be open sourced, hopefully, you can programmatically implement pretty much anything you want. The Jetty solution can,for example,remote wipe the device connecting using source IP filtering.
Assuming that there is an iPad whose Internet and Intranet connection is only allowed to be made from company's WLAN access points, it can then use connection that is made from unknown source IP address to trigger remote wipe command on the connected device. What if someone steals your iPad? he might connect it to his home WLAN so he gets to play with it.
This could be useful, for instance, if the iPad has information that should never leave your company.
ActiveSync also has a camera enable/disable security policy that can be enforced on iPhone. Using the source IP address, we can toggle on/of of the camera feature depending on which source IP address iPhone is making connection to the server. So maybe inside the company the camera feature is disabled, and once the iPhone is brought outside the WiFi area and reestablishes the connection with 3G network, then the camera feature is toggled on.
It currently supports the ActiveSync's Provision Command which is used for the security policy enforcement. Data Synchronization(Task,Calendar) and Mail forwarding is not supported yet but I have a plan to implement all of the ActiveSync feature found in the Microsoft's politicized document and make them a pluggable Jetty module.
Jetty's Continuations is used to imitate the Microsoft's DirectPush technology. It figured that it is pretty much the same as Comet's long polling.
It currently supports the ActiveSync's Provision Command which is used for the security policy enforcement. Data Synchronization(Task,Calendar) and mail forwarding is not supported yet but I have a plan to implement all of the ActiveSync feature found in the Microsoft's publicized document and it pluggable to jetty somehow. This should be freely available to anyone wants to develop using ActiveSync.
Here is the URL you can find the demo and the instruction on how you configure your device to communicate with the demo site
URL:
http://ec2-204-236-138-252.us-west-1.compute.amazonaws.com:8080/iOSController/iO SController.html
you'll be asked to enter username/password when you visit the url below.
user: inventit
password: Zdr58H4e
you'll see a list of username/password. You can click one of them and see the iOS devices connected.
(please do not mess with these, they are all connected for testing purpose but I don't know whom those devices belong)
you can just add yours using the form provided at the bottom of the list.
The username is what you will use when you setup a MS Exchange account in your iOS.
!!And please use only the device you can mess with!!
!!someone else watching the site might just remote wipe yours.!!
when added, something similar to this will be appear in the list. If username:foo and password:bar is added, you'll see,
foo/bar[No associated device]
username is used for the email field. The server does not check the @yourdomain.dom part. so you can just add domain part anything you want. Likewise, the password is what needs to be used for the password field found in Exchange settings.
As my demo site does not use any SSL connection you have to do the following:
you'll have to enter ip address of the site manually and it needs to end with :8080 like so
204.236.138.252:8080
you'll also have to complete the Exchange setting without having properly configured.
You first save your Exchange settings even if it has failed to connect to the server, and then reopen your Exchange settings to disable SSL. It is found at the bottom of the account settings.
Once the setup is done you can just wait watching the list until [No associated device] goes away. If it does, it is a sign that your device has successfully connected to the server and you are ready to apply security polices on your device.
If [No associated device] does not go away, you might have to force the device communicate ActiveSync.
(There are many ways to do that, syncing email will trigger the communication)
To apply security policies on your deice you just click on the image(iPhone or iPad)
