Anand Reviews the Apple iPhone 3Gby Anand Lal Shimpi on July 16, 2008 8:00 PM EST
Time to Exchange?
Special Thanks to Manveer Wasson for the iPhone Exchange/Corporate VPN Testing and Analysis.
There were several pitfalls to the original iPhone firmware that left businesspeople in the dark; IPSec support, WPA2 Enterprise for WiFi, and of course Microsoft Exchange for email calendaring and contacts. When Apple announced back in March that version 2.0 of their iPhone firmware would finally add support for the aformentioned business features, we were excited to say the least. Now that the firmware is finally out, we're happy to say that Apple has delivered on it's promises. So now all you enterprise guys should ditch your BlackBerries and Blackjacks for iPhones, right? Well, not so fast...
Apple's efforts to cater to enterprise customers is definitely commendable, but it just isn't perfect for all situations. Each piece of the enterprise puzzle works well on its own. From the connectivity perspective, things are working as expected. We were able to connect to a large WPA2 Enterprise network without any issues.
The IPSec VPN however is another story. For a company that has a strict security policy, you generally will not be able to access any part of the corporate network directly through the internet (and in this case the internet would be the iPhone's 3G or Edge data connection). You would need to establish a VPN connection to your company to allow for secure communication. Configuration is quite simple. Provide your VPN server address, account name, group name and shared secret. Now go back to the Settings screen, turn on your VPN, enter your password, and you're connected! So what's the problem? Well, when we get into the world of IPSec VPN, a typical deployment is to have two-factor authentication for an extra layer of security. This basically means you need to use a special one-time use password (called a token) when authenticating to your VPN. From a computer you will generally run a software based application to generate this token based on PIN number that you would already know (for example your Domain password).
So what does all that translate to? Well it means if you want to connect using IPSec VPN on your iPhone, you'll have to generate that token from your computer. That token will also have to be generated each time you want to connect to the VPN. This pretty much defeats the purpose of being able to VPN to your corporate network from the iPhone since you probably won't have (or don't want to) fire up your computer to generate a token. This really isn't Apple's fault, but a lot of planning needs to be done on the IT side of your company before you can connect seamlessly over IPSec VPN with your iPhone. One way to remedy the problem would be for the 3rd party authentication companies to create iPhone apps that can act as software token generators. That way you can maintain the security of the two-factor authentication system without having to rely on another device to create a token. Another issue we found during testing is after locking your phone, the VPN connection is terminated. In order to re-establish the connection, a new token must be generated. Again not really a flaw with the iPhone, but another example the business experience working not-so-seamlessly.
If your IT guys are nice they may have already created a Device Configuration to do your iPhone configuration for you. Device Configuration is basically an XML script generated by the iPhone Configuration Utility that can automate typically tedious configuration tasks such as Exchange, wireless, VPN, and email settings.
In order to install the script, you simply need to browse to it from your iPhone in Safari, or open it as an email attachment. After opening the script, the user needs to click Install and they're good to go.
The last, and biggest, new business feature for the iPhone 2.0 is its support for Exchange ActiveSync. You can finally connect to your corporate Exchange servers for email, calendar, and contact syncing. Setup is again pretty straight forward. Provide your corporate email address, username, password, and the iPhone will verify your credentials. You will then be able to enter in the exchange server address. One minor issue to note here is that you are forced to enable the passcode lock. This means whenever you want to unlock your phone, you'll have to enter in the PIN. Although from a security standpoint this makes sense (if you lose your phone or if it gets stolen nobody can read the corporate email), it would be nice to at least have the option to disable it.
Now you can select which items you want to sync with Exchange: Mail, Contacts or Calendars.
Possibly the biggest flaw in Apple's Exchange integration comes into the picture when you want to sync your contacts or calendars. All of your existing contacts and calendars will be deleted if you want to sync with Exchange. If you currently sync your contacts using another method, you'll have to sacrifice that in order to use Exchange. There is no option to create a secondary contact list or calendar. It's either all or nothing folks. Hopefully Apple (or a clever 3rd party developer) will smarten up and add support for syncing multiple calendars and contact lists. Personally we like keeping our private and professional lives separate to some extent so for now we're leaving contact syncing off.
For the most part the syncing functionality worked flawlessly. Changes made on the iPhone were quickly synced to Outlook and vice versa. However the usability of having all your corporate info on your iPhone leaves much to be desired. You still cannot search or sort email on your iPhone (though you can search contacts now). Only your Inbox will have email "pushed" to it. All other subfolders have to be manually synchronized (this is done by browsing to the folder). PowerPoint attachments do show up quite nicely in Mail when they decide to work. However we should note that some slides were getting cut off from the bottom or slides with complex graphics were rendered incorrectly. On the calendaring side, you cannot create a meeting invitation but you can respond to them with either an accept, deny, or "maybe". In addition, there is no "week" view for the calendar; only list, day and month. One feature we did like is calendar invites pop up as they are received prompting you to view the details or close the notification.
Apple has definitely taken big strides in appealing to the enterprise customer with the iPhone 3G. For the business user looking to connect to your corporate network and occasionally browse through your emails, this update will be more than sufficient. Having all my corporate meetings sync'd to the iPhone's calendar is also very handy. However there are sacrifices you'll have to make for this functionality. Choosing between personal and Exchange contacts and calendaring is a tough choice to make. For the corporate power users tethered to their BlackBerries, you'll want to stick with the two-phone solution.