Consumer Tech: an IT Nightmare 533
snydeq writes "Advice Line's Bob Lewis discusses the difficulties IT faces in embracing the kinds of consumer technologies business users are demanding they support. 'Let's assume the consumerization of IT is the big trend many think it is. But using consumer tech in a business environment is a very different matter from being satisfied with consumer tech in a business environment. One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands. On top of the intrinsic technical challenges, there's this: IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use.'"
This is nothing new (Score:5, Insightful)
we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands
This is nothing new. We've been expected to do this with Microsoft Windows for nearly two decades now.
Re: (Score:2)
Two letters: XP :)
Apple has jumped the shark (Score:2, Insightful)
Re: (Score:2)
Apple has had the ability to host an Enterprise AppStore for a while now. Additionally you can side load apps and if you make your own can distribute internally via the same methods.
Have you signed up for a business level license? Apple has a lot more support than you might think. Not every small business can afford it of course. It's meant for businesses with tens of hundreds of Apple product using employees.
Re:Apple has jumped the shark (Score:4, Insightful)
Just what we need, a proprietary solution with associated license fees for every product or family of products from different vendors.
Re:Apple has jumped the shark (Score:4, Insightful)
if you buy a $3000 Enterprise Developer license then you can publish your apps directly to your organization's idevices. Apple even has detailed instructions how to do it
Re: (Score:2)
Wow, how much do you have to pay for an Android developer licenses to do the same thing? $100. Shocking.
Re:Apple has jumped the shark (Score:5, Informative)
> Wow, how much do you have to pay for an Android developer licenses to do the same thing? $100. Shocking.
Try $0. Android owners don't have to play "Mother, May I?" with Apple and jump through hoops to run our own apps on our own phones. We can install our own .apk files anytime we feel like it. If you want to publish on Android Market, it's $25.
Re: (Score:3)
I thought it was $299... http://developer.apple.com/programs/ios/enterprise/ [apple.com]
Re: (Score:2)
Yes, consumers might put up with that shit, but businesses won't.
If you say so. [zdnet.com]
Re: (Score:2)
Itunes is an application (Score:2)
Re: (Score:2)
Re: (Score:3)
When it's free on Android and Blackberry, it's much harder to justify. Then again, if your organization needs to deploy custom smartphone apps, why on earth would you choose anything but blackberry?
You can thank Microsoft for that... (Score:2)
At least from a software perspective, they have conditioned people into seeing the difference between the "home" version and the "business" version of the OS as nothing more than a license upgrade... a somewhat virtual "magic wand", if you will.
Re: (Score:2)
they have conditioned people into seeing the difference between the "home" version and the "business" version of the OS as nothing more than a license upgrade
Probably because the 'home' and 'business' versions of modern desktop OSes are the same thing, it's not that they've 'conditioned people' into seeing it that way, it's that that's the way it is. Windows XP Pro was Home with a few extra features, same deal with 7, OSX only has one version for both markets and with Ubuntu you'd choose an LTS-stamped version in the workplace (and many would choose that for home use too).
Surprise! (Score:2)
Tech company that has been targeting individual users since basically the beginning (Apple) does *not* produce software which is well-suited to all your business needs.
Also surprising, however, was that this little gem of a quote first appeared on infoworld:
The tools you provide should encourage user-driven innovation. Often, "it just works" does the exact opposite.
Bob Lewis: a Microsoft Property (Score:2)
Article summary: Apple is a nightmare, Google is maybe passable, but Microsoft is where you want to be.
If you're running an enterprise and want to maximize user capabilities, you'll find the best collection of core technologies in Microcountry.
In other news, InfoWorld is still published.
Consumer Innovation (Score:2)
Lest we forget, the PC revolution in business was brought about by CONSUMER "Personal Computers" being brought into businesses to get around the walled garden of Corporate IT (Mainframes back in the day).
Today, it is iPads replacing Notebooks and Laptops, and Androids and iPhones replacing Blackberries and Palms (back in the day). IT should identify the need, and start ordering Commercial Versions of these products. Too bad they aren't so there isn't much choice.
If Google REALLY wanted to rule the world, th
Re: (Score:2)
IT should identify the need, and start ordering Commercial Versions of these products. Too bad they aren't so there isn't much choice.
If they build it, we will come. If we'd had any decent alternative to the iPad as a 'document reader / viewer' (yeah right) we would have been able to stop management from buying a bunch of shiny toys.
Re: (Score:2)
We're taking a separate tack and just embracing the consumer iOS devices (Android doesn't meet ISS requirements for closing security issues when relying on handset vendor updates).
Put a policy in place to require a minimum version to keep the IS Security folks happy, publish documentation to allow easy configuration for end users (ActiveSync is about as simple as it gets, especially with a word doc or something similar to guide them), and be prepared to manage end users calls in case of issues, or when you
Re: (Score:2)
Not everything on my phone is tied to Exchange. I can't manage the entire device (applications/data).
That, and you missed my point. We are seeing the next evolution in IT, being driven by Consumer Products because IT is too slow moving.
Re: (Score:2)
Actually you can go so far as to lock down application installs via polices. We've implemented some basic ones to require pass codes, and auto-locks, but you can go further with the tools available.
I agree with your point regarding IT moving too slow. I think the recent advent of smart devices (computers in your pocket) has taken IT in general by surprise and many are still trying to cope with end user demands and coming out bruised and battered.
Re:Consumer Innovation (Score:5, Insightful)
Where it started to fall apart was when businesses thought it would be cheaper to buy Microsoft systems instead. There was a little TCO problem there. Microsoft users were managing their own systems, and they were doing it badly. Not only was their actual job function was being diluted, it also created some truly monstrous infrastructure train wrecks. That problem still isn't solved. Businesses simply think it's normal.
Root cause: Clueless top executives. (Score:3, Insightful)
Now the same clueless top exec buys latest and greatest toys to play angry birds or something and expects it to work in the corporate environment. All the deliberate incompatibilities and interoperability poison pills baked into the system is coming back to bite the tails of IT crews.
This is getting out of hand (Score:4, Insightful)
I do IT support for a company of about 800-1000 people. All of our executives and corporate staff wanna use their goddammed iPads, iPhones, Androids, and other personal wotsits or doo-dads to do their work. Enough is a-freakin-nuff! We're a corporation and we need to maintain stability and compatibility over fancy and chic. You get a laptop. With Windows. And a BlackBerry... if you're lucky. Oh, and don't get me wrong... it's not like I'm being elitist or something. I love these consumer devices for home use. I have all sorts of digital toys. But they belong AT HOME!
Re: (Score:3, Insightful)
Re:This is getting out of hand (Score:4, Insightful)
I do IT support for a company of about 800-1000 people. All of our executives and corporate staff wanna use their goddammed iPads, iPhones, Androids, and other personal wotsits or doo-dads to do their work. Enough is a-freakin-nuff! We're a corporation and we need to maintain stability and compatibility over fancy and chic. You get a laptop. With Windows. And a BlackBerry... if you're lucky.
Here's the deal: Those "goddammed iPads" and other "doo-dads" are stable and allow their users to be productive. The windows laptops and crapberries are neither stable nor do they allow the user to be as productive as do the personal "doo-dads".
More and more of the decision-makers in your company are letting their Windows laptops sit unused while they turn out productive work using their personal "doo-dads". Many of those users whom you say are "lucky" enough to be issued a Crapberry are also carrying a personal iPhone or Android for their personal calls and other personal business; they're not happy about having to carry a Crapberry because their other phone is so much more useful.
Eventually, one of those decision-makers is going to realize that their unused laptops cost your organization $5k each. They will then multiply that $5k cost per laptop by 800 to 1000 users, a lightbulb is going to go off in their head and you're going to be looking for another job.
Re:This is getting out of hand (Score:5, Insightful)
Of course the mini-computers and terminals we all used at the time were eventually replaced with PCs.
It's about productivity. It's about not depending on an IT department with a backlog of 2 years for every little thing. What we've done to the PC in the name of security and making life easier for IT is to make them part of a centrally controlled system just like the mini computers were 25 years ago.
Want to use a great new piece of software? Is it on the approved list? No? Too bad.
That is not how we should be doing things.
I'm an IT director. Yes, you need security. Yes, centrally controlled admin is good. Being able to roll out tested software patches on mass is good. However, our role in IT is to FACILITATE, not to be a road block. That doesn't mean we have to say yes to everything but we need to understand why people want to use these devices for work and if there is a legitimate purpose, we need to figure out how to make it happen.
Our job is to support our people, even if that makes our job harder.
Re: (Score:2)
FTFY
Re: (Score:2)
It's not only execs that want hand holding, it's the jerkwad project managers and developers, too
Comment removed (Score:5, Informative)
Re: (Score:2)
im working at a company that embraces google apps, that trusts its users in the cloud
Will you let us know if this policy lasts past the first huge data breach at your company or Google?
Again... (Score:5, Funny)
Oh, stop your whining and do your job.
Don't go complaining to management when they want you to do something on the cheap. They're the job creators and you're nothing but a griping parasite. They could eat your job and shit it out in Bangalore before you can say "MSCE".
If you don't like the way business is done then go stand with the filthy stinking hippies in Occupy Wall Street. Otherwise, when we say "jump" you say "Minimum wage is good enough for me".
Who do you think you are, anyway? We're the motherfucking job creators Bucky, so you better check yourself and get back to your little hole and do some coding or sysadmin-ing or whatever it is you do. There's a reason I'm getting the big bucks and you're getting the increased co-pays and that reason is "I know what's what and you know jack shit."
Now close the door on the way out. I'm glad we had this little talk. And if I hear that you even whispered the word "union" I'm going to put my size 11 cordovan brogue ($370 at Nordstroms) up your bony ass.
Re: (Score:3)
Son, I was joking.
I thought for sure my repeated use of the term "job creators" would have given it away.
I believe the attitude that I mocked is the attitude that is held by a certain group in this country who believe that all wealth should "trickle-down" from on high.
I don't only support Occupy Wall Street, but whenever I get the chance I go down to LaSalle Street to stand with them, as do my wife and daughter.
But I'm really glad to see your reaction
Yeah, count me in (Score:2)
Re: (Score:2)
We use Motion LE1700 tablet PC's running Windows XP SP2 (no joke)
That had better be a joke, or they should be totally offline machines. Microsoft stopped supporting XP SP2 July 13th 2010. What does your HIPAA guy say about that?
Nobody every got fired buying IBM (Score:2)
Now, I will entertain the idea that modern IT people are not nearly as cleaver as 20 years ago. I mean, what do you need to know now a days, how to plug in a cable, randoml
Re: (Score:2)
This was pretty much the argument used IBM 25 years ago to keep cheap commodity PCs out of the enterprise. MS used it to keep Macs out of the office even though Macs were more solidly built than the crap many offices used to run MS software. Yet commodity PCs took over the office, and Macs were integrated by the IT staff of the time.
Now, I will entertain the idea that modern IT people are not nearly as cleaver as 20 years ago. I mean, what do you need to know now a days, how to plug in a cable, randomly check GUI boxes, and say "Have you turned the computer off and on"? But then given the level of standards and integration between all equipment that exists, I can't really imagine that such support should be beyond the budgets and ability of even the most unqualified IT department.
You're a moron. I tell you what. You come and do my job for one week...no, you couldn't handle an hour unless it was lunch hour! I don't know you, but based on two paragraphs I can tell that you couldn't engineer your way out of a paper bag in an enterprise IT environment.
Focus your efforts... (Score:2)
IT support works best when they maintain core systems adhering to open standards. That way they can supply mainstream users with standard devices/environments, while still allowing sophisticated users to connect and get their work done. Part of the deal can be that sophisticated users provide their own support for their environments.
For example, while secretaries may be best served by running Windows, it often makes good business sense for dev teams to work on their target environment. A good dev team won'
Not everyone is like that... (Score:2)
Maybe a REASONABLE response? (Score:2)
Or you can rant and rave, refuse to help, and wind up with half of those people either having e-mail that doesn't work, e-mail setups that conflict with your sacred servers, or, if you're REALLY lucky, phones with downloaded apps
Today it is backwards (Score:4, Insightful)
Years ago the kit you used at work was faster, better and more powerful than your home consumer devices. Today it's the reverse and what you are forced to use at work is totally crappy next to what you have at home. Thus consumerization of IT is necessary to even get your own work done.
Or to put it more simply, my companies OS is XP with Office 2003.
So this is why I have to use Good Mail (Score:5, Interesting)
My new iPhone has built in email contacts and calendar. I point it at our exchange server and give it my password and it "just works". "Well holy shit", says the IT dept, "that just won't do". "We can't have users looking after themselves" So they tell me I need to get "Good" mail. First I have to buy a license to use it, and then they dick around a week getting it to work. Now my email is "secure", because we just can't run the risk of the KGB finding out when I'm having lunch next Thursday, or how many meters of #6 cable we buried last week. How is this better you say? I'll tell you. Before Good, my phone would go ding, I would look at the screen and see "Meeting with Fred, 11:30, big boardroom". Now I get a ding, and my screen says "Event!" I unlock my phone, I open the Good app. I enter my Good password. I wait 30 seconds while things are decrypting. Finally the app opens fully. I push the button for calendar and see "Meeting with Fred, 11:30, big boardroom. The entire process now takes 45 seconds, where it used to take 0 seconds.
The badge for unread emails used to tell me how many unread emails I had. Now with Good mail, it increments with every new mail received. Then if I read the email on the computer, it increments again. Yes, that's right. If I receive 5 mails and read them on my computer my phone now says I have 10 unread mails. (Apparently it is not our IT dept's fault that this "Good mail app" they have forced on me sucks so bad. It's all Apples fault, just ask our IT guys, they'll tell you.)
Unrealistic expectations (Score:4, Insightful)
I was just talking about this to a friend of mine yesterday. I've been a "customer engineer" for most of the last 47 years. Back in the age of mainframes and minicomputers businesses understood that it took training and organization to install, maintain, and program their computers, but they started losing sight of the complexity involved in good systems design and analysis when the computer started looking about the same size as their typewriter. Now phones (which are really just smaller computers) are the same size as their old walkman. Consumers can't seem to understand that computers are multi-function machines with millions of interconnecting parts (if you include the OS and applications). Assuming you had a big open building with millions of parts and subassemblies that needed setup to perform specified tasks, and most businesses would understand the need for a small army of well-trained technicians to do the setups and maintenance.
So, in my area, a lot of small businesses have sprung up offering computer maintenance for $35/hr. These businesses are capable of handling about 70% of all the normal maintenance on a computer, but then, so is anyone who can read a manual or call tech support. Then they get assigned a project over their heads, take the customer's money until it is very obvious that they can't do the job, and then walk away. The customer calls me and gets pissed off because I charge $110/hr instead of $35/hr and successfully clean up the mess left by the other "geek". And when the next computer problems show up do they call a competent tech? No, they go right back to calling some half-trained moron who only charges $35/hr. Business is full of slow learners.
The bottom line is that many of the businesses out there are not designing their business processes, they are acquiring "business technology" by "jumping to solutions" without a plan. The "business-in-a-box" approach has never worked right. Most small businesses fail within the first five years, not becasuse their tools aren't adequate, but because their business decisions are inadequate. The technology decisions are just a part of the same lack of business smarts.
Re:Very True (Score:5, Insightful)
Yeah, the $70 drive from Newegg is 7200 RPM, 2+TB, and has 64mb cache. The $300 drive from HP is 5400rpm, 320mb, and comes with a piece of paper saying it's 'certified' compatible with the server, and they'll replace it free when it dies 7-18 months from now (same as the $70 drive's equally short lifespan). What a bargain.
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap. :-(
Re: (Score:3)
But HP will overnight me a drive once I send them a diagnostic report. And the drive has custom firmware and guaranteed to work with HP branded raid controllers
Re: (Score:2)
Really? How about spending $140 and buying TWO of the cheaper drives instead, and putting one aside for a spare. Or a hot spare, if you so wish.
Sun used the same excuses to vastly overcharge on components. The only reason it happens is so the companies can pad their bottom line with high-margin items.
Re: (Score:2)
Or you just pay $240 (3 drives * $80/drive) to keep extra drives on hand while they go through the replacement cycle.
Re: (Score:2)
Yea, and IBM used to sell you a 1k RAM upgrade for $65k ... and when the technician came to 'install' your upgrade ... he removed a jumper so the other 1k that was already in the fucking machine would work. You're getting ripped off and just aren't bright enough to realize it.
If you claimed that 'management won't hold me responsible' as your excuse, then I'd understand, but you actually think that HP is selling you better drives ...
You do realize that ... THEY DON'T EVEN MAKE DRIVES right? You're actually
Re:Very True (Score:4, Informative)
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap.
Really? With Seagate Barracuda LP drives I had a 95% failure rate within a year. (Different batches of drives in different servers in different data centers, FYI.) With Seagate Constellation ES I've seen 5%. Now granted, the "enterprise" drives shouldn't even have that high of a failure rate, but they are a LOT better.
Re: (Score:3)
Bullshit.
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
That is simply unbelievable to anyone with 1/4 of a clue.
Re: (Score:2)
If cost is no object, fine. Go with the "enterprise" hardware. In duplicate or triplicate. But IMHO, if it comes down to choosing between a single certified "enterprise-class" hard drive, or a pair of Velociraptors in RAID1 (or better yet, a menage-a-trois doing RAID5), you'd have to be completely insane to sacrifice redundancy for minimally better odds of non-failure by an expensive single drive.
Re: (Score:3, Informative)
the most common "failure" is due to how the drive firmware handles bad sectors
- a "enterprise" drive passes the bad sector info to the controller to allow it to remap and also use it as a predictive failure indicator.
- a "consumer" drive remaps internally and depending on the firmware it will try to recover the sector an in general hang/timeout on I/O while doing this
When a Raid controller sees the drive hang/timeout on I/O it is considered a "failed" drive. While people will argue that all it takes is a r
Re: (Score:2)
2 TB drive $70 on newegg? Where??
Re: (Score:2)
So why not buy 3 drives for $210, or 4 drives for $280 and RAID them, that way you don't have to worry about when a drive goes down??
Re: (Score:2)
just go down to best buy and get a few linksys wifi routers and enable corporate wide wifi....
Re: (Score:2)
HP drIves alsO have a predictive failure warranty
Re: (Score:2)
One of the hardest fights I've had in IT is explaining why I spend $300 a drive from HP and not $70 for the same capacity from Newegg.
Ignorance? Completely lack of education about actual performance of the drives themselves and their life expectancy? I could come up with lots of reasons why you would do it, but they'd all make you look dumb. That $300 drive is hardly worth more than the $70, and when put in a proper RAID setup, it matters even less.
That and explaining that a 48 port gigabit Linksys is NOT even in the same class as a 4948.
Yes, those are different, but its unlikely if you're having that discussion that you're doing anything that would actually require the high end switch for your users to notice a difference.
B
Re: (Score:2)
Too much salesmanship and time spent maintaining personal connections for me. I'm just not wired for that. I just found an IT shop that isn't treated as a second class corporate citizens. It's easy to get what you need to do a job if A) you have reasonable bosses that trust you and B) you don't ask for crap you don't need, which includes seriously introspecting about whether you are asking for something based on the needs of the organization, or some personal dogma.
Re: (Score:2)
The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
Due to the locked down nature
Re: (Score:2)
Re: (Score:2)
As the guy in IT, let me ask this:
Why do I have to support your purchase? I don't get input into buying it, why should IT have to support it? How do I control your phone? How do I know you have a good password to lock it or even do you lock it? How do I remote wipe the phone if it gets stolen or you leave the company? How do I know it is encrypted? Does it even have encryption? How do I control what goes on the phone? How do I block certain apps on the phone? How do I keep the phone from talking to other de
Re: (Score:3, Informative)
Why do I have to support your purchase?
You're asking why you have to do your job?
Re: (Score:3)
What if there are security or protocol requirements for accessing my network or my apps that your phone does not support or are easily bypassed on it? How can I support that?
What if your phone requires some hotspot technology that I do not have?
Blackberry was able to get away with this by having enterprise level security and good outlook integration -Android and iPhone -probably not.
IT depts sign off on things that they know will work with existing infrastructure or with the expectation that t
Re: (Score:2)
i would think his management would object to somebody classifying his job as supporting random devices people buy. and no, he's not a free tech support for any crap product you decide to bring in.
Re: (Score:2)
If the pollicy is so clear then what's the conflict?
Re: (Score:2)
ummm... you might want to read the parent's post again
Re: (Score:3)
No. The job of IT is to keep things running smoothly. Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase
Re:Not many people want you to support consumer te (Score:4, Insightful)
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
No, you wouldn't. You see, there's a certain underlying reality here that you're in conflict with: When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently." Guess what? In the eyes of the people paying your paycheck, those dudes win. Your job is to supply data to them and you know damn good and well you'd hook them up and then go back to browsing Slashdot and posting fun little short stories about what you'd do in an alternate dimension where you actually had any authority to tell anybody to fuck off. Your problem is *not* gadget happy employees.
Now answer the GP's questions
I did. But I guess I have to explain something that's actually really really obvious. If supporting all these devices has a measurable impact on the bottom line, you make the case and get a policy set. You nail a sign to your door that says "We will not hook up your iPad." If you can't make the case, then your job isn't going to be as easy as you'd like. Boo hoo.
You don't already know the answer? (Score:4, Insightful)
Assuming we're going with the GP post's question RE an iPhone my answers to your questions would be as follows:
1. The Managing Director bought it because he got annoyed about the blackberry outage.
2. Sadly the Managing Director controls your budget, ergo he says what you do and don't support.
3. It's an iPhone, it supports ActiveSync and provisioning profiles but you should know this already, given you read slashdot.
4. Because you set the policy on the exchange server to require good passwords on all devices connecting via ActiveSync. If you don't know this you really shouldn't be administrating an exchange server.
5. See point 3.
6. You know it's encrypted because you googled iPhones and know that the any iPhone 3GS or above has encrypted memory. Thus why wiping is so quick, it just deletes the encryption key.
7. See answer 6.
8. See answer 3. Provisioning profiles.
9. See answer 3. Provisioning profiles.
10. Private VLAN it and employ port and wireless isolation.
You've not given any questions here that you should even be asking users apart from questions 1 and 2 which are legit questions. The rest are stuff where you do the research and tell them the answer.
Re: (Score:2)
And when the user has jailbroken their iphone to bypass the pin entry, what do you recommend the solution be?
Can you prevent or even detect a jailbroken phone?
Re: (Score:2)
Like many intelligent folks, you've missed the poi (Score:3)
Like many intelligent folks, you've missed the point.
Your assertion, that a competent admin with a complement of appropriately selected hardware and software could safely allow a great many consumerish devices on his network relatively safely, is totally correct. But misses the point that 1) Not all companies will spend the money for appropriate switching, firewall, and security tools such that an admin can accomplish these goals. Because, regardless of skill level if the device doesn't do it, it doesn't do
And you missed my point (Score:4, Insightful)
My point is it doesn't require specialised equipment or deviation from what most would call best practice. Any office where you're worried about standardised mobile devices should already have a patch panel, managed switches, a real router and if they have wi-fi at all non-consumer grade wifi access points (cisco or similar). If you're too small to have/need managed switches and VLAN's frankly you're just playing at being "enterprise". Anyway, it is often easy to support them without allowing them onto the LAN, the server active sync needs to connect to is the usually same one that provides outlook web access and done on the same IIS instance.
Support specifically for the iPhone is simple, put all the settings into a readonly encrypted and signed provisioning profile which is only removable with a full device wipe or a password. It takes about an hour to write and properly test a provisioning profile, I'm excluding the time where you decide what your policy is because you should already have one. Any more support than that isn't my problem, check it's not server side and affecting everyone, get them to restore their device and if that fails send them to an apple store.
This isn't special snowflake, this is good for productivity and the psychology of this is obvious. Any mobile is a very personal thing and an employee using their preferred device is more likely to check their email more often and not turn the damn thing off and shove it in a drawer. They're also more likely to understand the device, it's productivity features and make use of them.
Also for the record, calling the managing director a special snowflake tends to get you fired. Senior staff are usually where these devices turn up first.
Re: (Score:2)
not difficult at all, iphone supports exchange perfectly.
Re:Not many people want you to support consumer te (Score:5, Informative)
iPhones fully support exchange activesync, with remote wipe and everything.
In the mail settings, you add an account, and tap the first mail type in the list "Exchange"
Feed it your email address, then password. Done.
It uses the encrypted outlook web api (Same as the web app in a browser would over https) so works on the internal wifi as well as outside on 3G.
Employees are warned about the remote wipe feature, both in the employee handbook and directly when I'm asked if they can get their mail on their phone.
Users can even log in to web mail and perform the remote wipe and remote password reset features on their own, including from home, and most importantly whenever they need it.
Otherwise it has been one of the more simple non-windows devices I've had to support on a windows network. :P
I come from a Linux/Mac background as well, which doesn't translate the best to running a windows domain. I'm the reverse equivlant of the ditsy windows admin installing x11 and gnome on all the servers so he can remote admin them
The less I have to do to dig deeper into the windows world, the better.
Most android devices are basically as easy, but usually also ask for a username instead of extracting it from the email address for the first try.
Only two people with android ever had mail problems, both solved by removing and re-adding the mail server entry.
I'm just thankful the CEO is no longer using that blackberry... BES was hell!
Re: (Score:2)
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices (although the new outlook webmail is pretty decent) The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
cf. Good Technologies [good.com]
just sayin'
Re: (Score:3)
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
I don't buy into the marketing hype. I did something which may be alien to you. I *implemented* it. And not by my choice either.
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many q
Re: (Score:2)
As far as bulk purchasing apps, Apple now has the "Volume Purchasing Program" [apple.com] that makes it easy to bu
Re: (Score:2)
So, what is IT's recourse if you bypass the pin and other security requirements?
Re: (Score:2)
I don't expect you to support it, and most others don't either.... It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
This is the definition of support.
Mod parent up! (Score:5, Insightful)
The GP has no idea what "support" means.
The PROBLEM is that every single person out there has the same attitude towards "support" that you do.
With you it is your iPhone.
With someone else it is something else.
A third person has a third product.
And pretty soon it is "every crazy piece of hardware" (and software and website and so forth).
The problem is that if IT provides 50% support for X ... there will be calls from people wanting help with something that falls on the other 50% of X. Eventually it is 100% support.
If you want that to change, then get a business case together and get management's approval and IT will get the additional funding / staffing / whatever to provide the support.
Otherwise, deal with it. IT is there to support the management approved users on the management approved software with the management approved hardware.
Re:Not many people want you to support consumer te (Score:5, Insightful)
departments who see no middle ground between "100% supported" and "not on my network ever".
Because there is no middle ground.
If we help you out of the kindness of our hearts once, you will never. ever. let us forget that.
Re: (Score:2)
Agreed, there is no middle ground between "100% supported" and "not on my network ever". That's because putting a foreign device on a corporate network is not putting it "a little bit" on the network. We have no control over the device, no idea what it might do.
Now, there are ways to safely support foreign devices, by sequestering them onto a dedicated network for example, which also necessitates effective practices for lo
Re: (Score:3, Insightful)
How do I know this? Because I've been advising organizations about secure system design for the past 20 years. Before that, I spent 15 years writing operating systems. So I've ha
Re:Not many people want you to support consumer te (Score:4, Funny)
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone.
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
But not like support support it, just help solve any problems with it.
THAT is why so many IT departments have an all or nothing policy. They know what the road to hell looks like.
I don't expect you do this for every crazy piece of hardware out there...
Just the ones that *I* like.
You'll get a lot further if you appear to mean it when you say you'll support yourself if they'll just not actively ban the device.
Sorry but that right there is the problem (Score:5, Insightful)
You want to run the thing, you want it to be yours, but you want someone to bail you out if you can't make it work. That is the nightmare IT scenario. That is the one that sucks tons of time from the group: When users want to run their own devices in their own way, but want IT to fix it when there's a problem.
Now I should say such a situation would be feasible, but only if you are willing to hire a bunch more IT people. Have a large enough group and sure, you can have people to do all the hand holding as well as all the all the central functions expected (like making network and all the servers work, developing new custom apps, and so on). However in a typical IT environment where there are not many support people, hand holding takes time away from other tasks.
Basically if you want to use your toys that's fine, but don't expect IT to want to waste time on them. They are your devices, you deal with them.
In terms of the "not on my network" I don't usually support that idea but there are cases where it makes sense. Security is a concern with companies and if the management decides they want only approved devices on the network, well then that is what IT has to enforce. There are reasons for that too: User devices are the biggest source of problems easily. I work at a university and we do allow for personal laptops and other things on the network. 99.9% of the time when there's a virus or other issue, it is from one of them. Of course they bypass one of the layers of our security, our border firewall, since they come inside the network, which makes them a bit more dangerous.
To me wanting IT to support your personal devices is the same as wanting the motor pool to work on your personal car. It just isn't reasonable. Your stuff is yours to do with as you wish, but don't expect corporate support to help you out. They have other things on their plate.
School + Unmanaged Switch = BAD (Score:2)
Re: (Score:2)
of course, security doesn't even enter your mind.
It may seem trivial to you, but can you guarantee that if you lose your phone someone won't be able to unlock it and use the attached services that you have hooked into? You haven't bypassed the exchange pin requirements somehow?
Can you guarantee your device does not contain malware of some kind?
Re: (Score:3)
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either. At a basic level, I expect my IT department to not *actively* disallow use of such technology, which is what I see all the time, departments who see no middle ground between "100% supported" and "not on my network ever". It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
I hate to break it to you, but whenever you allow something on your network, users will, from that moment on assume that you take full responsibility for their equipment. I've seen it many times. It happens on my network on a regular basis. Even if you don't demand supportability for *all* devices, company owned or not, from your IT people, a large contingent of users do just that. At most companies, as soon as IT says, "okay, you can use 'X'" IT is forever responsible for making it work. period.
Re: (Score:2)
Re: (Score:3)
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either...It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing...
Ummm...make up your mind. Do you expect me to support your device, or can you figure it out yourself?
I don't expect you do this for every crazy piece of hardware out there...
So if someone has a different brand, screw them, but for you, on your chosen platform, I should be able to help you set up the services you need? You do realize that this attitude is common to every other user on the network, right? Which means, yeah, actually I do have to do this for every crazy piece of hardware out there.
Look, here's the deal...even if I never, ever have to touch your iPhone becau
Re: (Score:2)
in my experience end users generally only know what they need to do get the task done. They have very little troubleshooting experience or expertise. You may have made them aware there is a firewall, but once you help them they will keep coming back to you whenever there is an issue and often assume it has to do with the "firewall" or the "router" when it could be something completely unrelated.
Re: (Score:2)
That's always how it starts.
That's never how it ends unless you can drop a really heavy cluebat on their head.
Re: (Score:2)
I get that you may despise people who are sticklers about the rules, but consider what a typical IT staffer is going to be faced with. The typical "random device" user is going to say "Hey, Mr. IT guy, I want to hook my up to email. Any problems?"
Let's say I say, "Not really. Point it here and you're good." Let's even suppose further that I say "By the way, we don't support your . If it goes haywire, it's like this conversation never happened."
I'm still going to hear about it when something happens. It is
Re: (Score:2)
so your exchange servers are ran by morons then? I have ZERO problems with iphones and android phones on the corperate Exhance servers. they fricking work better than the blackberry garbage.
Re:Can't say i'm suprised (Score:4, Informative)
Then your exchange servers are broken or your IT shop is clueless. iOS uses ActiveSync, which is designed to connected to Exchange servers (it's licensed from Microsoft). Of any Microsoft products, this has to be one of the easiest to configure and maintain that I've seen and that's saying a lot.
It's also completely worthless from a security standpoint. No encryption. You have to expose parts of your Exchange infrastructure to the Internet as well (Yes, you need to do that to do OWA over the Internet also). Since good security practices teach us that if you expose a system to the Internet, *eventually* you will get hacked.
Good For Exchange (GFE) at least provides on-board encryption for email/calendar/contacts, unlike ActiveSync. And you don't need to expose your servers to the Internet to provide services. Then again, GFE is crappy software.
Anyway, if you think ActiveSync is a viable solution then your corporate environment is either unconcerned or unaware of the serious security issues posed by it. Hmm...does that mean your IT people are clueless?
Re: (Score:3)
This is BS. Webmail, FTP, USB drives, etc etc. All of these are allowed (maybe not by choice) technologies essential for business. They are easy for non-tech to use, so they get used. They are all much bigger vectors for intrusion than an iPhone.
Re: (Score:3)
This has been the IT Challenge since VisiCalc sold Apple ][s.
If you want to have a bitch session about it, I'm not entirely without sympathy. Just don't let it blind you from forming real strategies to meet the challenge.
Maybe I got lucky. I got to watch our Burroughs mainframe high priests do nothing but bitch while the workers gave up on them and bought and tended their own DOS boxes. In a very few years those priests were gone. It was a sharp lesson. You've got to deliver what your internal clients want, or you're history.
You're 126.4% correct. However, it's insecure and foolish to attempt supporting products that you do not have the skill sets to succeed. As I (and others) mentioned in earlier posts on this thread, the way it goes is that if you allow something into your environment, 95% of the time that's tantamount to sending a broadcast to the entire organization that whatever it is is now fully supported (and supportable) by IT.
I have no problem implementing new or existing technologies which can improve performance a