The iPhone 3G and software applications aimed at consumers have commanded most of the press attention at this week's Worldwide Developers Conference. But IT departments have zeroed in on another big--and--welcome announcement from Monday's presentation on the upcoming iPhone 2.0 release: how iPhone applications will be distributed to enterprise users.
Back when Apple first outlined its iPhone software plans in March, the company said it was working on a way for enterprises to distribute applications to their employees' phones, but didn't provide any further details. The common wisdom was that software distribution would be handled for enterprises the same way it would be for consumers--via the planned App Store. Many IT pros assumed that Apple would create custom areas of the App Store that only employees of a specific company would be able to access.
That's not a completely horrible plan, but such an approach has its share of drawbacks. For starters, other than simple passwords, how would you keep unauthorized people from accessing your applications? There were also issues with allowing Apple to hold on to what might be confidential data, not to mention possible regulatory issues.
Fortunately, Apple had other ideas in mind. Outlining the company's iPhone 2.0 plans during Monday's keynote, Steve Jobs spoke of three different ways to distribute iPhone apps. The first, via the App Store, is aimed squarely at the iPhone's consumer base. Another method, Ad Hoc, that essentially lets developers beta test apps. Then there's the approach for enterprises--and it's one IT departments will find much more palatable than any App Store-based plan.
The way it's going to work is conceptually simple. A company will authorize specific iPhones for its needs. The company then writes the in-house applications that will only run on those company-authorized phones. The applications are distributed to the iPhone users' Macs or Windows machines, and installed onto those users' phones via iTunes.
This approach avoids a number of potential pitfalls. First, requiring the device to be authorized limits the devices that can run a company's internal applications. Even if someone breaks into the company's network and gets access to any internal applications, those applications won't run on an unauthorized iPhone. Next, the applications are distributed from in-house servers. This means that the company--and not Apple--hosts any in-house iPhone applications. For companies that deal with highly sensitive data, such as financial companies, research institutions, doctor's offices, hospitals, government offices, or even the military, this makes iPhone integration far easier.
From a less draconian perspective, having your applications distributed from your own servers on your own network just makes sense. It makes security issues simpler, saves on external bandwidth usage, and simplifies the process of adding, updating, and removing applications.
The only minor sticking point with Apple's distribution model is the requirement that companies install applications via iTunes. This is a minor pain point for two reasons. First, not every company wants to install iTunes--or really, any media player--on its desktops. Remember that in the enterprise, the user won't be responsible for buying or provisioning the phone, so the iTunes requirement forces an IT admin to relinquish some degree of control. Second, using iTunes means a wired connection to the desktop, and, in most environments, wireless distribution is just more convenient.
Minor issues aside, the keynote announcement showed that Apple paid attention to the way businesses want to control how their in-house applications are used and distributed. Apple came up with a distribution methodology that will work for almost any industry.
[John C. Welch is a senior systems administrator for The Zimmerman Agency, and a long-time Mac IT pundit.]