Manualshelf

User Guide

ManualsBrandsApple ManualsOtherIPHONE OS
21222324252627282930
22 Chapter 1 Deploying iPhone and iPod touch
Over-the-Air Enrollment and Configuration
Enrollment refers to the process of authenticating a device and user so that you can
automate the process of distributing certificates. Digital certificates provide many
benefits to iPhone users. They can be used to authenticate access to key enterprise
services such as Microsoft Exchange ActiveSync, WPA2 Enterprise wireless networks,
and corporate VPN connections. Certificate-based authentication also permits the use
of VPN On Demand for seamless access to corporate networks.
In addition to using the over-the-air enrollment capabilities to issue certificates for your
company’s public key infrastructure (PKI), you can also deploy device configuration
profiles. This ensures that only trusted users are accessing corporate services and that
their devices are configured according to your IT policies. And because configuration
profiles can be both encrypted and locked, the settings cannot be removed, altered,
or shared with others. These capabilities are available to you in the over-the-air process
described below, and also by using iPhone Configuration Utility to configure devices
while theyre attached to your administrative computer. See Chapter 2 to learn about
using iPhone Configuration Utility.
Implementing over-the-air enrollment and configuration requires development and
integration of authentication, directory, and certificate services. The process can be
deployed using standard web services, and once it’s in place, it permits your users to
set up their devices in a secure, authenticated fashion.
Overview of the Authenticated Enrollment and Configuration Process
To implement this process, you need to create your own profile distribution service
that accepts HTTP connections, authenticates users, creates mobileconfig profiles,
and manages the overall process described in this section.
You also need a CA (certificate authority) to issue the device credentials using
Simple Certificate Enrollment Protocol (SCEP). For links to PKI, SCEP, and related topics
see “Other Resources on page 27.
The following diagram shows the enrollment and configuration process that iPhone
supports.