ページ1に含まれる内容の要旨 
                    
                          
iPhone and iPod touch
Enterprise Deployment 
Guide
                                                                                                                                                                                                                                                                                                                                                                                                                                                              
                    
                    ページ2に含まれる内容の要旨 
                    
                          K Apple Inc. © 2008 Apple Inc. All rights reserved.  This manual may not be copied, in whole or in part,  without the written consent of Apple. The Apple logo is a trademark of Apple Inc., registered  in the U.S. and other countries. Use of the “keyboard”  Apple logo (Option-Shift-K) for commercial purposes  without the prior written consent of Apple may  constitute trademark infringement and unfair  competition in violation of federal and state laws. Every effort has been made to ensure that 
                    
                    ページ3に含まれる内容の要旨 
                    
                                                                                3 Contents Preface 5 iPhone in the Enterprise 5 System Requirements 6 Microsoft Exchange ActiveSync 8 VPN 8 Network Security 9 Certificates 9 Email accounts 9 Additional Resources Chapter 1 10 Deploying iPhone and iPod touch 10 Activating Devices 11 Preparing Access to Network Services and Enterprise Data 14 Determining Device Passcode Policies 15 Configuring Devices 15 Other Resources Chapter 2 16 Creating and Deploying Configuration Profi
                    
                    ページ4に含まれる内容の要旨 
                    
                                                                           39 Setting iTunes Restrictions Chapter 5 42 Deploying iPhone Applications 42 Register for Application Development 43 Signing Applications 43 Creating the Distribution Provisioning Profile 43 Installing Provisioning Profiles using iTunes 44 Installing Provisioning Profiles using iPhone Configuration Utility for Mac OS X 44 Installing Applications using iTunes 45 Installing Applications using iPhone Configuration Utility for Mac OS X 45 Using Ente
                    
                    ページ5に含まれる内容の要旨 
                    
                                           iPhone in the Enterprise Learn how to integrate iPhone and iPod touch with your  enterprise systems. This guide is for system administrators. It provides information about deploying and  supporting iPhone and iPod touch in enterprise environments.  System Requirements Read this section for an overview of the system requirements and the various  components available for integrating iPhone and iPod touch with your enterprise  systems. iPhone and iPod touch  iPhone and iPod touch
                    
                    ページ6に含まれる内容の要旨 
                    
                                                  Windows computers  Windows XP Service Pack 2 or Windows Vista  500 MHz Pentium processor or faster  256 MB of RAM  QuickTime 7.1.6 or later Some features of iTunes, such as use of the iTunes Store, have additional requirements.  See the documentation included with the iTunes installer for more information. iPhone Configuration Utility iPhone Configuration Utility lets you create configuration profiles for your devices.  The Mac OS X version of the utility also lets 
                    
                    ページ7に含まれる内容の要旨 
                    
                                         Remote Wipe You can remotely wipe the contents of an iPhone or iPod touch. Doing so quickly  removes all data and configuration information from the device, then the device is  securely erased and restored to original, factory settings. It can take approximately one  hour for each 8 GB of device capacity for the process to finish.  With Exchange Server 2007, you can initiate a remote wipe using the Exchange  Management Console, Outlook Web Access, or the Exchange ActiveSync Mobi
                    
                    ページ8に含まれる内容の要旨 
                    
                                              Exchange ActiveSync Features Not Supported Not all Exchange features are supported, including, for example:   Folder management  Opening links in email to documents stored on Sharepoint servers  Task synchronization  Setting an “out of office” autoreply message  Creating meeting invitations  Flagging messages for follow-up VPN iPhone and iPod touch work with VPN servers that support the following protocols and  authentication methods:  L2TP/IPSec with user authentica
                    
                    ページ9に含まれる内容の要旨 
                    
                          Certificates iPhone and iPod touch can use certificates in the following raw formats: Â PKCS1 (.cer, .crt, .der) Â PKSC12 (.p12, .pfx) Email accounts iPhone and iPod touch support industry-standard IMAP4- and POP3-enabled mail  solutions on a range of server platforms including Windows, UNIX, Linux, and  Mac OS X.  Additional Resources In addition to this guide, the following publications and websites provide information  about iPhone and iPod touch: Â iPhone User Guide, available for download
                    
                    ページ10に含まれる内容の要旨 
                    
                        1 Deploying iPhone and iPod touch 1 This chapter provides an overview of how to deploy iPhone  and iPod touch in your enterprise. iPhone and iPod touch are designed to easily integrate with your enterprise systems  including Microsoft Exchange 2003 and 2007, 802.1X-based secure wireless networks,  and Cisco IPSec virtual private networks. As with any enterprise solution, good  planning and an understanding of your deployment options make deployment easier  and more efficient for you and your use
                    
                    ページ11に含まれる内容の要旨 
                    
                          Although there is no cellular service or SIM card for iPod touch, it must also be  connected to a computer with iTunes for unlocking. Because iTunes is required to complete the activation process for both iPhone and  iPod touch, you must decide whether you want to install iTunes on each user’s Mac or  PC, or whether you’ll complete activation for each device with your own iTunes  installation.  After activation, iTunes isn’t required to use the device with your enterprise systems,  but it is n
                    
                    ページ12に含まれる内容の要旨 
                    
                          Network Configuration  Make sure port 443 is open on the firewall. If your company uses Outlook Web  Access, port 443 is most likely already open.  Verify that a server certificate is installed on the Exchange frontend server and enable  Require Basic SSL for the Exchange ActiveSync virtual directory.  On the Microsoft Internet Security and Acceleration (ISA) Server, verify that a server  certificate is installed and update the public DNS to properly resolve incoming  connections.  Make su
                    
                    ページ13に含まれる内容の要旨 
                    
                          WPA/WPA2 Enterprise Network Configuration  Verify network appliances for compatibility and select an authentication type (EAP  type) supported by iPhone and iPod touch. Make sure that 802.1X is enabled on the  authentication server, and if necessary, install a server certificate and assign network  access permissions to users and groups.  Configure wireless access points for 802.1X authentication and enter the  corresponding RADIUS server information.  Test your 802.1X deployment with a Mac
                    
                    ページ14に含まれる内容の要旨 
                    
                          IMAP Email If you don’t use Microsoft Exchange, you can still implement a secure, standards-based  email solution using any email server that supports IMAP and is configured to require  user authentication and SSL. These servers can be located within a DMZ subnetwork,  behind a corporate firewall, or both. With SSL, iPhone and iPod touch support 128-bit encryption and X.509 root certificates  issued by the major certificate authorities. They also support strong authentication  methods includin
                    
                    ページ15に含まれる内容の要旨 
                    
                          If you don’t use Microsoft Exchange, you can set similar policies on your devices by  creating configuration profiles. You distribute the profiles via email or a web site that is  accessible using the device. If you want to change a policy, you must post or send an  updated profile to users for them to install. For information about the device passcode  policies, see “Passcode Settings” on page 22. Configuring Devices Next, you need to decide how you’ll configure each iPhone and iPod touch. In
                    
                    ページ16に含まれる内容の要旨 
                    
                        2 Creating and Deploying  Configuration Profiles 2 Configuration profiles define how iPhone and iPod touch  work with your enterprise systems. Configuration profiles are XML files that, when installed, provide information that  iPhone and iPod touch can use to connect to and communicate with your enterprise  systems. They contain VPN configuration information, device security policies,  Exchange settings, mail settings, and certificates.  You distribute configuration profiles by email or using a
                    
                    ページ17に含まれる内容の要旨 
                    
                          When you open iPhone Configuration Utility, a window similar to the one shown below  appears.  The content of the main section of the window changes as you select items in the  sidebar.  The sidebar displays the Library, which contains the following categories: Â Devices shows a list of iPhone and iPod touch devices that have been connected to  your computer.  Â Provisioning Profiles lists profiles that permit the use of the device for iPhone OS  development, as authorized by Apple Developer C
                    
                    ページ18に含まれる内容の要旨 
                    
                          iPhone Configuration Utility for the Web The web-based version of iPhone Configuration Utility lets you create configuration  profiles for your devices. Follow the instructions below for the platform you’re using. Installing on Mac OS X To install the utility on Mac OS X v10.5 Leopard, open the iPhone Web Config Installer  and follow the onscreen instructions. When the installer finishes, the utility is ready for  use. See “Accessing iPhone Configuration Utility for Web” on page 18. Installing
                    
                    ページ19に含まれる内容の要旨 
                    
                          A screen similar to the one shown here will appear. For information about using the utility, see “Creating Configuration Profiles,” below. Changing the User name and Password for iPhone Configuration Utility Web To change the user name and password for accessing the utility, edit the following file: Â installpath/Apple/iPhone Configuration Web Utility/config/authentication.rb The default installation location is: Â Mac OS X:  /usr/local/iPhoneConfigService/ Â Windows:  \Program Files\Apple\iPh
                    
                    ページ20に含まれる内容の要旨 
                    
                          To restart the utility on Windows 1 Go to Control Panel > Administrative Tools > Services. 2 Select Apple iPhone Configuration Web Utility. 3 Select Restart from the Action menu. To restart the utility on Mac OS X 1 Open Terminal. 2 Enter sudo -s and authenticate with an administrator password. 3 Enter launchctl unload /System/Library/LaunchDaemons/com.apple.iPhone  ConfigService.plist 4 Enter launchctl load /System/Library/LaunchDaemons/com.apple.iPhone  ConfigService.plist Creating Configura