Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator.
Entire site and all contents except otherwise noted © Copyright 2001-2009 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Apple adds secure enterprise logins for iPhone: The iPhone 2.0 software, available through a download link for existing 2G iPhones today, adds promised support for the 802.1X port-based authentication required in any company that's even remotely serious about its network security. 802.1X isolates connecting to an access point from gaining access to the network to which the access point is connected. A special client, known as a supplicant, must provide the right credentials for a device to be approved for access. Cryptography binds the process. (Instructions for manually installing the software are over at Wired. The update will likely be pushed out via iTunes to current owners tomorrow, and is included on the iPhone 3G, which goes on sale starting today over the international dateline and tomorrow in the U.S., Europe, and elsewhere.)
Apple splits its 802.1X support into two pieces. There's basic support built into the iPhone 2.0 software, found in the Settings application's Wi-Fi section. Click Other. Click the None label next to Security, and the WPA Enterprise and WPA2Enterprise options appear. Select either, and the main login screen lets you enter the network's name (SSID), a user name, and a password. This basic method is limited to WPA Enterprise and WPA2 Enterprise, the two most common (and most secure) forms of 802.1X.
Most enterprises will want much more control over this process, and Apple provides the iPhone Configuration Utility, currently available in its most complete form only as a Mac OS X application, and in more limited forms as Web 2.0 applications for Windows and Mac OS X.
The utility serves two purposes: creating configuration profiles, including for multiple Wi-Fi networks and VPN connections; and allowing iPhones in an enterprise to run internally developed iPhone software. The Wi-Fi profiles allow you to create WEP or WPA/WPA2 802.1X configurations, and include support for choosing allowed EAP messaging types, configuring authentication elements associated with a given EAP type, and adding server certificates and names for better authentication control.
Once created, these profiles can be distributed throughout a company via email or as a direct download to the iPhone via an intranet Web server. Apple chose not to encrypt them, which means that certain information that's not secured--such as the shared secret for certain VPN connections--could be disclosed to someone who had access to the profile or could download it off the local network.
Yes, I touched an iPhone 3G: At Apple's big developer event kickoff on Monday, Steve Jobs introduced the iPhone 3G. Later that day, in a briefing, I was able to handle and use the phone briefly. It's lovely. But its inclusion of 3G service coupled with Wi-Fi, as well as a real GPS chip coupled with assistive cell-tower triangulation and Wi-Fi network location approximation means that you have a device that might fairly replace a computer for many purposes. I've had an iPhone with 2G (EDGE) service since its release, and I recently took a two-day trip with my older son leaving my computer behind. (I was able to use a relative's machine, but only did so to be able to type email more efficiently.) If Apple would simply allow the use of the Bluetooth HID profile (human interface devices) for keyboard and mouse support, a compact foldable keyboard would be the only accessory I would need.
Note that the iPhone 2G and 3G aren't more powerful than other, similar devices. Symbian platform devices from Nokia and others are in notably short supply in the US, but come in great quantities and varieties elsewhere, and have some pretty impressive computational power; Nokia owns nearly 50 percent of the worldwide smartphone market. Likewise, you can run desktop-to-mobile programs under Windows Mobile that let you have real computer applications repackaged for better use in the smaller form.
But that's not what the iPhone is about. It's a non-compromise device, even when a little compromise might help. The lack of a touch-typist keyboard hinders data entry, but it doesn't restrict any other purpose of the device. The inclusion of those keyboards is a huge compromise for all its competitors, even though it allows those competitors to act more like little computers.
And that's where it's odd for me. The iPhone is much more like a full-blown computer than any smartphone I've used. It might be the superior browser, and the fact that a single company and design vision has ensured the maximum CPU is available for each current task, and that the interface and actions are nearly always consistent across every piece of software. Contrast that with many smartphones that don't just have ugly interfaces, crippled Web browsers, and varying input methods, but also require you to learn a different approach to using nearly every different piece of software on the phone.
Apple isn't about to kill its competitors, but they are providing an odd amount of support for killing a laptop.
On a slightly tangential front, Apple CEO Steve Jobs claim that their phone's 3G speed was nearly that of Wi-Fi requires some explanation. Jobs needed a footnote: "compared to typical Wi-Fi hotspots that have about 1.5 Mbps of downstream backhaul." The iPhone is clearly processor limited for how fast it can render Web pages and handle network processing. If you stick an iPhone on a 10 Mbps-backed network via Wi-Fi, the browsing experience isn't very different than on a 1.5 Mbps-backed Wi-Fi hotspot, in my experience with the current phone.
So clearly, there's more optimization to be done and more hardware upgrades to come in order to have a mobile device that can live up to whatever network it generally works on. For the iPhone 3G, Wi-Fi is an alternative, but it's clearly not intended as a superior alternative.
Apple and AT&T announced the cost of a voice and "data" plan today for the iPhone, with nary a mention of Wi-Fi: Remember Wi-Fi? Remember how every demonstration of the iPhone's browsing, mapping, and email features are conducted via Wi-Fi, not the slower EDGE data service also built into an iPhone? Remember the promise of seamless EDGE-to-Wi-Fi and back roaming with no disruption in the delivery of data during that transition? Remember how goddamn slow EDGE is--about three times faster than the best analog dial-up, weighing in north of 150 Kpbs in ideal cases?
Apple and AT&T are hoping you don't quite remember that well. After you drop $500 or $600 on the iPhone, and pay $50 on up for an unlimited "data" plan--unlimited EDGE data--you're stuck high and dry without Wi-Fi hotspot access. AT&T WiFi is the company's large, managed and aggregated network with what I believe is 10,000 locations at last count: 8,000 McDonald's picked up from Wayport and 2,000 other locations (managed by Wayport), such as The UPS Store. They offer this for $2 per month to their landline DSL customers.
And no word whatsoever about how iPhone users will access Wi-Fi when not on a home or friend's network. The little High Technology page that shows wireless features of the iPhone says, "iPhone automatically finds and connects to trusted Wi-Fi networks so you can surf the Web at blazing speeds." Trusted. Huh.
Because seamless connections to hotspots require custom software--software that a third party can't install on an iPhone yet--iPhone owners who want to use hotspots will have to connect, use the browser, and login, too. You'd think they would have thought of this, given the availability of Wi-Fi on and off AT&T's own network.
Mac OS X has built-in corporate Wi-Fi networking support for 802.1X/WPA Enterprise, which allows secure access to networks protected with that standard. I don't know of any corporation that wouldn't choose to use 802.1X, as it assigns unique encryption keys to each log-in session. There's no word on support for that, either.