In part one I showed
you how to use the iPhone Configuration Utility to duplicate the settings
that IBM are using for IBM Lotus Notes Traveler’s default configuration
but the iPhone Configuration Utility has a LOT more to it and when you
add these other settings to the XML file that Traveler uses you can provide
your users with a fuller enterprise experience on their iPhones.
Lets start with the ‘Passcode’ section.
This section is probably the most important for companies that have strict
security policies. In this section you can force your iPhones users to
require a passcode on their device. Most of the settings here are similar
to the settings that you will find on any password configuration utility
so you should be able to match them up fairly well to conform to your company
standards. One setting to watch out for is the ‘failed attempts’ setting.
Setting this too low may get you on the bad side of the fat fingered CEO
who can never remember that password.
In the ‘Restrictions’ section you can
turn off parts of the iPhone. Some companies have very strict policies
over the use of cameras inside their premises so you can disable the camera
in this section. You can also disable the use of the AppStore, MusicStore,
YouTube and even Safari from this section but disabling these would seriously
defeat the reasons that your staff bought iPhones.
The WiFi section will allow you to pre
configure a set of WiFi networks on the iPhone. This is useful for companies
that have company wide wifi access points, By listing all your wifi access
points in the configuration profile you can save your users lots of time
in having to remember the access point names and passwords. The Wifi section
has full support for all of the popular wifi security methods.
The next section you can configure is
the VPN section. If your company security gurus insist that you use a VPN
when talking to the IBM Lotus Notes Traveler server then this is where
you can set it up. The VPN section supports L2TP, PPTP and IPSec type connections.
Here’s a handy hint. If the user name for the VPN matches the users full
name or email address you can use the ILNT_User or ILNT_Address keywords
in this section and the Traveler provisioning process will replace them
with real values as needed.
Once you have setup all your other policies
using the iPhone Configuration Utility you just need to export the file
again, rename it to apple.xml and fixup the SSL section as detailed in
part one of this blog, then just place
the file in the correct directory on your IBM Lotus Notes Traveler server
and start provisioning users.
IBM Lotus Notes/Domino and Lotus
Notes Traveler 8.5.1 is prerelease software and there are no guarantees
from IBM that the functionality presented will be in the final shipping