Slashdot Mirror
Consumer Tech: an IT Nightmare
snydeq writes "Advice Line's Bob Lewis discusses the difficulties IT faces in embracing the kinds of consumer technologies business users are demanding they support. 'Let's assume the consumerization of IT is the big trend many think it is. But using consumer tech in a business environment is a very different matter from being satisfied with consumer tech in a business environment. One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands. On top of the intrinsic technical challenges, there's this: IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use.'"
One of the hardest fights I've had in IT is explaining why I spend $300 a drive from HP and not $70 for the same capacity from Newegg.
That and explaining that a 48 port gigabit Linksys is NOT even in the same class as a 4948.
Too many business people very IT as a cost center and too many IT managers/directors do a poor job of explaining the value of their org.
we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands
This is nothing new. We've been expected to do this with Microsoft Windows for nearly two decades now.
They jumped it some time ago. Itunes making you have to go through Apple to do *anything* is not just a walled garden, it's a prison. Yes, consumers might put up with that shit, but businesses won't.
At least from a software perspective, they have conditioned people into seeing the difference between the "home" version and the "business" version of the OS as nothing more than a license upgrade... a somewhat virtual "magic wand", if you will.
I spends at least 10 hours a month troubleshooting iphone/ipad connectivity to various exchange servers. android seems to be less broken after every update
Tech company that has been targeting individual users since basically the beginning (Apple) does *not* produce software which is well-suited to all your business needs.
Also surprising, however, was that this little gem of a quote first appeared on infoworld:
The tools you provide should encourage user-driven innovation. Often, "it just works" does the exact opposite.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either. At a basic level, I expect my IT department to not *actively* disallow use of such technology, which is what I see all the time, departments who see no middle ground between "100% supported" and "not on my network ever". It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
Mad Software: Rantings on Developing So
Article summary: Apple is a nightmare, Google is maybe passable, but Microsoft is where you want to be.
If you're running an enterprise and want to maximize user capabilities, you'll find the best collection of core technologies in Microcountry.
In other news, InfoWorld is still published.
Advice: on VPS providers
Lest we forget, the PC revolution in business was brought about by CONSUMER "Personal Computers" being brought into businesses to get around the walled garden of Corporate IT (Mainframes back in the day).
Today, it is iPads replacing Notebooks and Laptops, and Androids and iPhones replacing Blackberries and Palms (back in the day). IT should identify the need, and start ordering Commercial Versions of these products. Too bad they aren't so there isn't much choice.
If Google REALLY wanted to rule the world, they'd put together a Corporate Server solution to manage Corporate Android Devices and market the crap out of it in Professional IT magazines and in places where the CIO spends time. I realize that Google does have some semblance of this out there, but it is hardly Corporate Grade, nor is it marketed to the CIO/CEO as a "must have" for IT.
This is where Microsoft is losing the battle, trying to stay a "Windows Company".
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I just got asked by a developer today....why can't he VPN into Microsoft Team Foundation Server from his new phone???
Now the same clueless top exec buys latest and greatest toys to play angry birds or something and expects it to work in the corporate environment. All the deliberate incompatibilities and interoperability poison pills baked into the system is coming back to bite the tails of IT crews.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use
Well there's a major part of the problem. You're full of business babble and the end user/consumer doesn't know what you are talking about. Hell I don't know what you are talking about and I am heavily steeped in IT. It gives me a deep seated suspicion that you don't know what you are taking about either, so you might imagine what the end user is thinking.
The problem is simple and the end user is not half as stupid as you assume. Simply explain to them that the consumer tech is designed with a single user model in mind where as the corporation's IT systems are designed with the entire corporation's users in mind. Simply put there is no safe way to share the corporations data with ONLY the corporation's user base when using the consumer tech. This will change over time, but until it does, the consumer tech will not be suitable for corporate use and attempting to force its use or circumvent the policy will be disruptive and potentially dangerous to the company.
I do IT support for a company of about 800-1000 people. All of our executives and corporate staff wanna use their goddammed iPads, iPhones, Androids, and other personal wotsits or doo-dads to do their work. Enough is a-freakin-nuff! We're a corporation and we need to maintain stability and compatibility over fancy and chic. You get a laptop. With Windows. And a BlackBerry... if you're lucky. Oh, and don't get me wrong... it's not like I'm being elitist or something. I love these consumer devices for home use. I have all sorts of digital toys. But they belong AT HOME!
for the IT department here.
1. lock it all down:
ive worked for companies that insist IT is the gatekeeper for everything from remote controls to pagers and cellphones. While you get great control, you also have no time or resources to dedicate to projects and ostensibly everything with a wall wart becomes "your job." Powerusers view you as some sort of hitler-incarnate so you wont get help or input from them at all.
2. trust your users:
im working at a company that embraces google apps, that trusts its users in the cloud, that appreciates anything that frees up resources so that projects can be accomplished and new achievements in the organization can be made. the downside to this is your IT support is often branded as a group of do-nothings as IT can really only help people with approved technologies. IT guys find themselves in elevators and hallways, cornered by desperate users who swear the problem theyre having in the cloud is something your IT department works on. If the bitching gets loud enough, you may end up supporting it anyhow, and that subset of 8 systems your team used to directly assist users begins to look like 'infinity.' you really need strong management for this type of environment to work. ready and open paths for users who bite off more than they can chew to safely make their way back to known desktop technologies is also a big plus. You can in some cases leverage power users to evangelize people in certain directions or help out where possible. Wiki's work wonders.
Good people go to bed earlier.
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices (although the new outlook webmail is pretty decent)
The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
Due to the locked down nature of the devices, customization such as a corporate device image with custom apps such as proprietary reporting tools is also probably not easy in this scenario. Security on consumer devices may also often be suspect. My company requires that laptops that travel have encrypted HDDs.
-I'm just sayin'
I don't expect you to support it, and most others don't either.... It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
This is the definition of support.
I don't expect you to support it, and most others don't either... It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
"I don't want you to support my tech, but please support my tech"?
The moment I give an end-user any sort of advice about any technology, I own the support. You may be an exception to the rule, but it is the rule.
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
This help you are asking for is called "support".
I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
This is called "I know that there are rules and reasons, but I'm special, dammit!
-devphaeton
Wrong, at least for Outlook (or rather, Exchange). iOS supports Exchange ActiveSync natively, including required pin locks and remote wipe. Of course as an end user those things are annoying, so there are plenty of jailbreak patches that remove the pin lock requirement (or rather, cache your pin so that it's only required after a reboot). I have no idea what level of Notes support is available on iOS, but seriously who uses Notes anymore?
I don't know about Notes (although if you're stuck supporting that POS, you have my most profound sympathies), but iOS does have ActiveSync support, so getting mail from your Exchange server is quite possible.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Oh, stop your whining and do your job.
Don't go complaining to management when they want you to do something on the cheap. They're the job creators and you're nothing but a griping parasite. They could eat your job and shit it out in Bangalore before you can say "MSCE".
If you don't like the way business is done then go stand with the filthy stinking hippies in Occupy Wall Street. Otherwise, when we say "jump" you say "Minimum wage is good enough for me".
Who do you think you are, anyway? We're the motherfucking job creators Bucky, so you better check yourself and get back to your little hole and do some coding or sysadmin-ing or whatever it is you do. There's a reason I'm getting the big bucks and you're getting the increased co-pays and that reason is "I know what's what and you know jack shit."
Now close the door on the way out. I'm glad we had this little talk. And if I hear that you even whispered the word "union" I'm going to put my size 11 cordovan brogue ($370 at Nordstroms) up your bony ass.
You are welcome on my lawn.
"For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either"
OK, you're not demanding support ... good.
"It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing"
Hmm, that kind of sounds like you want support actually. Make up your mind!
departments who see no middle ground between "100% supported" and "not on my network ever".
Because there is no middle ground.
If we help you out of the kindness of our hearts once, you will never. ever. let us forget that.
CIO's CTO's and IT and tech managers are idiots that do not know their jobs.
You buy Enterprise Drives for a Raid 50, not freaking WD green drives on sale. and no a linksys router will NOT work for the sales office across town. but then I get headhunted regularly because of my rep and skill-set, so I can tell a manager that he is a "moron" for even thinking of using consumer grade. Getting fired is not a fear I have.
As the guy in IT, let me ask this:
Why do I have to support your purchase? I don't get input into buying it, why should IT have to support it? How do I control your phone? How do I know you have a good password to lock it or even do you lock it? How do I remote wipe the phone if it gets stolen or you leave the company? How do I know it is encrypted? Does it even have encryption? How do I control what goes on the phone? How do I block certain apps on the phone? How do I keep the phone from talking to other devices that IT does not own nor support?
The list goes on and on. It's not about you buying something, it's about control, protecting company property and keeping out people we don't want in our networks.
Linux O Muerte!
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone.
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
But not like support support it, just help solve any problems with it.
THAT is why so many IT departments have an all or nothing policy. They know what the road to hell looks like.
I don't expect you do this for every crazy piece of hardware out there...
Just the ones that *I* like.
You'll get a lot further if you appear to mean it when you say you'll support yourself if they'll just not actively ban the device.
not difficult at all, iphone supports exchange perfectly.
Do not look at laser with remaining good eye.
Er...why? Yes, I'm totally serious with the question. I get you want business function, utility, help from "IT". But... that's not only not part of our job, but *not* doing it is is often part of our job. And when at an organization where such...process is not an active part of our job, that mere question often indicates you shouldn't be helped anyway.
At a large, managed organization, your mere question likely indicates a lack of:
a) knowledge of policy
b) respect of policy
c) desire to comply with policy
d) basic competence or understanding of the task you're requesting.
In a small, unmanaged organization, or many places that SAS it out to Google or third party providers... well...
It's email....
1) It's not rocket science. If you were competent enough to not be wasting a high school kid's time, you would have figured it out
2) See item #1.
3) If for some reason you can't look in outlook/thunderbird/whatever to figure out #1, that means I've locked your desktop down specially. This means you're a problem user, and I hate you. If you're the reason I have to implement a group policy for a small business, the only time you're getting help is when it's an actual problem, or your boss asks me to fix it.
If you don't know what the SMTP server is, whether it authenticates in plain or hash or whatever...whether you use POP3 or IMAP... That's fine. Check the outlook settings. If you don't look to do that, or can't translate back and forth with a quick read of wikipedia...then you aren't competent enough to configure a device or use it safely on the network without babysitting. In fact, the mere question makes you a candidate to have your desktop locked down further and schedule an extra scan or one of the newer licensed versions of the antivirus if my organization can afford it. Because chances are *YOU* are the guy that has limewire on the desktop, or downloaded a cracked version of office 2003 because you didn't like 2007/2010.
Now, if the network is *already* locked down, and you don't know how to get the iphone to sign the email with the PKCS12 certificate, and authenticate to the server using the domain key... Well, allright... we can talk.
And you know, maybe it's possible that we don't want the iphone on the network. At all. Ever. Period. Maybe that's because we know that apple configured the iphone to lie about its capabilities to the exchange server in order to gain access, and we have determined that is absolutely a liability if it ever touches that confidential email in our industry.
Now, I'll admit... you're on /. there's...a chance...you're actually competent. Please make a request to IT indicating what type of help you need. In between the budget and staff cuts of the past decade, the hundreds of hours we're spending rewriting and updating existing documentation, outsourcing hardware maintenance, consolidating costs in the cloud, and justifying our existence to some C level goon (who probably has a different appliance than you that he absolutely *MUST* get on the network and will require implementing HIPPA breaching exceptions that will than have to be carefully documented, updated and cause a cascade of rewrites). Maybe somebody will already have your device and give you a hand.
Yes, I'm *that* IT guy. I don't help users because users cause problems. Project Managers bring requirements that are met.
Come on, mod me troll for thinking it's ridiculous that you can't set up email on a basic device without "IT folks" as a babysitter.
I'm just surprised the GP didn't include something like iOS not multitasking, as well :P
-- This space for lease, low setup fee, inquire within!
You want to run the thing, you want it to be yours, but you want someone to bail you out if you can't make it work. That is the nightmare IT scenario. That is the one that sucks tons of time from the group: When users want to run their own devices in their own way, but want IT to fix it when there's a problem.
Now I should say such a situation would be feasible, but only if you are willing to hire a bunch more IT people. Have a large enough group and sure, you can have people to do all the hand holding as well as all the all the central functions expected (like making network and all the servers work, developing new custom apps, and so on). However in a typical IT environment where there are not many support people, hand holding takes time away from other tasks.
Basically if you want to use your toys that's fine, but don't expect IT to want to waste time on them. They are your devices, you deal with them.
In terms of the "not on my network" I don't usually support that idea but there are cases where it makes sense. Security is a concern with companies and if the management decides they want only approved devices on the network, well then that is what IT has to enforce. There are reasons for that too: User devices are the biggest source of problems easily. I work at a university and we do allow for personal laptops and other things on the network. 99.9% of the time when there's a virus or other issue, it is from one of them. Of course they bypass one of the layers of our security, our border firewall, since they come inside the network, which makes them a bit more dangerous.
To me wanting IT to support your personal devices is the same as wanting the motor pool to work on your personal car. It just isn't reasonable. Your stuff is yours to do with as you wish, but don't expect corporate support to help you out. They have other things on their plate.
ActiveSync... that's all you'll need to worry about.
-- This space for lease, low setup fee, inquire within!
Not to the support folk.
-- This space for lease, low setup fee, inquire within!
The GP has no idea what "support" means.
The PROBLEM is that every single person out there has the same attitude towards "support" that you do.
With you it is your iPhone.
With someone else it is something else.
A third person has a third product.
And pretty soon it is "every crazy piece of hardware" (and software and website and so forth).
The problem is that if IT provides 50% support for X ... there will be calls from people wanting help with something that falls on the other 50% of X. Eventually it is 100% support.
If you want that to change, then get a business case together and get management's approval and IT will get the additional funding / staffing / whatever to provide the support.
Otherwise, deal with it. IT is there to support the management approved users on the management approved software with the management approved hardware.
I'm a doctor. We use Motion LE1700 tablet PC's running Windows XP SP2 (no joke) for our EMR (electronic medical record). I saw a physician colleague running our EMR on his iPad2 and thought "wow". At first I didn't care. Then I thought of two ways that I could really take advantage of running EMR on my iPad2. So I asked our IT dept. They've always said, "we are happy to help you connect to the EMR on your home computer", but now I learn that they meant Wintel or Mac home PC, not iPad. I really have NO idea what you folks mean when you talk about some dividing line between "consumer tech" and "business tech". So go ahead, brow-beat-up the new guy, explain it to me! -- Josh PS FWIW, same organization has custom written an iOS app and given free iPod Touches to physicians to access hospital patient care data, so it's not like the organization does not realize the opportunities in leveraging personal "consumer" tech for business purposes.
Why do I have to support your purchase?
You're asking why you have to do your job?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
of course, security doesn't even enter your mind.
It may seem trivial to you, but can you guarantee that if you lose your phone someone won't be able to unlock it and use the attached services that you have hooked into? You haven't bypassed the exchange pin requirements somehow?
Can you guarantee your device does not contain malware of some kind?
Now, I will entertain the idea that modern IT people are not nearly as cleaver as 20 years ago. I mean, what do you need to know now a days, how to plug in a cable, randomly check GUI boxes, and say "Have you turned the computer off and on"? But then given the level of standards and integration between all equipment that exists, I can't really imagine that such support should be beyond the budgets and ability of even the most unqualified IT department.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
If you own it by simply informing someone of data, you're not handling it right. I've helped lots of people with different tools and made them know beforehand that I am doing this completely off-channel and this is totally unsupported, letting them know it's because I like them and want them to keep doing the work they do that I'm helping with what I can.
Usually, it's the stuff that they are blind to behind the scenes such as firewalls, server configurations, or just not knowing certain piece of information needed to configure the device like the imap server/etc/etc.
I personally physically despise people that work in the black-and-white narrow passages method. It sickens me.
-- This space for lease, low setup fee, inquire within!
So, what is IT's recourse if you bypass the pin and other security requirements?
OK... here's some perspective from the other side of the fence.
I'm an electrical engineer at a fairly large company. The way I see it, IT exists to support the other departments. Now, there's a lot involved in that, and I recognize that keeping it secure and reliable is a big and oft-unappreciated part of their job. If the "business grade" stuff isn't cutting it and an engineer can justify that something else makes his or job faster or easier, then there's a damned good reason to listen. Now, some requests are completely unjustified and maybe those should get denied. Most of the time, things hint at a bigger problem though. When somebody complains or comes up with a consumer tech that's better, what's the real problem? Assume something mundane like a request for an external drive. Does this mean network access is unacceptably slow? Is the local storage insufficient? Is this engineer the asshole that's dumping 200 GB of simulation data a day and bringing your network to its knees? If you don't want to support the external drive, maybe there's something else you can do. The list could go on and on and on.
If you get a request to support consumer tech, figure out why it's wanted and work from there.
This has been the IT Challenge since VisiCalc sold Apple ][s.
If you want to have a bitch session about it, I'm not entirely without sympathy. Just don't let it blind you from forming real strategies to meet the challenge.
Maybe I got lucky. I got to watch our Burroughs mainframe high priests do nothing but bitch while the workers gave up on them and bought and tended their own DOS boxes. In a very few years those priests were gone. It was a sharp lesson. You've got to deliver what your internal clients want, or you're history.
iPhones fully support exchange activesync, with remote wipe and everything.
In the mail settings, you add an account, and tap the first mail type in the list "Exchange"
Feed it your email address, then password. Done.
It uses the encrypted outlook web api (Same as the web app in a browser would over https) so works on the internal wifi as well as outside on 3G.
Employees are warned about the remote wipe feature, both in the employee handbook and directly when I'm asked if they can get their mail on their phone.
Users can even log in to web mail and perform the remote wipe and remote password reset features on their own, including from home, and most importantly whenever they need it.
Otherwise it has been one of the more simple non-windows devices I've had to support on a windows network. :P
I come from a Linux/Mac background as well, which doesn't translate the best to running a windows domain. I'm the reverse equivlant of the ditsy windows admin installing x11 and gnome on all the servers so he can remote admin them
The less I have to do to dig deeper into the windows world, the better.
Most android devices are basically as easy, but usually also ask for a username instead of extracting it from the email address for the first try.
Only two people with android ever had mail problems, both solved by removing and re-adding the mail server entry.
I'm just thankful the CEO is no longer using that blackberry... BES was hell!
Itunes is definitely an application, what is your point?
From another IT guy, I have to say that people get indignant when we tell them that we don't support personally owned devices. Why should I support something you bought for yourself? Personal means that YOU bought it with YOUR money, not work money. Go find yourself a tech person that YOU pay to troubleshoot your problems. Don't ask me to fix YOUR PERSONAL device on company time.
not exactly...
What if there are security or protocol requirements for accessing my network or my apps that your phone does not support or are easily bypassed on it? How can I support that?
What if your phone requires some hotspot technology that I do not have?
Blackberry was able to get away with this by having enterprise level security and good outlook integration -Android and iPhone -probably not.
IT depts sign off on things that they know will work with existing infrastructure or with the expectation that there will be budget to add the necessary pieces -this bypasses that process and puts IT in a difficult position -esp when some exec decides they want to use their latest toy....
I'm just sayin'
i would think his management would object to somebody classifying his job as supporting random devices people buy. and no, he's not a free tech support for any crap product you decide to bring in.
Rich
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
Now answer the GP's questions
User support is an important issue, but the least of the issues that IT faces.
Agreed, there is no middle ground between "100% supported" and "not on my network ever". That's because putting a foreign device on a corporate network is not putting it "a little bit" on the network. We have no control over the device, no idea what it might do.
Now, there are ways to safely support foreign devices, by sequestering them onto a dedicated network for example, which also necessitates effective practices for locking them out of the standard network. But that takes a degree of care in policy, design, and implementation for which many organizations are simply not resourced. So good organizations say "no". Mediocre organizations say "whatever". Guess which ones get hacked more often? Guess who's in trouble when that happens?
Parity: What to do when the weekend comes.
Why do I have to support your purchase?
You're asking why you have to do your job?
Sorry, but how is supporting your personal mobile phone, a job for your company's IT department?
IT support works best when they maintain core systems adhering to open standards. That way they can supply mainstream users with standard devices/environments, while still allowing sophisticated users to connect and get their work done. Part of the deal can be that sophisticated users provide their own support for their environments.
For example, while secretaries may be best served by running Windows, it often makes good business sense for dev teams to work on their target environment. A good dev team won't have any problem supporting themselves so long as the infrastructure is solid.
A special class of user is the early adopter. Befriend these people because they are investing time in experimenting with new tech, some of which will become mainstream (and some of which is passing fad). So long as you insist on them supporting their own crazy experiments, their efforts are a net win. For instance, early adopters seem to have worked out that iPads will be the mainstream winner out of the tablet field. That's a whole lot of research and evaluation that IT doesn't have to do.
What about security? I think this is often used as an excuse for trying to (quixotically) maintain some kind of status quo. Of course security is important. Appropriate policies should be enforce by core systems, with the assumption that pretty much all mobile devices are insecure. For instance, there's usually no need for a lawyer's iPad to access the central source code repository, and this is trivial to enforce without descending into a subjective argument about which mobile devices are less secure. They all suck.
The big picture is that the way we live and work is changing. People carry lots of powerful mobile devices, and work and leisure are ever more intertwined. Good IT people will work out a way to support their customers. The rest will go the way of the mainframe operator.
How it actually tends to go down:
IT Guy: "Errrr you can bring that consumer toy (iPhone) into my environment... they don't work with corporate e-mail."
Senior Executive: "So what your telling me is that your skill sets are outdated and I should consider replacing you with someone that is more in tune with more modern technologies and able to make this work."
IT Guy: "Ummmmm....."
Senior Executive: "Yeah, that's what I thought. I'll bring my iPhone down tomorrow morning. I trust you'll be happy to setup our Exchange server on my phone so I can stop carrying around two devices."
IT Guy: "OK". (walks away... tail between legs)
Assuming we're going with the GP post's question RE an iPhone my answers to your questions would be as follows:
1. The Managing Director bought it because he got annoyed about the blackberry outage.
2. Sadly the Managing Director controls your budget, ergo he says what you do and don't support.
3. It's an iPhone, it supports ActiveSync and provisioning profiles but you should know this already, given you read slashdot.
4. Because you set the policy on the exchange server to require good passwords on all devices connecting via ActiveSync. If you don't know this you really shouldn't be administrating an exchange server.
5. See point 3.
6. You know it's encrypted because you googled iPhones and know that the any iPhone 3GS or above has encrypted memory. Thus why wiping is so quick, it just deletes the encryption key.
7. See answer 6.
8. See answer 3. Provisioning profiles.
9. See answer 3. Provisioning profiles.
10. Private VLAN it and employ port and wireless isolation.
You've not given any questions here that you should even be asking users apart from questions 1 and 2 which are legit questions. The rest are stuff where you do the research and tell them the answer.
"Business Grade" = Locked down windows xp system featuring a "managed" internet explorer suite
Sure, I'll help you by also enabling a controlled password lock, and you will allow me to remote wipe your device when you get laid off. I've no problem supporting you, but it the process and procedures and protocols are in place to mitigate data loss, sorry - your not getting WORK email on your iDevice unless it's company supported, and I put *IT* control on it. Fair?
ummm... you might want to read the parent's post again
Here is the problem with some businesses. They treat IT like it's fast food. There is also a certain race of people (I have worked for 2 companies and they think the same thing, I am trying to leave the one I am with now) who think they can run business systems until the wheels fall off and then pin the hopes on their IT professional who has everything in his head and nothing written down except IP addresses. I managed to walk into a ball of bailing wire and a 1 and half hour pass down of 4 years of knowledge. Awesome!
They overwork their IT person with wearing all hats and then they wonder why he left. He is lucky if he can take long weekend vacation without someone calling him or something failing Sunday morning at 3:00am. 2 week vacation? Out of the question!
I work for a living, not live to work and to carry my laptop with me 24x7 is indicative that they don't or won't hire additional IT support or their systems are held together with duct tape and glue.
As I walked in the door the former desktop support guy is building an off the shelf server with an ASUS motherboard that probably has had it's last run of 5k of them manufactured. I sure hope I am out of there when that thing fails because the chances to getting that same motherboard is nill to none.
Running a company on off the shelf components is dangerous and stupid and if you work for a company who does that sort of thing then you should prepare to walk.
Having current support contracts on all your gear is super important, its' cheap insurance and well worth the price you pay for it.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either. At a basic level, I expect my IT department to not *actively* disallow use of such technology, which is what I see all the time, departments who see no middle ground between "100% supported" and "not on my network ever". It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
I hate to break it to you, but whenever you allow something on your network, users will, from that moment on assume that you take full responsibility for their equipment. I've seen it many times. It happens on my network on a regular basis. Even if you don't demand supportability for *all* devices, company owned or not, from your IT people, a large contingent of users do just that. At most companies, as soon as IT says, "okay, you can use 'X'" IT is forever responsible for making it work. period.
No, no, you're not thinking; you're just being logical. --Niels Bohr
in my experience end users generally only know what they need to do get the task done. They have very little troubleshooting experience or expertise. You may have made them aware there is a firewall, but once you help them they will keep coming back to you whenever there is an issue and often assume it has to do with the "firewall" or the "router" when it could be something completely unrelated.
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices (although the new outlook webmail is pretty decent) The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
cf. Good Technologies
just sayin'
No, no, you're not thinking; you're just being logical. --Niels Bohr
The "good organizations" get hacked because the sales guy opened the malware-laden site he was sent in his phishing email, while you were yelling at the engineer for using a personal laptop.
I feel your pain, I used to work in Education IT back in the day. I'm assuming you must be running unmanaged switches? If there is ONE investment I must plead with you to get your boss to make this year, it is for a couple of decent managed switches. Pupil wires two network ports together? No problem Spanning Tree Protocol turns off the ports. Rogue device connected to the network? No problem it goes on the port isolated private VLAN'd quarantine network because you have RADIUS server authenticating devices. Rogue DHCP server? No problem all packets are dropped at the switch. Plus all errors at the switch can be sent to a syslog console so that you know that something's up even if you've not been called. The time it will save you if done right, especially on a large site is amazing. Plus you can put the curriculum and admin networks on the same switch VLAN them and control what passes between them with a firewall.
We got in front of the iDevice train, followed by the Android train..... 99% of our people requested email access, not problem. We're still a Groupwise shop, it was a simple matter to stand up a Novell Datasync server and provide all them with calendar and email access on iDevices and Android. We'll even put a bullet in their phone if they lose it. Our restriction? pin code instead of swipe to open and the agreement that when they leave our employ we will be sending the bullet out to their phone and they will need to reconnect it to their pc (iDevice) or go through the registration process (Android) to get use of it again. We don't allow personal devices on our core network, but we do provide a wireless access ( low bandwidth, no access to the core network) to these devices. We may actually sponsor iPads someday for certain users AND we do give them the option of a blackberry or iphone if they are issued work cell phones.
~corporate tool, but employed~
That's always how it starts.
That's never how it ends unless you can drop a really heavy cluebat on their head.
My network... My apps...
You apparently think you own the network and apps. IT simply exists to serve the business when it stops doing that and everything is a battle it's time to outsource I google apps.
I can't get work email on my iPhone. It's too hard to support! Really it seems pretty easy for the average user to support their personal email on their phone all by themselves.
Seriously you sound like a power hunger loser.
No, because in a "good organization" the sales guy is running on a workstation that doesn't allow ordinary users to install software, among other things. And support staff were not busy yelling at the engineer for using a personal laptop because they don't have to. He finds that he can't get on the corporate network with it.
How do I know this? Because I've been advising organizations about secure system design for the past 20 years. Before that, I spent 15 years writing operating systems. So I've had a bit of experience watching other people's designs break while mine don't. What's your background?
Parity: What to do when the weekend comes.
I get that you may despise people who are sticklers about the rules, but consider what a typical IT staffer is going to be faced with. The typical "random device" user is going to say "Hey, Mr. IT guy, I want to hook my up to email. Any problems?"
Let's say I say, "Not really. Point it here and you're good." Let's even suppose further that I say "By the way, we don't support your . If it goes haywire, it's like this conversation never happened."
I'm still going to hear about it when something happens. It is still going to eat bandwidth in my day as I am rolling out a patch which also happens to sever the connection to s because they are incompatible with this patch. I am still going to have to reply to his email, even to say 'Nope.' Even to hit delete.
That's just personal inconvenience. On top of that and frankly of far more concern are the possible problems that may crop up because that device is connected to company resources. If it happens that some bizarre interaction between and a company server causes downtime or data loss, it's not the end user that's likely to get grilled, it's going to be the IT guy who let him connect his unapproved to the company network in the first place.
You could have refuted his post without the childish 'hater' comments and you wouldn't have looked so immature but you appear so quick on the 'defend apple' button that you didn't read what he wrote. It seems pretty obvious that it is about having to go through apple, not about itunes, where itunes is simply how you go through apple. Getting rid of itunes doesn't mean you don't go through apple anymore. Not saying he's right in his criticism about going through apple or how valid that is, i don't know about that, but in your haste to defend apple you've completely misunderstood his post and your 'hater' comments make you look even more the fool.
You also cannot install any App from the App Store without an iTunes account (that includes FREE apps). Not that it matters because it's easy enough to sign-up for a free itunes account (even without a credit card) but I just wanted to mention it for completeness sake.
So post the goddamned requirements! Give us the damned precious requirements *in writing* so that you cannot weasle out. WTF! I'm in Operations and we want to get WORK DONE... not whine all day about actually having to do work. All IT has ever done at our company is get IN THE WAY of progress. A useless load of bloody loonies that will be the first against the wall when the revolution comes. Security may not be a dirty word - but it also shouldn't become an excuse not to implement anything save the most benign (and useless) configurations of 10 year old tech.
Sorry... not directed at you personally.
If the pollicy is so clear then what's the conflict?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
If, for example, fifty people in your shop have iPhones, and would like to use them with your corporate e-mail, the most time effective solution is to (yes) learn how to do that effectively, and then WRITE IT UP IN CLEAR, STEP BY STEP ENGLISH so that people can do it themselves.
Or you can rant and rave, refuse to help, and wind up with half of those people either having e-mail that doesn't work, e-mail setups that conflict with your sacred servers, or, if you're REALLY lucky, phones with downloaded apps that actually do some damage.
Three Squirrels
To play devil's advocate, if you bring in an unsupported device and start to conduct business on it, then it fails at a critical time, where does that leave everyone? And while you might be very tech savvy, the lady down the hall might decide she wants a shiny new iPhone too, but she still thinks the mouse is a foot pedal. Do I tell her "no sorry Mr McGibby is pretty sharp so he can have an iPhone, but you're a dimwit so you're not alllowed" ?
iOS and Android devices are supported on Lotus Domino/Notes using the free add-on, IBM Lotus Traveler. Lotus Traveler essentially uses EAS for email, contacts, calendar on iOS and Android. There's actually an app on iTunes for Lotus Traveler at: http://itunes.apple.com/us/app/ibm-lotus-notes-traveler-companion/id346633404?mt=8
The Lotus webmail client is also pretty good.
Then you change your apps and network to support the phone.
You really are new to this aren't you?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Apple now supports Mobile Device Management platforms (Air-Watch is my favorite, MobileIron is also popular, but more expensive) that allow easy end-user provisioning, think of something along the lines of Enterprise Activation using Blackberry Enterprise Server. It also allows a significant amount of control over the device, like what apps can be installed, password requirements, remote lock/wipe, etc.
As far as bulk purchasing apps, Apple now has the "Volume Purchasing Program" that makes it easy to buy multiple copies of each App. Basically you go buy X copies of the app, you're given X download codes, you distribute those to your iOS device users and they use them to purchase the app.
Regarding encryption, iOS devices are also encrypted with 256bit AES hardware encryption (warning, that's a PDF - see page 3). To be honest with the tools available today it's not very difficult to manage Android and especially iOS devices.
The nightmare for me is when the Chief Executive Officer spots some new "toy" and wants it to work seamlessly in the corporate environment. The CEO has the weight to throw around to make it happen - then their administrative assistant needs to have the same new "toy," but it has to synch with the CEO's toy... Instant insomnia!
Years ago the kit you used at work was faster, better and more powerful than your home consumer devices. Today it's the reverse and what you are forced to use at work is totally crappy next to what you have at home. Thus consumerization of IT is necessary to even get your own work done.
Or to put it more simply, my companies OS is XP with Office 2003.
-Xen
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
my network
Guessing it's not your network - it exists for the purposes of the business, which may include accessing corporate email from personal devices.
I'm just sayin'
It's not that it's not easy to support, it's not that it's not easy to configure--the problem comes in with who actually owns the data and where that data goes. With your iPhone, you have access to resources even after you're fired that you should no longer have access to. There's data and information on your phone that does not belong to you that belongs to the company.
But since it's your phone you surely aren't going to let the company wipe your phone and wipe your iPhone backups, are you? Of course not.
And this is where the problem comes in.
For more secure configurations (and if you do anything with user financial data or medical records, as well as anything government) you tend to have to follow a strict policy for encryption and security of that data. Every single one of the laptops and desktops on the government network that we support is encrypted. It's a bitch for us in IT to have to handle at times, but it works.
Throw in some FIPS requirements and there again goes your iPhone.
No. The job of IT is to keep things running smoothly. Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase one and IT should be required to support it as if it were a product they researched and decided to use themselves.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Perhaps we can keep 'power users' (in my world they're typically loud, clueless but often influential...) happy by allowing them to use any old crap so long as they connect to a standard environment using some form of remote desktop software, (for example Real VNC has an IOS viewer, other options are possible). The environment could offer a subset of applications deemed OK for mobile devices.
I've had the experience of saying NO WAY and being told that "Bob isn't happy with being told NO so we need to move XYZ thing into the DMZ so he can see the figures from his iPad at home", a whole other world of pain! Offering an alternative limited interaction between the iCrap and corporate systems is typically easier to sell than a straight NO.
He didn't write apple makes you go through itunes. . .read what he wrote, and respond to it, not your strawman (though icloud still doesn't really work).
As a guy not in IT:
Becuase us users resent your petty fiefdoms. Its 2011 now, the technology exists.
I'll see your hokum and raise you a boondoggle.
I have a methodology. It involves wiping the included consumer-grade software and replacing it with open source. Anything less is just asking for a world of pain. (Unfortunately learned through experience)
"I assumed blithely that there were no elves out there in the darkness"
I have a word of wisdom for you:
-Instead of thinking IT "gets in the way", you should put together what it is you want to do on the network and the systems and propose it to IT. If you're a decently sized company I also hope you have a Security guru within the company as well. Sometimes this is one and the same with IT, depends on the structure.
-Propose your change to IT to see if it's something they are going to have to support. Chances are if it's on the network, IT is going to have to support in some way--whether it be server infrastructure or application support. If it's something IT is going to get called about at 2AM that's down that you stood up, the IT department has every right to control that network.
I actually work in a shop where we in IT keep a very hands off approach and believe me it's a nightmare. It's a nightmare to support and it's a nightmare from a security perspective. I'm actually working a plan in order to bring it back into IT's hands so we can at least handle what's going on. We recently had a security audit done and believe me--it wasn't pretty.
-Trust IT that they know what they're talking about, generally. Not every IT guy is a guru at what they do, but trust that they have to handle not only what you're doing but *everyone else* as well. Every piece of software that every middle manager throws on their systems and think they're someone important because they have "manager" in their title. IT does not report to you; and for the most part the only real answer they need to give you with $special_application is that it's nothing on the network that would prevent it from working.
IT is also not usually consulted on projects but typically asked to stand servers up. As another example, we've got 10 year old Sun server hardware (long since EOL) that's supporting some developer applications. IT had pretty much no say in the matter at the time as far as this hardware is concerned, but guess who gets e-mails and phone calls when the hardware goes down? I've now had to replace multiple fans by gutting un-used systems. They're going to really go to shit when something more serious dies, such as a disk controller--and they lose everything.
The above situation is exactly the situation that happens when IT doesn't have control over the environment. This is why we try ot push for it.
As an FYI, the solution to the aforementioned Sun server problem is IT pulling in some new hardware with RHEL6 and configuring it for the developers to replace the aging Sun boxes (so they can install Oracle) and go from there. We're also pulling it under IT's banner as an essential service for 8x5 support. We're procuring licensing, books, training, and support contracts.
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
I don't buy into the marketing hype. I did something which may be alien to you. I *implemented* it. And not by my choice either.
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many quirks and doesn't always work. However, it does, substantially, what my organization needs it to do.
So stop talking out of your ass. You're stinking up the place. Have a nice day!
No, no, you're not thinking; you're just being logical. --Niels Bohr
Like many intelligent folks, you've missed the point.
Your assertion, that a competent admin with a complement of appropriately selected hardware and software could safely allow a great many consumerish devices on his network relatively safely, is totally correct. But misses the point that 1) Not all companies will spend the money for appropriate switching, firewall, and security tools such that an admin can accomplish these goals. Because, regardless of skill level if the device doesn't do it, it doesn't do it. and 2) That the added workload on your already overworked admin (who, if he's still employed, is probably on a much smaller team than he used to be, or all alone) might be enough that the company HAS to add another administrator, which means the company is incurring a massive expense for additional personnel in a down-economy solely so the special snowflake crybabies can look at fucking Facebook using your WiFi on their plastic penis-extenders..
What business benefit do we get from working through these machinations for our users? And BUSINESS BENEFIT means measurable, quantifiable contribution to PROFIT. Not .commer b.s. about feelings: MONEY. How does my company benefit from Special Snowflake's iPadroidreo in a way that it couldn't (more cheaply) by buying same user a standardized mobile device?
Who did what now?
Not at all. Supporting whatever crap you bring to the office isn't in my job description.
Here is what happens when IT meets consumer tech.
My new iPhone has built in email contacts and calendar. I point it at our exchange server and give it my password and it "just works". "Well holy shit", says the IT dept, "that just won't do". "We can't have users looking after themselves" So they tell me I need to get "Good" mail. First I have to buy a license to use it, and then they dick around a week getting it to work. Now my email is "secure", because we just can't run the risk of the KGB finding out when I'm having lunch next Thursday, or how many meters of #6 cable we buried last week. How is this better you say? I'll tell you. Before Good, my phone would go ding, I would look at the screen and see "Meeting with Fred, 11:30, big boardroom". Now I get a ding, and my screen says "Event!" I unlock my phone, I open the Good app. I enter my Good password. I wait 30 seconds while things are decrypting. Finally the app opens fully. I push the button for calendar and see "Meeting with Fred, 11:30, big boardroom. The entire process now takes 45 seconds, where it used to take 0 seconds.
The badge for unread emails used to tell me how many unread emails I had. Now with Good mail, it increments with every new mail received. Then if I read the email on the computer, it increments again. Yes, that's right. If I receive 5 mails and read them on my computer my phone now says I have 10 unread mails. (Apparently it is not our IT dept's fault that this "Good mail app" they have forced on me sucks so bad. It's all Apples fault, just ask our IT guys, they'll tell you.)
Trust me when I tell you this: having worked at a company where they actively tried to lock out foreign devices from their network, I can assure you that it is impossible for you to lock foreign devices out of a network, either wired OR wireless.
Whether you like it or not, eventually you will have foreign devices on your network. You can figure out how to deal with that problem and work with users, or you can keep trying to push water up a hill in telling them no. I can tell you which solution works better, but I bet you can figure it out.
IPhone aside its not exactly easy for IT to be *helpful* because with all due respect you are usually as ignorant about what has to happen for your phone to send and receive mail as we are about the production planning, currency trading, contract management, or whatever it is you do.
You say, how do set up mail on my [A-z]*[0-9]?.?\? I ask well does it use IMAP, POP, what authentication methods for SMTP does it support and can TLS for any of those? You usually answer with a blank stare, and suggest we could look at the manual after a few moments. Next we have to make services available and run gateways our *supported* might not need.
So what it often comes down to is you are really asking IT to figure it out and make it work. There often is no middle ground. Mix security considerations in and that tiny middle ground gets even smaller. Can the storage on your device by encrypted? Was it when you lost it; because you have customer information in some of those e-mails you reading there. Do you even inform me if you lose it? See I might need to be able show some supporting evidence to avoid disclosure requirements but your device does not report compliance information to me, so now what?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Disable your Activesync access and/or wipe your device.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Why do I have to support your purchase?
You're asking why you have to do your job?
Sorry, but how is supporting your personal mobile phone, a job for your company's IT department?
How is that Academia has no problem supporting any OS and any device on their networks but Enterprise cannot?
You keep using that word "my" in front of nouns like network and apps. I don't think that word means what you think it means.
iPhones fully support exchange activesync, with remote wipe and everything.
In the mail settings, you add an account, and tap the first mail type in the list "Exchange"
Feed it your email address, then password. Done.
It uses the encrypted outlook web api (Same as the web app in a browser would over https) so works on the internal wifi as well as outside on 3G.
Employees are warned about the remote wipe feature, both in the employee handbook and directly when I'm asked if they can get their mail on their phone.
Users can even log in to web mail and perform the remote wipe and remote password reset features on their own, including from home, and most importantly whenever they need it.
Otherwise it has been one of the more simple non-windows devices I've had to support on a windows network. :P
I come from a Linux/Mac background as well, which doesn't translate the best to running a windows domain. I'm the reverse equivlant of the ditsy windows admin installing x11 and gnome on all the servers so he can remote admin them
The less I have to do to dig deeper into the windows world, the better.
Most android devices are basically as easy, but usually also ask for a username instead of extracting it from the email address for the first try.
Only two people with android ever had mail problems, both solved by removing and re-adding the mail server entry.
I'm just thankful the CEO is no longer using that blackberry... BES was hell!
I hear you about the BES. We implement a policy where our employees bring their own phone and those that qualify get a reimbursement for the data portion of their plan. Our CEO had transitioned her iphone over to the new policy and no less than a few days later our blackberry server raid controller died. Thank God we finally got rid of that server.
Why can't you say 'no'?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Well you are doing either yourself of them a disservice and its going to bite one of you one day. What happens when that person has some critical business on that and something goes wrong while you are on vacation? Nobody else knows how to help them; they wind up embarrassed in front of client? What happens when some sort of upgrade or change is made by another group within IT, that breaks it. Its not like it was on any test plan or documented so that is very likely in most shops I have worked in, you coworkers don't know about it and won't therefore think about it.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You are a dinosaur.
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
No, you wouldn't. You see, there's a certain underlying reality here that you're in conflict with: When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently." Guess what? In the eyes of the people paying your paycheck, those dudes win. Your job is to supply data to them and you know damn good and well you'd hook them up and then go back to browsing Slashdot and posting fun little short stories about what you'd do in an alternate dimension where you actually had any authority to tell anybody to fuck off. Your problem is *not* gadget happy employees.
Now answer the GP's questions
I did. But I guess I have to explain something that's actually really really obvious. If supporting all these devices has a measurable impact on the bottom line, you make the case and get a policy set. You nail a sign to your door that says "We will not hook up your iPad." If you can't make the case, then your job isn't going to be as easy as you'd like. Boo hoo.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Why do I have to support your purchase? I don't get input into buying it, why should IT have to support it? How do I control your phone? How do I know you have a good password to lock it or even do you lock it? How do I remote wipe the phone if it gets stolen or you leave the company? How do I know it is encrypted? Does it even have encryption? How do I control what goes on the phone? How do I block certain apps on the phone? How do I keep the phone from talking to other devices that IT does not own nor support?
Unless you start to realise you're a cost centre and exist to serve profit centres, you're going to find you're surplus to requirements before much longer.
I was just talking about this to a friend of mine yesterday. I've been a "customer engineer" for most of the last 47 years. Back in the age of mainframes and minicomputers businesses understood that it took training and organization to install, maintain, and program their computers, but they started losing sight of the complexity involved in good systems design and analysis when the computer started looking about the same size as their typewriter. Now phones (which are really just smaller computers) are the same size as their old walkman. Consumers can't seem to understand that computers are multi-function machines with millions of interconnecting parts (if you include the OS and applications). Assuming you had a big open building with millions of parts and subassemblies that needed setup to perform specified tasks, and most businesses would understand the need for a small army of well-trained technicians to do the setups and maintenance.
So, in my area, a lot of small businesses have sprung up offering computer maintenance for $35/hr. These businesses are capable of handling about 70% of all the normal maintenance on a computer, but then, so is anyone who can read a manual or call tech support. Then they get assigned a project over their heads, take the customer's money until it is very obvious that they can't do the job, and then walk away. The customer calls me and gets pissed off because I charge $110/hr instead of $35/hr and successfully clean up the mess left by the other "geek". And when the next computer problems show up do they call a competent tech? No, they go right back to calling some half-trained moron who only charges $35/hr. Business is full of slow learners.
The bottom line is that many of the businesses out there are not designing their business processes, they are acquiring "business technology" by "jumping to solutions" without a plan. The "business-in-a-box" approach has never worked right. Most small businesses fail within the first five years, not becasuse their tools aren't adequate, but because their business decisions are inadequate. The technology decisions are just a part of the same lack of business smarts.
"The mind works quicker than you think!"
Of course there is a little bit on the network, it's called a DMZ and firewall policies! All personal device can do on my network is talk to the Exchange server, access the internet, and talk to my Citrix servers. If you have a corporate supported device we install an MDM on it, lock down the apps that are installable, and install a VPN client if you have a need to access more than that (most do not since between Exchange access and salesforce access 90% of our mobile users needs are met). If your personal device has problems accessing on of the standard interface points we will provide best effort support and then tell you to use your corporate supported asset if we are unable to make it work. I know not all departments get quite that much support but since we support 99.9% of access methods and are fast and efficient at meeting all the other businesses needs we get some leeway.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
and not because I'm doing anything malicious
Spoken like a true narcissist.
Parity: What to do when the weekend comes.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase one and IT should be required to support it as if it were a product they researched and decided to use themselves.
Okay... so with the exception of the guy in the big chair, nobody can make you do anything you don't want to do. You don't "have" to support anything. It's just a big non-issue.
Ah, but it's not really like that, is it...
Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
... hah, yeah. So why is connecting to the company Exchange server 'neat'? It's because that obnoxious infestation of parasitic coworkers that are gobbling up your resources are being paid to do a job and sometimes it's worthwhile to buy a gadget to make it happen more efficiently. That's your job. Well, that is until you make the case to your superior to NOT support them. But once you've done that, you don't "have" to support them do ya?
So, when you go to work tomorrow, are you going to be hooking up iPads to the wireless network, or are you going to come up with an estimate of what it costs your company to support this and present that to your superiors so you can come up with a very clear policy so those twerps that do the work that pay your paycheck won't interrupt your web-browsing?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
My point is it doesn't require specialised equipment or deviation from what most would call best practice. Any office where you're worried about standardised mobile devices should already have a patch panel, managed switches, a real router and if they have wi-fi at all non-consumer grade wifi access points (cisco or similar). If you're too small to have/need managed switches and VLAN's frankly you're just playing at being "enterprise". Anyway, it is often easy to support them without allowing them onto the LAN, the server active sync needs to connect to is the usually same one that provides outlook web access and done on the same IIS instance.
Support specifically for the iPhone is simple, put all the settings into a readonly encrypted and signed provisioning profile which is only removable with a full device wipe or a password. It takes about an hour to write and properly test a provisioning profile, I'm excluding the time where you decide what your policy is because you should already have one. Any more support than that isn't my problem, check it's not server side and affecting everyone, get them to restore their device and if that fails send them to an apple store.
This isn't special snowflake, this is good for productivity and the psychology of this is obvious. Any mobile is a very personal thing and an employee using their preferred device is more likely to check their email more often and not turn the damn thing off and shove it in a drawer. They're also more likely to understand the device, it's productivity features and make use of them.
Also for the record, calling the managing director a special snowflake tends to get you fired. Senior staff are usually where these devices turn up first.
Actually Apple has support for mass provisioning. They have the entire Enterprise SDK and they features for Mac server management. But... it is a totally Apple centric solution and doesn't go beyond that in terms of melding with the rest of the infrastructure. If you were going to mass provision a bunch of smart phones:
-- Blackberry is excellent
-- Apple is good
-- Most android phone suck.
You could have refuted his post without the childish 'hater' comments
As if I would take post content advice from an AC seriously!
You are just sad because it was so on-target... do you honestly expect we all cannot tell who you really are?
The "Hater" tag is not childish, it's pointing out why otherwise rational intelligent people suddenly lose all mental faculties when trying to pin anything negative possible on Apple.
It seems pretty obvious that it is about having to go through apple, not about itunes, where itunes is simply how you go through apple.
The really trouble with you haters is that you think only one level deep, if that. Did you remember that this is a story about Apple devices in IT? Now remember class how we have all pointed out a million billion times in countless Slashdot stories on Apple how enterprises can distribute apps directly to devices - no iTunes, no Apple? So what does that make you in this followup post? Yes, very good, it does rhyme with "plum".
in your haste to defend apple you've completely misunderstood his post
I am not "defending Apple". In your HASTE to make that assumption, you failed to realize what I am really doing here is pointing out when people are being idiots and simply corrected badly outdated or simply wrong information. Which you had to make me do AGAIN. So thanks for that (hint: not really).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Supporting iPhone (or iPad for that matter) for corporate email might be difficult -I do not believe that there are Notes or Outlook mail apps for these devices
There's you problem right there.
Email != Outlook && Email != Notes.
Email == POP || Email == IMAP || Email == Exchange. And guess what the mail app on every iOS device supports...
read what he wrote, and respond to it,
I did already, my response is correct and valid criticism of what he was saying.
Remember this is a story about enterprise use of iOS devices - enterprise application distribution does not go through Apple, in any way. It gets installed from your company server directly to the device.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Who gets the blame for sensitive information being let loose upon the world? The user or the IT staff for not securing the device?
Way to completely miss the point. I don't suggest that IT should refuse to look beyond how things are currently done, that's obviously unhelpful. But letting the users decide what is and isn't supported turns into a free-for-all. If permitted, it will mean that anyone at all can buy a device, that IT knows nothing about and might not even play nicely with the existing infrastructure, and demand that they fix anything that goes wrong with it. In other words, it means that IT's job expands from "providing support for the devices that the company chooses to buy" to "providing support for anything under the sun which is vaguely technology-related".
IT has to serve the users, that is what it does. I have no arguments with that idea. But that doesn't mean letting the users make you their bitch, either.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
>> Why do I have to support your purchase? Because that's what you are paid to do. If you can't I can pretty soon find someone who will. It seems that many sysadmins see themselves as gatekeepers on "their" networks. The gatekeeping is usually related directly to the sysadmin's skillset and biases. The network is there to serve the business objectives of your employer. It is not there as an ego-prop, a career-path or a toy. Your employer is shelling out a wad of cash so he can have the services he thinks he needs. He's much better placed to decide what he wants than you are. If you had any business chops you'd be in a public-facing job and not skulking in your e-cave. Most sysadmins I have dealt with had no real idea of where the network fitted into the company plan and cared even less. Making it useful/usable for the user was the furthest thing from their minds. Making sure that they were irreplacable with minimal work was top priority.
Not everything that can be done should be done
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
If he is not one of the mainframe guys, and you think that a PC is an "enterprise" device, then yes. He is new to this. The complaints we hear are the exact same complaints we heard when PCs were introduced to the business desktop.
Unfortunately, many "fiefdoms" have to be compliant with standards and guidelines like PCI, HIPAA, and SOX. What attaches to the network and how it does so can affect our ability to pass an audit. If we don't pass, then our employer can suffer. Why we should take the chance of jeopardizing (as an example) our ability to accept credit cards just because someone wants to read their email on something besides a company-issued Blackberry?
Bane of my existence.
User: I can get 3 TB of storage for $500 with this Buffalo NAS from Newegg
Me: No. You want your data to play nice with our network. You can use our file servers or we'll configure one for you. It'll cost $1500.
User: I bought the NAS, can you help me set it up? It won't let my group access any other folder than Public and file transfer seems really slow.
Me: No. You bought it, you fix it. I am not your monkey.
Okay, so that last line is a bit of a pipe dream, but still. Consumer NAS's suck. That is all. Not opinion, but fact.
Which is why you disallow "simple" (aka 4 digit number) passwords in your provisioning profile. What Elcomsoft are doing is brute forcing the 4 digit password, which is protecting the rest of the keys, which you increase the keyspace by having a normal password the problem becomes intractable.
Yes, Notes has support for iOS. Lots of companies use Notes. Before people whine about how bad it is, it works exactly the same as exchange on an iOS device. They both just sync via ActiveSync.
If they would take their Asperger's meds, they would be easier to deal with.
If the company decides to corporately embrace a piece of technology, then IT is there to make it happen. IT is not there to respond to the whims of one user who wants to do things different than corporate policy. You might think your new iPhone or Mac or whatever is the cat's meow, but don't expect a whole lot of help getting it to work if there is already a coroporately endorsed way of doing it.
I frequently have to deal with all kinds of people bitching that some web app doesn't run correctly under Firefox or Chrome, or that OpenOffice can't read ms Excel spreadsheet, or they really want to play with Linux on their deskto . First, I have to reminder them not to install unauthorized software on the companies computers. Then I reminder them that a personal preference for a different browser or office suite doesn't mean we have to support it. They aren't getting paid to demo every piece of OSS they think might be better.
When an employee consistently bucks the system and it's a battle, that job gets outsourced to someone else.
...but once you help them they will keep coming back to you whenever there is an issue...
Awwwww - you have to deal with other human beings? Welcome to life. If it really is such a terrible burden, you could go hermit I suppose.
Or you could just suck it up and accept having end users. Part of those "other duties as assigned"
It's just another skill set to be developed.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
That is the most reasonable response posted yet.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
Sorry, but how is supporting your personal mobile phone, a job for your company's IT department?
All right, let me explain.
If having access to company email on my iPhone gets me working more efficiently, or if I can do work on the bus commute that I couldn't do before, then supporting my iPhone has a business justification and should be part of IT's job. It's that simple. I would hope that no one wants to make it easy to check their work mail just for shits and giggles. They ask because it's relevant to doing their job, and IT's job is to support the rest of the company doing their job.
Terrorist, bomb, al Qaeda, nuclear, yellowcake, kill, assassinate. Carnivore is dead... long live Echelon.
Probably not - but neither can IT :)
Your post is hilarious! "I don't expect you to support [my iPhone]"... and then in the next sentence "it would be nice if you could help me with email & fix any server related issues"
Oh... and if your [random device you demand to use] doesn't support remote wipe... risking the loss of corporate and/or customer data.. IT would be right in never letting it on their network. Your convenience isn't worth the loss of potentially critical information. Maybe you need a reminder of who signs your paycheck.
there is a middle ground. You can have separate networks, one that only allows Internet and corporate mail access and another that allows server access. you could support email access on any device that supports active sync, a help desk that can't connect an iPad, droid, or iPhone to a mail server is not help desk. You could limit your support to that, want to access an intranet application require a corporate desktop or server. VPN only for corporate laptops and so forth.
My job is to support what the company buys for you to use - not what you buy on your own.
Are you reading from an old data sheet?
http://developer.apple.com/library/ios/#featuredarticles/FA_Exchange_ActiveSync_and_iOS4_Devices/Introduction/Introduction.html
I guess you should find a less service-oriented position...like server engineering or devops.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either.
And then, only two sentences later:
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
That's the very definition of "support", and that extra "few minutes" times 50 users adds up quickly. And, like was mentioned before, you don't expect IT to... ahem, "be helpful", for every crazy piece of hardware... just yours.
When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently."
Yes, and they think that's the best way - but they're also not solution architects.
However, the IT guy isn't denying things for shits and giggles. His job is to make sure the entire infrastructure stays up, secure, and available to everyone.
If he allows every Tom, Dick, and VP of Marketing to connect their new shiny to the network without doing his due diligence, who do you think is going to have his balls in a vise when that device goes insane and screws with the infrastructure? Not the VP of Marketing, that's for damn sure.
It's a balance. Everyone wants their new shiny, but they can't always have it. The IT guy wants a simple monoculture, but he can't have that.
Go to a course that teaches them that "client-side security is no security at all" over and over until it sinks in?
And I say that as a pragmatist and sometime sysadmin.
Yes, because a server can stop someone from opening up sensitive email messages from a device that has bypassed the pin login requirement.
If only iOS supported Exchange/IMAP and had Enterprise Deployment guidelines.
Custom electronics and digital signage for your business: www.evcircuits.com
Is Apple the only firm that faces the challenges the TFA describes?
You could have refuted his post without the childish 'hater' comments
As if I would take post content advice from an AC seriously!
Why?
You are just sad because it was so on-target
Well actually his point wasn't about itunes yet that's what you attacked him for, so you obviously missed the point completely.
The "Hater" tag is not childish, it's pointing out why otherwise rational intelligent people suddenly lose all mental faculties when trying to pin anything negative possible on Apple.
Actually if you had the ability to rationally refute his post without getting so angry and worked up you wouldn't have to resort to name-calling, you obviously know plenty about apple's products and services that you would be able to give a fine rebuttal if you just slowed down, kept your anger in check and just thought about what he wrote rather than taking offence to his post.
The really trouble with you haters is that you think only one level deep, if that. Did you remember that this is a story about Apple devices in IT? Now remember class how we have all pointed out a million billion times in countless Slashdot stories on Apple how enterprises can distribute apps directly to devices - no iTunes, no Apple? So what does that make you in this followup post? Yes, very good, it does rhyme with "plum".
Oh no, not another failed attempt to read, i thought i made it quite clear i don't know enough about it to judge whether his point is valid or not, but again your anger has gotten the better of you, you've resorted to calling me a 'hater' and you didn't read:
Not saying he's right in his criticism about going through apple or how valid that is, i don't know about that
And how am I a 'hater'? I like apple, i have many of their products, they aren't perfect but i fail to see how anything i've said makes me a 'hater'.
This reminds me of the recent debate on Ken Hess's blog about whether businesses should accept or expect employees to buy devices to use at work/use their own devices at work. It is especially interesting how Ken (who championed the idea) clearly and decisivley lost the debate, and then tried to claim that his "bring/buy your own devices" theory is the winner!
Such a thing is unthinkable to me. If I buy something, it will be my choice, my device, and an employer will have no control over it whatsoever. Any device or equipment required to do my job will be provided by my employer, not by me.
Not to mention that such a thing would be an IT nightmare!
at my work, IT changed the name of the "help desk" to "service desk". because they didn't want to imply that they were providing help. The first step is to point people to a wiki - the "self-service desk".
-- Flame me and I will happily flame you back. Bring it!
As the guy in IT, let me ask this:
Why do I have to
support your purchase?
Well, in many places you don't. But how about supporting some basic
standard protocols so that other purchase can just work? (i.e. not
just MS only protocols, try... sshh.. open standards, they often just
work, but apparently MS is still sleeping with IT people since that is
the one only software that can exist on corporate networks. And, of
course, since everyone across large corporations have the same job
requirements and do exactly the same work, a specific version of MS OS
with one specific version of Outlook, word, powerpoint, and explorer
are all that anyone would possibly need and/or want at their job, no
matter what that job is.)
I don't get input into buying it, why should IT have to support
it?
Well, although I know better, I would generally think of IT as being
there to support and enable the employees to get their jobs done.
Heh, that's rich, I'm laughing so hard, I'm crying. I realize that
instead IT is trying to be an Olympic level sport that competes to
find new and better ways to make things not work for the rest of the
employees.
How do I control your phone? How do I know you have a good
password to lock it or even do you lock it?
Ah, the control freak nature of your questions may be a reflection of
this possibly. Yeah, you can't control every last thing. So yeah,
you have to make your system in large part basically useless to the
people that could actually use in order to control it.
How do I remote wipe the phone if it gets stolen or you leave
the company?
You aren't able to control everything. If that's your goal, you are
already failing.
How do I know it is encrypted? Does it even have
encryption?
You don't and, unfortunately, it probably doesn't
How do I control what goes on the phone?
Here's is the problem, if you can't let the phone connect to your
system without controlling everything about it, it may be you that has
the problem.
How do I block certain apps on the phone? How do I keep the
phone from talking to other devices that IT does not own nor
support?
The list goes on and on. It's not about you buying
something, it's about control, protecting company property and keeping
out people we don't want in our networks.
And keeping out people you don't want... yes, like the employees. You
know there is a much better way to control your network. It's
cheap. It's easy. And it'll keep those dirty users from fouling up
your clean, clean system.
Unplug everything, lock yourself in your panic closest and console
yourself with a sterilized glass of some osmosis filtered,
triple-distilled water.
I'd apologize for the rant, but IT has been particularly :)
cruel-with-head-up-MS this week. And no, I'm not bitter!
The point is, those devices are:1) badly documented. 2) require a lot of time for education. 3) require experience to work with it.
Now, do you really think that just because u have this thing company is gonna buy same toy to tech support guy? and what if there are 10 tech support guys? we are looking at around 3000 euro just for one toy. There are many toys!
Why do you expect that company will spend time of employees to tech them or even hire someone to tech them how yiour phone works? Typically its like: "there is documentation, you got 2 hours to read it and 2 hours to pass the test". Test is ofcourse is stupid and serves one purpose - to cover managers arse, so later if you fuck up, all dogs are hanged on you. I remember well when one company i worked for rolled out blackberries for one of their clients. I still have very small idea of how this shit works. How its email protocols work etc. Not because I am lazy, but i can't be bothered to learn about toy i wont ever have a chance to use in my leasure time, and at work, i never have any time to do but actually working.
Insisting someone else be responsible for your personal decisions is sadly a very typical situation. If your phone gets stolen and you were too lazy to set up a password and maybe install something like Prey on it, that could give whomever swiped your phone a lot of access to the inner workings of the company. Are you going to man up and take the responsibility for your actions? Judging by your comment that's doubtful. You'll whine about the loss of your phone but your company's IT department will eat a big shit sandwich fixing the situation, or worse someone will lose their job because of your immature, self-centered ethos that the company is there to serve your needs and wants.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either...It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing...
Ummm...make up your mind. Do you expect me to support your device, or can you figure it out yourself?
I don't expect you do this for every crazy piece of hardware out there...
So if someone has a different brand, screw them, but for you, on your chosen platform, I should be able to help you set up the services you need? You do realize that this attitude is common to every other user on the network, right? Which means, yeah, actually I do have to do this for every crazy piece of hardware out there.
Look, here's the deal...even if I never, ever have to touch your iPhone because you really CAN set up every configuration option blindfolded, in the dark, with one hand tied behind your back, I'm still responsible for keeping corporate data secure. That means, it's my butt on the line when you leave your iPhone at the bar and the confidential data you weren't supposed to have on there in the first place is now unaccounted for. It's my butt on the line when your Windows XP Home laptop -- which is still running the stock anti-virus and a/v database that Best Buy installed when you bought it four years ago -- introduces a virus into the network, infecting 37% of the other "Bring-Your-Own" devices (although, thank God, the servers are all patched and running current A/V, so they are safe).
Personally, I'd like to see the bring-your-own-device movement take off, and I can see several ways in which it can SANELY be implemented. In fact, we are starting to move in that direction where I work. But sorry, until I can honestly say that I'm reasonably certain that I have identified the likely risks of allowing users to bring their own devices, and I have taken all of the reasonable precautions to bring those risks to acceptable levels, the policy is "not on my network". I understand that may piss off some users. I can live with that. I can't, however, live with implementing a half-4$$ed BYOD policy, thus knowingly, willfully and intentionally putting my company's data at unnecessary risk.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Just so long as the CxO's provide IT with the budget and staff to implement the application and network changes to support all the latest toys, that's fine. In my world, however, that's typically not the case.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Yes, I have to deal with other human beings. Most of the time, that is not only not a problem, it's actually enjoyable. However, the rest of the time...
Let me tell you a story. Once upon a time, an IT department had surplus equipment that they were disposing of. An RF tech working for the company asked if he could take one of the surplus laptops home, and IT told him yes, so long as he understood that the hard drive had been removed and destroyed (per company policy), and IT would provide absolutely no support for this laptop, since it was well out of warranty and would become his personal -- rather than work -- device. The RF tech acknowledged that he understood and was agreeable to these conditions...until he got the laptop home. Then he began pestering IT for a hard drive, just to verify that it was working. After that had been refused (numerous times), he began pestering IT for a memory upgrade for the laptop, which was also refused, also numerous times. In fact, at one point, the RF tech followed the desktop support guy down to the lunch room during the IT guy's lunch break, repeating his request for memory over and over and over like a spoiled two year old in the candy aisle at WallMart, until, fed up, the IT guy finally got HR involved. True story, I kid you not, and no, I was not the desktop support guy.
You may think you're being clever by sarcastically commenting how IT might actually have to learn to deal with human beings. However, I maintain that rather than being whiny, outcasts devoid of social skills, actually IT often displays exceptional restraint, WELL beyond the call of duty, by simply not smacking the snot out of an ignoramus who sincerely deserves it.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Secure doesnt equate useful.
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
I would not be at all surprised if the Enterprise drives come from some kind of top bin for whatever drive tests are performed. HP will not mind spending a few extra dollars to reduce its warranty costs, when it is making so much more margin anyway.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Just an observation; I don't advocate stress testing new drives. It may kill bad drives, but it may also seriously weaken ones that pass. If you have the time, a soak test at average load is possibly better.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
It is like recruiting CFOs: if the guy has only ever worked in a successful company, how do you know how he will deal with a crisis? Nothing but success is usually due to luck rather than talent.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
I am sorry but you seem to have no concept how upper management really thinks. I have worked from a number of companies in different industries of different sizes. The one constant thing is management sees exactly four classes of employee. Those are C-Level executives and possibly department or subsidiary presidents in the org is big enough, Salaried workers, hourly workers, and sales.
If you are one of those salary workers, they do want you as efficient as possibly but they are not going to take risks for it. If say IT won't let me read my mail on the bus, and they ask us why not, and we respond with the least bit plausible example of how it could cause customer data, or trade secrets, or anything else the might result in asterisks on the financial statements you loose. You after all can always put in a little extra time if you can't be more efficient but a trade secret once out cannot be recovered.
Now if you are sales, that different you drive profit, otherwise you are overhead just like IT and if you cry about it they will just find someone who wont.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You're unable to meet your user's requests because you dug your own hole, trying to "standardize" (read: cram) everything to one brand you like most, one technology you know best, one process you yourself fathered of course, completely oblivious to notions like interoperability and openness.
Disclaimer: I'm an IT guy.
Of course as an end user those things are annoying, so there are plenty of jailbreak patches that remove the pin lock requirement (or rather, cache your pin so that it's only required after a reboot).
This is a good example of why IT departments take the attitude of "not on my network, ever." Information security is not something to be blown off because you are annoyed with the security mechanisms. It may be tedious but the alternative is losing data that could result in lawsuits and fines that could bankrupt the business. Would you rather have a job and be a little annoyed by pushing 4 buttons on your phone to use it, or be unemployed?
So what happens to the entire company when your un-vetted solution to whatever business need you have brings down the main database server because of security holes? Or enables your email server to be hijacked via malware. End users such as you never consider that there is a complexity in the picture that you have no idea about because its not your job to worry about it. It's IT's job to worry about it.
I grant that you may have issues with your IT department at the company you work for. Its not unheard of for IT people to be too dismissive of end-user wants and needs. But, be that as it may, ultimately there is a reason for being told no. Sometimes its some whacked geek on a power trip, but sometimes you work with professionals who know what they are about and tell you no for legitimate reasons.
One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands.
Um, they probably should master the business-grade technology tasks they are responsible for first before griping about all the consumer stuff that we consumers can support ourselves.
The other problem I have heard in the past is the lack of ability to provision the phones and apps in bulk instead of having to setup 100 different iTunes account for 100 devices -this is one of the things that probably gives IT departments (and procurement) nightmares.
Sorry, this is just wrong. There is no such "lack of ability to provision phones and apps in bulk". The solutions are cross-platform as well, so no "but you have to buy a Mac" argument either.
http://www.apple.com/support/iphone/enterprise/
How do I control your phone?...How do I control what goes on the phone? ...How do I block certain apps on the phone?
Oi, this says it all.
You really are new to this aren't you?
No I think he's been doing it the "IT way" for several years now, which gets to the crux of the problem. Keep up, IT, or be left behind (and jobless).
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you.
So you've never heard of the concept of a "stakeholder"? They are kind of like your "customer", but internal to your organization. In other words, they are your customer. Without them, you don't have a job. If stakeholder Bob needs a portable projector, and you don't have one for him, he damn well better get support for his personal one he buys and brings in...unless you want to cover the $X million dollar contract he didn't land because he couldn't do something as simple as project a sales pitch to a room full of old rich white guys looking to spend money.
I'm lazy and don't want to do my job.
Translated it for you.
Not at all. Supporting whatever crap you bring to the office isn't in my job description.
Going through IT to get my iPhone on the corporate network, however, IS in my job description, as in "you must go through IT if you want to use your personal devices on the corporate network."
So by proxy, it is in the IT guy's job description, even though you guys are always "too busy" to know what's in your job description. Maybe you could read it during one of your 17 smoke breaks you take a day?
Unless, of course, the user in question is the CEO, or COO, or some other bigwig that can fire you on the spot when you tell them their latest gadget isn't supported. CEOs consider themselves immune to IT policy in most organizations. This includes things like data on laptops, ignoring backup policy, ignoring password policy (to the point where you have to have two policies), iOS devices / Blackberries from outside vendors / Android phones from outside vendors....
If you've found the ONE Fortune 500 company where this isn't the case, please tell us so that we can apply for jobs there. Until then, IT policy is just a suggestion to most executives.
Never underestimate the power of stupid people in large groups.
To be more accurate, you can't say, "No, Mr. CEO-who-will-fire-me-for-saying-no".
Never underestimate the power of stupid people in large groups.
User support is an important issue, but the least of the issues that IT faces.
Without users, IT doesn't have a job. I'd move that up your important list a tad.
... that extra "few minutes" times 50 users adds up quickly.
Wouldn't want to have to skip one of those 17 smoke breaks the IT guys take a day now would we?
Now being retired I can look back at decades of this same argument and the mess created on both sides. It is true that IT is more often a bottleneck than enabler. By the same token the sales guys who entertain the top execs play their role with the fantasy of how cheap and easy its going to be. And consumer technology is the worse because there is no commitment to longevity or even upward compatibility. Business IT is supposed to work reliably over a long time. Consumer technology is like toilet paper, use once and throw it away. But because the real guts are invisible there is no common ground. Just lots of words -- mostly marketing spin and wishful thinking. If someone tried to build a skyscraper with old toilet tissue rolls and fussed over the decorations on the 50th floor before putting in a foundation it would be obvious to everyone that there was a problem. But not with IT. So we have power plants operated over the Internet... I don't see an end to this until the general populace becomes appreciative enough of the real issues -- most likely by being burned a few times. Hopefully, not too many people will die learning this one.
You know, I've seen zealotry before-- I used to be an OS/2 user!-- but Apple fanbois really take the prize. Are we really to the point where no criticism can be made of Itune/IOS/I-this-that-or-the-other? Dear God, it's not as if I'm attacking their coolness or hipness!
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
Really? Like I said, different systems in different data centers. And unfortunately, because of the type of data on the drives, I couldn't let Seagate have them. Basically the 2 TB Barracuda LP drives were shit.
True, but the majority of people bitching about IT here are end users with an overinflated ego and no real teeth. When I get an exec asking for stupid things like how to access HIPAA data from home, I have the role of educator and pointing out the financial and legal risks. If he still wants it, I get it in writing to cover my ass (or if blatantly illegal I'll take it to another exec who might understand the problem).
Why do you expect that company will spend time of employees to tech them or even hire someone to tech them how yiour phone works?
I expect them to say "sorry, we can't do that. Here's our clearly written policy on the matter". Instead what I get is: "Ok, it's set up. In a few weeks I'm going to grumble about it!"
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
This guy is griping that iCloud doesn't sync up his outlook stuff across his iPhone, Windows laptop, and Android device.
Newsflash dude, I'm doing all of that with the exact items he is having difficulty with - guess how?
Exchange Server. We run it at our BUSINESS since we want BUSINESS functionality - and it works perfectly with "consumer" devices. He's right iCloud doesn't do what Exchange does. That's why you buy Exchange.
Next he'll complain that a wrench doesn't hammer in nails properly.
-ted
I recently had an array fail with Western Digital's 2TB Green Drives. Two simultaneous failures is HIGHLY unlikely so I concluded that the drives and the RAID controller didn't play well together.
So I replaced the drives with Western Digital's "RE-4" series drives. Sure enough, the array works just fine.
I put the two drives side by side - the only difference I could see was the color of the sticker on the top of the drive.
Western Digital explained that the firmware differences in the "enterprise" drive allow it to work properly on a RAID controller.
Why wasn't this the case years ago? I suspect drive manufacturers are just using these slight differences to charge double for their "enterprise" garbage.
-ted
Our Hub and Client Access server is only exposed to the internet via SSL. ActiveSync works via SSL, which, last I checked, is encrypted. Yes you do need to expose IIS to the internet, but there are lots of proxy boxes that can limit the exposure of IIS to the internet. You can even offload SSL to another device closer to the internet so your intrusion detection systems and app firewalls can look at the traffic getting to IIS.
Our SMTP box only talks to postini. This is enforced via static rules in our firewall.
You can secure Exchange server - thousands of companies do that successfully every day. It does require a bit of work though.
ActiveSync also enforces client side policies like password strength and remote wipe.
Finally iPhone encrypts the data on the device.
How much more encryption and security do you want?
-ted
Quick search on newegg might show the differences. The HP drive is a hot swappable SAS interface 600GB 15000RPM drive with dual ports for around $600 (although HP offers cheaper SAS drives).
The same drive direct from Seagate -- Seagate Cheetah 15K.7 ST3600057SS 600GB 15000 RPM SAS 6Gb/s 3.5" Internal Enterprise Hard Drive -Bare Drive -- is $670 and includes a 5 year limited warranty. Claims Includes advanced read/write technology for an unrecoverable error rate of 1x10E16 and an annualized failure rate (AFR) of 0.55 percent.
The pro-consumer drive otion is a is a Seagate Barracuda 1TB 7200 RPM SATA drive with a 2 year limited warranty. $139.
You can probably find a cheaper option.
Are the expensive drives better? Probably. Are they 4 x better-- probably not, but compared to the labor cost of swapping and potential down time the extra cost is minimal.
And if you need SAS, dual porting and hot swap your choices are limited (as is the market for the manufacturers.)
Business (and virtualization solution providers) need to quickly refine and implement desktop virtualization. The concept of placing a consumer VM on a work system (say desktop) and a work VM on a consumer system (say phone) is clear, obvious, and purchasable. From there, it's simply a matter of logically separating the two VMs. Issues with VLANs not being security features aside, it gives people both what they want and need without trying to mix business and pleasure.
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many quirks and doesn't always work. However, it does, substantially, what my organization needs it to do.
Actually, we were pushed toward Good due to another advantage it has over other MDM platforms - it has a reasonable level of functionality on iOS devices without requiring a signed cert from Apple. AirWatch and others all relied lock, stock, and barrel on Apple's MDM APIs, but since we were unable to get a developer account from Apple despite two months of trying (insane, considering we are a public utility with a quarter million customers), we couldn't get an Apple-approved cert which meant we couldn't even demo any of the other products on our iPhones.
The tech guy.
If the policy decided by the execs is not necessary for running the business, then what's the result? Do stuff that isn't necessary for the business, or ignoring the execs?
Given the execs are meant to be running the company for the owners who would prefer more profit than more iPads used by the execs, the tech guy should ignore the execs.
Or is the company just a perk for the private convenience of the executive board?
Here's a rant/example from a CEO with regard to WiFi access points:
CEO: There's no way in hell paying out the ass for these outrageously expensive Cisco Aironet WiFi APs and controllers. I bought a $50 WiFi router from Walmart for my house and it works just fine. Now that's what you're going to do, I want you to go and buy 50 of these cheap WiFi routers and deploy them throughout the company office building and all over the warehouse floor too I want plenty of strong signal everywhere. Configure them to all be on the same channel and I want only one SSID so it'll be easier for me to log on whenever and wherever I please. Oh, and I want you to put that.... what's it called... Mack Address filtering thingy in all of them so that only company-owned devices can ever attach to them. And I want the passwords configured so that all employees just have to do is put in their Windows network username and password. Oh, and I want a report on my desk at the end of every day that shows a daily audit trail of every wireless logon and logoff time, and all logon attempt failures too so that we can catch anyone trying to hack into our wireless.
IT Guy: But those home WiFi routers have no central management capability. I'd have to log onto each and every one individually, and they also do not support authentication against any centralized databases. I'd have to put each and every user and password, and mac address into all 50 APs by hand individually. There may not be enough mac address filter space in these APs to hold the entire list of company wireless device addresses either. And also they only show a brief log on their management webpage that does not capture everything, and if there's a lot of activity, the log would not even hold a complete's day's events. I'd have to manually log into each unit multiple times per day to print off the log pages, and then there would still be individual logs for each AP, and not a single consolidated activity log. It would be an administrative nightmare to try to use these consumer-grade toy devices in an enterprise network like ours. Besides, they have no built-in RF management either, they'll interfere with each other like crazy.
CEO: Cry me a river. Look, I've given you your instructions on what to do, now if you don't think you can get it done, maybe I'll go get somebody else to do it instead.
Actually if you had the ability to rationally refute his post without getting so angry
What makes you think I am angry?
I am writing for effect. The effect is public shaming and ridicule, which hopefully helps deter other people from becoming Haters. It's a public service.
Oh no, not another failed attempt to read,
Well now who is getting angry?
Again, hater is not name-calling, it is a labeling explaining target behavior.
You said "It seems pretty obvious that it is about having to go through apple"
Which I responded to, so obviously I read correctly and like all Haters you didn't even comprehend what I was saying in your rush to paint my painfully accurate correction in a negative light. Pathetic.
I'll let you have the last response since Haters have this need for the last response, and you can keep pointing out flaws until the heat death of the universe before they will admit they were wrong.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The only real problem with XP and Office 2003 is the hardware they run on and trying to run a modern antivirus on them. While 256MB ram was rather nice 10 years ago, it's barely enough for an a/v now days.
What is wrong, honestly, with pointing out that someone is incorrect? How is that "zeoltry"? Merely because I am harsh in response does not make me a "zealot" in any way. I don't believe in coddling idiots or trolls. Have we become so PC so cannot say when anyone is wrong about anything without being labeled a monster?
I am not advocating for or against Apple, merely issuing corrections. Real technical users would welcome this. But then Slashdot has changed so much over the years in terms f technical quality of readership... it doesn't mean I have to. Don't like it, go back to Reddit or Digg.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Pardon me for saying it, but your comment is ignorant.
User support is, in fact, the least of the issues that IT faces. I'm stating a fact here. It's just not a big issue. It's easy to provide user support: easy to plan for it, easy to staff for it, easy to make it scale, easy to make it robust.
It's also not the case that users are necessarily part of the support equation at all. That doesn't make the IT function go away.
Parity: What to do when the weekend comes.
How is that Academia has no problem supporting any OS and any device on their networks but Enterprise cannot?
Because Academia really does not give a rat's fuck how many hackings, security breaches, viruses, worms, trojans and other assorted malwares and evils are coursing thru the networks they supply to the students, faculty, and guests on campus. We have only one goal in life, to make packets flow. Whatever is in those packets, we couldn't care less. The dangers of connecting to our networks are your sole risk as a client, and like the honey badger, I just don't give a shit if you get infected hacked or hijacked while connected to my network. That's your problem, not mine.
In the corporate enterprise world, things are a little different. Heads can roll, fines can be levied and in extreme cases people can even get sent to prison for criminal offenses when it comes to information security incidents.
Good luck having an "IT function" without any employees who need to use it.
Don't worry, not every computing infrastructure exists to support an office environment.
Parity: What to do when the weekend comes.
So then there's no problem with employees causing the IT Nightmare scenario outlined in this story and discussion thread.
It's quite simple really, those companies (and IT departments) that figure out how to integrate iDevices and Android devices in an easy and reasonably secure manner will have a competitive advantage over the companies who don't. The storm is coming whether you like it or not. Adapt or be left behind.
As if I would take post content advice from an AC seriously!
and I presume dismissing someone's comment just because they post as AC is any less childish?
I thought marketing were supposed to be the first against the wall when the revolution comes?
That's why everyone in the company should have exactly the same model of Dell computer with the same software, same peripherals...
If I used a sig over again, would anyone notice?
and I presume dismissing someone's comment just because they post as AC is any less childish?
Absolutely, because people just throw nonsense out when AC since it cannot be traced back to them. I always post with my real UID because I am proud of what I say and stand behind it. Posting AC is for weak minded people that know they have nothing valid to say and will soon be decimated by more rational posters.
There are a few valid uses of AC posting where people might fear reprisal. But commenting on an Apple story? Come on. This guys are lazy, ignorant, trolls, or all of the above. Thus there is no inherent need for any respect for them, or their arguments, whatsoever.
Sometimes an AC will make a valid point, or even be respectful - and then they are treated well in turn. But that was not at all the case here.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
First of all I still have yet to understand what type of jack fuck wants to bring their device and have their employer "let" them use it. You have gotta be kidding me. If I buy something my company will get absolutely NO access to it. NONE, ZILCH, NOTTA...if I even let someone at work see it the fucking thing they can consider themselves lucky. Do other people have that much better of employers that they not only don't care if they don't buy them a device to work on, but they make them buy it. Right now you might think it would nice, which is an option, but before long all these dumb shits pushing for this will make it the standard and every other person going forward will be expected to buy a $500 phone and bring it to work..
FUCK THAT!!!...FUCK THAT!!!...FUCK THAT!!!...FUCK THAT!!!...FUCK THAT!!!...FUCK THAT!!!...
Actually if you had the ability to rationally refute his post without getting so angry
What makes you think I am angry?
I am writing for effect. The effect is public shaming and ridicule, which hopefully helps deter other people from becoming Haters. It's a public service.
Well you're calling him a hater when his post appears based on ignorance rather than 'hate', or do you not know the meaning of the word, your use of it suggests that you clearly don't. You're also calling me a hater with absolutely no basis for doing so, so indeed you appear far too angry to pose a legitimate argument and instead resort to baseless childish name-calling, that's quite pathetic.
Again, hater is not name-calling, it is a labeling explaining target behavior.
The original poster's ignorance doesn't make him a hater, he may be ignorant and you could point that out but 'hater' is a bit of a stretch, or perhaps you don't know the meaning of the word.
You said "It seems pretty obvious that it is about having to go through apple"
Which I responded to, so obviously I read correctly and like all Haters you didn't even comprehend what I was saying in your rush to paint my painfully accurate correction in a negative light. Pathetic.
I thought i made it quite clear by writing it in bold, yet somehow you still missed it, so here it is again, you clearly missed the point he was making so i pointed that out and also made explicit mention that i don't know enough to say whether his point was valid:
Not saying he's right in his criticism about going through apple or how valid that is, i don't know about that
I'll let you have the last response since Haters have this need for the last response, and you can keep pointing out flaws until the heat death of the universe before they will admit they were wrong.
Of course, you will run away because you don't want to admit how childish you are, because you aren't capable of explaining how am I a 'hater' or even how the original poster is a 'hater'. Why are you being so childish? There is absolutely nothing in any of the posts i wrote that could lead anyone with any basic intelligence to the conclusion that i could possibly be a 'hater' of apple, yet somehow you manage to reach that conclusion.
What is wrong, honestly, with pointing out that someone is incorrect?
Nothing, it's the way you are doing it, calling him a "hater" and such. Just because he's wrong doesn't mean he hates Apple, throwing out things like "poor apple hater" and "silly apple hater" is not constructive, it's immature. He is wrong - and perhaps ignorant if you really feel the need to go beyond simply correcting inaccuracies - so why not just stick to that?
I don't believe in coddling idiots or trolls.
If that were true you wouldn't have responded at all.
Have we become so PC so cannot say when anyone is wrong about anything without being labeled a monster?
Maybe avoid labeling that person anything but wrong and you would retain some credibility. He's wrong, so just tell him he's wrong, no need to go off telling him he hates Apple, what are you hoping to achieve by doing that anyway? Damage to his credibility or something?