Working on one of the projects that I am on we have an iOS app that needed to be distributed via the enterprise distribution. Finding information about this though was very difficult as apple doesn’t have any information on the enterprise accounts without signing up first.
It is also hard to get any information on how to distribute these apps effectively across multiple devices while allowing app updates as well.
There is good news though. You don’t have to pay for a MDM (mobile device management) server unlike what Apple requests. If you buy OS X Lion Server in the app store there is a MDM server built into it. The cost is $49.99.
So here is what the software looks like.
Honestly if you ask me OS X Lion Server is a waste of $50 if you do not need this MDM server. Everything it includes is either built into the OS or is already available free on the web. Apple just rolled it into one application.
So what is the MDM server?
The MDM server is also known as the profile manager. This is a ruby application to manage iOS devices. If you have bought the actual application it can be found here /usr/shared/devicemgr/. There are two parts to this application. Backend/ and frontend/. Backend/ is the ruby application where as frontend is just a static html javascript page which calls upon the backend code to pull data.
I will go more in depth into these later. For now let’s see what it actually looks like. After browsing to your Mac’s address via https on a url like “https://localmacaddr/profilemanager” you will be redirected to a login screen. This login is the same as the login for Users under the OS X Lion Server software.
As you can see Apple didn’t leave out their eye candy designs in this application. One of the things you will learn about apple from this is that appearance is everything. Usability is second place. A good example of this is that you can only upload iOS applications with safari.
Once you are authenticated there really isn’t many options to the profile manager. Although you don’t really need much. If you look on the left hand menu you see Devices, Device Groups, Users, Groups, Active Tasks, Completed Tasks.
Devices are the Apple hardware connected to your MDM service. As you can see in the picture above the current type of devices we have are the iPod/iPhones and iPads. There is also support for OS X computers as well. The devices are shown with their name given to them by iTunes along with the user that they were enrolled under. For example Volunteer Enrollment is the user that enrolled Guru’s iPad.
By having a device enrolled in your profile manager you can set up pass codes on the device, network information, vpn information, manage certificates, restrict what services the device can use such as camera use, app purchasing, application use like safari, media ratings, and many more options. This is mostly for iPhone/iPad/iPod restrictions. There are different restrictions for OS X.
You can also get basic information about the device such as the installed apps (with their versions), Device UDIDs, serial numbers, MAC addresses, total space available, space remaining, battery life, and software version.
There are also features which allows you to remote wipe an app, clear the pass code, and lock the device.
Locking the device is basically the same as pressing the lock button on the top. If you have a pass code set locking the device requires you to re-enter the pass code.
Clear passcode removes the passcode on the device which prevents unlocking.
Wiping the device takes the device back to its out-of-the-box state.
The profile manager also allows you to set up device groups which allows you to push the same settings, restrictions, and apps to multiple devices instead of each individual device. In the picture above you can see we have 3 groups for our alpha, beta, and production version of the app.
There is also the same functionality for devices that a specific user enrolled. You can also set up user groups to allow for devices enrolled by multiple users.
These users and user groups are the same as the ones managed by OS X Server Lion.
If you go to a device, device group, users, user groups page at the bottom you see a cog for options. The bottom option says “edit apps”
This is where probably the most useful feature of this app takes place in terms of enterprise development.
If you click on edit apps you see a dialog pop down which shows a list of apps uploaded to the profile manager.
As you can see we have two apps in our MDM server. The apps are distinct by their bundle identifier. They also have a version as well.
You can upload apps which just asks you to select the .ipa file from your computer.
If you upload an app that has the same bundle identifier it will only overwrite the existing app if its version is higher than the one in the profile manager. Otherwise it will ignore the upload. You cannot have any spaces in the name of the .ipa that is uploaded to the server.
Clicking remove will instantly delete the app and the apps data from the device/device group/user’s devices/user group’s devices.
If you click add it will add the app to the device/device group/user’s devices/user group’s devices. Note: it will prompt the device upon app updates and application adding on the device to see if they wish to install it. Unlike removing it doesn’t happen automatically.
Lastly probably the most major downside is that this MDM application doesn’t allow you to update one specific device with a device version. If you update the app it updates all the devices who use that app. Not the specific device you are viewing. Apps are only unique by their bundle identifier and not their version as well.
That being said this application is just a simple ruby application. If you wish to change something about it you can easily do so. By default the application can be found in /usr/share/devicemgr/
There are two main sections of the app. The backend, and frontend sections. The backend is the rails application where as the frontend is a javascript/html interface to query the backend for information.
The application is served via apache and uses a postgres database.
If any web routes match {HOST}/profilemanager by default the frontend code is used.
If any web routes match {HOST}/devicemanagement/ the backend is used.
The backend can be hit via the url as stated {HOST}/devicemanagement/api/{controller}/{action}
There is a apache rewrite to rewrite {HOST}/mydevices to {HOST}/devicemanagement/api/device/start_ota
If you wish to do any database changes you can connect to the postgres database via command line by using this command.
sudo -u _devicemgr psql device_management
If you know Ruby on Rails and PSQL changing the profile manager should be easy.