Remote Working Project | Steve Dolphin

Enlarge 0 Comment

SCEP on Windows 2008R2 for iPhones / iPads

A project never really finishes, if you’re lucky you complete the initial requirements and get those signed off, and if you’re good at managing your project you’ll refuse to allow the scope creep in and mark any additional feature requests as “phase 2″ and evaluate them at a later date. One of the nice-to-haves with the deployment of iPhones was a VPN system so that you could access the internal systems when out of the office, and to date this has been in a very “test and dev” environment with access only for IT staff in a completely non-supported way.

However, I’ve found myself with a bit of time and so I started delving into the SCEP world for issuing certificates to iPhones which I would then later use to authenticate an SSL VPN connection, and here’s what I found.
Continue Reading →

Enlarge 0 Comment

Mobile Phone Refresh: new iPhones and a move to Everything Everywhere

In 2011 the existing mobile phone contract with Vodafone came up for renewal and so, being diligent we decided to evaluate the top three/four mobile phone companies in the UK, Vodafone (again); o2; and Orange (which quickly became Everything Everywhere due to the merger between T-Mobile and Orange).

Our Vodafone contract had been a three-year deal, and our technology fund had expired. We were currently in a situation where a third of our user base had iPhones (some 3GS, some 4) and the rest were still on classic Nokia handsets which were starting to fall apart, consequently we were looking for a deal that satisfied a number of requirements. The issues that we wanted to solve were:

Technology fund empty – we couldn’t get any more iPhones
Data Usage – some users are utilising data despite not having an iPhone causing extra cost (no bundle)
Signal Strength – some rare locations such as basement offices didn’t get signal.
Cumbersome procedures – the method of setting up roaming and adding extra packages to mobile handsets is time consuming and awkward to complete.
Disparate handsets
Online billing system is not ideal

Continue Reading →

Remote Access Options in Server 2008R2

Server 2008R2 has many different methods that allow connections to your business network from outside for whatever purposes you see fit (most often though, home working). What’s better still is that once you’ve bought your Server 2008R2 installations these specific features don’t require any extra licensing or purchase cost, all it takes is your time and willing!

The roles that I’ll mention today are:

Routing and Remote Access (RRAS)
Remote Desktop Gateway
Remote Desktop Web Access
Remote Applications (RemoteApp)

The different versions of Server 2008R2 have different levels of functionality for the roles that we’re interested in: Network Policy and Access Services and Remote Desktop Services, so you should check using this hugely cropped table that I’ve made from lifting the information found on the Microsoft website about comparing server editions by role.
Continue Reading →

Enlarge 2 Comment

Find my iPhone can work on iPhone 3 and 3GS too

I know, it’s probably not something that we should talk about too loudly lest Apple get upset, but it’s true, you can use the “Find my iPhone” feature that apple recently made free for the iPhone 4 with your iPhone 3 and 3GS, but there’s a trick to it: you’ll need a willing friend who does have an iPhone 4 for you to borrow.

Enabling Find my iPhone on the iPhone 3 or 3GS

Continue Reading →

snapshot February 2011

To advertise the success of the IT Service Desk in the last year we have producted a newsletter for internal circulation, it’s a high level overview of all of projects that we’ve successfully completed and I’ve been the owner and runner of almost all of them!

Click the thumbnails below for the two-page .pdf (~700kb).

Apple iPhones and MDaemon E-Mail Server: Enterprise Rollout with SyncML?

MDaemon is an email server which for a while has been actively competing with Microsoft Exchange, where Exchange has a slight advantage in my opinion is with its widespread adoption into the rapidly expanding and feature-rich “smartphones in the enterprise” arena.

As blogged back in 2008 here: http://www.everything-mdaemon.com/category/mdaemon/syncml-mdaemon there are indeed some ways around this, and things are even a little better than they were then. Previously if you wanted to use your iPhone with your MDaemon server then you would have to:

Cope without any real enterprise-level management
Not have any mobile security options such as tracking or remote wiping
Not have any calendar or contacts information, e-mail only via IMAP (unless you tried to use the badly reviewed funambol or the better, but previously painful-to-use, Sythensis ToDo+Cal apps

Now, for the best part Apple have done an excellent job of making things better, for a start, with the introduction of iOS4 they’ve introduced multitasking, which made everything so much better because it meant that you could leave your third party calendar app open in the background so that reminders came up, bonus! (Previously this required a complicated export-to-.ics-and-read-back-into-the-iPhones-calendar-just-to-make-reminders-work game).

Apple have now additionally allowed access to the calendar on the iPhone in its entirity, which means you can do away with the third party calendar apps all together and just worry about syncronisation – so far only one app appears to have risen to this charming development: Synthesis SyncML Pro this app, and the still-available Synthesis ToDo+Cal app are now developed by http://www.plan44.ch).

Of course Apple also now let us use the “iPhone Configuration Tool” which is quite handy, it allows you to pre-configure as many profiles as you like (I configure each phone with a baseline of “corporate” settings and then an individual one with e-mail account details etc, so two in total) for each phone you plug in, it’s really good but it is currently missing some helpful features such as the inability to add and lock a mobile me account for corporate seek-and-rescue requirements.

iPhone Configuration Tool

On which note, now that Find My iPhone has been made free for iOS4 devices there’s now a way to track and remote wipe handsets, although this is a cumbersome one-at-a-time process when initially setting up.

So in short if you have MDaemon and you want to roll out iPhones I would suggest:

Use the enterprise iPhone Configuration Tool from Apple to make two profiles: one containing company policies like password requirements; one containing individual settings like e-mail accounts
Use Synthesis SyncML Pro for Calendar and Contact synchronisation from MDaemon
Setup Apple’s Find My iPhone for each iPhone you deploy (assuming iPhone 4+)

Each phone will need a bit of manual configuration such as changing the IMAP Sent Items / Deleted Items folders; throwing in the usernames and passwords for MDaemon for Synthesis to work; and manually adding the MobileMe account information for Find My iPhone, but ultimately you’ll have a tidy enough working solution that certainly beats having to force iPhone users to load up a web page and visit webmail (WorldClient) when they want to check their calendar.

Using Network Access Quarantine for VPN Clients

The Scenario

Migrating machines from physical installations to virtual installations can be a chore, but it can also give you an opportunity to roll out new features and test new setups.

Having previously used a Microsoft Server 2003 installation to provide a free-of-charge and easy-to-maintain VPN system for employees I wanted to tighten up the security and be more specific about which users were able to connect to the VPN and what access they were allowed.

Two levels of access had already been decided upon, although not implemented in the current build of the VPN server (using Routing and Remote Access in 2003) and these were:

Provide unlimited network access for company staff on company equipment
Provide limited access for company staff using their personal home equipment

The intention here is that anyone with permission would be able to use any computer on the internet to connect in and perform certain functions, but to be able to browse all the data drives and have unlimited network access you would need to use a company laptop which in turn would be considerably more likely to have antivirus software on it and be up-to-date.

The upgrade

The upgrade to Server 2008 R2 gave an ideal time to test and implement the specific features that were required: two servers were being used side-by-side, the current 2003 box sat on an old 2mbps line and served all the current clients; the new 2008R2 box was on the new 25mbps line and was only serving the test clients until testing had been completed.

Despite the existence of the Microsft Server Migration tool I was unable to successfully migrate the settings from 2003 to 2008 and so had to manual re-create the VPN server in RRAS and create two policies which mirrored the above settings.

The settings
Continue Reading →

Enlarge 0 Comment

Remote Working

See all posts relating to this project

One of the biggest projects that I undertook at the end of last year was the Remote Working project. The brief was simple in essence: “we’ve got a team of about 12 business users who all have an interest in remote working in various guises (working from home; working when out and about; working from other offices etc) – get involved”.

Interestingly the team of business users already had some firm ideas about what they thought might be ideal technical solutions for their problems, using off-the-shelf-solutions like GoToMyPC.com to achieve connectivity to their office machines while out and about.

What’s often difficult in these situations is being able to trace your way back to the initial requirements – the question, “what do you want to be able to do?” can have many answers, and often these start with technical solutions rather than actual requirements, driving down to the original requirements is essential to make sure nothing’s missed, but at the same time you have to be careful not to make users feel like they’re jumping through hoops or covering ground they feel they’ve already covered.

Continue Reading →