The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Fri 21 Mar 2014

VPN Enabler & Mobile Configuration Profiles

Category : Technology/VPNMobileConfig.txt

I love how mobile configuration profiles work—how it does all the job of setting up network clients to access Internet services (e.g., mail or VPN servers, etc), without users having to enter all the torrid details manually.

So, in version 1.0.2 of VPN Enabler, I included a “Create Config Profile” button that will light up when you click on a VPN User account name. You can save the resulting .mobileconfig file and send it to the user’s mobile device.

VPNConfigProfile.png

When the user opens that .mobileconfig file, e.g., on a MacBook, he’ll see the dialog box below. Go ahead and install it. You’ll be amazed how easily everything gets set up—the system uses the information in the profile to set up all the fields the user has to, otherwise, enter manually into Network Preferences. All the user needs to do is to give the password for the VPN user, when he’s accessing the VPN Server.

VPNConfigProfileInstall.png

The ability to do that is such a God-send. For one, it eliminates the tons of documentation one has to write to guide a user on how to set up Network Preferences, or create mail user accounts on Mail.app, etc. Secondly, it also eliminates some significant hours of support calls, because even if you have the patience to write detailed step-by-step guides, there’ll still be users who can’t, won’t or are simply unable to follow any kind of instruction. 

Finally, it streamlines organisational processes—like hiring, outfitting, training, and bringing new hires up to speed quickly. One mobileconfig profile can contain, in one packet, all the data needed to help each user gain authenticated access to all kinds of server resources, without too much handholding overheads.

If you have a server with its own digital certificate, like an SSL certificate, you can go one step further—encrypt the mobileconfig file, so it’s not humanly readable. Then, if encryption is available, you can go yet another step further—include all the passwords, so the user doesn’t even need to enter the password on logging in.

You can mail these mobileconfig files to the users, or let them access a password-protected web page to download, install and configure their iPhones, iPads and MacBooks—all at one go, automatically.

It all works so automagically. It’s not like you can’t do this on PCs, or Android devices, but on the Apple ecosystem, everything fits in so snugly and wonderfully, that when you layer such a capability on top, you can get unprecedented levels of efficiency and productivity.

The Mac, complemented by the iOS devices—they’re the Ultimate Business Machines. I shake my head in wonder that I can still hear the familiar refrain—Real Businesses Don’t Use Macs. Well, use Macs. And kill the competition.

As if to underline my point about efficiency and productivity, in the manual setup of the VPN client, there’s one obscure button called “Advanced” that we have to teach the user to click, just so he can access this dialog box to set a particular checkbox, the one titled “Send all traffic over VPN connection”. It’s obscure and difficult to explain to a user, but without this option being selected, he can’t go out through the VPN connection to access (otherwise) blocked sites like Facebook and Twitter, which is the whole point of using the VPN. 

VPNConfigSendAllTraffic.png

But the .mobileconfig file can be made to select this option for the user automatically, so you don’t even have to trouble yourself to explain all the drab technology things that go with it. 

Just click, install, run, enter the password, and go. What could be easier than that?

And even the password step can be eliminated, if we can encrypt the mobileconfig file—which is what I’ll be working on next.

Posted at 1:53PM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.