The tools we have range from tools for provisioning iPhones, for configuring iPhones efficiently, for developing applications for iPhones, and for doing all that while keeping your networks and your data secure. The things we're going to be covering are actually divided up into three presenters. We have three presenters from Apple here.

The first presenter will be Ron, who's going to--he's from our tools group. He's going to talk about the tools that Apple has to provision iPhones, that is, making them initially loaded with the keys that will allow them to run your apps that will allow you to track that iPhone with that user, and to configure them, that is, how to automatically set the configuration settings on a phone for your employee for a whole variety of things so they're not, you know, flipping through manually setting up their phone. After Ron, we'll have Steve come up and talk about iPhone app development. And, of course, this entire conference is on iPhone app development, and there's a ton of sessions.

One of the things Steve's going to focus in on is why and how you would develop Web applications as opposed to native applications. And, of course, those of you from IT know that there are many situations where a Web application is much more efficient way to roll out functionality to your employees.

There's no installation involved. You simply change the Web site and the app changes. And Steve's going to talk about some of the techniques and the tools for making Web-based applications on the iPhone, when you would do that, when you wouldn't do that, and how you can make those apps be great.

And then finally, Curtis is going to come up and talk about, okay, now you've deployed phones in your organizations. You have deployed applications on them. So, you've deployed them on your devices. You've deployed them on your devices. You've deployed them on your devices. You've deployed them on your devices.

You've deployed them on your devices. You've deployed them on your devices. And then, of course, you've deployed them on your devices. And then, of course, you've deployed them on your devices. And then, of course, you've deployed them on your devices. And then, of course, you've deployed them on your devices.

The types of challenges that we're going to talk about today for the IT groups--how do you provision these things in your organization? How do you configure them? How do you roll out a new configuration once they're already in the field? That's what the first talk from Ron is going to be about.

How do you do this securely? What kind of VPNs do you need to deploy to keep things secure? How do you make sure that your SSL certificates are set up correctly on the phone? Actually, the third presentation will cover that. In addition, should it happen if an employee loses an iPhone or the iPhone gets stolen, of course, you want the capability to remote wipe that phone so that you don't lose track of that corporate data.

So let's get started. First presentation on configuration and provisioning. This is going to be all about the tools we have for doing that, including things like the iPhone Configuration Utility, which you will get to know and love. And to come present that is Ron Lusang from Development Technologies. So, Ron. Great.

Thanks, Bud. Morning, everyone. My name is Ron Lusang, and I'm a member of the Development Technologies Group here at Apple. And for the next 15 minutes or so, I'd like to introduce you to a utility that we created specifically to make it easier for you to introduce iPhones into your organizations. And we call it the iPhone Configuration Utility. And here's what it looks like.

It looks a lot like iTunes. That's because a lot of the metaphors are the same. We have a library of items that we want to manage and might have some connected iPhones that you want to push items to. And of course, we'll see the detailed information about whatever library item or connected iPhone you have.

But instead of managing ringtones, music and videos, we manage devices, kind of a record of all of the iPhones that you've ever connected to this computer, applications--so these are the applications that you'll push over to your iPhones--provisioning profiles and configuration profiles, which I'll describe more about later on in my slides.

Now, of course, iTunes--the target audience for iTunes is very different from the target audience we had for iPhone Configuration Utility. We actually had three target audiences for iPhone Configuration Utility, the first being those who are doing IT administration, so people who need to keep track of all the iPhones that they've deployed throughout their organization or who need to set up the iPhones that they're giving out, possibly installing applications and such. The second audience that we concentrated on are those who are doing QA testing, specifically for these in-house applications that we're looking forward to hearing about.

And there are those who are doing network and security administration. So those are the individuals who provide these great--the great access and network services for their employees but need to ensure some security policies are enforced on those iPhones in the case, as Bud mentioned, that the iPhone is lost or stolen.

So with the rest of my slides, I'll just go one by one through each of these three audiences and talk about what iPhone Configuration Utility can do to help them work with iPhones. And of course, we'll go in order, starting off with IT administration. So as I said, for IT administrators, you really need to keep track of all of the iPhones that you're responsible for, including who you gave the iPhone to, of course, and probably you'll have to set up the iPhone with some in-house applications.

So iPhone Configuration Utility lets you do exactly that. You plug in an iPhone, we create a record of that iPhone so that you can keep track of it and keep track of who you've given it to and install applications and something called provisioning profiles, which I'll talk more about in a minute.

So this is what you'll see once you've plugged an iPhone into iPhone Configuration Utility. It's a device summary. You'll see we still have the cool iTunes tabbed style UI with the summary tab and then a provisions tab, applications and a console tab. Here in the summary, you can see information about this iPhone, like the serial number or the UD ID.

You can even associate contact information either by typing it in yourself or using the people picker from address book. This is the same people picker from address book, by the way, that could be hooked up to your back-end organization's LDAP directory. And you can use that to associate contact information as well.

From the Summary tab, I'd like to jump over to the Applications tab here. Here you can see all of the applications that you have in your IPCU library and all of the applications that are already installed on this connected iPhone. So from here you can install new applications or remove old ones, update existing ones. And we have a similar UI for provisioning profiles here.

So I think this is a good time to introduce provisioning profiles in more detail. So as a sidebar, provisioning profiles are the key to allowing an application to run on the iPhone. So this is why it's important that iPhone Configuration Utility allows you to install both applications and their associated provisioning profiles.

Provisioning profiles have two important pieces of information. The first being the application creator's identity. This is a signing certificate, which you use when you're signing the application that you're installing, that you intend to give out. and this gives your users authentication so that they can know that this application actually came from you.

The second important piece of information is a list of Universal Device Identifiers, or UDIDs. These are the ones that I mentioned earlier that we saw in our Summary tab. And what this gives the iPhone, as well as you as IT individuals, is authorization so that the application that you've signed with this provisioning profile will only run on the iPhones that are in this list of UDIDs. So this is a very important thing for IT management. And of course, this wouldn't make much difference if somebody could go in and fool with the contents of the file. So provisioning profiles are also signed to prevent tampering.

So that's all I wanted to say for right now about provisioning profiles. Curtis will talk a little bit more about this later. I'd like to jump back to our summary of our device records. So here we've selected our device records library item instead of a connected iPhone. You can see we have the same information here.

The Summary tab is there with all of the contact information we've already set. We have the Provisioning and Applications tab still so that you can see once you've disconnected these iPhones, the summary information, all this information we've gleaned, is still there and is kept there as a record. We even show you when the last time this iPhone was connected.

And with all of this information, it's very useful to be able to export it. So, IPCU--iPhone Configuration Utility--lets you export these records for either backup purposes or sharing with other IT tools you have. They're simple XML files. You can even share it with other users using iPhone Configuration Utility on other computers. And we can also export all of these records, multiple records, as a single file which you can send to Apple's developer connection when you're requesting provisioning profiles. So this gives you that list of UDIDs that I mentioned inside of a provisioning profile.

So that's just a few of the things that iPhone Configuration Utility can help with for those who are doing IT administration. Again, just keeping records of your iPhones and installing provisioning profiles and their applications, as well as being able to export all of this information to a usable format for other purposes.

So stepping away from the IT administrators for a second, we can focus on those who are doing QA testing. So if you're testing in-house applications, we've already seen something that IPCU will do to help out here. That's installing those applications that you're going to test onto those iPhones you're testing with.

Apart from installing applications and provisioning profiles, though, If you're going to do QA, chances are you want to find out what's actually happening on the iPhone that's running your in-house application or need to do some network diagnostics about what an iPhone is doing out in the field. And for that, iPhone Configuration Utility lets you view device logs.

So here again, we see we've selected a connected iPhone. And in that fourth tab there, the Console tab, you can see the record of what the iPhone was doing. This includes your application logging as well as anything that the iPhone itself has logged. And it looks a lot like the console output you're familiar with from console on Mac OS X. So, a short set of slides for QA testing. The next audience I'd like to concentrate on are those who are doing network administration or security.

So as a network administrator, you're providing all of this great access via VPN or Wi-Fi, as well as network services such as email accounts or Exchange ActiveSync accounts now. And in order to provide these services, most network administrators really require that the end user devices are secure, that they can ensure some security policy is really enforced on those end user devices in case they're lost or stolen. and you can prevent sensitive data from falling into the wrong hands.

So the way we do that with the iPhone and iPhone 2.0 software is using something called configuration profiles. So here I'll take a sidebar and describe more in detail what a configuration profile is. So a configuration profile is simply a file full of device settings. So the simple XML plist files that contain settings for things like email accounts, security settings, networking setup, pretty much anything you could set up directly on the iPhone for an end user. But the real power in configuration profiles is that you can also set up things that you wouldn't want your end users to configure by hand or things that there's no UI on the iPhone to configure.

and configuration profiles are installable by either email or Safari directly on the iPhone. What this means is that you don't ever have to connect an iPhone in order to install these files and configure it-- configure that iPhone. You could create a configuration profile, post it on a secure web server or send it out to your users as email, and they can install it on their iPhones without ever tethering the device.

and of course, iPhone Configuration Utility allows you to create configuration profiles. So, anything that a configuration profile can set up on the iPhone, iPhone Configuration Utility lets you configure. Things like passcode policies which, you know, so you can actually require that your users have a passcode on their iPhones, even setting the strength of the passcode that they use, or the maximum age in days.

We can set up application restrictions so that you can prevent your users from watching too much YouTube or surfing on the net, surfing the web. You can, and in exchange for accepting these security policies on your behalf, the end users can get access to things you've set up such as pre-canned email settings, or you can embed certificates in these configuration profiles which you can use to simplify setting up VPN access or Wi-Fi access. You can even set up Exchange ActiveSync accounts.

And again, a lot of this would be pretty scary if it weren't for the fact that you could sign these configuration profiles as well, so that you can give your end users authentication, knowing that the configuration profile that they're installing actually comes from their IT or network organization.

And here's what it looks like to set up a configuration profile inside of IPCU. Here we've chosen the Wi-Fi tab. I'm not sure how clear it is in the back there. But you can set up for this, we're setting up Wi-Fi where we can describe which SSID we want to use. We can even choose certificates for our authentication method. We can even use it for our trust settings. So this is just a snapshot of some of the things that you can set up with IPCU.

And in order to give access to more people, instead of having only iPhone configuration utility for the desktop, we also came up with iPhone configuration utility for the web. It's the same configuration profile creation and signing features that you saw just now in iPhone Configuration Utility. implemented as a web application. And it's the back -- oh, here we go.

You can see it's all the same tabs but this is all running in Safari. We even support all the signing features, and the backend runs on Mac OS X, Windows XP, and Vista, and the browser piece supports IE7, Firefox, and Safari. So this way, since configuration profiles can be installed without ever connecting an iPhone, a lot of network and security administrators can end up configuring iPhones that they never touch or even see. So this is really powerful. Now you can even set up these configuration profiles over the web. I thought you guys would be excited about this web stuff. What is this? Yes. Thank you.

You can put web on anything. So that ends my tour of the iPhone Configuration Utility. That's just a quick look at some of the things we can do for IT administrators who need to keep track of all of their iPhones that they're administering, QA engineers who need to be able to install those applications that they're testing and get access to the console logs on those test units, and, of course, for network and security administrators who want to provide all these great network services and access to their end users but need the guarantee of security on those end-user devices. Now you can use iPhone Configuration Utility to create configuration profiles either on the desktop or via the web. And with that, I'd like to hand it back over to Bud. Thank you. applause Thanks, Ron.

I highly recommend for more information, there's a couple of sessions, one on enterprise phone management with configuration profiles. Learn all about what's in a configuration profile, what are all the different settings you can affect with that and how that works. And there's also a deployment lab where you can go and actually get some hands-on and try this stuff out.

Next, We're going to talk about iPhone app development. And we're lucky to have Steve Cotterill come from our own IT organization at Apple. And of course, we use iPhones extensively inside Apple. And so our IT organization has a lot of experience with how you roll these things out, how you make them useful, how you make them secure.

And what Steve is going to talk about is building apps, custom apps or in-house apps for the iPhone. He's going to talk about when you would build a web-based application for the iPhone versus a native app for the iPhone. What are the criteria you would use to decide that? What are some of the tools that are in technologies available for building web applications on the iPhone? And finally, how do you make those applications great? Well, I think the first thing is to make sure that you're using the right tools.

So Steve? Oh, my mic's on now. Okay, great. Hi, everybody. As Bud said, my name is Steve Cotterill. I work in Apple's Enterprise Technologies Group, and as he mentioned, we've been building some of the iPhone apps that we use for ourselves and the company. And today I'm going to talk about iPhone application development for IT app developers. I'm going to focus on, first, the design of IT applications, what you should bother putting on the iPhone, what application platform you should target, and how you can actually make that application a really great application.

Then I'm going to talk a little bit about some development technologies, what technologies are available, what tools we have to help you, and offer some of the tips that my team has come across in the last year. Finally, I'm going to talk a little bit about how you can deploy these applications, and specifically what you can do to make it really easy for your organization to deploy applications very quickly. So let's start with design.

So what should you consider putting on the iPhone? It seems kind of simple, but the answer can be elusive. As Bud mentioned, everybody is going mobile. And like I said, it's simple. You need to build mobile applications to address the needs of mobile users. And that means the people in your organization who are mobile all the time, like people that are out in the field doing sales or virtually anybody on a university campus or anybody in your organization when they're out on the go.

So you need to build applications that help users with quick, quick tasks. Some examples are looking up something, getting like a dictionary reference or following the status of something in progress. Getting any kind of updates on what's going on elsewhere in the organization. Apps that help you make more informed decisions, keep you notified of what's going on.

Or applications that let you control what's going on in your organization from wherever you happen to be in the world. These are the real advantages of the iPhone. Just to sum up real quick, the takeaway from this slide is if it could make a good dashboard widget, it would be a great candidate for an iPhone app. application.

So once you've figured out what you want to build, you have this question, "Well, how am I going to build it?" And on the iPhone, you have two platform options--yes, two. So the first is the native SDK, which we all know about. But the second is you could build it as a web application.

Some of you--I'm not sure. Maybe half the room is already, "Yeah, I'm not going to bother with native. I'm going to do web." But maybe half the room is asking, "Now that I have an SDK, why do I have to keep building web applications?" And the answer is the same reason you would build a web application for the desktop. There's no installation to worry about, instant deployment, instant update. These are the things that within Apple we value because we really need all of our users to be on the same version of our software at any given moment.

So if you need help making this decision, I just put up some of the platform features available. Like I said, if instant deployment, instant updates, and cross-platform compatibility are important to you, you can't beat a web app. If, however, your application needs access to some of the new spiffy APIs like location services, camera services, audio or 3D graphics, or if it needs to be able to work without an internet connection, you really need to build it as a native application. It's just not an option.

But for everything else, most of the features that you want for your applications are available in both platforms. They both integrate with all the other apps on the phone. You can build the same iPhone look and feel into your applications using Interface Builder if it's native or Dashcode if it's a web app. Both platforms support the ability to have a custom application icon added to the user's home screen. They both now support multi-touch gestures. And with hardware-accelerated CSS animation on the iPhone for web apps, your web apps are just going to start to look just like native apps.

If you're not sure which way you want to go, I suggest looking at it this way. If you think about how often you plan on updating your application versus how often you think users are going to be using your application. And if you plot your application somewhere in this space, you'll see that the more often that people use it and the less often that you update it, it would probably be a good candidate for a native application.

But if users aren't going to use it very often, but you're going to update it a lot, it would probably be worth it to develop it as a web application. Now, I have some examples just so you get a better feel of how things fall in this graph. The stocks widget on the phone.

I don't even think it has been updated. It doesn't need to be updated. What we've got works fine. The only thing that would ever cause it to need an update would be if our data source dropped out. We'd need to change where it points. But it's never needed updating, and the people that use it use it all the time. It's a great application for native. A lot of IT applications, specifically business forms and business reports, need to change with your organization.

So if you start selling a new product, if your governance laws change, anything like that, you need to update that application. And in some cases, that means that every time somebody uses the app, they need to get a new version. And that means it's better as a web app.

The trick to this is noticing that this slide is not evenly distributed. There's this hot spot where native activity is really, really effective. And that's because even the most popular application, the one that gets used by users all the time, if you change it too often, eventually it's not worth making users update a new version all the time. So a web app is a better choice.

And on the other side, even if you plan on never, ever changing your application, if nobody's interested in using it, it's probably better as a web app. They can visit it when they need it. So, Like I said, and as Bud said, in Apple we focus on web applications for the enterprise, largely because it is critical that everybody be on the same version and we don't want to make people have to go through any setup or installation beforehand. So most of my talk from now on is actually going to be focused on web apps. But before I leave native, I want to talk about what makes a great iPhone application.

Great iPhone applications are the ones that help the user with getting something done. Getting something done quickly without distraction, without taking up too much of their time so that they can move on with their lives. Great applications are focused. They're not trying to solve every problem that a computer could do. They're just trying to help you with a specific task while you're mobile.

They're fast. They need to load quickly and run quickly. They need to load quickly and run quickly. And they need to be ready to be interrupted by a phone call or because the user really needs to turn off their phone in class or whatever. And then they need to be able to resume immediately.

They are formatted not only for the screen, which we all know is not a desktop screen, but they're formatted for use in a mobile setting. That means that your colors should be readable at an arm's length in sunlight and your touch controls should be big enough to touch and your text should be large enough to read.

Great iPhone apps adopt the UI conventions set forth by the iPhone to provide a familiar experience to users so they don't take any time to learn how to use. And finally, great iPhone applications integrate with other iPhone applications. You should provide links to dial phone numbers if you have them or write new emails if you have them or get maps. These things users will greatly appreciate.

I have some great examples from applications. One, the first I'm going to start is a consumer example. Everybody could take out your iPhone. Please don't do it now. You could all see this. It's fandango.com. If you're not familiar, because I think they only work in the U.S., fandango is a website that offers movie tickets and show times for users. Being a standards-compliant website, it works wonderfully on the phone. It works beautifully. You can go there. You can do everything that you could do normally. But fandango decided to build a version of their site for the iPhone, and this is it.

And why this is great is it's literally a hundred times lighter weight. The size of the website that has to be downloaded, the size that has to be hosted, the size that has to be transferred and then loaded onto the phone is literally a hundred times smaller than the original Fandango. It loads a hundred fewer files from your web server. And all this adds up to seven times faster loading on Wi-Fi. Well, probably seven times on anything. But it takes five seconds to load on Wi-Fi.

So this is an application that's focused. They didn't deliver everything that Fandango's website has. There aren't photos or trailers, but they have what you need when you're on the go. They have movie show times and they have the ability to buy tickets. It's very fast, as I said, loads in five seconds on Wi-Fi.

It's formatted, uses the same UI that people are familiar with on the iPhone using the table view style navigation. And it's integrated. If you find a theater and buy tickets there, then you can call to get directions or you could just go to the Maps application and get directions.

For an enterprise example, for large organizations, we think a great example is a directory. My group built the Apple Directory app that Scott Forstall demoed last year at WWDC, which some of you may like because it shows that you can actually develop web apps, but some of you may hate because it was secretly telling you we don't have an SDK yet. But now we do. So we thought this was a good example. We took the very same Apple Directory web application that we provide to our employees to look up anybody else in the company, and we built it for the iPhone.

And it's fast. Most calls come back within three seconds. It's formatted. It fits perfectly on the screen. You don't need to zoom or pan. It offers the exact same UI that's in your contact list. It's an integrated application. It's based on a contact book. So if users have already dealt with contacts, they already know how to use this application. And it's integrated. You can touch a phone number to call a person. You can email a person directly by touching their email address. Or you can touch their office location to find out where they are.

Now, phone books and movie times are really fun, but IT data is a lot more complicated than that, right? So you're saying, "Well, that's great. You guys made wonderful applications that do this cute little toy stuff, but what about my data? My data is ugly. So how are you going to help me?" So I wanted to show you a real business example.

What we did was we were asked earlier this year to port a sales report for the company from a web to the iPhone. And we did it using the same data, the same database as the original report, so there's no conflict in numbers. We focused it, though, for real-time use, and we format it to be used on the mobile device.

And I'd like to show you how we did it. So this is an example of the original sales report. It's not the real thing, but it's an example. It shows actual and forecast sales figures so far for a store so far today, this week and this quarter, across the revenues that we make and then the rates of sale, the products that we sell, and the services that we sell.

And we use this to judge how we're doing. So we went back to our previous business model, which was a web application, and we said, "Okay, it has to make it onto the phone. We could just put it on the phone, but that's not readable at all." So we went back and we said, "Okay, we're going to have to put a little bit more effort into it than that." So we said, "Well, what do people need when they're checking -- if they're going to check this sales report on their phone, what do they care about when they're not at their desk?" And we realized that they don't care about how we're doing this week or this quarter. They care about how we're doing now. So we dropped that data.

And they don't care about how individual products are selling. They care about what kinds of products are selling. So we summarized that data. And that gave us a much more manageable data set. So again, we said, "Okay, a good day's work, right? We solved that problem. Works okay on the phone." But that didn't please everybody. So we said, "Okay, we need to format this for mobile use." And what we did was we completely reimagined the data.

It's the same data, but we've completely changed the visual representation. We've chosen to use icons instead of category names to save space. And that made room for these bar graphs, which let you look at comparable numbers immediately and know how you're doing. So in this case, we're beating the pants off our forecast. So this is -- oh, yeah, and we separated it into a revenue section and a unit section.

So this gives users a less cluttered view and some visual cues to help them read the data without actually having to read the data. Which means that they can see how we're doing and then put it back in their pocket and go. This is the unit side where we show some of our product families how they're selling and some of the services how we're doing.

So we thought this was a pretty good example of an iPhone app. It's focused just on today's data, and we've summarized the data to be what the user cares about when they're on the go. It's fast. The whole app loads within five seconds, and real-time updates come within two seconds. and it's formatted. It's built pixel for pixel. This is the screen size. You don't have to zoom in or pan. Minimal scrolling. It's pretty nice. Now I'm going to talk a little bit about developing these applications.

And I'm going to do it from the perspective I know best, which is, what do we do inside the company?

and David What we're really excited about now are the new web development technologies that are available in iPhone 2.0. You can now do multi-touch gesture events in the DOM, in JavaScript. You can respond just like on click, you can respond to on touch or on pinch, I think.

I don't know if they have a pinch. But you can react to multi-touch events. And then with hardware accelerated CSS animation, people will forget that they're using a web app. They'll think they're using a native application. And the new feature in WebKit is client-side persistence. So if you need to store any files or anything from a web application, you can do it on the phone.

So next I'd like to talk about the dev tools. Now, if you saw the keynote yesterday, Scott mentioned we've got a great set of developer tools for you to build native applications, but he forgot one of my favorites. He forgot Dashcode. Dashcode is an amazing IDE for building web applications, and it's even better now.

I don't know if you've taken a look at it recently. And the iPhone simulator isn't just for simulating your native apps. It has the mobile Safari in it, and you can test your web applications in the iPhone simulator as if you were actually testing them on the phone.

So Dashcode is a dual-mode editor. You can put your applications together by writing them in code, or you can just drag and drop components to edit--assemble your application graphically. It's very much like Interface Builder and Xcode. It has many iPhone templates to get you started building an iPhone application very quickly.

And it has a rich component library. I can't say enough nice things about this. The Dashcode team has done some amazing work building reusable components that you can put into your application so that you don't have to worry about how lists work or how buttons work. And they've got great sliding animations, even flip animations. You can make it look like you spent twice as much time on your application.

and David Schmuck, and I'm going to give you a little bit of background on what DashCode is. DashCode has a great debugging environment for JavaScript and web applications, which I know if you've done any web app development, you should be very pleased to know that you can actually debug JavaScript applications more like native applications now. And if you want to, DashCode even lets you do one-click deployment to a web server. All you have to do is just work in DashCode, test in the simulator, and then hit share, and then it's out.

Everybody knows about it. The iPhone simulator, like I said, has the exact same version of Safari that's on the phone. So you can see how the viewport and rotation events and multitouch gestures affect the application when it's actually deployed. You can even see the real on-screen keyboards that users see when they're using their iPhones and check out the home screen icon, which you may build for your web application so users can save it right on their home screen.

So, over about a year of--yeah, a little over a year--of iPhone development for the enterprise, we've picked up a few tricks. I don't know if you know these yet, but number one, if you can help it, build a one-page application. One HTML page and then everything happens asynchronously, dynamic.

This will save you a lot of bandwidth, save you a lot of time. It's a lot easier to carry data from screen to screen when you're not actually having to take it from one screen to another screen. And users get a better experience because they don't have to load more than one page. Once the app is there, they don't have to wait ever again.

and David Seifert are all great people. Separate your static content like CSS and JavaScript. If it's not going to change, pull it out. Make them separate files and then deliver them to your users with HTTP compression so you can get them to the users much faster. The iPhone will support it. It will unfold the code. It will load much faster, much quicker. New in WebKit every day practically are some great technologies to help you render with CSS.

That means that you can use things like borders, gradients, transparency and shadows -- these are just a few, there's masks and reflections too -- to actually build your UI without loading a single image, which is, I don't have to tell you, much more lightweight. And then for the images that you just can't get rid of, the whiz-bang graphics that you just can't replace, you really need to use the CSS sprite technique where you take, if you're not familiar, you take a little bit of a little bit of a little bit of a little So you take all of your different graphics and you stitch them together into a single image file and then you use CSS to determine which part of that image shows on the screen in any given position or any given time.

That means you load one image file instead of how many images are in your app, 50? I don't know. And it makes your app load much faster and then it's precached. You know, if you loaded the one image that's all the images in the application you don't have to load it again later. demo of how that, yeah, sorry.

So finally, I'd like to talk very briefly about deployment. As Steve mentioned yesterday, enterprise IT groups can deploy native applications for their users on an internal site. Users visit the site, they can open--they can download the--your in-house applications to their computer, open them in iTunes and then sideload them through it to their tethered iPhones. And that's great. So we know how you can deploy native applications without having to be part of the public app store. You could be part of the public app store and secure your application with employee passwords if you wanted to.

But as I said, we do web app deployment, and we found that after we built our first web app for the iPhone, we had to find a place to host it, which was actually surprisingly difficult for a computer company. We have to find a machine, and then we have to get into the network, and then we have to get a domain for it, and we have to go through all this red tape, and then we have to expose it to the outside world, because we wanted to make it convenient for users, so we had to poke a hole in the firewall, and then we had to secure that hole so only Apple employees could get into it. More bureaucracy. And then finally, we had to tell everybody where we put it. We had to send out a company-wide email that we've got this great new app, and now you can go there, and here's a link to it. And then we had an app.

Which was okay, but before we finished building our second app, we kind of realized this process won't scale. We can't do this every time. This is twice as much time as it took to develop the application just to get it out to people. That's no good. So our solution was to build an enterprise mobile application portal.

We gave one URL for users to go to to get all of the internal software that we were going to deploy on the iPhone. It means one entry point for security. Security is much happier now. And it's one host for our iPhone applications. So now that we have one host ready to go, we can deploy applications almost at will.

and the rest of the team. And that means that users can bookmark it right on their home screen. All their Apple apps are right here. They just touch it, it opens in Safari. If they're not authenticated, we stop them. Then you have to explain who you are. We take a name and password.

There are actually several options for authenticating users, and Curtis will talk a lot about that in just a minute. Once you've presented your credentials, then we present you with the mobile portal with links to all the applications that we have to date. And then they're one one touch away from the user.

So to recap, focus your applications on solving particular problems. You don't need to do everything. You just need to do something well. Load your applications quick and run fast, even if you're on 3G iPhones. Quicker is better. and format for mobile use. Remember, not just the screen, the mobile context. Users are outside in the sunlight, maybe they're driving in their car, god forbid, but whatever it may be.

Use familiar UI concepts and people won't have to learn. One of the things that we are doing now is cutting training time out of all of our software by sort of standardizing the experience. And you can integrate with the phone, mail, other applications like Maps. Users really appreciate those convenience touches.

Definitely, definitely, definitely go to Dash Code. Dash Code is gonna save you so much time, it's not even funny. And the iPhone simulator, it's not just for native applications, it'll help you test your web app too. If you have a server-oriented architecture, your iPhone applications can just hook into that if you just build Java serverlets, like we did. If you don't have a service-oriented architecture, this is the payoff. If you've been sort of holding out like, well, I don't see why I should go through this extra trouble to build a service-oriented architecture if I still have to do all this extra work.

This is the payoff. This is where you get to reuse stuff and then move for free. Cuts development time in half. And finally, if you're considering developing web applications, more than one web application for your organization, a web portal, a mobile web portal is so nice for your users.

All right, thanks, Steve. This is a developers' conference. There are a ton of sessions on developing for the iPhone. What we thought we'd do is put up a few here that focus more on developing web applications for the iPhone. So if you have an interest in that, I suggest you check out these sessions here.

The final speaker is going to talk about secure access. So you've deployed iPhones, you've deployed applications. Hopefully you thought upfront about all the security issues. How do you securely connect to phones in your organizations? How do you make sure the data is kept secure? And luckily we have a ton of technologies to help you do that, ranging from VPN technology to SSL to things like 802.1X, things like remote wipe or setting--configuring pin strength or pin policies for your users.

So to talk about that, we have Curtis Galloway who will come and fill us in on security. Curtis? Thanks, bud. So I'm Curtis Galloway. I'm in the iPhone Engineering Department. And I'm going to talk a little bit about security on the iPhone. So secure access for deploying the iPhone in your organization, you have your servers with your data on it, and you have iPhones in your organization.

And you want to be able to make sure that the data on your servers is not getting out of where you think it should be. You want to keep control of that and keep control of your assets that are based on that. The most basic part of that is securing your wireless network, because that's the primary way that you're going to access data from the iPhone. And we've already had on the existing iPhone, we have some amount of that, but there's some new features about that. When you're outside of your -- Yeah.

-- local enterprise, you're going to access your corporate network through VPN, so we have some improvements there. And certificates are another way of increasing the security on the phone by improving the identification of your users and of the resources that they're accessing. And also, you're able to set security policies for iPhones that are owned by your enterprise so that you can have increased control and confidence over how they're being used.

So first of all, for Wi-Fi access security, we've previously supported WEP, WPA Personal, WPA2 Personal. And in the new iPhone software release, we've added enterprise-level support for authentication. So now we have WPA Enterprise, WPA2 Enterprise, and 802.1X authentication with EAP TLS, EAP TTLS, and EAP Fast, as well as PEEP and LEAP. And so that gives you a lot more flexibility for authenticating users on your local Wi-Fi network. So now you can, within your enterprise, have a secure wireless connection to access your corporate assets.

On the VPN front, we've previously had support for L2TP, IPSec and PPTP with name and password, token-based authentication. And that's been okay, but a lot of you have been asking for increased support for Cisco IPSec, and so we have that now in our enterprise-level VPN support on the iPhone. So you can use name and password, secure ID tokens, crypto card tokens, and certificate-based authentication with your Cisco network. And we think that is going to give you a lot more flexibility with the equipment that you're able to use for VPN access.

In the VPN configuration front, you can use the iPhone configuration utility to configure your user's VPN access so they don't have to go into the UI and select it and configure all that stuff on their own. You can simply create a configuration profile for them that has all of the settings for your company VPN that you can deliver to them either on the web or via e-mail or with tethered usage of the iPhone configuration utility.

For certificate usage, we allow you now to install root trust certificates for your organization so that if you have your own signing authority, you can add your own root CA certificate so that users can trust all of the certificates generated by that. That's very convenient. And we can also allow you to pre-install server certificates so that they can trust your servers implicitly without having any warnings. And identity certificates for credentials for both VPN and Wi-Fi, you can pre-configure those and deliver them in a configuration profile for the phone.

For certificates, we support PKCS #1 and the common file formats for that for root CA certificates and server identity certificates, and also PKCS #12 for user identity certificates, which include the encrypted private key inside of them. And those are easily generated by a lot of different forms. You can export them from keychain access on a Mac if you already have Macs in your organization. Most certificate authorities can already generate these files and export them. And the iPhone configuration utility can also import them and include them in a device profile so that it's all packaged up together for you.

and you can import raw certificate files through Mail and Safari. So if you just have the certificate file by itself, you can add that as an attachment and you're able to import that just as if it were a configuration profile with one certificate in it. So that's very convenient. It doesn't require any additional tools for generating those.

As you can see, the iPhone configuration utility gives you a tab to manage credentials. You can include multiple certificates in a profile. So if you have an identity certificate, a root CA and some server certificates, you can add those all together and include them in one profile that you can easily install on a user's device.

And if you want to deploy the certificates by themselves, they just show up as an attachment in email. So that's a very convenient way to distribute them. And then it gets installed just as if it were a profile and looks just like that. It can be managed on the phone in a similar fashion.

And we also have the ability to do a remote wipe of the device. So if it's lost or stolen, we have that out in the world somewhere, you can use Exchange Server to actually send a wipe command and guarantee that that device is going to have all its data erased. The actual flaming is a premium feature.

So in summary, we have a number of new features in the iPhone 2.0. We have secure Wi-Fi access with 802.11 Enterprise and 802.1X authentication. We have VPN access improved with Cisco IPSec, which can be configured through configuration profiles. And certificates for trust and identity, you can include root CA certificate. You can include user identity certificates. And we have the ability to set security policies for your devices for application installation, for device restrictions and for remote wipe to ensure the security of your data. That's it.

Thanks, Curtis. And again, for more information around security on the iPhone, we have a number of sessions here. And, you know, in conclusion, I want to say that we're very excited about the iPhone moving into the enterprise. And we've had the pleasure inside Apple of using the iPhone for our enterprise for almost the better part of a year now.

And you heard from our IT group on some of our experiences there and some tips and tricks. But we think we're just at the start of this. And there's a ton of sessions throughout the week and labs and things you can go to to find out more about the iPhone and the enterprise. So I want to thank you very much for coming.