Solving IT’s mobile app deployment dilemma

You may have heard the ugly, disease-evoking acronyms MEAP and MCAP, which AT&T and Verizon Wireless have been pitching for a few years in their attempts to be the applications-provisioning tollbooth between IT and mobile users. That push initially meant using their apps, then it meant provisioning apps only to users on their specific networks. Not surprisingly, MEAP/MCAP fell with a thud, and IT administrators were left with no elegant way to provision enterprise apps to mobile users in a manner they could secure, monitor, and manage.

That’s changing, thanks to new mobile app management (MAM) tools such as Antenna Software’s Volt and the app-provisioning features in some mobile device management (MDM) suites, including those from Good Technology, MobileIron, and Trellia. The emerging tools let IT do more than create enterprise app stores from which employees download software to their iPhones, iPads, and Android devices — after all, you can do that with no extra tools on both iOS and Android by providing links from a secure Web page to the downloads.

What emerging tools such as Volt let you do is create HTML5-based apps that can tap into devices’ native capabilities through JavaScript API extensions from Apple, Google, and others, as well as via W3C-supported BONDI APIs. (Those extensions allow, for example, the capturing of signatures through a canvas tag or the generation of bar codes.) You develop these HTML5 apps in your IDE of choice (even a text editor), but you do have to use Antenna’s APIs for the apps to work within the Volt client and be provisionable and manageable by the Antenna Mobile Platform (AMP) server.

From there, you can code installation profiles based on user policies such as roles. When a user logs into the (usually hosted) server, the apps tied to his or her profile are downloaded to the device. The server also pushes updates and gives IT a console for monitoring usage, changing application permissions, locking down data, and wiping apps when a user leaves the company or changes roles.

Other tools such as Ondeego’s AppCentral offer similar capabilities. However, the combination of the Volt client and AMP hosted server appears to be more appropriate for enterprises, in terms of integration with policy servers such as LDAP, integration with MDM tools, and use of high-level encryption and authentication technologies. (AT&T uses AMP in its Workbench offering, but the Volt/AMP pairing is not limited to AT&T-connected devices, as Workbench is.) The Volt client was released this month for iPhones running iOS 4 and devices running Android OS 2.1 through 2.3; iPad-savvy, Android 3.0, and BlackBerry OS 6 versions are planned by summer.

How the new breed of mobile app managers work The enterprise-created HTML5 apps provisioned through Volt are kept in their own workspaces, so their data is encrypted and separated from the device’s other info. Apple’s iOS natively supports such encryption and separation, but Google’s Android does not. Because the enterprise HTML5 apps run within Volt, the AMP server can directly manage them, without affecting the device’s other apps.

In the case of iOS, the AMP server can also manage native apps provisioned through AMP or through an MDM integrated with AMP. Likewise, an MDM tool that integrates with AMP can manage apps provisioned by AMP (HTML5 and native) or by the tool itself (native). Either way, the HTML5 apps provisioned through Volt work offline, syncing data when reconnected.

Theoretically, the Volt-provisioned HTML5 apps could be accessed as separate apps on an iOS device’s home screen, rather than through Volt. They would still be secured and managed as an app bundle by AMP, but the user would not see that bundling. Some users like to view all their apps individually, while others like to group them; essentially, Volt forces them to be grouped. (Android doesn’t support app bundles, so Volt-provisioned HTML5 apps must run within Volt on that platform.)

Antenna CTO Dan Zeck says that the company chose to run the Volt-provisioned apps on iOS devices from within the Volt app because IT customers wanted a visible separation of business and personal apps, both to increase IT’s comfort level in the presence of the separation and to help users make the mental switch between private and work activities. But there’s no technical reason the apps couldn’t appear as individual home screen icons and maintain that behind-the-scenes secure separation in iOS, he notes. (BlackBerry OS 6 also supports such innate separation, though currently it works only with the most recent version of BlackBerry Enterprise Server and for just BES-provisioned apps.)

As is the case with MDM tools that support app provisioning, the AMP server can install and manage native iOS apps only if the enterprise has an enterprise SDK agreement with Apple. AMP then uses those credentials to install the apps directly, without going through the public App Store. This is an Apple requirement, meant to put enterprise apps through the same quality-control standards as any iOS app.

The fretting over mobile app management can now stop A year ago, CIOs commonly said they wouldn’t support iPhones or bring-your-own-device policies due to security and management concerns. Today, that viewpoint is passé, thanks to both the push from users and the release of IT-oriented management tools for iOS and Android devices. As device management concerns have faded, I’ve heard app management concerns take their place in both private conversations and at IT conferences.

Those app management fears can dissipate, too. Organizations can continue to use the simple solution of provisioning apps directly from a secured website or by emailing users the links — the only real option for iOS devices until last fall. And now those organizations that need or want to manage applications more directly — with the same level of control, security, and compliance monitoring they enjoy on the desktop — have tools to move up to that level.

What is great to see in all this is an approach that gives IT control without unduly confining users. As mobile devices move quickly to being dual-purpose personal/business implements, tools such as Volt let the two usage aspects coexist nicely. Users aren’t forced to work with locked-down smartphones and tablets, and IT isn’t forced to accept free-for-all devices. Everyone wins.

This article, “Solving IT’s mobile app deployment dilemma,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen’s mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.