iOS Management = Confused

  • Posted by Ryan Ingersoll
  • April 27, 2012 4:17 PM PDT

iOS management is convoluted and confusing. Apple’s fan boy mantra, “it just works” is actually the antithesis of my experience. It isn’t all thorns in my side; there are some useful features Apple’s provided, especially in Profile Manager.


In this post I will explain my understanding of each management tool and how I tried to implement them. I offer concluding information on their resulting successes and failures.


Furthermore, I ask Apple for a better solution; one integrated solution. I welcome your feedback, comments, and critiques. Did I miss something? Additionally, share your own successes and failures.


My experiences are from Seattle Pacific University Library. In my position I oversee the Tech Desk, which manages two different groups of iOS devices. The first is for general student circulation and the second is for individual librarians for use with their work and teaching.

  • Circulation (circulated to numerous users for short use)
  • Librarians (assigned to specific users for extended use)


Profile Manger



I was excited when Apple released Profile Manager with the Lion Server app. When Apple released the app we purchased an iMac with an Intel Core i7 processor. This iMac is our dedicated general server (Lion Server app), Mac imaging server (DeployStudio), iTunes sync computer for the circulated iOS devices, and the Mac computer available to assist students with a wide range of needs when visiting the Tech Desk (video editing, video conversion).



Configuring Profile Manager was fairly straightforward. Following Apple’s documentation guided the process. The main steps are below.

  1. Setup the iMac computer as a new computer and create the appropriate users with administrative privileges.
  2. Purchase the Lion Server app from the App Store.
  3. Follow Apple’s documentation to configure the Lion Server app.
  4. Configure proper IP and DNS reservations for the iMac. Consult with your central IT department, if needed.
  5. Create a self-signed or trusted SSL certificate
    1. I created a self-signed one pretty easily
    2. Configure Profile Manager using Apple documentation
    3. Install Trust Profile on devices, enroll, and manage away



  • Web-management is responsive and intuitive. This is a huge benefit. You can manage another iPad and push out policies from your iPhone, for example. There isn’t a need to use Screen Share or Apple Remote Desktop. Apple really thought this through.
  • Building policies for either specific devices or device groups is quick and easy and are pushed immediately.
  • Install free apps over-the-air (push)



  • Can’t install paid apps.
  • No Volume Purchase Program for Education (VPP) integration
  • Unable to manage apps uploaded to server
  • Not a full iOS device management solution, not able to adjust every setting possible or add content
  • App downloads/updates not integrated, must use iTunes and then find the folder the apps are downloaded to.


Apple Configurator



I use the iMac mentioned above. Nothing too complicated is needed.



Install the app via the App Store.


If you are installing paid apps enter the Apple ID you want associated with the apps. This is the Apple ID that is required in the Preference section of the Apple Configurator app. You cannot use your VPP account that was used to purchase apps. However, you will need your VPP account available to install apps by importing redemption codes. This is confusing!


Apple’s documentation is helpful.



  • Simple and quick install, not much to setup
  • Install VPP purchased and free apps (have to know where the apps are, not integrated)



  • Not intuitive
  • Poor integration of VPP, maybe a flaw of VPP, but there should be a simple way to restore licenses for apps purchased and no longer used by a user.
  • Management of devices seems to remove the need for Profile Manager, maybe as a solution for a simple setup
  • App downloads/updates not integrated, must use iTunes
  • Confusing Apple ID account process. One for purchasing, another for downloading.


iTunes Sync


I use the iMac mentioned above. Nothing too complicated is needed. Really anything that can run the latest version of iTunes should work.



Normal iTunes setup

Login with normal Apple ID (not the VPP one, more confusion!)



  • The iTunes everyone loves (or hates)
  • Easy app installation, updating, and removal
  • Quick backup and sync



  • Cannot sync with another iTunes, this is messy for what Apple calls a “Layered Ownership” approach to management
  • App purchasing is confusing; do I purchase via VPP and be on the honor system for licenses or do I purchase via the iTunes Store? Which causes issues when I sync more than one device (I only “bought” one copy)
  • No integrated policy management or setup (must use Profile Manager in addition or control settings on the iOS device itself)


Our Current Setup: Profile Manger and iTunes Sync Station Hybrid


Profile Manger

I use Profile Manager through the Lion Server app to install manage profile settings on the iOS devices. This works great for restricting certain features I don’t want students using when they check out the device.

Profile Manager also provides great tools to lock or wipe the iOS device in the event of loss or theft. We still can use the Find My iPad (or iPod touch) app through iCloud if we want for those features in addition to GPS location.

For librarian iOS devices we can send free apps over the air and wipe the iOS device in the event of loss or theft, this is great way to manage because we don’t have to mess up their Apple ID or general settings. If they decide they don’t want the profile installed anymore they can uninstall it at anytime (however they lose apps that were installed through it.)


iTunes Sync Station

I use iTunes to install and update apps. When a device is returned from check out we automatically “Erase all Content and Settings” directly on the iOS device. Then we connect the device to iTunes and restore it from the master backup. If needed, we perform updates to apps using the normal Apple ID.


App Purchasing: VPP for Education

I dislike the current app purchasing situation. It isn’t intuitive or integrated. I can’t track licenses or revoke used redemption codes. It isn’t very easy when I manage two different types of device pools.

  • Circulated iOS devices are institution owned and controlled, but a student could install their own content if they want.
  • Librarian iOS devices are institution owned, but mainly controlled by them, installing institution paid apps is a pain. Free ones are easy through Profile Manager, but for paid ones I have to buy the license and send them the redemption code to install with their own Apple ID. This means they technically own the app.


What’s Possible: “It Just Works” Solution

Apple’s tools to manage iOS devices don’t follow the “it just works” mantra. Their tools are confusing and lack continuity. People, from what I gather, including myself, are left to figure out a solution that works, but the solutions are cobbled together. I love Profile Manager, but I struggle to find the usefulness of Apple Configurator. Though, Apple Configurator does seem to be an attempt at non-server based Profile Manager. Profile Manager already manages iOS devices and Mac devices. I think that is the direction Apple should continue with. What could Apple do to make these better tools for iOS (and Mac) management?


Merger Profile Manager and Apple Configurator

iTunes is great for general users, but not enterprise worthy, I really don’t want to update iTunes every week…

Rebuild Apple Configurator from the ground up based on Profile Manager, but market it as a separate app, not as a server. It will live on a computer, but require a USB connection to configure and update iOS devices and Mac devices like Profile Manager does now. It is the corded version of Profile Manager. Profile Manager Server and Profile Manager Local (or some other name).


The New Profile Manager (Server and Local Versions)

The new Profile Manager is still the same component of Lion Server app, but with better and enhanced features.

  • Integrate the app purchase history from Apple viewable in Profile Manager so I can assign apps to different devices without storing them locally in iTunes and having to navigate to the Mobile Applications folder in the iTunes folder to upload them to Profile Manager
  • Integrate the iTunes Store to purchase apps
    • Using the VPP for Education portal is fine
    • Integrate the ability to revoke and reuse license for apps
    • Allow purchased apps to be installed over-the-air
    • Add GPS tracking
      • Remove the need to use iCloud’s “Find My ‘Apple Device’” app
      • Or allow multiple iCloud accounts to be installed (dumb idea)
      • This will free up iCloud account for personal use
      • Increase the available configurable policies
      • Offer a cloud option (through iCloud?) for institutions that don’t want a corded or server solution
      • Continue merging the tools and systems so iOS and Mac devices can be fully manages together in one tool


What else would you like to see in managing iOS devices (and possible even Mac devices)? What concerns do you have and see? Did I miss something; does Apple already provide the experience I want?


I think Apple has an opportunity to really expand the offerings of Profile Manager and their other purchasing tools.


Helpful Information:

Apple’s iOS 5 Education Deployment Guide

Apple’s portal for education resources for information technology

  • Ryan Ingersoll
    Ryan Ingersoll IT can then use if for the next section of classes. The student can still sync their iPad with their iTunes without the risk of losing their content or apps.
    May 14, 2012
  • Ryan Ingersoll
    Ryan Ingersoll If PM could auto update apps the student would also receive the updated app without being prompted to enter the Apple ID that was use to purchase the app the institution purchased.
    May 14, 2012
  • Ryan Ingersoll
    Ryan Ingersoll Sorry for all the comments, the comment box limits the amount of characters that show up.
    May 14, 2012
  • Scott Derome
    Scott Derome Good article. I wanted to mention the following as it solved and/or addressed virtually all the issues listed above (for me). Commercial product but cost is very low (comparatively speaking). Either cloud or hosted options available. Cloud option extr...  more
    June 27, 2012