New APIs in Apple’s latest iPhone operating system make possible a new experience for network administrators: the ability to inventory, secure, and manage the iPhone and iPod touch as enterprise devices and to do so for hundreds or thousands of them. With Monday’s release of iOS 4, Apple provided hooks and on-board Mobile Device Management Service (MFMS) that, for the first time, let third-party device management applications access information directly on the iPhone 4, and exercise control over it.

In the past, there have been two basic options. One is the management and security provided by Microsoft Exchange Server, via Apple’s expanded but still limited support for Exchange Active Sync. The second is Apple’s iPhone Configuration Utility 2.0, released in mid-2009. This version introduced some much needed figures but fell short of full-scale end-to-end system for managing the handsets, data, and users.

Today, three device management software vendors announced versions of their applications exploiting the new APIs. The applications are: Afaria from Sybase, Mobile Device Manager from AirWatch and MobileIron Virtual Smartphone Platform from MobileIron. All three are intended to provide centralised management for iOS 4 devices.

Most of these applications are adding or expanding iPhone management support to software that handles most of the leading mobile operating systems.

MobileIron is a server-based application for managing mobile devices. Administrators can create a usage or security policy on the server, assign it to individuals or groups, and then connect to the iOS mobile device management service. "We can pull information from MDMS or we can push information to the service," says Ojas Rege, vice president of products for MobileIron.

MobileIron and the other vendors initiate communications with the service through the Apple Push Notification Service (APNS). Once that notification is accepted, the server and device communicate directly via HTTPS, according to Rege.

The arrangement allows for an "agentless" approach – no iPhone application is needed. But MobileIron does offer one, downloaded from the App Store, that creates a management UI for the end user, when some kind of end user input or action is needed.

In some cases, functions that were done via Enterprise Active Sync can now be done directly via the third-party software and the handset, such as remotely wiping data from a lost or stolen iPhone.

But the third-party applications offer the ability to add new functions. For example, with iOS, an enterprise can now write an iPhone app for its own users, and distribute the app on its own, with what Apple calls an Enterprise Development Licence, without having to connect to Apple’s iTunes, via a PC or Mac, and going through the App Store. MobileIron will manage those software downloads and updates. The server can create an inventory of all apps, and their version numbers, on each iPhone.