Still seeking a robust Bento replacement.

Still seeking a robust Bento replacement.  It’s been five years since the last update (Mar 16, 2011) and about two and a half years since it was discontinued (Sept 30, 2013).  And yet, two things still surprise me.  (1) There still isn’t a feature complete replacement product, and (2) I’m still using Bento.  It still works.

The short list of leading Bento replacements: 1Password, HanDBase, or TapForms.

* as of 2016-01-25, FileMaker would still be a >$350 buy in, require dev work, incur heavy “ease of use” penalties, and still leave me exposed to the poor Apple-FileMaker long term risks.

2016-01-25: tried/purchased 1Password and was left frustrated by missing features.

The 2nd worst of all is: any “schema” changes are only “per record”… i.e., adding a field only adds it to the record being currently edited… it’s doesn’t change the underlying table structure… because… they don’t have an underlying table structure… they don’t have a record/table/db schema… each record is just a bag of bits.

The #1 worst problem is: after customizing the fields for a record, and trying to export the record, the result is nearly gibberish.  It would be very labor intensive to create my preferred “schema” in 1Password and then subsequently export/migrate to even a basic spreadsheet.

2016-01-25: evaluated TapForms and elected not to purchase those apps.

The MAC App is $34.99, 13.4MB.

The iPad app is $8.99, 29.9MB.

The iPhone app is $8.99, 32MB.

From the support forum, the developer has been responding to “wifi-sync” requests, with “it’s four or five months away”… but he’s been saying that for a year.  Until he gets that option figured out, TF is a non-starter.

2015-03-01, really need to find a replacement before the Bento apps quit working altogether.

Must have features: wifi sync, ipad forms.

1Password is iOS universal, HB and TF are not.

The HandDBase folks are leaving basic features, like form design, out of the MAC App.

** 2015-10-10, HDB pulled out of the MAC App Store over some little bitchy thing earlier this year.

1Password has too many integration points with too many things; it’s a high risk product in the long term.

** 2015-10-10, 1P began requiring IOS 9 less than a 1 week after Apple released the new OS. No backwards compatibility at all!

TapForms may become the defacto choice at some point… but I’ll wait a bit longer (Bento is till working today).

** 2015-10-10, TF is only syncing thru iCloud or DropBox (not an option for secure content).

2015-10-10, still looks like a DIY custom app is my best option…

Xcode 4.4.1 update is 47.48MB from app store.

Today’s new Xcode update 4.4.1 (for production usage) comes as a 47.48MB update from the Mac App Store.

After the update completes, checking the Xcode preferences for components and documentation indicated “Command Line Tools (143MB)” was the only portion needed additional updating at this time.  It appears the simulators and documentation did not change. 

Install CentOS 6.3 64-bit Linux in VMware Fusion 4.1.3

As part of my iOS app development and testing lab, I have a need to be able to test client applications against multi-platform database services.  Last year I determined a collection of OS X, CentOS, and openSUSE virtual machines running MySQL and PostgreSQL provides an adequately diverse test environment for my needs.

A wide variety of application prototyping and testing needs can be served by these combinations without requiring a rack of high end hardware and a couple full time DBAs to maintain everything.  Many of my clients have performance testing and production requirements far beyond my little “proof of concept” setup.  However, my “proof of concept” environment often helps me better understand how to communicate with the DBAs in the large organizations.  And sometimes it allows testing ideas that they don’t have the luxury of trying out on a $25 Million production database cluster.

My virtual lab environment had grown a bit stale over the past year.  Over the past week or so, I’ve been updating to OS X 10.8 Mountain Lion and both the Xcode 4.4 general release and the Xcode 4.5 iOS 6 betas.  Now I’m beginning to update the Linux and SQL components of the environment.  I’ve had a long affinity for Suse Linux so I like to keep a familiar distro on hand.  Many clients are using Redhat in their production environments, so CentOS has become a necessity.  In the past, Solaris was always a key component of my setups but not so much any more; adding some new Solaris VMs will be deferred for another time.

For this portion of the lab update I’ll be building a couple new CentOS VMs and keeping some notes.  I’ll begin with the CentOS 6.3 x86-64 bit “netinstall.iso“.  Assuming you’re install to location with internet connectivity (and not organizationally firewalled into using sneakernet for your lab), the netinstall.iso option saves the time otherwise spent updating all of the packages in the LiveCD or full ISO images.

In VMware Fusion 4.1.3,

  • select the menu options “File” and “New” to get the “Create New Virtual Machine” dialog window.
  • select “Continue without Disk
  • select “Choose a disk or disk image…
  • use the presented Finder popup to navigate to your target ISO image (which you’ve previously downloaded) and select “Continue“.
  • select Operating System: “Linux
  • select Version: “CentOS 64-bit
  • select “Continue”  note: the OS and Version selections are important as they inform VMware Fusion which drivers, VMtools, and VM configuration settings to utilize.  VMs can successfully be created using less specific settings, by you’d lose out on some features of Fusion and likely have to perform additional manually configuration work within your Linux VM.
  • you should be presented with a summary configuration of your new VM with the options to “Customize Settings” or “Finish“.  This default will likely be one processor core and 1GB memory; I recommended increasing this to two cores and 2GB memory.  After completing the installation and configuration, you might try lowering the settings but these will be helpful for getting thru the various package installations and configurations.
  • select “Finish” and use the Finder popup to name and save your new VM.  I like to configure a “base image” to my preferences and then make copies of as needed for testing new configurations or loading additional packages.  So it’s helpful to think of a naming convention if you are likely to have multiple copies over time.
  • Fusion will start the new VM and the netinstall.iso will boot to a setup process.  Netinstall will be a text based interface (use your keyboard arrows keys to move between options).  The first dialog will be for testing the installation media.  I’ll “Skip” the media test.  If you uncertain about where you image came from or the quality of your internet connection, you may want to let the me test proceed.
  • choose a language
  • choose a keyboard type
  • choose an installation method.  select “URL“. (you’ll be prompted for details later).
  • configure TCP/IP.  unless you need to change, accept the defaults by selecting “OK“.
  • a dialog will display “waiting for network manager to configure eth0
  • URL setup.  enter “″.  The text interface does not allow copy/paste from the host, so you will need to type this in exactly. redirectors the download to one of many mirror sites.  If the URL doesn’t work for you, check your typing and try again.  It’s possible the redirection could get sent to a server that is temporarily busy or offline.  Trying again usually works.  If not, you’ll need to do some searching to locate a direct URL to mirror server that is reachable from your network location.
  • After the netinstall process begins, in a few moments you’ll see a graphical screen displaying a CentOS 6 logo.  Select “Next“.
  • Basic storage device should be ok. Select “Next“.
  • Storage Device Warning.  This is a fresh install, so select “Yes, discard any data“.
  • local hostname:  Enter a hostname for your VM.
  • select a timezone.
  • enter a root password (twice to confirm, must be at least six characters).
  • which type of installation would you like?  select “use all space“.
  • write changes to disk
  • select optional software to install.  Note:  Selecting software packages is a lot easier if you wait until the system is up and running with VMtools providing proper mouse and video drivers plus the ability to select the various package repositories you’ll want to use.  So, for this step,  select “Minimal Desktop” and “Next“.  If you choose the “Minimal” option, you’ll be limited to the command line.
  • The necessary packages will be downloaded and installed (about 30 minutes of this older Core 2 Duo MacMini).  When it’s complete, you’ll be prompted to “Reboot“.
  • After the reboot, a Welcome screen will continue the process of setting up the new system.  Select “Forward“.
  • Agree to the license and select “Forward“.
  • Create User: input your desired user information. Select “Forward“.
  • Set Date and Time. Select “Forward“.
  • At this point I get a warning message “Insufficient memory to auto-enable dump. …” That’s ok, I don’t need it for this usage, so I’ll select “Ok” and “Finish“.  The VM will reboot to complete the setup.
  • After the reboot, a GUI login screen will prompt to login with the account just created in the previous steps and delivery you to the new desktop.

At this point the new VM is is ready to use with a base configuration of the “Minimal Desktop” distribution of CentOS v6.3.  However, there are some additional steps to make it bit more user friendly prior to archiving a copy and proceeding with the desired dev / test work this VM is intended for.

  • Use the VMware Fusion menu to select “Virtual Machine | Install VMware Tools“.  If you’ve not used previously used this feature in your current version / installation of VMware Fusion, you’ll be prompted that “VMware Fusion needs to download the following component: VMware Tools for Linux“.  Select “Download“.
  • VMware Fusion will be adding an additional component to the Fusion application on your Mac OS X host, so you will be prompted to authenticate and permit this action.
  • Next you’ll be prompted by Fusion to “Click Install to connect the VMware Tools installer CD to this virtual machine“.
  • This should result in the CentOS VM’s desktop displaying a DVD (or CD) icon titled “VMware Tools”.  Unfortunately, mine displayed a blank folder with an empty disk as a result.
    • Checking /Applications/VMware” confirmed that a “linux.iso” file was present (dated 2012-05-27).
    • Rebooting the VM and re-trying the VMtools installation still resulted in an empty disc image / folder.  This is a common problem between Fusion and many Linux distributions.  VMware’s support forums offer several work arounds, most of them at the command line.
  • My solution is to use the OS X Finder to browse the “VMware” package contents, copy the “linux.iso” to another folder, and mount it to the VM’s CD drive.
  • Return to the CentOS desktop, use “Computer” to browse the CD.  You should now see a “VMware-Tools……tar.gz” file.
  • Drag the “….tar.gz” file to your home folder.  Don’t bother trying right click and select “Open with archive mounter”. Extracting the files through the GUI will probably result in a process that estimates a couple hours to complete.
  • Use the CentOS “Applications” menu to launch “Terminal“.
  • “CD” to your home folder.
  • Use the “ls” command to verify the “…tar.gz” file is there.
  • Expand the archive using “tar zxpf VMwareTools-….tar.gz”  HINT: type “tar zxpf VMw” and hit “Tab” to autocomplete the command.
    • This should result in a new folder named “vmware-tools-distrib” containing 3,275 items for 178.6MB.
  • In terminal, type “CD vm” and hit “Tab” (to autocomplete).
  • Another “ls” command should verify the presence of “”.
  • You’ll need super user (root) privileges to run this script.  Type “su” and then enter the root password established during installation.
  • Enter “./” (or just type “./v” followed with a tab key to autocomplete).
  • The script will prompt with about nine questions.  Use “Enter” to accept the defaults for each.
  • When the script completes you can delete the “…tar.gz” from the VM to save diskspace.  In all likelihood, if you ever need them again for this specific VM, they’ll be out of date by then.  Reboot the VM to activate the VMware Tools features.

Now that VMware Tools is active the mouse should work much better, and you’ll be able to resize the VM window to whatever fits on your available host machines OS X desktop the best for your preferences. Copy/paste from the host machine should be enable.

VMware Fusion shared folders should also be working now.  However, you should verify as this is another feature where Fusion yields different results across various Linux distributions.  On this particular CentOS VM, sharing some folders from the host machine resulted in them be available within CentOS at the path “/mnt/hgfs/”.  Fortunately it wasn’t necessary to perform any additional commands to use them.  A quick test confirmed the shared path was readable and writeable from the VM.  note: this feature mounts the shared folders with the guest VM as virtual file system, there isn’t any shared/virtual networking going on with this feature.  

The next step I recommend is selecting the Applications menu “System | Software Update“.  Despite having just completed a network installation, this new instance of CentOS Minimal Desktop config had 43 available updates (124.6MB).  The update process will prompt for the root password.  You will also likely be prompted to authenticate to accept certificates, signatures, and various packages during the update process (so it’s not a walk away and leave it process).

Now that the base config is installed and updated, I’ll shut down the VM and make a Zip Archive (using OS X Finder) of it’s VM image.

It was about 2.5 hours to get this far.  A quad core host machine with SSD, and a faster internet connection, would reduce that considerably.  Some of the time was also spent writing these notes.

With this new configuration built and a backup tucked away, I probably won’t need to perform a base install of CentOS in this environment for another year.  I didn’t keep as much detail last time, so I’ll have to wait another year to compare whether things get faster.

My next steps for CentOS will be to configure the various application packages and settings that I need (and make another Zip Archive backup).  From there it is much faster to deploy additional instances for dev/test work whenever needed.

Testing “Xcode 4.5 and iOS 6 SDK beta 3” using a virtual machine instance of OS X Lion

For a couple weeks now, I’ve been using Xcode 4.3.3 and the iOS 5.1 SDK on a mid 2012 MacBook Air 13″ with 8GB Ram.  It’s very nice.

With the July 16th update to the iOS 6 development betas, it was time test running the new Xcode environment under a VM on the MacBook Air.  The first step in the process was to get a virtual instance of OS X Lion 10.7 running under VMware Fusion.

I’ve done this before, but the new 2012 MacBook CPU (Intel Ivy Bridge) caused a “CPU disabled by guest operating system… ” error under Fusion.  The solution was to add this line to the *.vmx config file of the target VM.

      cpuid.1.eax = “—-:—-:—-:0010:—-:—-:1010:0111”

VMware should have a 2012 update to Fusion for OS X Mountain Lion 10.8, they are currently testing it as a “technical preview”.  This post provides more information on the error and it’s solution.

With that problem solved, it was time to get Xcode 4.5 beta 3 up and running.  Right after installing VMware Tools and configuration some OS X settings to my preferences (I didn’t use Migration Assistant for this VM as I wanted a fresh environment).

The next issue was with the Xcode 4.5 app.  It would not run.  I used Lion 10.7.3 to create the VM the new beta requires a minimum of 10.7.4.  Using software updates to get 10.7.4, iTunes, and Safari updates downloaded about 1GB.  After the updates, the Xcode 4.5 beta is now able to run.  This is a good place to make a backup of the VMDK and save for future use.

VMware snapshots or Fusion Time Machine integration are both good features, but I prefer to locate the *.vmwarevm file (package) in Finder and copy to a compressed zip file.  I’ll use this zip as a clean start for additional beta releases as well as some OSX Server testing.  Will also use it to testing the Mountain Lion upgrade.

After installing Xcode, you’ll most likely want the ability to do something with it.  This entails installing some “core libraries”.  From within Xcode Preferences, the Downloads tab provides access to additional Components and Documentation. Plan for another GB or more of downloads.

If you’re setting up your virtual dev/test environment for first time, plan on 4 or 5 hours and several GB of downloads/updates during the process.  After that you’ll be able to test beta releases or do other experimental work in a VM (with USB access to physical devices if desired) without affecting any of the apps of your host Mac.

Installing OSX Lion into VMware Fusion on Macbook 2012 gets “cpu disabled by guest operating system” error.

In order to install OS X Lion into a virtual machine running under VMware Fusion, you need the install file from the Mac App store.  In this case, I started with:

  • the Mac App store file “Install Max OS X”
  • VMware Fusion 4.1.1
  • Macbook Air 13″ mid-2012

I’ve run OS X Lion under VMs previously, so expected this should work without any difficulties.  I expected wrong.

Attempting to start a new VM resulted in a Fusion error message stating, “The CPU has been disabled by the guest operating system…”

To troubleshoot I:

  1.  started by checking for Fusion updates; the in app update check didn’t show any available updates.
  2. Next I decided to try a reinstall of Fusion.  Deleted the app, rebooted, and went to to download a fresh copy.  Found a newer version 4.1.3  Trying this version resulted in same CPU error.
  3. Did some additional searching and found a vmware forum thread which referred to a work around listed in another vmware forum thread.

Here’s a summary of the solution to save the time of going through all of the forum thread references.

The physical Intel CPU in the mid-2012 MacBooks is new.  As a result, if you are using a Mac App store installation file for OS X obtained prior to the 2012 MacBooks, that version won’t understand the new processor.

The solution is to edit the configuration file of the OS X Lion virtual machine to add this entry

cpuid.1.eax = “—-:—-:—-:0010:—-:—-:1010:0111”

The configuration file will be located within the actual VM storage file.  You can use Finder to location the *.vmwarevm file, then right click to “Show Package Contents”.  The config file will be the *.vmx

Any easier way to open the VM’s configuration file is using the VMware Fusion Virtual Machine Library window.  Use the OPTION key + Right Click on the target VM.  An option to “Open Config File in Editor” will be available.

This solution should work on the following combinations of hardware software:

  • All mid-2012 MacBooks
  • VMware Fusion 4.1.3
  • OS X host operating system version Lion 10.7.4
  • OS X guest operating system versions Lion 10.7.3 or 10.7.4

VMware is working on a “Technology Preview 2012″ for OS X Mountain Lion 10.8  As of this writing the workaround for that version is different.    Hopefully VMware will clean this up prior to release the 2012 version.

If Apple releases a Mac App store installation package of Lion 10.7.5, that may also solve the VM CPU configuration issue.

Running OS X Lion in virtual machines is my preferred method of testing new versions of the iOS SDK and Apple’s iOS Device Management tools.  With a recent move to a 2012 MacBook Air 13” and the developer release of iOS v6, apparently it was time to encounter a new collection of configuration issues.

iBooks Author and iBooks 2 for iPad

Apple announced their new iBooks 2 for iPad and iBooks Author applications this morning.  During a portion of the presentation, they indicated a new book could be created and previewed on an iPad in a few minutes.

So I decided to take it for a quick test drive and see if it was really that easy.

About five minutes to download the Mac desktop app iBooks Author and update my iPad to the new iBooks 2 version.

About five more minutes of poking around in the menus of the new iBooks Author app to:

  • create a new document, give it a title, and use the inspector to set the Author attribute.
  • add a couple chapters and edit their them titles.
  • import some photos, use the inspector to adjust placement and text wrapping.
  • plug the iPad in via USB cable, and select the iPad “Preview” icon in the iBooks Author menu.
  • review the new iBook on the iPad.

Ok, so I didn’t take time to add a lot of custom content.  But overall it was as easy as  working with Keynote and Pages.  Many of the menu controls and inspector features are the same.  iBooks Author has numerous options for inserting media, tables, keynotes, and other objects.  You can choose to create a new chapter, section, or page by inserting an existing document and select from a variety of layout options.

So yes, you really can get started and create a simple iBook in five to ten minutes.  If you have some existing content with fairly simple structures, it should be quite easy to convert to an iBook.  Adding a new chapter, inserting an existing Pages document, and inserting some quiz questions was also very fast and only required pressing “Preview” again to update the iBook on the iPad.

I’ll try out some of the media and interactivity features as soon as I have some more time. If you are looking for these features, the “Widgets” icon on the menu bar is the fountain of interactivity.  The “Review” widget is the place to look if you’d like to create a quiz sheet within your iBook.

iPads/iPhones in government and military.

Here are some links to additional information about using iPhones/iPad in the government and the military.  Might give some additional ideas about what’s possible with the iPhones and iPads.

Two-Factor Authentication Solutions for VMware View


Are there VMware View, Two-Factor Authentication solution, alternatives to using RSA SecurID?

In these times of budget tightening, organizations are experiencing concerns about the growing costs of RSA al-a-carte pricing for each component and license count.  As a result, this article will explore the question of RSA alternatives.

Currently, the organization is using RSA SecureID Tokens for two factor authentication.  In addition to Active Directory usernames and passwords, users are required to enter a SecureID Passcode when accessing certain resources.  Additionally, the user is required to prefix the generated token with a PIN.  In this case, the PIN is required to be an alpha-numeric value of a minimum length and character combination type.  Passwords and TokenPINs are required to be changed after a specified number of days.

As the organization seeks to protect additional resources and make more services available to a mobile workforce, they are finding the RSA costs can grow very quickly.  In some cases, adding another RSA feature can effectively double the organizations license costs.

As a result, I’ve been asked two investigate several alternative solutions for compatibility with VMware’s View products.

With View 4.x, VMware provided significant ease of integration for incorporating RSA Secure ID.  Here we’ll be looking at what additional capabilities (and compatibilities) are available in View 5.x.

The organization is particularly interested in potential compatibility with Entrust or Symantec.  I’ll note any other two-factor solutions I find for View 5.x, but I’ll focus on the details of the two customer preferred solutions.

VMware View

VMware View 5.x supports a variety of client types making inbound connections via the View Manager Server or the View Connection Server.  The View Connection Server functions as a security gateway and also enables some protocol optimizations which help simplify and improve the service for external user connections.

Authentication Methods

VMware architecture documentation for View 5.0 states VMware View uses your existing Active Directory infrastructure for user authentication and management.  For added security, you can integrate VMware View with RSA SecurID and smart card authentication solutions.

  • Active Directory Authentication – Each view connection server is joined to an Active Directory domain, and users are authenticated against Active Directory for the joined domain.  Users are also authenticated against any additional user domains with which a trust agreement exists.
  • RSA SecurID Authentication – RSA SecurID provides enhanced security with two-factor authentication, which requires knowledge of the user’s PIN and token code.  The token code is only available on the physical SecurID token.
  • Smart Card Authentication  – A smart card is a small plastic card that is embedded with a computer chip.  Many government agencies and large enterprises use smart cards to authenticate users who access their computer networks.  A smart card is also referred to as a Common Access Card (CAC).

Using Smart Cards with View

Smart card authentication is only supported by the Windows based View Client and View Client with Local Mode.  It is not supported by View Administrator.

View Connection Server instances can be enabled for smart card authentication. This requires adding your root certificate to a truststore file and modifying the View Connection Server settings.  Client connections must be SSL enabled.

To use smart cards, client machines must have smart card middleware and a smart card reader.

The requirement to pre-install middleware and hardware card readers means that Smart Cards solutions are not compatible with usage of untrusted end-point computers such as internet cafe machines and other public internet kiosks.

Additionally, there are few available Smart Card reader solutions for mobile devices.  This web page lists some Bluetooth CAC readers military users have found for connecting to DOD services.  Costs range from $200 to $500.

Although DOD approved Bluetooth CAC readers are available, VMware’s mobile client apps do not support this authentication method.

Other security solutions vs compatibility with View 5.x

RADIUS – Customers have been asking VMware for RADIUS support for quite some time now.  As of Dec 6th, 2011, View still does not support RADIUS.  While VMware personnel have long stated they are working on it, there remains no indication of when it might ever become available.

Some customer have speculated that this could have something to do with EMC ownership.  VMware still trades under it’s own NYSE stock ticker (VMW), but it was acquired by EMC in 2004 and operates as a separate software subsidiary.  RSA was acquired by EMC in 2006 and operates as a security division.  EMC does not provide separate financial information for the RSA division.  I won’t speculate on this theory, but I do believe due diligence require that customers understand the material relationships of their key vendors.


There are numerous VPN solutions available for a multiple of user scenarios.  Two many to list here.  Instead I’ll just briefly describe VPN two scenarios which might satisfy most use cases.

Browser Based VPN

The concept is two provide a mobile user with a client-less VPN service.  The user accesses a browser based service which can then authenticate and launch a VPN tunnel to the end user’s device.  Some of these offerings create tunnels which can be used by non browser applications.

Juniper is one vendor providing a commercial offering via their line of SSL VPN products.  Juniper does offer support for two factor authentication; but verifying the extent of that support is beyond the scope of this VMware View document.

Mobile Device VPN

Most mobile devices now include native operating system support for multiple VPN technologies by including client software APIs from commercial vendors such as Cisco and Juniper.  Many of these Mobile VPN clients support multi-factor authentication.   Additional certificates, keys, passcodes, or secrets can be included in the provisioning and authentication process to enable identification of the device and the user.

Custom integration of alternate Two Factor solutions

In many technology projects, we would at least consider customer integration of an alternate solution.  Usually I will present a case against in-house customization; but I do prefer to provide the option so the customer can decide for themselves.  Unfortunately, VMware does not offer or support any mechanisms for integrating custom authentication services into the View Client, the View Administrator, or the View Connection Server.

There is no supportable means to have View utilize the two-factor solutions from Entrust, Symantec, or others.


Given the current realities of the VMware View product, there appear to be only two solutions for using two-factor authentication with this service.

RSA SecureID

VMware provides tight integration between View Clients, View Servers, and the RSA products.  Given their relationship with EMC and RSA, it is highly probable that RSA integration and support will continue to be a strong feature of the View products.

Mobile Device VPN

For users accessing these services from a mobile device, a Device VPN offer many choices for two-factor authentication solutions.  Additionally, the Device VPN greatly simplifies the user experience as they only have one connection to manage from which they can access all of their authorized organizational resources.  However, a Device VPN solution may not satisfy the organization’s security requirements for non-managed personally procured equipment (ie., private cell phones).  Requiring users to “opt-in” to organizational device management solutions in exchange for gaining access can mitigate security issues inherent in personal devices.

If a Mobile Device VPN solution is implemented for a community of View Client users, then a security and policy review may determine that Active Directory authentication would be sufficient for the final View Client connection (which would occur within a two-factor authenticated VPN tunnel).

In my opinion a Mobile Device VPN solution wins out for the following reasons:

  • better leverage of network infrastructure.  I believe in controlling network access and admission prior to reaching the application service.
  • less vendor lock-in.
  • easier to respond to evolving authentication challenges.
  • easier to maintain separation of application security from network security.
  • better overall user experience when consuming multiple services from the hosting organization.

Some additional thoughts on remote access

VPN on a stick

For remote users who require a largest desktop experience during their Vmware View Windows session, there is another option I was not asked to include in the analysis but will mention here.  PC on a stick.

The user is provided an USB Thumb Drive containing a bootable Linux image.  The Department of Defence (DoD) provides a free Linux image which government agencies or (private organizations) can freely customize to their own needs.  Or you can roll your own from a wide variety of Linux distributions.  The DoD image is referred to as Lightweight Portable Security (LPS) and distributed in ISO form.

Organization can pre-configure this bootable image with authentication agents, VPN clients, application clients (such as View or Citrix), and whatever else appropriate.

Several USB Thumb drives are available which incorporate keypads to require a PIN entry before booting.  Other even provide a built-in finger print reader on the surface of the drive.

Client-less VPN or Browser Based SSL VPNs

Some organizations are resistant to provisioning their users these additional security devices, and even go so far as to insist they need a way to remotely authenticate a user who has lost their laptop, cell phone, identification badge, secure token, and pc on stick usb drive.

If that user was just mugged, they’ll probably be more concerned with contacting 911 and their bank then logging in to update another spreadsheet for the office.  On the other hand, if that user just mysteriously lost all of these items with no apparent cause… perhaps they shouldn’t have access to secure environments in the first place.

Apple ID account management – password resets, purchase history, iCloud, etc

Unfortunately Apple still hasn’t provided a “one stop shop” for managing all aspects of an Apple ID and a customer’s relationship with Apple.

Personally, I find myself periodically needing to review or update account related information in up to five different places.  Here’s a summary of what’s in each area and how to get there quickly:

note: this article assumes you already have these accounts are only provides a quick refresher on how to navigate back to various areas to update or verify things.

1.  The Apple ID:  your Apple ID is the root anchor of your relationship with Apple.  There are numerous paths you can navigate to access this information, but the simplest seems to be visiting this URL from a web browser:

From this location, you can manage your password, the email address for your account, and your contact information.  For most websites (where the relationship is much less involved), I usually stuff these data fields with bogus information.  However, I do purchases things from Apple and they use the information here to as part of that purchase process.  So it becomes necessary to enter correct information.

note:  If you’ve grown tired of receiving the Apple emails each week about the latest thing they have for sell, the “Language and Contacts Preferences” is the location to turn those off.  A portion of the URL for these settings is automatically generated during each login session, so I cannot provide a direct link.

2. The iTunes Account:  your iTunes account is intimately linked with your Apple ID, but to manage the additional account information, the best location is within the iTunes desktop application.  (You can also do this from an iOS device, I’ll cover that what’s possible there and how to do it in another article.)

Within the iTunes desktop application, navigate the iTunes Store (from the list of things in the left side navigation bar – usually just below your Library).  Assuming you’re logged in, the upper right corner of the iTunes window should show your Apple ID (email address).

Placing your mouse/cursor at the end of the email address provides a drop down menu.  Select “Account“.

From this area, you can manage:

  • payment information
  • computer authorizations
  • iTunes in the Cloud devices
  • purchase history
  • Ping (if you use that)
  • and some additional Settings

Some of my iTunes transactions are business related, so the purchase history is very helpful for retrieve receipt information for my reporting needs.

Additionally, the “iTunes in the Cloud: View Hidden Purchases” is helpful now that iTunes: Purchased allows you to hide previous items from display.

3. The iCloud Account: Most of iCloud is best managed from an iOS device.  If you login to the web interface at the primary management feature is an option to reset the photo stream.  Click your user name in the upper right corner, and select Advanced from the pop up menu.  For now, Reset Photo Stream is the only option presented.  There is also an URL Link to the Apple ID account management web page described above.

To manage you iCloud Account from an iPad:  start by launching the Settings icon and find the menu option for iCloud.  At the top of the detail view window, select Account (it already should be displaying the email address for your iCloud account).

From here you can manage your iCloud password, your Storage Plan, and (if applicable) your iCloud Payment information.

For most folks, this will be the same payment information as your Apple ID above (you’ll be asked to authenticate with that Apple ID login).  However, some us who had previous .MAC accounts have ended up with two Apple IDs… and won’t necessarily have the same login or payment information as our primary Apple ID.  Although it seems to work ok most of the time, some day “It’s complicated”.

While you’re in the Settings | iCloud menu window, you can also turn various features on or off.  And you can use the Storage & Backup selection to view numerous options.

If you’ve elected to utilize the iCloud backup feature for your iOS device, this is where you find the option to omit various applications from being backed up.  This is particularly helpful if you’re trying to stay within the free 5GB quota.

4. The Apple Store Account:  This is the account for purchasing physical products.  From a web browser, visit this URL:

The primary things to do here are tracking orders and viewing previous order history.  Unlike Amazon, Apple only provides 18 months of order history.  So if you need to reprint invoices for tax receipts or such, don’t delay to long.

These pages also link to the information for your Apple ID.

5. The MobileME Account:  Although I’ve migrated from MobileME to the iCloud service, I still have access to the remainder of my iDisk service subscription.  I’d like to hope that Apple will provide an iCloud equivalent before they completely turn down the MobileMe iDisk service; but I’m not really expecting them to.

Apple has set June 30, 2012 as the last day for the MobileMe services.  I’ve already moved my web hosting and pictures from the service.  And only use iDisk for limited (and short term) things at this point.

Within the MobileMe web interface, move your mouse over your user name (in the upper right hand corner) and click on Account to view settings, options, and account information.  If you still have data, photos, or web pages in MobileMe, it’s time to start finding a new home for them.

Footnote:  When I started writing this note, I thought it would be a short reference containing links to the Account tools for Apple ID, iTunes, and iCloud.  As I verified everything, the note continued to grow and grow.  I really hope someone from Apple is paying attention this problem and working on a solution to simplify how we maintain our relationships with their products and services.

It’s slightly ironic that I need more management interfaces for my Apple account than I need remote controls for my home theatre setup.