Monthly Archives: September 2015

iPhone Upgrade Program Loosens, But Doesn’t Eliminate Carrier Control: My Experience

By | September 28, 2015

As usual, Apple had no shortage of customers for its latest iPhone, once again setting opening weekend records, and also true to form, I was one of them. Unlike prior years, I trekked over to the local Apple Store and dealt with the crowds, but I had a good reason: the iPhone Upgrade Program. As I detail in this column, while it may look like just another smartphone installment plan, Apple’s version has a several key advantages: annual upgrades, bundled Applecare+ and unlocked phones. Unfortunately, as I found out, Apple’s marketing information omits a key carrier dependency, something even it’s store employees didn’t fully understand or explain, that renders the purchase still subject to carrier gatekeepers.


As Apple describes it, “the iPhone Upgrade Program isn’t tied to a single carrier” with no multiyear contracts. This makes it sound like a BYO SIM affair. You get an unlocked phone, pop in a prepaid SIM or one from a previous phone, restore from iCloud backup and boom: new phone with the same apps, settings and (if reusing a SIM) number. Unfortunately, it’s not that simple. There’s still a powerful carrier control point: device activation.


My journey of discovery into the intricacies of Apple’s program, details even its store employees didn’t understand, began when I reserved the wrong model of iPhone. I had good reason. Since I didn’t hit the online store within minutes of it reopening for iPhone orders, every Verizon model allocated to my store was spoken for. Since I understood the Upgrade Program to provide unlocked phones, I found it odd that I was forced to select a carrier when ordering, but I figured it was just to simplify setting up new service for those adding a line, so with no Verizon models left, I just selected the T-Mobile model of type, color and size I wanted. 


As the column describes, when I got to the store with plans of using the SIM from my existing Verizon iPhone in my new 6S Plus, I got a nasty surprise: each Upgrade model is tied to a particular carrier for activation and can only be unlocked later.

Lemons to Lemonade

Yet all wasn’t lost. As I learned through persistence (none of the Store employees knew this) the carrier dependence only applies to initial activation, once the iPhone is setup, it is unlocked. Read the rest of my adventure for how I discovered a workaround for those wanting to avoid carrier contracts with an unlocked iPhone from day one. It’s not perfect, particularly for those using pre-paid phone plans since you’ll need a contract for at least one month, but with T-Mobile’s pricing and contract flexibility, it’s not too onerous.

The iPhone Upgrade Program offers Apple and customers the opportunity to eliminate any carrier control over new phone purchases and upgrades, but there’s still a crucial carrier dependence that Apple doesn’t fully disclose or rationalize. It’s a critical detail that Apple must not only reveal, but fully explain and justify. One final unmentioned detail is that your first monthly payment includes sales tax on the iPhone’s full value making it substantially higher than the advertised rate. Here’s hoping Apple learns from the opening weekend snafus by improving its documentation, employee training, credit check processing and (ultimately) any carrier control over the initial purchase.

The Confluence of Next-Gen LTE and Wi-Fi: Good News for Carriers and Customers

By | September 26, 2015

LTE and Wi-Fi are finally bridging the gap between cellular and wireless LANs, enabling UC for the smartphone era

Mobile IP telephony is nothing new, however the innovation has come from app developers, not carriers. Over the top messaging (OTT) services like WhatsApp, Facebook Messenger, WeChat, Google Hangouts and iMessages/Facetime have displaced traditional carrier SMS for text messaging and now provide voice and video calling and conferencing. Pair this with the fact that smartphones have turned office landline numbers into a liability for employees that now live on their mobile devices and what once seemed like a shiny, new IP PBX with UC features like private messaging, presence and email integration is more like a burning platform. Carriers and telephony equipment vendors recognize the problem and are countering with emergent technologies like voice over LTE (VoLTE) and voice over Wi-Fi (VoWiFi) that offer tantalizing features marrying the best of traditional telephone networks with mobile IP OTT services.

In this report (registration required), I examine the confluence of carrier and Wi-Fi networks using next-gen LTE that finally delivers on the promise of Rich Communication Services (RCS) built on IP Multimedia Subsystem (IMS). With carriers now supporting voice over LTE (VoLTE) and voice over Wi-Fi (VoWiFi), the gap between voice and SMS on the PSTN and rich communications on Internet OTT is closing. The report explains each technology, how they are related, the benefits to carriers, businesses and users and some service opportunities for IT service partners.


Source: Ericsson

The foundation for improvement is VoLTE which treats voice as just another data stream. Aside from allowing simultaneous voice calls and data transmission (something Verizon customers have longed for), it provides faster call setup time, better voice quality, more efficient use of RF spectrum and support for call handoff from Wi-Fi to LTE. VoWiFi, which T-Mobile pioneered in the US, one ups services like Skype, Facetime or Hangouts by using a phone’s native dialer app with the same number whether the device is connected over WiFi or LTE. Although made popular was a way to bypass carrier charges, particularly for oversea calls, in the era of unlimited domestic voice minutes and pennies-per-minute international rates, VoWiFi should be seen as supplementing cellular networks, not bypassing them.

There are still challenges left to be solved including the verifying the quality and reliability of public hotspots for Wi-Fi calling and problems with location services and 911 calls over Wi-Fi which the report details.

Source: Ericsson

Source: Ericsson

Offloading increasingly crowded licensed spectrum thereby improving performance and reliability. For businesses hybrid LTE-Wi-Fi networks enable compelling fixed mobile convergence services that smooth the transition PBXs and landlines to smartphones, while retaining existing, well-known fixed extensions and avoiding expensive carrier data plans. Convergence also enables the use of video calling and text messaging using a common number on a device employees actually want to use.


Amazon Cognito: Authentication and App Sync for the Multi-Device World

By | September 13, 2015

A version of this article originally appeared on TechTarget Search AWS as AWS Cognito makes a mark in mobile app development

A major challenge when developing applications in the post-PC era, where the average person uses three devices and expects to access and have a consistent view of their data from each one of them, is the difficulty of keeping user identities, application settings and user state synchronized. Compounding the problem is the fact that each device may be running a different OS, multiplying the work for developers. The salvation is constant connectivity that allows apps to almost always rely on backend services. This makes the cloud a natural spot to unify the user experience. Mobile devices in particular are prime candidates for cloud backends given their limited local storage and (at least until recently) CPU resources: running an SQL database on your iPhone is not recommended.

AWS recognized the opportunity in mobile backends as a service (MBaaS) and has gradually built a compelling portfolio of mobile services that includes remote compute (Lambda), push notifications (SNS), database and storage (DynamoDB and S3), API management (API Gateway), data streaming (Kinesis), Mobile Analytics and user identity and data synchronization (Cognito). Cognito is arguably the lynchpin to all of these mobile services since identity and state management are critical to providing a consistent app experience across platforms.

Cognito Foundation: Identity and Credentials Management

Managing credentials on mobile devices is difficult since unlike a PC or server the OS doesn’t support local user accounts. Even native OS features like backup and find-my-phone rely upon a cloud login and backend services. Apps that eschew cloud authentication and embed credentials within the executable risk exposure via disassemblers like Hopper (Linux, iOS) and APK Studio (Android). But the rise of federated identity protocols like OpenID and OAuth and their wide-scale adoption by major services like Facebook, Google, Twitter and Amazon itself mean that most users already have online credentials that can be used for application authentication and data access, credentials that Cognito can exploit.

Amazon Cognito Identity overview

Cognito eliminates the need for embedded API tokens by providing a key-based system for authenticating users and sharing credentials over a secure backend. Cognito issues public/private keys, i.e. AWS access keys and secret keys, for each user and establishes a secure transmission channel to the backend service. Credentials expire after a short time meaning that even should a malicious attacker grab the keys, they won’t be usable for very long. Credentials also have limited access rights as defined by the identity pool in the Cognito management console. Furthermore, permissions granted to unauthenticated guests can be different than those given to authenticated users. In sum, the foundation of Cognito is user identity management: user authentication, secure credential management (getting them onto a device, limiting their lifetime and enforcing key rotation) and security enablement linking credentials to policies that control user access to online resources.

Cognito follows a hierarchical model for user identity. The apex is the developer AWS account providing access to Cognito and other AWS services. Within the Cognito service, the next layer is an identity pool, essentially a list of applications, each with their own ID and credentials. Within the identity pool is a set of individual identities for user and device accounts. Each of those identities can then have zero or more logins associated with it. Users with no logins are granted guest privileges, but why would a user have more than one?

AWS Cognito data model

Since people not only use many different devices, but have multiple identities with popular online platforms, why make them create another login just to access your app? Cognito doesn’t. If an app supports multiple identity providers, say Google, Facebook and Amazon, Cognito can bind these into a single identity meaning a user can authenticate with any one of them and see the same account and data. Besides brokering identities, Cognito allows apps to do their own authentication. Developers can register and authenticate users via an existing authentication process, while using Cognito to synchronize user data and access AWS resources. In sum, Cognito authentication is a multi-step process that results with a secure token on the device.


Cloud Sync Too

Data synchronization is the other major Cognito feature, with a service and client APIs that synchronize user data across mobile devices and Web apps. For example, game developer Concrete Software uses Cognito to save user data and sync game state across multi-platform devices while using one or more of a gamer’s existing online logins (Facebook, Google, etc.).

Like most cloud file and sync services, Cognito locally caches data should a device be temporarily offline, automatically synchronizing with the AWS backend when a connection is re-established. Cognito saves users data in key-value pairs with apps always writing to the local cache, which the service replicates to a master backend database. Synchronized datasets are capped at 1 MB, however each user identity can be associated with up to 20 datasets. Synchronization can be initiated via an API call or automatic push, which notifies every instance whenever data changes. In the case of conflicts, the last write wins: Cognito first reads changes from the cloud database and then writes local changes to the cloud, however the default behavior can be overridden with custom code.

Amazon Cognito Sync-Save Overview

Getting Started

Like all AWS services, Cognito is configured and managed via the AWS console where the first step is to create an identity pool, roles for authenticated and unauthenticated users and configure authentication providers. The management page also includes links to the AWS SDK and sample code for Android, iOS, JavaScript, .Net and others.



In sum, Cognito provides secure identity management and data synchronization that gives users a consistent profile and view of data across all devices and logins. It works with many existing authentication systems and includes sample code for both major mobile platforms and Web applications.

Cognito_New identity pool


VMworld Retrospective: Betting on Hybrid Cloud, but do VMware’s Customers Care?

By | September 10, 2015

The news out of VMworld 2015 was less significant than its overarching theme of hybrid cloud. My summary of the news, along with a photo album, are available here. Although there were plenty of announcements, indeed one analysis contends VMware is trying to do too much, other than the Photon container project (which is still experimental) they were mostly small-ball upgrades: more evolutionary than revolutionary.  gelsinger-VMword-sqThat’s understandable given VMware’s dominance and enterprise IT (read, conservative) customer base, but the contrast with the weekly barrage of new cloud services and price cuts from AWS and Google is striking. Furthermore, there were hints at behind-the-scenes executive repositioning as unlike in prior years where CEO Pat Gelsinger kicked things off with the show highlights, that role belonged to COO Carl Eschenbach as Gelsigner was relegated to the day two cleanup position, closing out things with a survey comprehensive, if not pedestrian survey of industry trends.  Nevertheless, the less than earthshattering news didn’t bother investors as VMware stock has outpaced the broader market by 4% in the days since VMworld.

VMware stock vs S&P 500 post-VMworld

In VMware’s vision, hybridization means tightly coupled public and private clouds in which applications seamlessly migrate between the two. Yet this could be a strategic mistake, since I think VMware overestimates the utility of a tightly coupled hybrid design, while underestimating the implementation complexity for the majority of companies that don’t buy into its vCloud-everywhere approach. Organizations clearly like the idea of cloud heterogeneity, but realizing VMware’s vision entails embracing vCloud everywhere. Although the company insists the public IaaS vCloud Air service is doing just fine, a Wikibon estimate puts the run rate at under $100 million, or about 1-2% those of AWS or 2-3% of Azure: hardly a ringing customer endorsement for a product entering its third year of general availability.


The Curse of Legacy IT?

Ironically, VMware’s prior success popularizing enterprise server virtualization and the resulting legacy customer base may be hampering its ability to contend with agile and innovative public cloud services. Seeing the thousands of hands-on practitioners lining up for sessions on the intricacies of the latest vCenter update or how to configure storage volumes there’s a nascent, but noticeable disconnect between the uber-virtualized, software defined datacenter message VMware executives preach and the interests of its installed base. VMware faces a tricky balancing act between satisfying its traditional customers largely still using virtualization to consolidate legacy client-server applications (what IDC calls the 2nd Platform) while keeping pace with the breakneck developments by hyperscale cloud services built for the cloud native (3rd Platform) world. Indeed, I wonder whether VMware’s own customer base is hampering its ability to build cloud technology and services by steadfastly holding onto an outmoded IT operational model. If so, it’s to the ultimate detriment of both since technology waits for no man.


Having finally lost the argument that public clouds are inherently less secure, lack sufficient management controls and deliver inconsistent, unpredictable performance, legacy equipment vendors like EMC/VMware have changed tactics. One rationale for VMware’s hybrid strategy focuses on operational practicality, namely enterprises want a public cloud that looks, works and is managed just like its private infrastructure. This ignores the fact that IaaS success stories like AWS are different for good reasons of efficiency, automation and scalability. Another hybrid argument contends that public clouds are more expensive than private infrastructure once workloads get to a certain size and predictability. Not only do financial arguments tend to minimize the TCO of running and owning infrastructure, they also ignore the opportunity costs of tying up resources on IT operations that could be better applied to revenue building digital business projects.

It will be interesting to study the contrast in messaging and attendee profile between VMworld and AWS reInvent (October 6–9) to see how much ground VMware has to make up and whether the hybrid cloud message resonates in an environment of cloud-native architects and developers.

See my original column for additional insights.

VMworld Hang Space: a place for information conversation and relaxation amidst the conference chaos.

VMworld Hang Space: a place for information conversation and relaxation amidst the conference chaos.

Sights and Highlights from VMworld 2015

By | September 4, 2015

VMworld is a multifaceted experience, particularly for those of us where it may be the one time of the year where we can visit with far-flung friends and colleagues in the flesh. Indeed, the opportunity to have deep, stimulating discussions with other very smart people is perhaps the highlight of VMworld.

Yet there were plenty of vendor announcements, technical sessions, executive keynotes and product demonstrations. I summarized the major VMware news in this column at Channel Partners, where the Day One theme was data center infrastructure, while Day Two focused on the client: management, apps and security. Unlike recent VMworlds, CEO Pat Gelsinger was moved to the anchor leg of the keynote lineup where he served the role of elder statesman and visionary. As I pointed out in the column,

Gelsinger wrapped up the keynote lineup by summarizing industry trends and their implications for both IT and business. His message is that rapid-fire, cloud-like innovation is disrupting traditional business models and internal IT processes. His mantra is that organizations must “innovate like a startup, but deliver like an enterprise,” meaning that service creation must be agile, but service delivery must be bulletproof. Gelsinger also stressed that public cloud has evolved from the era of developer-driven, low-risk test/dev deployments to what he calls the “professional era of cloud,” meaning the need to pair cloud-service agility and delivery with mission-critical reliability and security.

20452050763_26c06734a3_k (1)

I also tried to visually capture the flavor of VMworld. Channel Partners has a captioned slide show here, but I have a more extensive photo album on Flickr here. A more thoughtful analysis of VMworld themes in the context of larger industry trends is forthcoming. Watch MarkoInsights for details.