iPhone Configuration Utility 2.0
It's a great step forward for Apple, but there's a problem. While the iPhone Enterprise Deployment guide does a great job of showing you how the process works, and giving examples of the XML responses, what it does not do is provide any useful information on setting up an SCEP server. Now, SCEP is an internet draft proposed by Cisco, and they (eventually) have documentation on it, if you don't have Cisco gear, that's kind of useless, and Apple provides no links to that info anyway.
Apple provides three links to "help you out" with SCEP:
That's it. Now, if you have an SCEP expert in-house, that's probably enough to get you going with it. If you don't, then it's kind of useless. SCEP is still kind of new even on the Cisco side, and if you're trying to get it to run on Mac OS X Server, at the moment, there's effectively nothing to help you get moving. So it's a great idea, but at the moment, effectively useless until some implementation documentation gets created and propagated.
My final complaint with ICU 2 relates to its ineffective support of LDAP. For example, all my user records are in LDAP via Open Directory. When I do an install via direct connection, why can't I point things like the Exchange Active Sync profile at someone's username, and have it grab the e-mail address and password from my LDAP server Why can't it do the same for e-mail and or CalDAV, especially if you're using Apple's Mail and CalDAV servers, or your e-mail server ties into Open Directory
It is perfectly possible to securely get this information, but you can't, and so you have people having to type in user names, e-mail addresses, and passwords, and it's unnecessarily tedious. (This may not be an issue in SCEP, since it does tie into LDAP, but based on the lack of good documentation on SCEP, especially as it applies to iPhone Provisioning...who knows. Well, I guess Apple, but they aren't telling at the moment.)