The following Microsoft Web sites and technical articles provide background information that is important for the planning and deployment of your mobile messaging solution.
Exchange Server 2003
Planning an Exchange Server 2003 Messaging System
Exchange Server 2003 Client Access Guide
Exchange Server 2003 Deployment Guide
Windows Server 2003 Deployment Guide
Using ISA Server 2004 with Exchange Server 2003
Windows Server 2003 Technical Reference
IIS 6.0 Deployment Guide (IIS 6.0)
Microsoft Exchange Server
Exchange Server 2003 Technical Documentation Library
Windows Mobile ISA Server Security
Security Considerations for Windows Mobile Messaging in the Enterprise (whitepaper)
Security Model for Windows Mobile 5.0 and Windows Mobile 6 (white paper)
Windows Mobile Security Web site
TechNet Security Center
Messaging and Security Feature Pack Overview
The Messaging and Security Feature Pack for Windows Mobile 5.0 enables Windows Mobile 5.0-based devices to be managed by Microsoft Exchange Server 2003 SP2. The result is a mobile messaging solution that uses the management benefits of Exchange ActiveSync and the new security policy functions on the Windows Mobile 5.0-based devices, which helps you to better manage and control the devices.
Using Windows Mobile 5.0-based devices with the Messaging and Security Feature Pack will give you the following capabilities:
With direct push technology, you can provide your users with immediate delivery of data from the Exchange mailbox to their device. This includes e-mail, calendar, contact, and task information.
You can define the security policies on your Exchange server and they will be enforced on Windows Mobile 5.0-based devices that are directly synchronized with your Exchange server.
You can monitor and test Exchange ActiveSync performance and reliability by using the Exchange Server Management Pack.
You can manage the process of remotely erasing or wiping lost, stolen, or otherwise compromised mobile devices that are directly synchronized with your Exchange server by using the Microsoft Exchange ActiveSync Mobile Administration Web tool.
Features
These MSFP features improve essential communications for mobile workers.
Direct Push Technology
The direct push technology included in Exchange Server 2003 SP2 provides a new approach to the immediate delivery of data from the Exchange mailbox to the user’s mobile device. Direct push works for mailbox data, including Inbox, Calendar, Contacts, and Tasks. The direct push technology uses an established HTTP or HTTPS connection between the device and the Exchange server; previous solutions required the use of Short Message Service (SMS), which is no longer required. No special configuration is required on the mobile device, and you can keep your standard data plan since the service is world-capable and requires no additional software or server installations other than Exchange Server 2003 SP2.
For an in-depth discussion of the direct push technology, see Understanding the Direct Push Technology in this document.
Exchange ActiveSync
Exchange ActiveSync is an Exchange synchronization protocol that is designed for keeping your Exchange mailbox synchronized with a Windows Mobile 5.0-based device. Exchange ActiveSync is optimized to deal with high-latency/low-bandwidth networks, and also with low-capacity clients that have limited amounts of memory, storage, and processing power. Under the covers, the Exchange ActiveSync protocol is based on HTTP, SSL, and XML and is a part of Exchange Server 2003. In addition, Exchange ActiveSync provides the following benefits:
The consistency of the familiar Outlook experience for users
No extra software is require to install or configure devices
Global functionality that is achieved via standard data access phone service
Global Address List Access
Support for over-the-air lookup of global address list (GAL) information stored on Exchange Server. With the Messaging and Security Service Pack, mobile device users will be able to receive contact properties for individuals in the GAL. These properties can be used to search remotely for a person quickly based on name, company, and/or other aspect. Users will get all of the information they need to reach their contacts without having the data store on their device.
Security Features
Security features help protect personal and corporate files on mobile devices.
Exchange Server 2003 SP2 helps you to configure and manage a central policy that requires all mobile device users to protect their device with a password in order to access the Exchange server. You can specify the length of the password, require usage of a character or symbol, and designate how long the device has to be inactive before prompting the user for the password again.
An additional setting, wipe device after failed attempts, allows you to delete all data and certificates on the device after the user enters the wrong password a specified number of times. The user will see a series of alert dialog boxes warning of the possible wipe and providing the number of attempts left before it happens. External memory, such as a secure digital (SD) card, is not erased.
You can also specify whether non-compliant devices can synchronize. Devices are considered non-compliant if they do not support the security policy you have specified. In most cases, these are devices not configured with the Messaging and Security Feature Pack.
The device security policies are managed from Exchange System Manager’s Mobile Services Properties interface.
Remote Device Wipe
The remote wipe feature helps you to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. If the device was connected using direct push technology, the wipe process will be initiated immediately and should take place in seconds. If you have used the enforced lock security policy, the device is protected by a password and local wipe, so the device can receive calls, but will not be able to perform any operation other than to receive the remote wipe notification and report that it has been wiped.
The new Microsoft Exchange ActiveSync Mobile Administration Web tool enables you to perform the following actions:
View a list of all devices that are being used by any user.
Select or de-select devices to be remotely erased.
View the status of pending remote erase requests for each device.
View a transaction log that indicates which administrators have been delegated the ability to issue remote erase commands, in addition to the devices those commands pertained to.
| 