The consumerization of technology over the last decade has blurred the lines between enterprise IT and the type of devices end users wish to use to connect to business resources, and there is no better example to show this than the Apple iPhone. As an intuitive, easy to use device, the iPhone is unparalleled, and since its original release in 2007, Apple's success in the smartphone marketplace has changed the mobile phone industry forever.
Not only is the iPhone a great consumer device, but due to its consistent feature-set across carriers and enterprise management features, it makes a great choice as a standard business device for connecting to Microsoft Exchange 2010 and Microsoft's cloud-based offering—Office 365.
The aim of this book is to provide you all the information you need to understand the iPhone and iOS range of devices, and to gain a basic understanding of how Exchange 2010 or Office 365's Exchange Online complement these devices. The book also aims to guide you through the process to plan, configure, and manage the relevant aspects of your environment. We will also cover some advanced topics such as device security, certificate management, and provisioning along the way.
In this chapter, we will:
Gain an understanding of the range of iPhone and iOS devices available from Apple (including the iPhone) and what features they offer
Provide an overview of Microsoft Exchange Server 2010, including a basic overview of the Exchange product and the innovations in the latest version
Provide an overview of Office 365's Exchange Online service
Provide an overview of Exchange ActiveSync, the technology used to connect iPhone and iOS devices to Microsoft Exchange
Get a basic understanding of iPhone and iOS device security features
Learn the basics about device provisioning in the context of providing an automated setup of iOS devices
Apple's basic platform for mobile computing devices is collectively known as iOS. It is the common operating system that the iPhone and other devices like the iPad use to provide the user interface and underlying features across Apple's mobile computing device range.
In June 2007, Apple released the first generation of iOS devices, the iPhone 2G and its Wi-Fi only companion, the iPod touch. Inspite of it being Apple's first foray into the world of mobile phones it took the mobile industry by storm and was an instant hit with consumers. The original iPhone provided a competent mobile web browser, e-mail client, camera, media playback, and Wi-Fi along with GPRS mobile data capabilities.
A runaway success, the first iPhone was succeeded by the iPhone 3G, released the following year in July 2008. The second generation iPhone was complemented by the second release of the underlying operating system, iOS, and brought Exchange Server connectivity along with the ability to install mobile applications from the Apple App Store.
With the second generation's release, the iPhone became more than just another smartphone and with wide consumer adoption combined with the release of its first enterprise connectivity features, companies began to adopt the iPhone 3G as a business device to provide staff access to e-mail, calendaring, and contacts.
In June 2009, Apple released the third generation of its mobile phone, the iPhone 3GS, which as an incremental release improved the device battery life and processor speed, and brought the third major version of the underlying iOS operating system, adding features such as copy and paste and iCalendar subscription support.
April 2010 saw the release of the iPad, Apple's first touchscreen tablet computer, based upon the same underlying iOS underpinnings as the iPhone and iPod touch. Later that year, in June 2010, a major release of iOS was made available, version 4, along with a major refresh of the iPhone, the iPhone 4, and a new version of the iPod touch.
There were also software improvements, such as multi-tasking and the support for multiple ActiveSync accounts. The new version of the iPhone significantly improved the screen resolution and the case was changed to a durable glass front and back, a departure from the previous iPhone's curved plastic back.
In March 2011, the second version of the iPad was released, with a smaller footprint and faster processor. In October 2011, the current release of the iPhone, the iPhone 4S, was released, bringing new features such as an improved processor and camera. At the same time, a major release of iOS was unveiled, iOS 5, which improved upon the multi-tasking features of iOS 4, including much improved notifications, and for iPhone 4S devices added the voice-based assistant Siri, an advanced voice recognition system. From an ActiveSync perspective, iOS 5 added the ability to synchronize tasks with Exchange Server. Finally, in March 2012, Apple released the new iPad, which brought notable features such as an improved screen resolution, faster processor and fourth generation (4G) mobile connectivity.
A major benefit of the iOS device range is the common underlying operating system and its backward compatibility across multiple generations of devices, meaning that major improvements to core features are often made available to most, if not all, devices you are likely to deploy across your environment.
In the following image, you will see an example of the current Mail App interface on the iPhone:
 |
The following table shows a summary of the current product range:
|
iOS device name |
3G mobile data support |
Wireless LAN support |
|---|---|---|
|
iPhone 4S 16GB |
Yes |
Yes |
|
iPhone 4S 32GB |
Yes |
Yes |
|
iPhone 4S 64GB |
Yes |
Yes |
|
iPhone 4 8GB |
Yes |
Yes |
|
iPhone 3GS 8GB |
Yes |
Yes |
|
iPad 2 Wi-Fi 16GB |
No |
Yes |
|
iPad Wi-Fi 16GB |
No |
Yes |
|
iPad Wi-Fi 32GB |
No |
Yes |
|
iPad Wi-Fi 64GB |
No |
Yes |
|
iPad 2 Wi-Fi + 3G 16GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 16GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 32GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 64GB |
Yes |
Yes |
|
iPod Touch 8GB |
No |
Yes |
|
iPod Touch 32GB |
No |
Yes |
|
iPod Touch 64GB |
No |
Yes |
Apple's basic platform for mobile computing devices is collectively known as iOS. It is the common operating system that the iPhone and other devices like the iPad use to provide the user interface and underlying features across Apple's mobile computing device range.
In June 2007, Apple released the first generation of iOS devices, the iPhone 2G and its Wi-Fi only companion, the iPod touch. Inspite of it being Apple's first foray into the world of mobile phones it took the mobile industry by storm and was an instant hit with consumers. The original iPhone provided a competent mobile web browser, e-mail client, camera, media playback, and Wi-Fi along with GPRS mobile data capabilities.
A runaway success, the first iPhone was succeeded by the iPhone 3G, released the following year in July 2008. The second generation iPhone was complemented by the second release of the underlying operating system, iOS, and brought Exchange Server connectivity along with the ability to install mobile applications from the Apple App Store.
With the second generation's release, the iPhone became more than just another smartphone and with wide consumer adoption combined with the release of its first enterprise connectivity features, companies began to adopt the iPhone 3G as a business device to provide staff access to e-mail, calendaring, and contacts.
In June 2009, Apple released the third generation of its mobile phone, the iPhone 3GS, which as an incremental release improved the device battery life and processor speed, and brought the third major version of the underlying iOS operating system, adding features such as copy and paste and iCalendar subscription support.
April 2010 saw the release of the iPad, Apple's first touchscreen tablet computer, based upon the same underlying iOS underpinnings as the iPhone and iPod touch. Later that year, in June 2010, a major release of iOS was made available, version 4, along with a major refresh of the iPhone, the iPhone 4, and a new version of the iPod touch.
There were also software improvements, such as multi-tasking and the support for multiple ActiveSync accounts. The new version of the iPhone significantly improved the screen resolution and the case was changed to a durable glass front and back, a departure from the previous iPhone's curved plastic back.
In March 2011, the second version of the iPad was released, with a smaller footprint and faster processor. In October 2011, the current release of the iPhone, the iPhone 4S, was released, bringing new features such as an improved processor and camera. At the same time, a major release of iOS was unveiled, iOS 5, which improved upon the multi-tasking features of iOS 4, including much improved notifications, and for iPhone 4S devices added the voice-based assistant Siri, an advanced voice recognition system. From an ActiveSync perspective, iOS 5 added the ability to synchronize tasks with Exchange Server. Finally, in March 2012, Apple released the new iPad, which brought notable features such as an improved screen resolution, faster processor and fourth generation (4G) mobile connectivity.
A major benefit of the iOS device range is the common underlying operating system and its backward compatibility across multiple generations of devices, meaning that major improvements to core features are often made available to most, if not all, devices you are likely to deploy across your environment.
In the following image, you will see an example of the current Mail App interface on the iPhone:
|
The following table shows a summary of the current product range:
|
iOS device name |
3G mobile data support |
Wireless LAN support |
|---|---|---|
|
iPhone 4S 16GB |
Yes |
Yes |
|
iPhone 4S 32GB |
Yes |
Yes |
|
iPhone 4S 64GB |
Yes |
Yes |
|
iPhone 4 8GB |
Yes |
Yes |
|
iPhone 3GS 8GB |
Yes |
Yes |
|
iPad 2 Wi-Fi 16GB |
No |
Yes |
|
iPad Wi-Fi 16GB |
No |
Yes |
|
iPad Wi-Fi 32GB |
No |
Yes |
|
iPad Wi-Fi 64GB |
No |
Yes |
|
iPad 2 Wi-Fi + 3G 16GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 16GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 32GB |
Yes |
Yes |
|
iPad Wi-Fi + 4G 64GB |
Yes |
Yes |
|
iPod Touch 8GB |
No |
Yes |
|
iPod Touch 32GB |
No |
Yes |
|
iPod Touch 64GB |
No |
Yes |
Microsoft's Exchange Server is the leading messaging software that enterprise and small businesses use to communicate via e-mail and manage calendars. Since the original version 4.0 replaced MSMail more than 15 years ago, Exchange Server has steadily gained ground against competing products and has become the de-facto standard for business communication.
Earlier versions of Exchange Server up to version 5.5 utilized their own directory system to manage users, but since Exchange Server 2000, the messaging platform has relied upon Active Directory for its user directory. Exchange Server 2000 and earlier versions of Exchange Server 2003 didn't have any connectivity to mobile devices and relied on external software such as Microsoft Mobile Information Server or Blackberry Enterprise Server to provide real-time messaging and alerts; Exchange Server 2003 Service Pack 2 introduced push-e-mail, opening the metaphorical floodgates for communication from many devices including Windows Mobile, and of course, the iPhone.
Beginning with Exchange Server 2007, the product went through a major overhaul, dramatically reducing the costs associated with providing high-availability, large user mailboxes, and increasing the reliability and scalability of the product by separating the different components of Exchange Server into different roles.
Continuing this trend, the release of Exchange Server 2010 in September 2009 once again brought a number of architectural changes, further improving the options available for scalability, high availability, and the ability to provide users with even larger mailboxes at low cost by making use of low-cost storage. In addition to these underlying system improvements, Exchange Server 2010 also introduced features to make e-mail more productive through features, such as Conversation View (threaded message display), MailTips, Cross-Browser support for Outlook Web App, and Personal Archives.
With the release of Exchange Server 2010 Service Pack 1 in July 2010, Microsoft's new version of Exchange Server became mature enough for widespread adoption. With a further re-vamp of Outlook Web App, additional features such as the ability to easily share calendars using open standards such as iCalendar, confirmed Exchange Server 2010's place as the market leader for messaging.
The following image shows Outlook Web App in Exchange Server 2010:
 |
Microsoft is not alone in the marketplace for messaging and groupware solutions. Before selecting Microsoft Exchange Server, it's worth being aware of some of the competitors, which include:
Some competing products, including Zimbra and Google Apps, license Microsoft's own Exchange ActiveSync protocol for their own products and as such, iPhone devices can utilize the push-mail facilities available.
Compared to the competition, Exchange Server 2010 is particularly strong; it is no secret that Lotus Notes and Novell GroupWise users have been migrating en-mass to Exchange over the last few years; however, Google Apps for Enterprise has been slowly growing as a competitor, particularly against Office 365.
Zimbra, recently purchased by VMware, has remained static in the marketplace for a number of years, but due to the advanced technology it is based upon, it should not be ruled out.
Compared to the competition, Microsoft is the only messaging solution provider in the marketplace that provides a deeply-integrated on-premises cloud solution that allows you to pick and choose where your e-mail is hosted. From an end-user point of view the familiarity of the Microsoft Office suite is particularly compelling as business users are comfortable with the workflow that the Office suite provides, particularly when it comes to managing their e-mail.
Exchange Server 2010 provides many core features, including:
Mail, contacts, tasks, and calendar management.
Access from Microsoft Outlook along with any IMAP/POP3 or EWS-compatible desktop client.
Distribution groups, to easily allow management of mailing groups at an organization level with delegated group management and creation to end users.
Shared mailboxes and user-managed delegate access to other users' mailboxes that allow end users to manage e-mail more effectively.
Voicemail/Unified Messaging facilities allow integration with many phone systems, allowing access to voicemails from any device along with dial-in access to e-mail.
Application/API access using Exchange Web Services allows bespoke applications integrating custom business logic to be developed and used against Exchange.
Full, premium, Outlook Web App experience allows web-based access to Exchange from browsers including Internet Explorer, Firefox, Safari, and Chrome.
Productivity features, such as Conversation View, MailTips, and Ignore Conversation, allow the users to reduce the number of e-mails they see in their inbox, and help prevent sending of unnecessary mails by providing pro-active information. For example, while sending mail to a large number of users, if the person they are composing a message to has Out of Office enabled or a custom message has been set by the Administrator.
Major cost reductions for backend Mailbox Server hardware by reducing the performance required to support many users with large mailboxes through the use of Direct-Attached SATA or Midline-SAS disks and support for larger mailbox databases.
High availability across all Exchange components, including the ability to cluster mailbox servers across multiple sites using Database Availability Groups, on Exchange Servers hosting all roles.
Personal Archives, which allow administrators to separate historical mail from current mail and eliminate PSTs across the organization while allowing archives to be stored separately in Exchange Server from the primary mailbox.
Role-based access control to delegate management of Exchange at a granular level to IT staff and, to a certain degree, to the end users.
In addition to the core features of Exchange Server, a lot is offered for mobility, including:
Push-e-mail using over-the-air synchronization
Contacts synchronization
Personal calendar synchronization
Global Address List access
Sharing calendars using iCalendar
Tasks synchronization
Outlook Voice Access for Unified Messaging-enabled environments
Policies to control the features available on the device
Security options for enforcing password policies and device encryption
Remote wipe facilities to clear sensitive data from lost devices
Support for S/MIME (if the mobile device supports it)
Combined together, these features provide a comprehensive solution for mobile access to Exchange Server.
For example, an end user device can have features such as camera disabled, strong password policies enforcedm, and the device wiped after a certain number of incorrect attempts to enter the password. Additionally, the user benefits from near-real time alerts to new mail, the ability to check out their calendar, get alerts to pending appointments on the device, and automatically synchronize the on-phone contacts with Exchange and Outlook.
Additionally, in a Unified Messaging environment, the user also benefits from voice access to Exchange Server from any mobile phone, including the iPhone, and using Outlook Voice Access. This enables the end user to call Exchange Server and not only listen to voicemail, but also verbally ask Outlook Voice Access to read mail, listen to their appointments for the day and even ask for appointments to be rescheduled if they are running late. Outlook Voice Access is a great addition for enabling hands-free access to Exchange from mobile devices, especially if your user community drives regularly during the course of the business day.
Microsoft Exchange Server is available through a number of different methods, each of which should be examined to ascertain which is most suitable for your organization.
Larger enterprises and educational establishments may already have access to either Volume Licensing agreements, such as Microsoft's Enterprise Agreement or Campus Agreement. These options allow the costs of software to be paid for as part of an organization-wide agreement and can provide the best value for money for larger organizations. Exchange Server is also available through retail channels as a boxed product, though this is typically the most expensive method of purchase.
Exchange Server itself is licensed in two ways: by the product itself, which requires a license for each individual server it is installed on, and then a Client Access License (CAL) is purchased for each user that connects to Exchange Server.
There are two different versions of Exchange Server available, Standard Edition and Enterprise Edition. The most significant difference between Standard Edition and Enterprise Edition is the number of Mailbox Databases that can be mounted on each server. Typically this means that Standard Edition is suitable for most server roles, with Enterprise Edition required for larger organizations with a high consolidation of user mailboxes onto a single server. It's typical for even large organizations to license Standard Edition for all Exchange Servers except larger Mailbox Servers.
In addition to Exchange Server product licenses, each server hosting Exchange Server requires Windows Server licensing. As a minimum, Windows Server Standard Edition is suitable for most Exchange Server features, with Windows Server Enterprise Edition or higher required to support any server that is a member of a Database Availability Group.
Client licensing for Exchange Server is typically on a per-user basis, and Client Access License (CAL) types can be mixed-and-matched with server editions. The core license required for connection to Exchange Server is a Standard Edition license, allowing the user to access the following Exchange Server features:
Core messaging features, including e-mail, calendar, contacts, and tasks from clients such as Outlook, IMAP, POP3, Outlook Web Access, and Exchange ActiveSync
Basic Exchange ActiveSync management policies, such as password requirements
Journaling of mail on a per-database basis
Use of default server-side policies for the retention of mail
With the addition of Enterprise CALs, each user with one assigned also gains the following features:
All Exchange ActiveSync management policies
Unified Messaging features
Journaling of mail on a per-user basis
Personal Archives
Use of custom server-side policies for the retention and archiving of mail
Discovery features such as multi-mailbox search and legal hold
Features enabling information protection and control, such as transport protection rules and Outlook protection rules
Additionally, use of Microsoft Outlook requires separate licensing for Windows and Microsoft Office.
To simplify the options and combine the licensing into a single package, larger organizations typically take advantage of the options available in the aforementioned Enterprise and Campus Agreements to buy licensing in bundled form, reducing the complexity and typically reducing the cost too.
Small organizations can reduce the complexity of licensing by looking at product offerings that bundle a number of products together, such as Windows Small Business Server 2011. The Standard Edition combines the core functionality of Windows Server 2008 R2 with Exchange Server 2010 and SharePoint Foundation 2010, with the option of enabling SQL Server 2008 R2. Windows Small Business Server 2011 is available pre-installed on Server, through retail channels and through volume licensing.
Costs for licensing Exchange Server in retail form begin at 699 USD for Exchange Server Standard Edition, with an additional 67 USD per Client Access License.
Note
Licensing is a complex subject and the information here is only intended to give you a brief overview in the context of the product features available in Exchange Server 2010. You should always speak to Microsoft or a qualified reseller to ensure you choose the best licensing options. Further information about Microsoft's licensing options are available on the Microsoft website:
Office 365 is Microsoft's latest online services offering, often described as their answer to Google Apps. With Office 365, services are provided through a subscription-based model and hosted by Microsoft in the cloud-in datacentres managed by them in locations across the globe, providing high availability and allowing the administration and maintenance to be left to the experts.
The service is offered with a number of options, ranging from the small business offering suitable for small organizations ranging from 1 to 25 users, options for larger organizations allowing access to the full range of integration features, and for education with reduced pricing.
A big advantage of Office 365 above licensing Exchange Server 2010 is that the product can be bought with the desktop version of Microsoft Office 2010 included, combining the costs of the server and client software into a single monthly cost.
Before Office 365 was launched, Microsoft offered a number of different online service options; for business users, the primary option was BPOS (Business Productivity Online Suite), which combined hosted Exchange Server 2007, SharePoint 2007, Office Communications Server, and LiveMeeting. BPOS had a minimum requirement of a five user subscription and scaled to solutions for large enterprises. As a product, BPOS never received the acclaim Office 365 has been given, and the service suffered a number of widely publicized failures.
Education customers were catered for by Live@EDU, which started live as "Exchange Labs" and was effectively a beta version of the Exchange Online component of Office 365. The Exchange Online features of Office 365 were first offered through Live@EDU and as Exchange Server 2010 hit key stages in its development these features were brought to this platform before Exchange Server 2010's general release. With over 92 million mailboxes, the service provided an environment for proving the reliability of the Exchange Online component of Office 365 to a demanding group of customers.
The Exchange Online service provided by Office 365 is based upon Exchange Server 2010 and both products share many features. An administrator of Office 365 doesn't retain the fine level of control and management associated with an Exchange Server 2010 on-premises environment; all management of the underlying service is performed by Microsoft, including high availability management, patching, maintenance, upgrades, configuration, and maintenance of the underlying Windows environment.
However, on an organization and user level, most features and control are retained. Administrators have access to configure Exchange policies such as those related to Exchange ActiveSync and on a per-user basis Administrators can manage the settings and features for each mailbox.
For the enterprisers among us, full PowerShell access is provided to Exchange Online allowing experienced Exchange Server Administrators the ability to capitalize on existing Exchange Server 2007 and 2010 skills to manage users, and write and execute scripts in almost the same way as they would with Exchange Server 2010.
Finally, Exchange Online utilizes the same role-based access control model provided with Exchange Server 2010, allowing larger organizations to delegate administration to different IT groups and change the ability of users to perform actions such as changing personal information or creating and managing distribution groups.
As a comprehensive product, Office 365 includes a number of products. Managed through a central administrative portal, a subscription includes the following:
Exchange Online
Lync 2010
SharePoint 2010
In combination, these products work well together to provide a complete communications and collaboration suite.
The following image shows the Office 365 central management portal, and illustrates how Microsoft attempts to present the products together as one offering:
 |
So, let's have a look at the other products included, apart from Exchange.
The second product included is Microsoft Lync Online, which is the successor to Office Communications Server and LiveMeeting. Lync is a real-time communications tool which contains instant messaging, voice and video call, group chat, screen sharing, and conference call facilities. The version of Lync included in Office 365 is similar to the version that can be deployed on-premises; however, it has a number of limitations. For example, Lync Online doesn't support full PBX facilities, such as connecting to the PSTN phone network or support for IP phones, or PSTN dial-in conferencing facilities without the use of a third-party provider.
Lync Online integrates well with Exchange and SharePoint, allowing end users to schedule conference calls directly from Outlook and start calls and conversations directly from Outlook Web App, SharePoint, and the desktop versions of Office.
The following image shows the desktop Lync client. You'll notice it looks very similar to a typical IM client:
 |
iPhone and iOS users, along with their Windows Phone, Android, and Nokia counterparts, also benefit from access to the Lync Mobile client. This complements the mobility features of Exchange Server to provide access to availability, instant messaging, and conferences directly from the iOS device.
The final product included in Office 365 is SharePoint Online. SharePoint is a web-based document management system providing the ability to manage web pages and office documents, and can even be used for project management, blogs, and wikis. Office 365's version of SharePoint allows Administrators to set up a staff intranet, share documents with external partners, or even use the system as a content management system for a company's external web presence.
SharePoint Online's complement to Exchange's Outlook Web App is the suite of Office Web Apps, including Word Web App, Excel Web App, PowerPoint Web App, and OneNote Web App. These provide a similar feature set to the desktop versions of the product along with the ability for multi-user-collaborative editing.
From a mobility point of view, Office 365's SharePoint facilities allow iPhone access including mobile site views and access to Office documents through the Office Web Apps suite.
The following image shows access to a Microsoft Word document using Word Web App on Office 365:
 |
If you're already running your own Windows Servers and Active Directory, it's logical that you may wish to use the existing usernames and passwords in use when deploying Office 365. With the exception of the basic version of Office 365, it is possible to synchronize the local Active Directory information up to Microsoft's data centers using Microsoft's DirSync tool, and by utilizing a server running ADFS 2.0 (Active Directory Federation Services) your users can log in to Office 365 using their normal Active Directory username and password.
The integration becomes more interesting if you're already running Exchange Server on-premises, or wish to run a mixture. With the addition of atleast on Exchange 2010 server in your perimeter network, Calendars can be shared between On-Premises Exchange and Exchange Online along with Free/Busy information. It's also fairly straightforward to move mailboxes to and from Exchange Online using the same techniques you would use to move mailboxes between On-Premises Exchange Servers.
If you are looking to migrate an existing system to Office 365, there are other options available. Staged Exchange Migration allows setup and management of migrations from Exchange 2003 and later, and any IMAP mail system. These can be managed either through the web interface or through PowerShell.
Just like Exchange Server 2010 there are a number of options when it comes to licensing Office 365. Thankfully, it's a lot simpler as there are just three main products:
Office 365 for professionals and small businesses: The most basic plan is for 1 to 25 users. It includes Exchange, SharePoint, and Lync but doesn't include desktop Office or allow integration with on-premises systems.
Office 365 for midsize businesses and enterprises: Ranging from very cheap to quite expensive, the "full" version of Office 365 has access to all the integration and advanced management features, with add-ons to allow larger mailboxes, licensing for desktop Office, on-premises servers, and integration with your existing PBX for voicemail facilities.
Office 365 for Education: Live@EDU's successor is very similar to the midsize business and enterprise version, except for the pricing. Starting at free for students and basic staff facilities, the 'paid for' versions add in similar enterprise features.
Before purchasing, all versions are available as a 30-day trial.
If you've not currently got access to an Exchange Server and want to try out most of the techniques demonstrated in this book without additional expense, the Office 365 trial may be of interest.
Smartphone synchronization software has been released by Microsoft under the name ActiveSync since 1996, including the forerunner to today's Exchange ActiveSync, released as part of the Mobile Information Server 2002 product. However, it wasn't until the release of Exchange Server 2003 SP2, back in 2005, that it bore a resemblance to its current form today. Version 2.5 was the first version to support the modern features, such as push-e-mail and mail, calendar, contact, and task synchronization, along with a basic set of security features.
With the release of Exchange Server 2007, and later Exchange Server 2007 Service Pack 1, a large number of device management and security policies were incrementally added, and in the current release of Exchange Server 2010 the full complement of features are available, including those related to conversation view (message threading).
Exchange ActiveSync works by using features built into HTTP (Hypertext Transport Protocol, as used by web sites) to allow the mobile device to ask the server, over a secure connection, to let it know when there is an update. It works by issuing a request to the Exchange Server and when there is a change, such as a new e-mail, the server replies to that request with an update. This allows push-email over a normal mobile data connection such as 2G/3G without excessive data and battery usage.
The following diagram shows this process:
 |
Exchange ActiveSync, although a proprietary protocol has been licensed by a number of other server products and helped by support from smartphones like the Apple iPhone, is becoming one of the most common ways to support push mail. Exchange ActiveSync has been licensed by other mail server products in addition to Exchange Server and Office 365. The following are just a few examples:
Google Mail
Windows Live Hotmail
Zimbra
Kerio
MDaemon
ATMail
Nonetheless, there are other options for synchronizing and delivering push e-mails to Smartphones. Most people have heard of the Blackberry, which was one of the first providers to allow push e-mail to their mobile devices using their proprietary Blackberry Enterprise Server, and it's clear that the rising popularity of the product inspired Microsoft to develop the Exchange ActiveSync protocol further.
Another well-known option is Good Technologies' cross-platform mobile synchronization product, which includes support for the iPhone. Often used in some of the most secure environments it offers a full end-to-end solution, including a custom Mail application for the iPhone and server-side software.
For most purposes though, Exchange ActiveSync is more than capable and with broad device support, including great support from Apple for the iOS range of devices, it is often an easy choice to make, thanks to the out-of-the-box support it provides.
Provisioning iOS devices to end users encompasses the activation and deployment of the settings that make up the basic device configuration. The basic settings deployed within an iOS Device Configuration Profile might include the Exchange Server settings, any prerequisite VPN connection settings, device options that aren't covered in Exchange Server security policies, or certificates required for secure connection.
Although iOS devices can make use of Microsoft Exchange's Autodiscover service to automatically detect the correct Exchange Server settings, utilizing the provisioning options from Apple enables you to ensure that these settings are applied consistently across your organization, can be updated centrally when required, and cannot be easily removed by your end users.
In addition to Exchange Server settings, provisioning devices using iOS Device Configuration Profiles also allows the following:
VPN (Virtual Private Network) Connection Settings
Wireless LAN Connection Settings
Addition of Root Certificates to devices
Addition of Identity Certificates used in place of password authentication
Subscriptions to CalDAV and iCalendar format calendars
LDAP, POP3, IMAP, and SMTP Configuration settings for non-Exchange ActiveSync environments
As illustrated above, there are a lot more options available than just getting Exchange Server connected and depending on your environment—for example if your security policy does not allow access to Exchange Server unless connected via a VPN connection—it may be necessary to ensure these settings are deployed to users before they are able to synchronize with Exchange Server.
iOS Device Configuration profiles can be distributed to users in a variety of ways, and it really comes down to the policies you have in place or infrastructure available to deploy the configuration profiles. If you are buying devices centrally and performing activation and setup before issuing them to users, your method for provisioning may be different from if you allow users to order devices themselves or buy and bring their own. Options include:
Deployment via iTunes on an Apple Mac or Windows PC
Deployment via the iPhone Configuration Utility
E-mail the configuration profile to end users, typically for deploying updated profiles
Deployment from a website using a static configuration profile
Deployment from a website using a custom, dynamically generated configuration profile
By using over-the-air certificate enrolment and configuration using SCEP (Simple Certificate Enrolment Protocol)
During the course of this book, we will cover how to use the various deployment methods outlined above so you can understand which will be the most applicable method for the environment you manage.
In this chapter we've covered the basics of the products available, from the iOS devices such as the iPhone, iPad, and iPod touch, and the Exchange Server 2010 options available including on-premises deployment of Exchange Server 2010 and Office 365.
The iOS range is a well-developed line of products and has a suitable mobile device to suit most needs. Exchange Server 2010 provides a stable, reliable environment for a messaging platform and is the market leader. Office 365 makes deployment options even easier and like the on-premises version of Exchange it is also compatible with iOS devices, as it utilizes the same Exchange ActiveSync technologies.
Additionally, Office 365 provides some great features, such as the bundling of other Microsoft collaboration products, Lync Online, and SharePoint Online, both of which support the iPhone.
We've learnt through the course of this chapter about the basic protocol that connects iOS devices and Exchange together—Exchange ActiveSync. This protocol uses standard mobile data connections and the same protocol that websites use to synchronize data and provide push mail to phones, whilst using a relatively small amount of data and saving on battery life.
Finally, we've learnt the basics of why we should use provisioning techniques to deploy configuration to iOS devices and introduced the basic techniques used.
In the next chapter, we'll learn about putting the core infrastructure in place to support Exchange and iOS devices as pre-requisites for a successful implementation.
