Part 3: Configuring Direct Push on Windows Mobile devices

16 Aug 2007 | SearchExchange.com

Once you've configured Direct Push technology on your Exchange 2003 SP2 server and selected your security settings, it's time to configure Direct Push on your mobile devices.

These instructions assume that your handheld mobile devices are running either Windows Mobile 5.0 with the Messaging and Security Feature Pack (MSFP) or Windows Mobile 6.0.

If your mobile devices are running Windows Mobile 5.0, you must determine whether MSFP is installed before continuing. To do so, check the mobile device's version number by clicking its Start button -> Settings -> About to view the device's version information, as shown in Figure C.

Figure C: Verify a Windows Mobile 5.0 device's version information. 

The emulator shown in Figure C is running Windows Mobile 6.0. But if it were running Windows Mobile 5.0, you would look at the build number to tell whether or not MSFP was installed. If the last three digits of the build number are 2.0.0 or higher, then the mobile device has MSFP installed. If MSFP is not installed, you will have to contact the device's manufacturer for an update before continuing with the configuration instructions below.

Configuring Direct Push on a Windows Mobile device

1. Begin the Direct Push configuration process by going to your mobile device's Start menu -> Programs -> ActiveSync to view the message displayed in Figure D.

   Figure D: The ActiveSync screen.
    

   

2. Click the Set up Your Device to Sync With It link, and you will be taken to the screen shown in Figure E. Where the screen asks for the server's address, enter the URL of your OWA server, minus the HTTP or HTTPS prefix.

   Figure E: You must enter your OWA server's URL.
    

   

3. On this screen, there is also a checkbox that tells the mobile device that the Exchange server requires an HTTPS connection. If you decide to use HTTPS, make sure your SSL certificate is valid and that it matches the domain name specified within the URL you are entering. Direct Push will not work otherwise.

4. After entering the necessary URL and HTTPS information, tap the Next button.

5. As shown in Figure F, this screen simply asks for the user's authentication credentials. Make sure you must select the Save Password checkbox here. If this checkbox is not selected, the mobile device will not have any way to authenticate with the Exchange Server. (When your users change their domain passwords, they will have to manually change the stored password on their mobile device to match. Passwords are not automatically synchronized.)

   Figure F: You must allow the device to store the user's password.
    

   

6. Don't worry about clicking the Advanced button right now. The advanced configuration options simply allow you to configure event logging and to choose the connection that you want to use if multiple connections exist.

7. Click Next to determine what types of data you want to synchronize, as shown in Figure G. You can enable or disable the synchronization of contacts, calendar, email and tasks by selecting or deselecting the corresponding checkboxes.

   Figure G: Choose the types of data that you want to synchronize.
    

   

8. Instead of clicking Finish to complete the configuration process, now select the Email option and then click the Settings button to choose how much email is synchronized with the mobile device. You can also set message size limits here and control whether or not attachments will be downloaded, as shown in Figure H.

   Figure H: You can limit the amount of email that is stored on the device.
    

   

9. Click on the Advanced button on this screen to set options for encrypting or signing outbound email. In order to use these settings though, you must have a certificate that can be used with the mobile device.

10. Click Finish and the mobile device will begin its initial synchronization. During this process, you may be prompted to enter a password for the mobile device.

11. When the synchronization process completes, there is one last thing that you need to do to make ActiveSync work properly. On the ActiveSync screen, click the Menu button (found in the lower, right corner of the screen) and choose the Schedule option, as shown in Figure I. By default, the mobile device is scheduled to synchronize every 10 minutes during peak times and every four hours during off-peak times. In order for Direct Push to behave properly, both of these settings must be changed to As Items Arrive.

    Figure I: Configure mobile devices to synchronize data as items arrive.
    

    

크리에이티브 커먼즈 라이센스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.

Part 2: Configuring Direct Push on Exchange Server 2003 SP2

16 Aug 2007 | SearchExchange.com

To configure Drect Push technology on Exchange Server 2003 SP2, you obviously must be running Exchange 2003 and Service Pack 2. The following procedure also assumes that you have an SSL certificate installed.

VIEW MEMBER FEEDACK TO THIS EXCHANGE SERVER TUTORIAL

Technically, the configuration can work without SSL being enabled, but it the user's credentials being transmitted over the air in cleartext.

Configuring Exchange Server for Direct Push

1. Open Exchange System Manager and navigating through the console tree to Global Settings -> Mobile Services.

2. Right click on the Mobile Services container and select Properties.

   Figure A: The Mobile Services properties sheet.
   

   

3. The first checkbox on the list is an option to allow user-initiated synchronization. This permits users to synchronize their mobile devices manually, if necessary, using the older SMS-based technology.

4. The next option is "Enable Up to Date Notifications via SMTP and Text Messaging." This is the checkbox that enables .AUTD notifications. When using Direct Push, you do not need to select this checkbox.

5. The third checkbox is "Enable Notifications to User Specified SMTP Addresses." This checkbox is designed for use with the older AUTD technology and is not needed when using Direct Push. (The purpose of this feature is to let you send AUTD notifications directly to a mobile device's SMS address -- even if Exchange Server has not been configured to work with the mobile carrier that's associated with the device.)

6. The last option in the Exchange ActiveSync section allows you to enable Direct Push over HTTPS. You must select this checkbox for Direct Push to work.

   I have taken the time to explain what the non-Direct Push options do because many organizations contain a mixture of older and newer mobile devices. You may find that not all mobile devices support Direct Push and that you have to use Direct Push alongside AUTD in order to support all of your mobile users.

7. Now click the Device Security button to view the Device Security Settings dialog box shown in Figure B. One of the benefits of Direct Push technology is that it allows you to enforce a security policy on your mobile devices. This dialog box is where you configure the security policy for mobile users.

   Figure B: The Device Security dialog box.
    

   

   It is important to note that Exchange Server 2003 uses the same security policy for every mobile user. Microsoft has changed this in Exchange Server 2007 though. Exchange Server 2007 allows you to configure mobile device security settings on a per-user basis.

   Exchange Server 2003 doesn't allow you to configure per-user mobile device security policies the way that Exchange Server 2007 does. But if you look again at Figure B, you will notice an Exceptions button. Clicking this button allows you to enter a list of users that you want to make exempt from the security policy. As a general rule though, making any user exempt is a bad idea from a security standpoint.

8. In the Device Security dialog box, select the Enforce Password on Device checkbox.

Other security settings that you can configure include the Minimum Password Length (Characters) and the Require Both Numbers and Letters options are self-explanatory, but the other settings are not quite as obvious if you have not been briefed on Direct Push's security capabilities.

Below is a list of the remaining security settings and their functions:

• Inactivity Time (minutes) automatically locks mobile devices after the specified period of inactivity.

• Wipe the Device After Failed (Attempts) safeguards against brute force attacks on lost or stolen devices. If someone repeatedly enters an incorrect password, the mobile device will perform a hard reset and be returned to its factory default settings. The administrator can specify the number of failed password attempts allowed before the device "wipes" itself.

• Refresh Settings on the Device (Hours) forces mobile devices to periodically check Exchange Server for changes to the mobile security policy.

• Allow Access to Devices that do not Fully Support Password Settings allows users to use mobile devices, even if they lack the necessary software to allow security to be enforced.

크리에이티브 커먼즈 라이센스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.

Microsoft Exchange Server has long had the capability of sending messages to mobile devices, but the SMS-based synchronization process was expensive and users did not immediately receive new email messages. In Exchange Server 2003 Service Pack 2 (SP2), Microsoft introduced a new and improved synchronization technology called Direct Push that eliminates these issues. It also offers the ability to apply security policies to your mobile devices. In this tutorial, Exchange MVP Brien Posey explains how Direct Push technology works and explains how to configure and implement Direct Push in an Exchange 2003 SP2 email environment.

If you have any comments or questions about the information presented herein, please send an email to editor@searchexchange.com.

---

Before SP2, Exchange Server 2003 would notify a mobile device that new email had arrived by sending it an SMS message. The mobile device would then initiate a synchronization with the Exchange Server to download the email.

There are several drawbacks to this approach to mobile-device synchronization:

• Although rate plans with unlimited messaging are becoming more common, some cell providers still charge a per-message fee. If you multiply this fee by the number of messages that the average user receives in a month, and then multiply that number by the number of users who have mobile devices, you can see how quickly the service fees can add up.

• With SMS-based synchronization, a mobile device must periodically check in to see if there are any new messages (the SMS message from the Exchange server is a response to the device checking in). How often mobile device users receive new email messages is completely dependent on how often their mobile devices are configured to check for new messages – i.e., users to not receive messages time-sensitive email messages immediately, as they arrive.

• Frequent SMS-based synchronizations negatively impact the battery life of a mobile device.

To address these problems, Microsoft developed a new synchronization technology called Direct Push. Direct Push was originally introduced in Exchange Server 2003 Service Pack 2, but is also used in Exchange Server 2007. In this tutorial, all configuration instructions refer to Exchange 2003 SP2 Direct Push and Windows Mobile 5.0 and Windows Mobile 6.0 devices

크리에이티브 커먼즈 라이센스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.

미주 Office 의 그룹웨어 사용자로 부터 조금은 생소한 요청은 들은 적이 있다.

A 왈 : "블랙베리를 이용하여 그룹웨어에 있는 이메일을 다운로드/확인하고 싶다,"

나 왈 : "이건 또 뭐여~~"
          "블랙 베리 ? 블루베리는 알아도 블랙 베리라 ..? 이게 무시다냐? " 라고

생각 했지만 이전에 Windows Mobile 에서 Exchange2000 으로의 모바일 동기화와
관련이 있을 거라만 생각하고,

나 왈 : "해당 기능은 아직 지원하지 않으니 이후에 도입계획이 있으면 연락 하겠당."

  이라고만 말했다. 사실 아직 그룹웨어 서버상에서  모바일 서비스와 동기화란 쉽지 않은
여러가지 이슈를 가지고 있다.

이전에 익스2000 을 사용하던 시절보다 모바일 기기에 대한 지원이 많이 낳아졌다는 말은 들었지만,
현재 팀 여건상 모바일 기기에 대한 적용까지 생각할 겨를이 없었다.

지금은 익스2003으로 업그레이드 되어서 모바일기기에 대한 적용은 휠씬 쉬운 과제일수는 있지만 기능대비 효용성 측면에서 아직은 시기상조라 생각 된다.

하지만 해당 기술에 대한 용어적 의미와 기술적 이슈를 알아야 하기에 여기 저기 찾다가 이건복 님의 블로그에서Push mail 에 대한 개괄적인 정보를 얻을수 있었다.

     <사진 출처 : 이건복 님 블로그 Bellevue Project >     



Direct Push Mail이란?
마이크로소프트의 메일 서버인 Exchange서버의 메일 동기화 기술중의 하나로 모바일 장치와 Exchange서버간에 메일을 실시간으로 전달하는 방식으로 AUTD(Always Up To Dates)로 알려져 있었다. 기존의 기능과 차이점이 있다면 Exchange서버 2003 SP2이전까지는 AUTD기능이 SMS에 의한 방법이었다면, Exchange 2003 SP2와 Windows Moible 5.0 MSFP(Messaging & Security Feature Pack, 조금 더 정확히 말하자면 Magneto AKU3.0)이후부터는 https통신을 기반으로 heartbeat을 전달하여 동기화하는 방식으로 변경이 되었다.

Push의 원리는?
알고보면 간단하다. (세상에 알고나서 어려운 것도 있나? -_-;) 처음 모바일 장치가 네트워크에 연결이 되면, 모바일 장치는 일정한 시간 간격으로 서버에 hearbeat과 동기화할 메일 폴더의 정보를 보낸다. heartbeat은 아주 작은 크기의 데이터 패킷으로 장치가 네트워크 망으로부터 받은 IP주소 정보를 포함하고 있다. (이 연결 이전에 장치와 메일 서버의 동기화 정보는 PC와의 동기화 과정에서 설정되어진다, Out-of-Box User experience를 통하여) 그렇게 되면, 회사의 메일 서버는 사용자 모바일 장치의 정보를 가지고 있게 된다. 이 때 데이터 통신은 이루어 지지 않기 때문에 대부분의 Packet데이터 네트워크에서는 Dormant로 불리는 휴면모드로 진입이 된다. (EV-DO에서는 Dormant라고 하지 않지만) 즉, Data connection상태가 아니라는 의미라고 받아들이면 된다.
이제 새로운 메일이 도착하게 되면, 서버는 알고 있던 모바일 장치의 정보를 기초로 작은 신호를 보낸다.
'당신이 동기화를 원하는 폴더에 메일이 왔어! 이제 동기화를 시작하라구!!!'
이 정보를 받은 장치는 Background(Unattended mode)로 메일 서버와 동기화를 시작한다.
'Okay, 라져라져...동기화 요청 쏜다 오바!!'
그러면 사용자는 실시간으로 메일을 받아 볼 수있게 된다.  (그림 참조하시라!)

Heartbeat은 얼마나 자주?
이 Push기술의 중심이 되는 heartbeat의 주고 받는 시간은 통상 30분을 권장하지만, 실제 서비스를 제공하는 통신사와 환경에 따라 달라질 수 있다. 그리고 일정 Interval시간동안 메일을 받지 않고, 기지국으로부터 IP의 정보를 잃게되면 모바일 장치는 스스로 기지국에 연결을 시도하여 새로운 IP를 받고 그 정보를 서버로 전송한다. 즉, 30분마다 자신이 연결이 되지 않으면 정보를 갱신한다고 보면 된다.

크리에이티브 커먼즈 라이센스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.