• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2003 mobile access

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> Exchange 2003 mobile access Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2003 mobile access - 17.Jan.2009 5:08:07 PM   
jlf175

 

Posts: 9
Joined: 4.Jun.2008
Status: offline
Hello,
I am exploring the option of providing certain employees in our company access to their email on our Exchange 2003 server via mobile devices such as Blackjacks, BlackBerry, iPhone (we haven't settled on a phone type yet) but I have a few questions about what I have read.

Our current environment is pretty basic:  Windows 2003 Active Directory with one Exchange 2003 server. That server sits within a local network.  We have a DMZ area where websites for the company are NAT'ed behind a firewall.  The firewall translates the DMZ address to the public facing address. 

In our environment security is a bit of a concern given the data that will be in emails (customer account info, possibly customer personal data, etc) so that must be factored in to any plan.

From what I have read I believe I need the following pieces to get started in setting up our current environment support mobile access.

1. A front-end server which would reside in our DMZ that would point back to our primary mail server. All communication between these servers would need to be 443 so we'd need to register a digital certificate with an SSL cert provider (such as Network Solutions)

2. The front end-server (would it be part of our Active Directory domain) would be placed in the DMZ and given not only a DMZ address but a public facing IP address which would need to be given a DNS entry with the holder of our A records and a certificate for the site.

3. We do not need Outlook Web Access (OWA) but we would need to install Outlook Mobile Access (OMA) services on both of the servers if it's not there already.

Does this sound right so far?

My other question is about data security? Is data transmitted from the servers to the smart phone over SSL?

Thank you for your help. If there are any good links regarding this that can be provided I'd appreciate those too. 
Post #: 1
RE: Exchange 2003 mobile access - 17.Jan.2009 8:48:42 PM   
NileshS

 

Posts: 173
Joined: 27.Apr.2008
Status: offline
quote:

ORIGINAL: jlf175

Hello,
I am exploring the option of providing certain employees in our company access to their email on our Exchange 2003 server via mobile devices such as Blackjacks, BlackBerry, iPhone (we haven't settled on a phone type yet) but I have a few questions about what I have read.

Our current environment is pretty basic:  Windows 2003 Active Directory with one Exchange 2003 server. That server sits within a local network.  We have a DMZ area where websites for the company are NAT'ed behind a firewall.  The firewall translates the DMZ address to the public facing address. 

In our environment security is a bit of a concern given the data that will be in emails (customer account info, possibly customer personal data, etc) so that must be factored in to any plan.

From what I have read I believe I need the following pieces to get started in setting up our current environment support mobile access.

1. A front-end server which would reside in our DMZ that would point back to our primary mail server. All communication between these servers would need to be 443 so we'd need to register a digital certificate with an SSL cert provider (such as Network Solutions)

2. The front end-server (would it be part of our Active Directory domain) would be placed in the DMZ and given not only a DMZ address but a public facing IP address which would need to be given a DNS entry with the holder of our A records and a certificate for the site.

 

 
Its not necessary to have an additional front-end server installed just for the sake of deployment of OMA. Your current topology should also work fine.
 
Make sure that your Firewall allows TCP Port 80 and 443 (optional) to your server (the Exchange server that holds the OMA site) and to the following URL: http://FQDN/OMA (replace FQDN with the Fully Qualified Domain Name of your server).
 
If in case you want to install Front-end servers, you should allow access to the Front-End server(s). For more detailed information on deployment of OMA, check this out: http://www.petri.co.il/configure_oma.htm
 
You can also use Self-signed certificates for SSL. For more information on configuring SSL with OMA, check this out: http://www.petri.co.il/configure_ssl_on_oma.htm
 
quote:



3. We do not need Outlook Web Access (OWA) but we would need to install Outlook Mobile Access (OMA) services on both of the servers if it's not there already.

 


You actually do not need to install anything to get OMA up and running. All that needs to be done is in the ESM, Mobile Services properties window, under Outlook Mobile Access, click to select the Enable Outlook Mobile Access and the Enable Unsupported Devices check boxes.

quote:

 

My other question is about data security? Is data transmitted from the servers to the smart phone over SSL?



OMA transmits traffic to and from the web browser on the mobile device in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially "listen" to your talk and grab frames and valuable information from the net.
To secure the transmission of information between Exchange Server 2003 and Outlook Mobile Access (OMA) clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer).

Let me know in case you need any further information regarding the same.


< Message edited by NileshS -- 17.Jan.2009 8:50:34 PM >

(in reply to jlf175)
Post #: 2
RE: Exchange 2003 mobile access - 18.Jan.2009 10:25:50 AM   
jlf175

 

Posts: 9
Joined: 4.Jun.2008
Status: offline
Thank you very much for the information.  The reason I asked about the front end server is that the idea of having our Exchange server directly accessed with a URL from the Internet seemed a little risky.  I thought having a front end server sitting in our DMZ might alleviate that worry. Is that a valid point or is it just making things overly complicated. 

(in reply to NileshS)
Post #: 3
RE: Exchange 2003 mobile access - 18.Jan.2009 2:21:50 PM   
DarkCobra

 

Posts: 9
Joined: 24.Nov.2008
From: Iron Mountain, MI
Status: offline
The BlackBerry option would not require OWA if using the BlackBerry Enterprise solution. The BES ties directly into exchange only using one port to send out and receive communication between the BlackBerry device which provides an encrypted connection between the BES and the BlackBerry device.

If using BIS you would need to use OWA to be able to access email on the device, however this option would take approx 15 minutes to replicate over to the device, and you lack calander sync, and contact sync without connecting the device directly into the computer and then syncing it via the desktop manager.

_____________________________

Jake
Partner
Information Technology Consultant
Buzzworthy Consulting
jacob.shields@buzzworthyconsulting.net
http://www.buzzworthyconsulting.net

(in reply to jlf175)
Post #: 4
RE: Exchange 2003 mobile access - 18.Jan.2009 9:31:45 PM   
NileshS

 

Posts: 173
Joined: 27.Apr.2008
Status: offline
quote:

ORIGINAL: jlf175

Thank you very much for the information.  The reason I asked about the front end server is that the idea of having our Exchange server directly accessed with a URL from the Internet seemed a little risky.  I thought having a front end server sitting in our DMZ might alleviate that worry. Is that a valid point or is it just making things overly complicated. 

 
That is a valid point. However it depends upon what the organizations needs are. The things I told you above are only a bare minimum requirement and the also would reduce the TCO.
 
For more information on hardening an Exchange server, you can refer to the following:
 
http://technet.microsoft.com/en-us/library/bb125085(EXCHG.65).aspx

(in reply to jlf175)
Post #: 5
RE: Exchange 2003 mobile access - 19.Jan.2009 7:22:54 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
quote:

ORIGINAL: jlf175

Thank you very much for the information.  The reason I asked about the front end server is that the idea of having our Exchange server directly accessed with a URL from the Internet seemed a little risky.  I thought having a front end server sitting in our DMZ might alleviate that worry. Is that a valid point or is it just making things overly complicated. 


Putting a frontend server in to a DMZ does nothing to improve security. It actually reduces it. If you want to put something in a DMZ then deploy an ISA server - that is what it is designed for.

If you are concerned about security then you will also not be deploying a self signed certificate. I consider those to be a security risk and do not use them. They are also an admin nightmare. Get a commercial SSL certificate. You can get Windows Mobile compatible certificates for US$30/year from https://DomainsForExchange.net/ and you don't have to worry about updating every client when the certificate expires.

-M

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to jlf175)
Post #: 6
RE: Exchange 2003 mobile access - 19.Feb.2010 10:15:55 AM   
pgus

 

Posts: 20
Joined: 25.Sep.2006
Status: offline
Hi!

Take a look at this
http://technet.microsoft.com/en-us/library/aa995843%28EXCHG.65%29.aspx

(in reply to jlf175)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> Exchange 2003 mobile access Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter