Deploying the iPhone 3G for business: Integrating with Exchange
In part one of this series, I looked at the mechanisms available to IT staffers to activate, deploy and configure iPhones in business environments. But the biggest new business-oriented feature available on the iPhone, thanks to the iPhone 2.x firmware (included with the iPhone 3G and available for free to users of first-generation iPhones or for $9.95 for iPod touch users), is the addition of ActiveSync for accessing Microsoft Exchange.
ActiveSync allows for automatic over-the-air push updates of new e-mails, calendar events and personal contacts to the iPhone (functionality that was already available to Windows Mobile, Palm and Symbian devices). ActiveSync also lets iPhone owners search a company’s Global Address List (GAL) using the included Contacts application, and allows administrators to enforce some security policies on the iPhone, including the ability to remotely wipe the contents of a phone that is lost or stolen.
More on ActiveSync and the iPhone
But getting iPhones to connect and sync with Exchange servers can be tricky. In this story, I’ll provide tips for integrating and managing iPhones in an Exchange environment. (Part three of this series will cover the options for developing and deploying in-house iPhone applications.)
How ActiveSync works
Unlike push services for BlackBerry devices, which rely on an intermediate server (RIM's BlackBerry Enterprise Server) that receives update notifications from an e-mail server and then provides push notification to remote devices, ActiveSync maintains a connection directly to an Exchange server. For those new to working with over-the-air syncing via direct push in Exchange, the following is a brief introduction. Understanding the basic concept can help in both planning and troubleshooting iPhone access to Exchange.
Direct push between an Exchange server and remote client devices relies on a persistent connection between the server and the device. When the device is powered on or configured, it sends an HTTP/HTTPS request (known as a ping request) to the server to establish the connection.
The ping request identifies the device and the user as well as the Exchange folders that the device will monitor. (The iPhone supports monitoring of Inbox, Calendar and Contacts, but unlike other devices that implement ActiveSync, it does not support monitoring of Tasks at this time.) Additionally, the request identifies a time limit for the connection—also known as a heartbeat interval.
Upon receipt of the client request, the Exchange server monitors the specified folders until changes occur or until the heartbeat interval is reached. If the server detects changes to a folder being monitored (e.g., incoming e-mail or a new calendar item), it responds to the ping request by identifying the folder(s) that has been updated, which causes the client to issue a sync request for those folders (and thus update appropriately and alert the user if the update contains new e-mail).
If the server doesn’t detect changes within the heartbeat interval, it responds to the ping request with an HTTP 200 OK message, which causes the client to generate a new ping request. A new ping request is also generated following a successful sync.
The heartbeat interval is dynamically determined by the client device, such as an iPhone or Windows Mobile phone. ActiveSync clients maintain a log of interactions with the server and choose intervals that allow for persistent connections with the longest possible network timeout (the time at which the mobile carrier and/or any network devices between the client and the server will drop the connection).
By using the longest possible heartbeat interval, the client can maintain persistent open connections (those which the client has initiated but the server has not yet responded to) between the client and server without requiring active use of the connection and thus conserving battery life on the device.
Understanding Exchange requirements
As anyone who has administered Exchange knows, there are a number of variables and options in determining the best configuration for an Exchange environment. Factors such as firewall and proxy server configurations, internal and external DNS, the optional use of front-end and back-end servers, the Active Directory forest and domain topologies, and the versions of Exchange and Windows Server used all impact the ultimate design of an Exchange environment.
Other major factors include the use of SSL, whether self-signed certificates or a certificate authority are used (and how they’re implemented), which authentication options are used, and which virtual directories on the Exchange server are secured.
In many cases, the variations among unique Exchange environments don’t have a huge impact on clients. However, the iPhone is not a particularly forgiving Exchange client, it seems. There are numerous threads on Apple’s discussion forums about issues preventing successful communication or sync between the iPhone and Exchange servers. In some cases, administrators report problems trying to integrate iPhones even in environments that already include other ActiveSync mobile devices such as Windows Mobile phones.
Although some admins have pointed fingers at Apple, saying that the company has created a buggy implementation of ActiveSync, the problems in many cases appear to relate to overall network and Exchange environment configuration, or environments that don’t meet the specific requirements that Apple has listed for the iPhone. Apple also seems to have designed its ActiveSync implementation to require rather strict adherence to Microsoft’s guidelines for mobile device support. (Links to guidelines, documentation, and other resources from Microsoft and Apple are included at the end of this article.)
Unfortunately, Apple’s documentation contains very limited details about those guidelines, which means a very solid understanding of and experience with Exchange and its support for mobile devices is a must. Before trying to add iPhones to your network, do your homework and ensure that your Exchange environment meets Apple’s stated requirements as well as Microsoft’s recommendations for supporting mobile devices via ActiveSync, particularly if you have not worked with mobile device support before. I’ve included some valuable resources, along with some advice to help avoid commonly reported problems, at the end of this article.
It is also important to ensure that your environment is running either Exchange 2003 SP2 or Exchange 2007 SP1 or newer. Apple has specifically listed these as requirements, and the iPhone will not function properly, if at all, with earlier versions.
If you are working with Exchange 2003, you will need to download and install the Exchange ActiveSync Mobile Administration Web Tool. The Mobile Administration Web Tool can be used with Exchange 2007 as well, though it’s not required; Exchange 2007 has a built-in Exchange Management Console. You might opt to use the Mobile Administration Web Tool if you want to give nonadministrators (such as helpdesk staff) remote wipe or other administration capabilities without giving them full access to the Exchange Management Console.