1. Architectural Overview of Windows MobileInfrastructure ComponentsWindows Mobile 5.0 and 6-powered DevicesWhite PaperPublished: May 2007For the latest information, please see http://www.microsoft.com/windows/mobile/AbstractThis whitepaper describes how mobile devices running Windows Mobile 5.0 and Windows Mobile 6 arefully integrated into Microsoft’s server infrastructure, and how the components fit together. The papergoes over the fundamental design requirements for employing Microsoft infrastructure components tohelp secure and manage mobile devices. The following components and their interrelationships arediscussed: Exchange Server 2003 and 2007, Exchange ActiveSync, Internet Security and AccelerationServer 2004 and 2006, Microsoft Dynamics Platform, Small Business Server 2003, Microsoft OperationsManager (MOM) 2005 and Systems Center Operations Manager (SCOM) 2007, Systems ManagementServer (SMS) 2003 and Systems Center Configuration Manager 2007, Microsoft Office SharePoint Server2007 and Live Communications Server 2005.
2. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoftcannot guarantee the accuracy of any information presented after the date of publication.This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THISDOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document maybe reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying,recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to thesepatents, trademarks, copyrights, or other intellectual property.© 2006 Microsoft Corporation. All rights reserved.The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious.No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should beinferred.Microsoft, Active Sync, Outlook, Windows, Windows Mobile, Windows Server, and the Windows logo are either registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
3. OverviewIn an enterprise environment, properly leveraging mobility involves much more than buying WindowsMobile enabled devices. In this whitepaper, you will learn how mobile devices running Windows Mobile5.0 and Windows Mobile 6 are fully integrated into Microsoft’s server infrastructure, and how thecomponents fit together to provide immediate value to your enterprise. After reading this overview,you should be familiar with the fundamental design requirements for employing Microsoftinfrastructure components to help secure and manage your mobile devices.The Microsoft mobility platform is comprised of several key components. Because email and messagingis such an important application of information technology, Exchange Server is a key component of thearchitecture. Additionally, your firewall solution serves to enhance security. Other components, such asSystems Management Server 2003 and Systems Center Operations Manager 2007 (formerly MicrosoftOperations Manager) are available to manage and control the operations of the infrastructure. You willalso learn how the Windows Mobile platform allows you to reuse much of your Line of Businessapplication investment and personnel skill sets. The infrastructure components and the developmentplatforms form work together to drive one seamless, cost effective and scalable solution with enhancedsecurity for your enterprise.Mobility Architecture GoalsMicrosoft’s mobility architecture is designed to integrate with your existing environment, and allow youto reuse existing systems administration skill sets. The following are some of the design goals of thearchitecture: Flexibility. In most enterprises, IT infrastructure is heterogeneous. Microsoft mobilityarchitecture is designed to work with your existing environment, such as a variety of advancedfirewall solutions, network topologies, and 3rdparty device management products. While thiswhitepaper addresses Microsoft components and recommended architecture, the architectureis modular and was designed to work with other designs and products. This allows you toleverage your investment in such areas such as security, scalability, and manageability. Thisworks for both enterprise messaging applications and line of business applications – no newspecial setup is necessary for security and authentication. Scalability. Most enterprises already have a scalable infrastructure for managing their serverand desktop environments. Mobility should be viewed as just another piece of overallmanagement strategy. Therefore, Windows mobility architecture relies on existinginfrastructure, such as Exchange 2007 or 2003, for scalability and high availability. No newmiddle tier servers, which can result in a single point of failure, are required for the architecture. Manageability. Microsoft architecture supports many points of management, such as Exchangeconsole, Systems Management Server 2003 or the upcoming Systems Center ConfigurationManager 2007, or operations monitoring through Systems Center Operations Manager 2007 orMicrosoft Operations Manager 2005. This allows different levels of management, depending on
4. existing infrastructure investment. Third-party device management products are supported aswell. Extensibility. The architecture is the basis on top of which other Microsoft and third partyapplications are built. It has built-in support for Microsoft Office SharePoint Server, and LiveCommunications Server 2005. A multitude of third party applications works with theinfrastructure. Additionally, Microsoft Dynamics ERP and CRM applications use the sameinfrastructure to deliver their functionality. Security. Windows Mobile Operating Systems are designed with security in mind and form anintegral part of the infrastructure. Windows Mobile cryptography services have been certifiedwith US Federal Information Processing Standard (FIPS) 140-2, level 1. Additionally, there issupport for dual-factor authentication, 256-bit AES encryption, remote device wipe andapplication certificates. Additionally, the Internet Security and Acceleration 2006 Server hasfeatures that integrate with components on the corporate networks, such as analysis ofExchange traffic that flows to and from mobile devices. Reuse of Existing Skill Sets. Both on the administration and application development sides,same familiar tools are used. For systems management, mobile devices are treated as justanother type of asset from management tools perspective. For application development,development for both Mobile Web using ASP.NET 2.0 and Mobile Smart Client using theCompact Framework offer a similar development environment and APIs.Overview of Windows Mobile SecurityWindows Mobile operating systems play a key role in enterprise mobility infrastructure through theirsupport of communication security standards, security policies and features designed for remote policy-based management. Windows Mobile 5.0 with Messaging and Security Feature Pack (MSFP) and thenew Windows Mobile 6 both have a sophisticated security system to protect the device from runningmalicious code and to help secure communications with corporate servers. As an enterpriseadministrator, you are responsible for provisioning and managing security policies on devices and thusneed to understand Windows Mobile features that support communications and device security.Windows Mobile Application and Network SecurityMobile devices face many threats in today’s environment. To address these threats, digital certificatesare used both to ensure both application and communication security. In the first role, certificates helpWindows Mobile to determine whether an application can be run on the device, and what level ofprivilege it receives. Furthermore, most applications are restricted from writing to the registry andother services that might compromise security. This prevents malicious code from infecting the deviceand gives administrators tight control over the applications that are installed on the device. Somemanufacturers even put additional restrictions that require all applications to be signed by a knowntrusted authority in order to run.In securing communications, Windows Mobile uses digital certificates to establish a network connectionusing Secure Sockets Layer (SSL) and validate the identity of the server using its installed rootcertificates. Windows Mobile offers cryptographic services for:
5.  Data encryption - to help secure communications Hashing - to help ensure data integrity Digital signatures – to verify identitySSL is used to enhance security of communications for applications such as Mobile Outlook clientconnecting to an Exchange Server, Line of Business applications connecting over web services, ordatabase clients connecting to a central data store.The cryptography services have been certified with the US Federal Information Processing Standard(FIPS) 140-2, level 1. The certification designates that Windows Mobile security algorithms workproperly and protect against a variety of threats. Additionally, Windows Mobile supports Virtual PrivateNetworking (VPN), Wi-Fi encryption, Storage Card Encryption, and two-factor authentication systemslike RSA SecureID. Lastly, Windows Mobile supports Certificate-Based Authentication, in which eachdevice is issued a digital certificate that uniquely identifies the device and encrypts the connection.For more information on security model in Windows Mobile please see Security Model for WindowsMobile 5.0 and Windows Mobile 6, Windows Mobile 5.0 Application Security.Windows Mobile Security PoliciesSecurity policies are used for device management; they define levels of security. The policies dictatewhether a device can be configured over the air (OTA), and whether to accept unsigned messages,applications, or files. The policies include settings such as the number of login attempts before localdevice wipe, password strength and length, and PIN-based device protection. Additionally, WindowsMobile 5.0 and 6 include ability to remotely wipe the device, or locally wipe it after administrator-settable number of incorrect password entry attempts. By default, only a manager of the device canchange security policies. The policies can be configured through a central management system such asSMS 2003 or mobile management features built into Exchange 2003 and 2007, provided the OEM orMobile Operator has given the administrator Manager permissions. For more information onmanagement capabilities of SMS 2003 and Exchange, please see references in related sections of thiswhitepaper.Exchange Deployment and Mobile DeviceManagementToday, every computer user is also an email user, so Exchange Server is central in enterprisedeployments. Mobile devices communicate with Exchange for a variety of services including email, datasynchronization and security. Understanding Exchange deployment topologies will give you thebackground you need to leverage Microsoft Exchange with your mobile devices. Additionally, Exchangehas features that support over-the-air management, data synchronization, and security of mobiledevices through Exchange ActiveSync. Exchange ActiveSync works directly with the Windows Mobile 5.0and 6 operating systems so you can avoid the added cost of middleware or service fees.
6. Exchange 2003 Deployment TopologiesExchange 2003 is a highly scalable enterprise messaging environment designed to support many types ofclients. For large enterprises deploying several thousand devices and tens, or even hundreds ofthousands users, Exchange 2003 allows to distribute load across multiple servers. Exchange 2003allows deployment using two types of servers – front-end and back-end. This topology is shown inFigure 1.Front-end servers accept all of the communications with the clients outside the corporate network.They use a proxy mechanism to transfer requests to the correct back-end servers on behalf of clientcomputers and devices. They can be configured to support Outlook Web Access (OWA), OutlookMobile Access (OMA), Exchange ActiveSync for mobile devices, and RPC over HTTPs. Front-end serversuse Active Directory to find the correct back-end server, where the user’s mailboxes are stored. Thefront-end – back-end topology results in a highly scalable solution, as the front-end servers take the loadoff the back-end servers. The front-end and back-end topology should be used by large organizations; itresults in decreased management costs, and provides better performance and fault tolerance.Additional elements in the figure, such as SCCM 2007 Device Management and SCOM 2007 OperationsMonitoring, are discussed later in the whitepaper.AdvancedFirewallExchange,AD and Firewall MonitoringAD MonitoringAD ServerBack-End Server 1Front-EndServerBack-End Server 2Look upUser’s MailboxLocationSCCM 2007 –Common ManagementInfrastructure forDesktop / Server /Mobile EnvironmentsPerimeterNetworkSCOM 2007or MOM 2005CommonMonitoring InfrastructureDevice ManagementPointExchange FarmSSL BridgingInternetHTTPSDevice Distribution Point Primary Site ServerSite DatabaseExchangeMonitoringCorporateNetwork SMSMonitoringFigure 1 Mobile Infrastructure Architecture Including Exchange 2003 Front-end and Back-End TopologyThe mobile device communicates with the front-end server. All email, task, calendar, and other datasynchronization operations are coordinated through the front-end server. Because the front-end
7. servers are responsible for client communication, this topology has several advantages in mobilescenarios:1) A single server name is exposed to the users for accessing Exchange. Addition of new servers istransparent to the user.2) SSL Encryption and Decryption can happen on the front-end server, thus offloading this operationfrom the back-end servers and saving resources.3) To enhance security of front-end servers, they can be put into a perimeter network creating anadditional layer of protection between the front-end and back-end servers.Many organizations with a smaller number of users choose to run Exchange on a single server. This alsoworks well for testing purposes. However, to achieve scalability and security advantages, Microsoftrecommends the front-end, back-end architecture.For more information please see the following resources: Exchange Server 2003 and Exchange 2000 Server Front-End and Back-End Topologies Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft ExchangeServer 2003 SP2 Microsoft Exchange Server 2003 Client Access Guide.Exchange 2007 Server RolesExchange 2007 introduces the concept of server roles as the primary mechanism of scalability. Eachserver can act as one or more roles within the topology. Mobile users are supported by a special serverrole called the Client Access Server, which is analogous to the front-end server in Exchange 2003. ClientAccess Server has interfaces for Exchange ActiveSync, Outlook Web Access, and RPC over HTTPS. TheMailbox and Hub Transport server roles in combination are similar to the back-end server in Exchange2003. The Mailbox Server role is the storage server that hosts mailboxes and public folders while theHub Transport Server role is responsible for routing mail.For more information please see The Fundamentals of Mobile Access to Exchange 2007.Exchange ActiveSyncExchange ActiveSync is a part of Exchange Server 2003 and 2007 that is optimized to deal with high-latency / low-bandwidth networks, and also with clients that have limited amounts of memory andstorage. Exchange ActiveSync supports Direct Push technology which automatically synchronizes (or“pushes”) new email to mobile devices as soon as the mail arrives. Direct Push is in contrast to a pollingstyle where the device has to request new email from the server on a timed basis. Under the covers,the Exchange ActiveSync protocol is based on HTTP, SSL, and WBXML, so the communications channelhas enhanced security. Exchange ActiveSync is enabled out of the box on all user mailboxes withoutany additional software or servers.Mobile devices interact with Exchange ActiveSync on the front-end servers when synchronizing email,schedules, contact information and tasks to the device. Synchronization is extremely fast, with
8. enhanced data compression that enables rapid sending and receiving of messages. Because ExchangeActiveSync uses standard transport protocols, there is no need to buy special data plans from mobileoperators; standard data plans can be used for global mobile access. It supports all types of mobilecommunication networks, including GSM, GPRS, UMTS, HSDPA, and CDMA.Microsoft Exchange Server 2007 adds several productivity-enhancing features to Exchange ActiveSync.It includes support for flags, HTML mail, and allows users to search the entirety of their mailboxes fromthe mobile device, including messages not currently synced to the device. This helps overcome thelimited resources of a mobile device, and not limiting access to just the portion that fits in devicememory.For more information, including Exchange ActiveSync features for Exchange 2003 and Exchange 2007,please see Mobile Messaging with Exchange ActiveSyncMobile Device Management through Exchange ActiveSyncSince Exchange is so central in many enterprise deployments, Microsoft added special administrativefeatures into Exchange which can allow mobile devices to adhere to the organizations security policies.This native device management support helps reduce complexity and costs because you can reuseexisting infrastructure.Security policies are set on the Exchange 2003 server and delivered to the client through ExchangeActiveSync. When a mobile device security policy is defined on the server, it is automatically sent toeach device the next time the user of the device starts synchronization. The Exchange 2003 ActiveSyncMobile Administration Web tool enables administrators to manage the process of remotely erasing lost,stolen, or otherwise compromised mobile devices.With Exchange Server 2007, mobile device management is integrated into the Exchange ServerManagement Console and self-service capabilities are exposed via Outlook Web Access. For example,when the device is lost or stolen, users can wipe data from their device themselves, rather than callingthe corporate helpdesk. By doing this, Exchange Server 2007 helps to drive down the cost of supportingmobile messaging. With Exchange Server 2007, the system administrators can define and namemultiple sets of security policies and apply them to individual users or to different user groups in ActiveDirectory. They also have access to enhanced monitoring and logging for operational monitoring.For information on Exchange ActiveSync in Exchange 2007, see Overview of Exchange ActiveSync .Exchange ActiveSync Communication SecurityTo help secure Exchange ActiveSync traffic, encryption through Secure Sockets Layer (SSL) is necessary.If your organization currently exposes Outlook Web Access (OWA), you already have the infrastructurein place to support a mobile deployment using high-grade, 128-bit SSL encryption. Because ExchangeActiveSync is implemented as an application that runs on Internet Information Services (IIS), its securitysettings can be configured using the same certificates you’re already using for OWA. All communicationbetween the Windows Mobile device and the Exchange front-end server take place over a single TCP/IP
9. port: TCP port 443, used for SSL-secured HTTP traffic. This greatly simplifies enterprise firewallconfiguration, because only a single port needs to be opened from the Internet to the ExchangeActiveSync front-end server, and that port will probably be open in any case because it’s the same portused for Outlook Web Access. Additionally, more advanced security scenarios are supported byExchange Server and Windows Mobile, such as S/MIME messaging, and SecureID or certificate-basedauthentication.For more information on securing communications with SSL, please see the Step-by-Step Guide toDeploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2 and Mobile SecureCertificates Whitepaper.Communication Security and Advanced Firewall ConfigurationsMost enterprises use a combination of hardware and software firewall solutions, such as InternetSecurity and Acceleration (ISA) Server 2004 or 2006. In addition to the ISA Servers, Exchange supportsmost other reverse proxy software firewall products available on the market. Typically, the advancedfirewall is deployed in the perimeter network (see Figure 1). Existing IIS website already used for RPCover HTTPS or Outlook Web Access is used, so usually no new inbound ports need to be opened on thefirewall. Exchange ActiveSync communicates through a different virtual directory, and the ISA servercan be configured to examine Exchange ActiveSync traffic. SSL is applied between the client and ISAserver, and between the ISA server and the front-end server. This is called terminate – initiate, or SSLbridging.SSL bridging protects against attacks that are hidden in SSL-encrypted connections. ISA is configured todecrypt and examine Exchange traffic from the client, terminating the SSL connection. This stepprevents any malicious traffic from getting into the corporate network, protecting it from any threats.ISA Web publishing rules configure the connection to the Exchange front-end server. If the rule specifiesto forward the request using HTTPS, ISA 2006 then initiates a new SSL session to the Front-End(Exchange 2003) or Client Access (Exchange 2007) Server. The second SSL session ensures that thecommunication is safe from a malicious user already inside the firewall.For more information about ISA and Exchange deployment scenarios please see one of the followingdocuments: Security for Windows Mobile Messaging in the Enterprise Publishing Exchange Server 2007 with ISA Server 2006 Using ISA Server 2004 with Exchange Server 2003 Publishing Exchange Server 2003 with ISA Server 2006Exchange ScalabilityMobile devices represent a relatively light load on the Exchange servers compared to Outlook WebAccess or RPC/HTTP, so your infrastructure may be able to support the extra load without addingadditional servers. When rolling out Exchange ActiveSync at Microsoft to 26,000 users, Microsoft IT
10. found that only 3.6% of the load on their servers being due to Exchange ActiveSync, and thus did notneed to add any new servers.The front-end and back-end architecture provides several client access performance and availabilitybenefits. The front-end servers offload some load processing duties from the back-end servers.Therefore, front-end servers do not need large or particularly fast disk storage, but should have fastCPUs and a large amount of memory. Microsoft provides several tools, such as the Exchange ServerLoad Simulator tool (LoadSim) and the Exchange Server Stress and Performance (ESP) 2003 tool to testthe performance of Exchange Servers. These tools allow better planning of performance and scalabilityrequirements of Exchange infrastructure.Through continuous monitoring with operations tools such as MOM 2005 or SCOM 2007 (see below),administrators can monitor trends and pinpoint performance degradation. They can then provisionadditional back-end servers to decrease the load on existing infrastructure and move mailboxes over tothe new servers. Since the clients use one URL for all their communications with the front-end servers,back-end servers can be added transparently to the users. For Exchange 2007, the scalability efforts arefocused on the Mailbox and the Hub Transport server roles. Exchange Server architecture shouldalways include some planned redundancy in order to effectively handle peak loads and unforeseenevents.Office SharePoint Server 2007 and Live Communications Server (LCS)2005Microsoft Office SharePoint Server (MOSS) 2007 web portal technology supports mobile devices out-of-the-box. Every list and library in MOSS 2007 or Windows SharePoint Services (WSS) v3 is capable ofhosting ‘Mobile Views’. These are standard views of lists or libraries that an administrator has defined asbeing mobile enabled. Individual list items can be viewed in mobile form and InfoPath forms can beopened in a mobile client via a web browser interface. Additionally, Exchange 2007 and WindowsMobile 6 enable access to files stored on WSS sites and Universal Naming Convention (UNC) file shares viaembedded Exchange links.Microsoft Office Communicator Mobile allows users to use Microsoft Live Communications Server (LCS)2005 SP1 on the mobile device. This allows the mobile users to use instant messaging to communicatewith their co-workers who are on the corporate network, all the while taking advantage of enterprisefeatures such as more secure communications and centralized logging and auditing. CommunicatorMobile provides integration between multiple mobile applications such as Voice over IP (VoIP), presencestatus information and organization’s address book. Additionally, users can also communicate withpartners or public instant messaging service users.For more information please see Microsoft Office Communicator Mobile Planning and DeploymentGuide.Mobile Device Management and Operations
11. In addition to Exchange-based device management, Systems Management Server (SMS) 2003 DeviceManagement Pack provides features for device management using an interface already familiar toadministrators. Microsoft Operations Manager (MOM) 2005 allows operational monitoring ofenterprise infrastructure, and the Exchange Management Pack for MOM 2005 has features to monitormobile device performance.Mobile Device ManagementSystems Management Server (SMS) 2003 Device Management Feature Pack enables management ofmobile devices when they are connected on the corporate network, or through the VPN. It allows SMSto collect hardware and software inventory information, distribute and install software, execute scriptsand manage security policies and other settings on devices. SMS is fully integrated with ActiveDirectory and allows management at levels of different granularity. This is done in one central placethrough an Administrative GUI. Importantly, SMS Device Management Feature Pack allows reusing thesame common infrastructure that is already being used for Server, Laptop, and Desktop management.Systems Management Server works by installing an agent on the mobile device, and using the agent tocollect information about the device, as well as perform management functions. The agent getsinstalled during a desktop ActiveSync session and after that enables management of the devices whenon the corporate network. SMS 2003 supports multiple device management and device distributionpoints, thus providing a scalable solution. Please see the SMS 2003 Device Management Feature PackSite for more information.The System Center Configuration Manager (SCCM) 2007, scheduled for release in second half of 2007,is a new version of SMS that builds on the features included with SMS 2003. It adds support for smartphones and over-the-air software distribution from gateway located in a corporate DMZ (see Figure 1).The user no longer has to be on the corporate network to get software updates. The device must enrollfor a client certificate during the setup process to be manageable from the internet.For more information please see the System Center Configuration Manager 2007 site.Operations ManagementMicrosoft Operations Manager (MOM) 2005 with Exchange Management Pack monitors the ExchangeServers including some aspects of the mobile device operations. MOM uses event log entries andspecial performance counters on Exchange Servers to collect information. It allows administrators tomonitor all aspects of the Exchange Server, including protocol metrics, events generated by Exchange,server performance, and mobility features.MOM 2005 monitors the heartbeat interval and synchronization latency of mobile devices, giving theadministrators a good indication of the mobile user’s experience. System administrators can then makedecisions about how to tune or to scale Exchange components once they notice performancedegradation.
12. The new version of MOM, the Systems Center Operations Manager (SCOM) 2007 together with theSCOM Exchange Management Pack extend the advances of the MOM platform and provide moreadvanced rule-based availability and performance monitoring. MOM 2005 and SCOM 2007 bothsupport a consolidated view of the entire enterprise infrastructure tiered deployment architecture thatcan scale up to hundreds of thousands of clients.For more information on MOM 2005 please see the Exchange Server Management Pack Guide for MOM2005. For more information on SCOM 2007 please see the Systems Center Operations Manager 2007Site.Application Design and DevelopmentWindows Mobile 5.0 and 6 are supported by one of the largest catalogs of Line of Business (LOB)applications, offered both by Microsoft and third-party ISVs. However, to meet specific needs of manyenterprises, customers need to develop their own mobile applications. The infrastructure elementsdescribed above combine into a platform for deploying and managing Line of Business applications.Mobile applications use the same common infrastructure already being used for desktop and serverapplications, leading to reduced complexity and lower deployment costs. Common design andarchitecture issues, such as development, deployment, operations, and communication security havewell defined solutions. Development frameworks, databases and tools that are common to bothtraditional and mobile development allow organizations to reuse much of their existing applicationinvestment and the skill set of their personnel.Windows Mobile 5.0 and 6 support the .NET Compact Framework, a specialized mobile platform fordeveloping applications that is based on Microsoft’s .NET. Compact Framework allows applicationdevelopers to use the same development languages and tools they are using to develop Windows andWeb-based applications. Both C# and VB.NET languages are supported, and Compact Framework hasbuilt-in support in state-of-the-art Visual Studio 2005 Integrated Development Environment. Availableemulator tools simplify application development and testing on different types of devices.Additionally, Microsoft provides many resources and tools for mobile development, including recentlyreleased the Mobile Client Software Factory, which provides a framework and application blocks forcommonly used smart client application scenarios. For example, it includes a library that allows queuingof web service calls to the server when the device is disconnected, and optimizes data transmissiondepending on the network speed. For more information on Compact Framework, please see .NETCompact Framework site.Mobile database-based applications can take advantage of SQL Server 2005 Compact Edition. SQLServer 2005 Compact Edition deployed on a device works with a central SQL Server 2005 databaseserver to synchronize data with the device. SQL Server 2005 supports ability to target each user anddevice with a small subset of the enterprise database to reduce the storage requirements on the device.Advanced mobile database scenarios such as merge replication allow database engine to synchronizethe local database that resides on the mobile device with a central database running on a server.
13. Developers access the database using Visual Studio 2005 development system and the familiar ADO.NETmechanism supported by all SQL Server editions. In addition to mobile devices, the Compact Edition issupported on other Windows platforms, including tablet PCs, and desktops. In many single-user clientapplications, this means that the same code can be reused on all Windows platforms. For moreinformation on mobile database development, please see the SQL Server 2005 Compact Edition site.Many Line of Business (LOB) applications are web-based or web-services based. Internet InformationServer (IIS) and ISA 2004 and 2006 allow advanced security configurations of applications, includingauthentication and security rules targeted to specific applications. The network connections aretypically encrypted using SSL and the clients must authenticate themselves against the corporatefirewall server and Active Directory. For the environments using Service Oriented Architecture, mobiledevices often become just another client accessing the SOA web services.Microsoft LOB applications also support Windows Mobile computing platforms. Microsoft Dynamicssoftware, such as Microsoft Dynamics AX, and Microsoft Dynamics CRM have out-of-the-box support formobile access. Dynamics AX offers a mini mobile ERP client called the Mobile Sales Assistance. It allowsthe sales force to examine their route plans, email and calendar, point of sale information for eachcostumer, and product and inventory data. There is also Mobile Business Assistant to assist businessdecision makers in understanding business performance and tracking KPI metrics of a business.Dynamics CRM 3.0 was also designed with the mobile sales force in mind. CRM Mobile Express, aMicrosoft Dynamics CRM 3.0 mobility application, enables users to instantly view, create, and modifydata on any Internet-capable device. It lets a salesperson in the field tap into the same sales, marketing,and customer service data they have access to in the office. CRM Mobile Express runs in a Web browserand doesnt require users to install additional software.Mobile Device Support in Small BusinessServer 2003For smaller businesses that require only mail and file share, Microsoft recommends SBS server. SmallBusiness Server (SBS) 2003 R2 is an “all-in-one” server solution designed for small businesses. It is asingle server that is designed to perform the functions of the IT infrastructure in larger environments, ata much lower cost. It provides the following services: Exchange 2003, Active Directory, DHCP, DNS,Domain Controller, Monitoring and Management Services and Windows SharePoint Services. SBS 2003R2 Premium version also includes SQL Server 2005 Workgroup, ISA Server 2004 and Microsoft FrontPage2003.SBS 2003 R2 supports mobile devices through Exchange mobility features offered in Exchange SP2including Exchange ActiveSync access, this can be configured using SBS’s group policy (similarfunctionality to SMS 2003). A key limitation of the SBS server is that only 75 users, computers, ordevices can connect to the server at one time, so adding mobile devices will count against the total limitthat the SBS server will support.
14. For more information and how-to instructions please see Deploying Windows Mobile 5.0 with WindowsSmall Business Server 2003.ConclusionProperly supporting mobile devices in an enterprise environment requires interaction of severaldifferent areas of enterprise architecture, software security, and operational support tools. Once youunderstand the broad components of communications (Exchange ActiveSync), security (SSL andcertificates), management and operations (Exchange ActiveSync, Microsoft Operations Manager,Systems Management Server), and how they fit together with LOB applications and back-end servers,you can work with your enterprise security, administration, infrastructure and management teams tomake the most out of your mobile device investment. Since these are familiar tools that are likelyalready being used to manage your Windows desktop and server infrastructure, you can expand the useof existing infrastructure components without additional training or server costs. The Windows MobileOperating System and the Windows Server platform elements all work together to drive a security-enhanced, seamless, cost effective, and scalable solution that addresses all major issues in mobileenterprise environment.Additional Resources:Mobile Messaging at Microsoft: Improving Security, Manageability, and User ExperienceMobile Strategy White Papers SiteExchange 2007 Support for mobile Devices