Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to deploy Windows Mobile to 40,000 users


Published on

This is my presentation from MEDC 2007 on how to deploy Windows Mobile Email to 40,000 users

Published in: Business, Technology
  • Be the first to comment

How to deploy Windows Mobile to 40,000 users

  1. 2. Jason Langridge Enterprise Mobility Solution Specialist Mobile Communications Business Group Microsoft E-mail: [email_address] Blog: ITP202 How Can You Deliver E-mail to 40,000 Users with Exchange Server and Windows Mobile?
  2. 3. Session Objectives and Takeaways <ul><li>Session objective </li></ul><ul><ul><li>Describe infrastructure requirements and scalability considerations for a large scale rollout of mobile devices </li></ul></ul><ul><ul><li>Describe device provisioning and user training tools available for a large scale rollout </li></ul></ul><ul><li>Explain how to successfully plan a large scale mobile deployment with Microsoft Exchange Server 2007 </li></ul>
  3. 4. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  4. 5. Business Wants Connected Mobility Solutions YOY % shipping growth 35 30 25 20 15 10 5 0 CAGR 2006-2010 Source: Gartner Dataquest, and IDC 2006 18.6% Mobile PCs 5.8% Mobile Phones 3.9% Desktop PCs 34.1% Converged Mobile Phones
  5. 6. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  6. 8. Exchange Mobile Access Deployment Exchange Front End Server(s)/Client Access Servers Mailbox Server Mailbox Server Internet (Cellular Networks) Wireless PDA HTTPS (443 ) Smart phone Wi-Fi PDA Wi-Fi Smart phone Internet (802.11x - hotspots) Wi-Fi PDA Wi-Fi Smart phone Wireless Intranet (802.11x) Corporate Network ISA Server (Optional) HTTPS (443) Outlook from home (rpc/http) OWA from kiosk or from home Wi-Fi Laptop Wi-Fi Laptop Wired line Wireless line Legend
  7. 9. ISA Server Benefits <ul><li>ISA Server is “recommended” not “required” </li></ul><ul><li>Any firewall that can publish port 443 (SSL) can be used </li></ul><ul><li>ISA is recommended because it has: </li></ul><ul><ul><li>The ability to pre-authenticate all traffic before it reaches your Exchange Server </li></ul></ul><ul><ul><li>The option to inspect Exchange ActiveSync traffic passing through it and validate it is genuine </li></ul></ul><ul><ul><li>ISA Server 2006 provides Kerberos-constrained delegation to the Exchange server </li></ul></ul>
  8. 10. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  9. 11. So Many Devices to Choose From! > 140 Windows Mobile phones worldwide
  10. 12. User Profiling and Device Selection <ul><li>Mobile device is a very personal choice </li></ul><ul><li>Need to accommodate choice while delivering standardization </li></ul><ul><li>Typical portfolio will include </li></ul><ul><ul><li>Phone-style device </li></ul></ul><ul><ul><li>Keyboarded device </li></ul></ul>
  11. 13. Device Decisions When someone Senior asks for an unsupported device... Line of Business Collaboration Concierge
  12. 14. Procurement Decisions <ul><li>Billing </li></ul><ul><ul><li>Corporate </li></ul></ul><ul><ul><li>Individual Liable </li></ul></ul><ul><ul><li>Corporate Responsible – Individual Liable </li></ul></ul><ul><li>Global/local decision-making </li></ul><ul><li>Breaking out service plan and devices? </li></ul><ul><li>Length of commitment </li></ul><ul><li>Early termination fees </li></ul><ul><li>Data tariffs </li></ul><ul><ul><li>Flat rate </li></ul></ul><ul><ul><li>Per user or Data buckets </li></ul></ul>
  13. 15. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  14. 16. Device Management <ul><li>Provisioning methods </li></ul>WAP/Client Provisioning OMA DM Provisioning OMA DM Client Desktop ActiveSync WAP Push App Installer USB Bluetooth .CAB SMS Initiated OMA DM SMS Initiated WAP Exchange ActiveSync In-ROM Configuration XML Cold Boot Initialization Configuration Service Providers Over-the-Air OMA DM Over-the-Air Exchange Provisioning Over-the-Air WAP/Client Provisioning Desktop ActiveSync® (RAPIConfig) New New Get an installable onto the device
  15. 17. Device Management Challenges Enterprise Mobile Operator Ensure device data protected Enable secure network access Deploy rich device apps Ensure secure device Ensure reliable device Operator-specific configuration Enable rich device services Data access anywhere/anytime Ability to run rich applications Ensure secure device A reliable and secure device Device Owner
  16. 18. Device Management Considerations <ul><li>Devices are harder to detect then PCs </li></ul><ul><li>How many are already being used in your organization? </li></ul><ul><li>Do you have a policy on devices/applications? </li></ul><ul><li>Who will manage the devices? </li></ul><ul><ul><li>Mobile Operator </li></ul></ul><ul><ul><li>Enterprise </li></ul></ul>
  17. 19. Exchange Server 2007 Manageability <ul><li>Self-service model </li></ul><ul><ul><li>Users can do remote wipe from OWA without calling help desk </li></ul></ul><ul><ul><li>IT pros don’t become a bottleneck </li></ul></ul><ul><li>Provide greater control to the admin </li></ul><ul><ul><li>More granular security policies and access control </li></ul></ul><ul><li>Easy to maintain </li></ul><ul><ul><li>Greater manageability and support options </li></ul></ul>
  18. 20. Manageability <ul><li>More granular access control </li></ul><ul><ul><li>By device ID: Allows only enterprise- provisioned devices </li></ul></ul><ul><ul><li>By user agent : Allows only enterprise-recommended models </li></ul></ul><ul><li>Per-user policies </li></ul><ul><li>New incremental policies </li></ul><ul><ul><li>Storage card encryption enforcement </li></ul></ul><ul><ul><li>Allow/disallow attachments and maximum size </li></ul></ul><ul><ul><li>Allow/disallow UNC/SharePoint access </li></ul></ul><ul><li>New device lock policies </li></ul><ul><ul><li>Device timeout enhancements </li></ul></ul><ul><ul><li>Password expiration </li></ul></ul><ul><ul><li>Password history </li></ul></ul><ul><ul><li>User Pin/password reset </li></ul></ul><ul><li>Policies and access controls </li></ul>
  19. 21. Manageability <ul><li>Device management </li></ul><ul><li>Track and manage device partnerships </li></ul><ul><li>Track device change history </li></ul><ul><li>See devices connected to Exchange Server </li></ul><ul><li>Identify and troubleshoot problems seen by devices </li></ul><ul><li>Reset users’ PIN over the air </li></ul><ul><li>Users can wipe their own device from OWA </li></ul>
  20. 22. Manageability <ul><li>Server management </li></ul><ul><li>Improved protocol logging to aid troubleshooting </li></ul><ul><li>MOM support </li></ul><ul><ul><li>Alerts/rules: To alert IT pros when something is wrong </li></ul></ul><ul><ul><li>Diagnostic tasks/probes: To ensure everything is working </li></ul></ul><ul><li>Summary reports about device sync usage </li></ul><ul><li>Integrated setup/admin to reduce administrative costs </li></ul>
  21. 23. MOM Availability Report
  22. 24. Exchange Server 2007 Device Management
  23. 25. Mobile Operator Management Tool
  24. 26. Microsoft Systems Management Server 2003 (SMS) and Microsoft System Center Configuration Manager 2007 <ul><li>SMS 2003 Device Management </li></ul><ul><li>Downloadable “Feature Pack” available on the Web </li></ul><ul><li>Client settings and core features </li></ul><ul><ul><li>Pocket PC 2002 and 2003 and 5.0 only; no smartphone support </li></ul></ul><ul><ul><li>Intranet only; no support for devices over the Internet </li></ul></ul><ul><ul><li>ActiveSync to discover and install </li></ul></ul><ul><ul><li>Microsoft Windows CE .Net 4.2 and 5 on the ARM processor </li></ul></ul><ul><ul><li>Scripting Host </li></ul></ul><ul><li>Configuration Manager 2007 Device Management </li></ul><ul><li>Integrated Device Management in core product </li></ul><ul><li>Support for all DMFP features plus: </li></ul><ul><ul><li>Smartphone support </li></ul></ul><ul><ul><li>Internet-based client management </li></ul></ul><ul><ul><li>Native Mode security (required for Internet facing) </li></ul></ul><ul><ul><li>Connection management </li></ul></ul><ul><ul><li>Windows CE 6 + CE on X86 Processor in SP1 </li></ul></ul><ul><li>Dropping Windows Mobile 02 support </li></ul><ul><li>Dropping DMScript support </li></ul>
  25. 27. Configuration Manager 2007 <ul><li>Core capabilities </li></ul><ul><ul><li>Device management </li></ul></ul><ul><ul><li>Hardware/software inventory </li></ul></ul><ul><ul><li>File collection </li></ul></ul><ul><ul><li>Software distribution </li></ul></ul><ul><ul><li>Settings management </li></ul></ul><ul><ul><ul><li>Password policy management </li></ul></ul></ul><ul><ul><ul><li>Security policy management </li></ul></ul></ul><ul><li>Support for Smartphone </li></ul><ul><li>Internet-based management </li></ul><ul><li>LOB device management </li></ul><ul><ul><li>Windows CE on ARM at RTM, x86-based Windows CE device support coming in SP1 </li></ul></ul><ul><li>Deployment </li></ul><ul><ul><li>Full integration with Configuration Manager 2007 </li></ul></ul><ul><ul><li>Over the air client upgrade for SMS 2003 DMFP devices </li></ul></ul><ul><ul><li>Automated client distribution via SMS Advanced Client desktop </li></ul></ul><ul><ul><li>Storage card or “self service” install </li></ul></ul>
  26. 28. DMSec Partner Offering <ul><li>Windows Mobile and Exchange Server 2003 meets the needs for the majority of business customers </li></ul><ul><li>For customers that wish to extend security or management capabilities a select group of Microsoft partners are offering discounted solutions for a limited time </li></ul><ul><li>Customer chooses one security and one DM partner solution </li></ul><ul><li>We have partnerships with the following vendors: </li></ul><ul><ul><li>Security: Credant Technologies, Trust Digital </li></ul></ul><ul><ul><li>Device Management : iAnywhere, Odyssey Software </li></ul></ul>
  27. 29. Device Management <ul><li>Application lock-down and control </li></ul><ul><li>Automatic distribution and installation of software updates to remote devices </li></ul><ul><li>Support for Systems Management Server (SMS) </li></ul><ul><li>OTA file management </li></ul><ul><li>Collection, logging, and publishing of device information </li></ul><ul><li>Fully-automated provisioning of remote devices </li></ul><ul><li>Automatic device discovery and registration </li></ul>
  28. 30. Security <ul><li>Data at rest encryption using FIPS 140-2 (AES & 3DES) validations </li></ul><ul><li>Centrally-managed end point policy management </li></ul><ul><li>End point security enforcement </li></ul><ul><li>Network Access Control </li></ul><ul><li>OTA device management, software distribution, configuration provisioning & updating </li></ul><ul><li>Compliance reporting </li></ul>
  29. 31. DMSEC Partner Capability Matrix * The Odyssey solution has an optional console and can support other third party consoles. While Odyssey does not have its own reporting tool, they support the standard reporting tools in the marketplace. ** The iAnywhere solution included in the DMSec Offer represents a subset of the entire Afaria solution and does not include security components. Only Afaria Session Manager, Afaria Inventory Manager, and Afaria Configuration Manager for the Windows Mobile platform are included. FEATURES ODYSSEY* iANYWHERE** TRUST DIGITAL CREDANT Centralized server No Yes Yes Yes Data encryption No No FIPS 140-2 (3DES, AES) FIPS 140-2 (3DES, AES) Removable storage encryption No No Yes Yes Selective encryption No No Yes Yes Authentication Yes Yes Yes Yes Asset management Yes Yes No Yes Network access management No No Yes Yes Device provisioning Yes Yes Yes Yes User self-provisioning & self-help No No Yes Yes IT policy admin. w/dynamic policy updating No No Yes Yes File management Yes Yes No No Automated application updating Yes Yes Yes No Selective function/application control No No Yes Yes Remote control Yes No No No Diagnostic tools Yes Yes No No Device backup No Yes No No Local device wipe No No Yes Yes Remote device wipe No No Yes Yes System access/mgmt. Yes Yes Yes No Image distribution Yes No Yes No Logging Yes Yes Yes Yes Reporting No Yes Yes Yes Selective Bluetooth mgmt No No Yes Yes Exchange integration No No Yes Yes Active Directory integration No Yes Yes Yes SMS integration Yes No No No Private APN support Yes Yes Yes Yes
  30. 32. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  31. 33. IT Support <ul><li>Troubleshooting where the problem lies is biggest challenge </li></ul><ul><li>Mobile device Support is very different to PC or even laptop support </li></ul><ul><ul><li>Time coverage </li></ul></ul><ul><ul><li>Issues generally around connectivity </li></ul></ul><ul><ul><li>Different vendors involved: Mobile Operator, IT, device manufacturer, and potentially an outsourcer </li></ul></ul>
  32. 34. IT Skills Required <ul><li>Experience working with Active Directory </li></ul><ul><li>Good Knowledge of Exchange Server 2003/2007, Microsoft Office Outlook Web access and Exchange ActiveSync </li></ul><ul><li>Working knowledge of mobile devices and mobile networks </li></ul><ul><li>Experience using or managing Microsoft Windows Mobile 5.0 </li></ul><ul><li>Familiar with network concepts such as firewalls, reverse proxy, certificates, and security protocols (EAP, TLS, WPA, WEP, and 802.1x) </li></ul>
  33. 35. IT Training <ul><li>Learn it: Microsoft E-Learning course, Course 5139: Designing, Implementing, and Managing a Microsoft Windows Mobile Infrastructure </li></ul><ul><li>Prove it: Microsoft MCP Exam 70-500, Microsoft Windows Mobile Designing, Implementing, and Managing </li></ul>
  34. 36. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  35. 37. Devices That are No Longer Required <ul><li>Perform a master reset </li></ul><ul><li>Remove any removable media, as the master reset will affect only the data on the device itself </li></ul><ul><li>Return the device and removable media to your manager </li></ul><ul><li>Contact the mobile operator and terminate or transfer the service </li></ul><ul><li>Transfer service to new device </li></ul><ul><ul><li>For GSM: Move SIM card </li></ul></ul><ul><ul><li>For CDMA: Contact mobile operator </li></ul></ul><ul><li>Dispose of unneeded devices in an environmentally responsible manner </li></ul>
  36. 38. Devices That are Lost or Stolen <ul><li>Notify security </li></ul><ul><li>Notify help desk </li></ul><ul><ul><li>Can leverage remote wipe capability if available as part of device/security management solution </li></ul></ul><ul><li>Use self-service wipe tools if available </li></ul><ul><li>Contact the mobile operator and suspend or terminate the service </li></ul><ul><li>Notify your manager </li></ul><ul><li>File a police report. (Insurance companies often require this step before they will reimburse you for the loss.) </li></ul>
  37. 39. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  38. 40. Microsoft Mobile Messaging <ul><li>Common URL namespace for mobile messaging clients </li></ul><ul><ul><li>OWA, Exchange ActiveSync (EAS), Outlook Anywhere (RPC/HTTP) </li></ul></ul><ul><li>Integration: all mobile messaging services on a common Exchange Server 2007 CAS platform </li></ul><ul><li>Mobile messaging s ervice u sage </li></ul><ul><ul><li>OWA: ~70,000 unique users/month </li></ul></ul><ul><ul><li>RPC/HTTP: ~80,000 unique users/month </li></ul></ul><ul><ul><li>EAS: ~38,000 unique users/month </li></ul></ul><ul><li>Highly scalable Exchange Server 2007 CAS infrastructure </li></ul><ul><ul><li>Load balancing and fault tolerance </li></ul></ul><ul><ul><li>Our servers are dual CPU 2.2GHz with 4GB memory </li></ul></ul>
  39. 41. Topology Dublin: - ExternalURL “” Singapore: -ExternalURL “” Sao Paulo: -ExternalURL “” Redmond: - ExternalURL “”
  40. 42. Device Standardization <ul><li>What does this mean? </li></ul><ul><ul><li>Process for selecting hardware for internal employees to utilize within the company </li></ul></ul><ul><ul><li>Including requirements for internal beta programs </li></ul></ul><ul><li>What are some of the benefits? </li></ul><ul><ul><li>Documentation/education </li></ul></ul><ul><ul><li>Helpdesk support </li></ul></ul><ul><ul><li>Pricing and availability </li></ul></ul><ul><ul><li>Enterprise warranty </li></ul></ul><ul><ul><li>Infrastructure interoperability </li></ul></ul>
  41. 43. Support Call Generators 15% 11% 7% 4% 63% Help configure install Other symptom Corp WLAN configuration Request for information Mobile operator connectivity failure
  42. 44. Self-help End-User Documentation (Intranet) 05/26/09
  43. 45. 05/26/09 Self-help End-User Documentation (Takeaway Guides)
  44. 46. Microsoft Provisioning Tool
  45. 47. By the Numbers <ul><li>Costs / FY06 </li></ul><ul><li>User Base - 41,000 </li></ul><ul><li>Call Volume (Yr) - 8,800 </li></ul><ul><li>Call Volume (Mth) - 733 </li></ul><ul><li>Calls Per/U (Yr) - .21 </li></ul><ul><li>Total Cost - $402k </li></ul><ul><li>Costs / FY07 (Projected) </li></ul><ul><li>User Base - 50,000 </li></ul><ul><li>Call Volume (Yr) - 10,300 </li></ul><ul><li>Call Volume (Mth) - 858 </li></ul><ul><li>Calls Per/U (Yr) - .20 </li></ul><ul><li>Total Cost - $488k </li></ul>
  46. 48. Agenda <ul><li>Infrastructure </li></ul><ul><li>Procurement </li></ul><ul><li>Provisioning and Management </li></ul><ul><li>Support </li></ul><ul><li>Decommissioning </li></ul><ul><li>Microsoft Internal Usage </li></ul><ul><li>Conclusion </li></ul>
  47. 49. Conclusion <ul><li>Manage mobile devices like a laptop/PC </li></ul><ul><ul><li>However handheld-specific issues should be taken into consideration </li></ul></ul><ul><li>Create standards for purchasing, provisioning and management </li></ul><ul><li>Ensure end-to-end security for mobile users </li></ul><ul><ul><li>Don’t dismiss security vs. usability </li></ul></ul><ul><li>Provide help desk support for mobile users </li></ul><ul><li>Determine a plan for retirement and upgrades of devices </li></ul>
  48. 50. Reference <ul><li>Direct Push deployment guide </li></ul><ul><ul><li> </li></ul></ul><ul><li>Whitepaper on Mobile Messaging with Microsoft Exchange Server 2003 SP2 and Windows Mobile 5.0 </li></ul><ul><li>The Benefits of Microsoft Mobile Messaging </li></ul><ul><li>Microsoft IT Scalability Experience with Windows Mobile 2003 and Exchange Server 2003 Mobile Messaging </li></ul><ul><li>My blog </li></ul><ul><ul><li> </li></ul></ul><ul><li>Exchange blog </li></ul><ul><ul><li> </li></ul></ul>
  49. 52. While You're Here Fill out your session evaluation Enter to win a Windows Mobile ® phone or Zune™ Geek out with a huge rack of servers Enterprise Mobility in Action is in the Expo Hall Meet the geeks The Expert Cabana is packed with MEDC speakers and MVPs
  50. 53. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.