Windows=based smartphones work best with Exchange.

Let’s face it, your users are going to want to connect  to your organization’s Exchange services with their mobile phones. Rather than allow that activity to grow willy nilly, you may want to impose some controls on the process. So it might make sense to know what smartphones play nicely with Exchange.

Smartphone makers have been steadily improving their handsets’ Exchange capabilities. What’s more, Microsoft has also moved, with the release of Exchange 2010, to better accommodate phone warriors. For example, with Exchange 2010 and ActiveSync, members of your organization get real-time access to their communications on literally hundreds of devices. Email, contacts and calendar items can be automatically synchronized over the air quickly.

What’s more, a user’s inbox becomes truly universal. Barriers to all forms of communication–email, voicemail, rights-protected messages, calendar requests, RSS feeds and saved instant messages–have been removed allowing one-stop access for members of your organization.

In addition, versatility and productivity of mobile email has been boosted with features like previewing messages with speech-to-text voicemail and creating a contest for messages with a conversation view.

Microsoft didn’t leave administrators out of the equation either. They have greater control over device access. They can create lists of devices to block, quarantine or permit access to their network. And budget-strapped IT departments will be glad to hear that the additional mobile support is included at no additional cost in Exchange 2010. Some of that cost, no doubt, is unloaded on smartphone makers, who have to pay a licensing fee to use ActiveSync.

Continue reading Smartphones that play nicely with Exchange

We are conducting our lives and our businesses in an increasingly mobile world.  We need access to our critical business information from multiple locations and using multiple devices.

These needs often clash with the requirement to keep our data secure.  Exchange Servers are kept behind corporate firewalls which restrict who can access them and how they can connect to their mailboxes.

Secure mobile access to mailboxes on Exchange Servers is typically achieved through one or more of these methods:

• Virtual Private Network (VPN)
• Outlook Anywhere
• Outlook Web App (OWA)
• ActiveSync

Virtual Private Networks

A VPN is a secure communications tunnel established between two endpoints.  These endpoints can be two devices such as routers or firewalls, or can be between a client device such as a laptop and a firewall.

Mobile workers use VPNs to establish LAN-like network access to their corporate network.  This usually means that once connected to the VPN they have access to the same network resources they would be able to access when connected to the LAN from within the business premises.  In more security conscious environments this access is sometimes limited to just the few resources they need, but in a practical sense operates just as if they were on the LAN.

Using VPNs for access to Exchange Server makes sense when there are other needs for VPN access as well, such as access to application servers, file servers, or intranet sites.  Rather than each resource having its own independent access method, the VPN provides an “all in one” access solution.

However sometimes VPNs are not practical.  It is not uncommon for a mobile worker to find they are unable to establish a VPN tunnel because of restrictions on the foreign network they are currently working on.  This is mostly the case for IPSEC and PPTP VPN tunnels.  SSL VPN tunnels usually have no such problems because the SSL/HTTPS port is usually permitted out through firewalls.

Outlook Anywhere

Outlook Anywhere was formerly known as RPC-over-HTTPS, which accurately describes how it works.

The Outlook connection to a mailbox server over RPC is tunnelled through an SSL/HTTPS connection so that it can traverse firewalls, as well as to secure the communications over untrusted networks. Continue reading 4 Ways to Access Exchange Server Mailboxes through Firewalls

There have been many times in the past when I have started a project for a new customer and discovered that they are not using SSL for their email servers.  Usually after a brief discussion they agree to implement SSL in the new system we are installing for them.

Occasionally they agree but insist on doing it in a less than ideal manner.  And sometimes, although rarely, they decline our advice and continue without SSL.

What is SSL?

SSL stands for Secure Socket Layer and is an encryption protocol that secures communications between two parties over insecure networks such as the internet.  Although still commonly referred to as SSL its new name is actually TLS (Transport Layer Security) which more accurately describes its role of securing communications at the Transport layer of the OSI model (eg, the TCP protocol).

In an SSL/TLS secured communication the two parties (e.g. a web server and a web browser) agree on how to secure the connection they are establishing. Continue reading The Importance of SSL for Exchange Servers

Some Exchange Server 2007 and Exchange Server 2010 roles require Internet Information Services (IIS) to function.   On these servers Exchange will install a series of IIS virtual directories.  In this post I will describe the Exchange Server virtual directories and their purpose.

/owa – This is the directory for OWA (Outlook Web Access on Exchange 2007, and now called Outlook Web App on Exchange 2010), which is the web browser version of Outlook that is usually accessed by remote workers.  The /owa directory is for access to Exchange 2007 or 2010 mailboxes.

/Public – This is the directory used by OWA users when accessing any Public Folders in the organization.

/Exchweb – This directory is used for OWA access for Exchange 2003 or 2000 users but is not usually accessed directly by the end user.  The OWA session will automatically refer the connect to this virtual directory when necessary.

/Exchange – This directory is again used for OWA access.  When an Exchange 2003 or 2000 mailbox user access the /Exchange virtual directory they are proxied to their mailbox.  For Exchange 2007 or 2010 mailbox users they are redirected to the /owa directory for their mailbox access.

This is useful during the transition from legacy Exchange versions to 2007 or 2010, because users can continue to connect to the /Exchange directory and the result will always be that they connect to their mailbox, as long as the server does not run the Mailbox Server role.  In other words, the /Exchange directory only works for legacy mailbox users if the server is a dedicated Client Access Server (though it can also contain the Hub Transport Server role without a problem). Continue reading Overview of Exchange Server Virtual Directories