In Part 1 of this series, I looked at the mechanisms available to IT staffers to activate, deploy and configure iPhones in business environments. But the biggest new business-oriented feature available on the iPhone, thanks to the iPhone 2.x firmware (included with the iPhone 3G and available for free to users of first-generation iPhones or for $9.95 for iPod Touch users), is the addition of ActiveSync for accessing Microsoft Exchange.
ActiveSync allows for automatic over-the-air push updates of new e-mails, calendar events and personal contacts to the iPhone (functionality that was already available to Windows Mobile, Palm and Symbian devices). ActiveSync also lets iPhone owners search a company's Global Address List (GAL) using the included Contacts application, and allows administrators to enforce some security policies on the iPhone, including the ability to remotely wipe the contents of a phone that is lost or stolen.
But getting iPhones to connect and sync with Exchange servers can be tricky. In this story, I'll provide tips for integrating and managing iPhones in an Exchange environment. (Part 3 of this series, which will be posted in the next month, will cover the options for developing and deploying in-house iPhone applications.)
How ActiveSync works
Unlike push services for BlackBerry devices, which rely on an intermediate server (RIM's BlackBerry Enterprise Server) that receives update notifications from an e-mail server and then provides push notification to remote devices, ActiveSync manages communication with an Exchange server. For those new to working with over-the-air syncing via direct push in Exchange, the following is a brief introduction. Understanding the basic concept can help in both planning and troubleshooting iPhone access to Exchange.
Direct push between an Exchange server and remote client devices relies on communication between the server and the device. When the device is powered on or configured, it sends an HTTP/HTTPS request (known as a ping request) to the server to establish a connection.
The ping request identifies the device, the user, and folders on the Exchange server to be monitored. (The iPhone supports monitoring of Inbox, Calendar and Contacts, but unlike other devices that implement ActiveSync, it does not support monitoring of Tasks at this time.) Additionally, the request identifies a time limit for the session -- also known as a heartbeat interval.
Upon receipt of the client request, the Exchange server monitors the specified folders until changes occur or until the heartbeat interval is reached. If the server detects changes to a folder being monitored (e.g., incoming e-mail or a new calendar item), it notifies the device that the folder(s) have been updated, which causes the client to issue a sync request for those folders (and thus update appropriately and alert the user if the update contains new e-mail).
If the server doesn't detect changes within the heartbeat interval, it responds to the client device with an HTTP 200 OK message, which causes the client to generate a new ping request. A new ping request is also generated following a successful sync.
The heartbeat interval is dynamically determined by the client device, such as an iPhone or Windows Mobile phone. ActiveSync clients maintain a log of interactions with the server and choose intervals that utilize the longest possible time before a network timeout (the time at which the server, the mobile carrier or any network devices between the client and the server will drop the connection).
By using the longest possible heartbeat interval, the server can maintain the connection for the client without requiring active use of the communication channel and thus conserving battery life on the device.
Understanding Exchange requirements
As anyone who has administered Exchange knows, there are a number of variables and options in determining the best configuration for an Exchange environment. Factors such as firewall and proxy server configurations, internal and external DNS, the optional use of front-end and back-end servers, the Active Directory forest and domain topologies, and the versions of Exchange and Windows Server used all impact the ultimate design of an Exchange environment.
Other major factors include the use of SSL, whether self-signed certificates or a certificate authority are used (and how they're implemented), which authentication options are used, and which virtual directories on the Exchange server are secured.