June 2009 - Posts
For those local in the Chicago area I will be at the next Mobile Monday Chicago chapter meeting on Monday June 29th. I will give a brief overview of Enterprise Mobile and what we do in the mobile supply chain. Please see the details below.
Date: Monday, June 29, 2009
Time: 6:00 pm – 8:00 pm
Topic: Start-Up Showcase
Location: Acquity Group, 500 W Madison St, Suite 2200, Chicago, IL 60661
Location Notes: Participants can sign-in at the reception desk on the 3rd floor (picture ID required)
Please see the press-release here:
http://www.pr.com/press-release/160634
Sign-up to attend here:
http://www.eventbrite.com/event/345245639
Look forward to meeting folks there!
|\\arco..
Due to the recent announcement on the new iPhone 3G S model and the updated 3.0 OS upgrade there has been a lot of buzz about the software and new hardware features. Some say that the iPhone with these upgrades is now ready for the corporate enterprise. That may be true, but I was still concerned about the lack of security features I knew from the previous release so I had to dig a little deeper into this after the release material is now available..
Hardware Encryption
One of the few new security features mentioned is the hardware encryption and instant wipe feature that appears to be included on the iPhone 3G S model and not the older models. This is highlighted on the more features page and also in the iPhone Security Overview on the Enterprise page:
“iPhone 3G S hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.“. The key phrase is: always enabled. So it is active out of the box!
I think this is probably the single most interesting new feature for iPhone in the Enterprise by a long shot. Mostly in due to the previous security risks that I have mentioned previously.
Anthony Vance has an excellent recap on current thoughts around this new feature and the previous gaps here. Also some interesting comments from the author of the iPhone Forensics book, Jonathan Zdziarski, at the bottom of the entry!
Security Updates
Any large enterprise customer will also want to know what specific security fixes are included in a major OS upgrade. Apple comes through at this point, and has posted a support article with the known CVE security issues patched in the iPhone OS 3.0 software update here.
Enterprise Support on iPhone 3G
Apple has a new Enterprise Deployment Guide updated for the OS 3.0 upgrade. But I was unable to find any mention of the new hardware encryption feature in it.
But if the hardware encryption is enabled out of the box on all the 3G S devices, what can be done for the older 3G devices? There is no mention of software based encryption in the OS 3.0 upgrade. So it could be tricky to authorize and permit e-mail/VPN access towards the users of the newer 3G S devices, and not the older 3G devices.
There are some 3rd party solutions that may fit this security void and also provide some device management features. I think this area will only grow but today I believe there are still some gaps that need to be weighed against your corporate requirements, security risks and TCO..
|\\arco..
Just noticed that Michael Jimenez recently blogged and announced official Microsoft support for Windows 2008 Enterprise Edition Certificate Authority with SCMDM 2008 SP1.
I have successfully used the KB951840 patch on down-level devices to remove the error message that otherwise will appear. On the device it will complain that the Root certificate is not installed, even though the certificate chain locally shows it is there. :-) This will also prohibit the IPSec VPN from coming up.
Also as a recap of the different Windows Mobile build numbers and AKUs as I posted previously, you should also be aware of the Password Reset Client on the down-level devices. The important difference being that you could deploy the Password Reset .CAB file out to the devices once enrolled in SCMDM, but the Windows 2008 CA patch you are unable to since the VPN won’t come up without it..
Windows 2008 CA Patch (KB951840) installable on:
Windows Mobile 6.1 devices, Build 19202.1.0.0 and higher. Un-necessary to install on Windows Mobile 6.1.4 devices (Build 20757.1.4.0) or higher.
Password Reset Client installable on:
Windows Mobile 6.1.1 devices, Build 19559.1.1.0 and higher. But stated supported for only for Windows Mobile 6.1.4 devices and higher. So I assume un-necessary to install on Windows Mobile 6.5 devices but I shall test on the newly released emulator. :-)
|\\arco..
With the Windows Mobile 6.5 device emulator images now finally released we can probably start to see much more information about Windows Mobile 6.5 being made available to the public.
Grab the 6.5 Professional or Standard emulators here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=20686a1d-97a8-4f80-bc6a-ae010e085a6e
I already had the Windows Mobile 6.1.4 Professional images and Device Emulator 3.0 installed and the 6.5 images appeared to work straight away:
Please click on any of the pictures below to enlarge them for better viewing. My main purpose for using the emulator is for additional device testing, and not so much on the development side..
Connectivity on Windows Mobile 6.5
To get network connectivity you can follow the same steps as with previous emulators. Please see this blog posting for additional information.
The emulator network properties:
Walkthrough in a WM 6.5 emulator image:
MyPhone on Windows Mobile 6.5
Another tip in using the emulator is using the built-in MyPhone client to get more “live” data easily into the emulator for testing and usage. I did get a upgrade prompt to install the latest and greatest MyPhone client in my emulator. You can now install the open beta MyPhone client on any of your existing Windows Mobile 6.0 or 6.1 devices, back-up the data and then restore it within the emulator.
MyPhone walk-through on the WM 6.5 emulator:
Windows Mobile 6.5 Widgets
Jorge Peraza has posted some quick information on how to get your feet wet with widgets on Windows Mobile 6.5: http://blogs.msdn.com/windowsmobile/archive/2009/06/04/getting-started-with-widgets-on-windows-mobile-6-5.aspx.
What’s Hot about Windows Mobile 6.5
At the recent TechEd this TechTalk was recorded with Dale Coffing and Chris De Herrera to discuss the new user interface, MyPhone and Windows Marketplace for Mobile services:
http://www.msteched.com/online/view.aspx?tid=5471dd4c-9d1f-47c8-85df-c3bf5bfe678c
Network Utility on Windows Mobile 6.5
I did a quick test of the Enterprise Mobile IP Utility and it works under the Windows Mobile 6.5 emulator just fine and could be a very useful tool for troubleshooting:
System Center Mobile Device Manager (SCMDM) 2008 Support in WM 6.5
Of course testing out the SCMDM client embedded in Windows Mobile 6.5 is something I had to test out as well. :-) It didn’t disappoint and the VPN came up fine against a SCMDM 2008 SP1 instance over the Internet. I did notice a new option and error messages provided in the client:
|\\arco..
I’m an old Exchange administrator since the 5.0 days and a new version of Microsoft Exchange server is coming near you very soon. It brings a long list of new and enhanced features. This also carries over to mobility and is important for any enterprise Exchange administrator to understand in today’s very mobile world..
I will attempt to highlight some of the important mobile features I feel it brings to the enterprise table and reference places to find additional details and information. Please comment if you may have updated or additional interesting information!
Windows Mobile client Enhancements
Adam Glick has a great recap here:
http://edge.technet.com/Media/Exchange-2010-updates-for-Windows-Mobile/
Conversation View: If you use this feature in Outlook and OWA (Outlook Web Access), you already know that this is an easy way to track a conversation. Conversation treats multiple messages like a single conversation, allowing users to manage, move or delete multiple messages a whole vs. going through the string one-by-one. Free/Busy Look-up: Now you instantly know if your contacts are available for a last minute meeting or if they are on a call. Nickname Cache: This automatically populates a list of suggested emails based on recent messages, allowing users to email more quickly. SMS Sync: Send and receive SMS text messages from Outlook and OWA. Reply State: Icon indicates if you have already replied or forwarded an email. Installable Client: Upgrading to Exchange 2010 doesn't mean you have to update your phone. All of the latest features are available to users with a mobile device that has 6.1 or later. The updated Mobile Outlook software can be downloaded Over-The-Air (OTA). (BTW, the interesting article that Adam refers to in the video interview on how to block unapproved mobile devices at the firewall with known user-agent strings is here: http://msexchangeteam.com/archive/2008/09/05/449757.aspx)
There is also the new feature where the nickname cache is shared with OWA, so you can quickly choose known recipients on your Windows Mobile device.
Windows Mobile Outlook Client
Mark Garcia has posted some great in-depth Windows Mobile screen comparisons where you can really see the enhancements described above: http://blogs.technet.com/ucedsg/archive/2009/05/31/what-is-new-with-exchange-server-2010-activesync-and-outlook-mobile.aspx
Another one that Mark highlighted but not in Adam’s list is the voice mail transcription feature. Added automatically in the body of the message. Where you can read your voicemails instead of listening to them..
Exchange ActiveSync (EAS) Changes
Andreas Helland posted some server screenshots from the Exchange 2010 beta where you can verify that the ActiveSync policy settings haven’t changed much since Exchange 2007 SP1:
http://mobilitydojo.net/2009/04/23/exchange-2010-beta-and-mobility/
Under the hood this is the new Exchange ActiveSync (EAS) features in Exchange 2010:
Block/Allow/Quarantine list:
You can setup a single list to block/allow mobile devices as needed. You can also quarantine devices such as new untested devices, etc.
Block/Allow via approved device list:
- Approved by device type or by user
- Device type reported by the device
- Block an unsupported device
Quarantine:
- E-mail sent
- Administrator approved
This will be a very interesting feature that I hope to dive deeper into later.
Over the Air (OTA) Update Mode:
You can now push new Outlook Mobile updates/new versions to Windows Mobile 6.1 and above. This is really nice since you no longer have to wait for a new Windows Mobile OS version to obtain a new version of Outlook Mobile.
SMS Sync:
The ability to send SMS text messages through Exchange and EAS is used to sync SMS message with user’s mobile device.
Benefits of SMS sync:
- User can use OWA, Outlook, and Outlook Mobile to respond
- SMS messages are backed up on the server
- Recipients can respond to messages
- User can switch “screens” while still seeing all their messages
IMAP/POP3 service discovery:
You can now autodiscover/autoconfigure the IMAP/POP3 settings from your mobile device by just specifying your email address.
Outlook Web Access (OWA)
Oliver Moazzezi describes some of the new OWA features:
http://www.exchange2007.com/2009/04/exchange-2010-outlook-web-access-and.html
Here I think it is important to note that OWA now offers full (so called Premium) support to Firefox 3.0 and Safari 3.0 browsers. So they have the same experience as users running Internet Explorer 7 or 8.
ActiveSync - Multi Platform Support
A powerful feature is that ActiveSync is being licensed and supported by more and more vendors. Some are being provided free with the devices, others are an additional license and software client. Most have not yet announced any support for Exchange 2010 and it is skimpy to find details on the specific support on certain ActiveSync features.
Apple iPhone
It appears so far that Exchange 2010 Beta 1 is compatible with iPhone 2.0 devices. See thread here.
Google Android
I saw that DataVis is also selling an ActiveSync client for Android devices called RoadSync, but not sure to what extent it supports the ActiveSync features. It appears to be fairly basic and listed support for Exchange 2003 and Exchange 2007 at this time.
RIM BlackBerry
Found this interesting company who has created a software client called AstraSync: “AstraSync™ is a new software application for BlackBerry® Smartphones that performs two-way over-the-air synchronization of email, calendar and contact data with a Microsoft Exchange”. There are potential cost savings with this solution if you can forego the BES licenses!
Palm WebOS
It appears that the new Palm Pre device will not just support one ActiveSync profile but multiples. But little official documentation has been posted so far..
Microsoft has also opened up their Exchange Server protocol documentation and posted some of the ActiveSync and WebDAV under the Open Protocol Specifications as it relates to Exchange Server 2007 SP1: http://msdn.microsoft.com/en-us/library/cc425499.aspx. Also see the PressPass announcement here.
MailTips for Office Outlook 2010
On a side note, another awesome client feature I think will be very useful for many organizations, however not available on the mobile devices, is this thing the product team has called “MailTips”. Basically it gives you information on the message you are sending while you are writing the e-mail before you click send and do something you may didn’t want to. Out Of Office, DL sizes, BCC warnings, over size limit, external recipients and more! Simply brilliant I think! Read some of the details here: http://msexchangeteam.com/archive/2009/04/28/451193.aspx
References:
Exchange 2010 Beta Evaluation:
http://technet.microsoft.com/en-us/evalcenter/dd185495.aspx
Exchange 2010 Tech Center:
http://technet.microsoft.com/exchange/2010
What’s new in Exchange Server 2010:
http://technet.microsoft.com/en-us/library/dd298136(EXCHG.140).aspx
Exchange Server Remote Connectivity Analyzer (ExRCA):
http://myitforum.com/cs2/blogs/mnielsen/archive/2009/05/07/using-exchange-server-remote-connectivity-analyzer-exrca-for-windows-mobile-activesync-testing.aspx
Exchange Product Team Blog:
http://msexchangeteam.com/
Exchange 2010 Webcast series:
http://msexchangeteam.com/archive/2009/05/26/451465.aspx
|\\arco..
As I have blogged about previously, there was some interesting webcast sessions on Windows Mobile, Security and Device Management on TechNet recently.
If you were unable to attend you can also catch a glimpse of one of the speakers I know, David Field here on TechNet Edge:
http://edge.technet.com/Media/Enterprise-Mobile-Security-Interview/
Dave Field spoke at TechEd on mobile security and gives us some insight into mobile phone security on topics such as:
- Areas where Windows Mobile security is strong against the competition
- Scenarios where companies will want to look to 3rd party solutions for mobile security
- Recommended ways to implement 2 factor authentication for phones
The Windows Mobile security whitepaper Dave mentions is something I also blogged about back in February, and available here: http://www.enterprisemobile.com/resources/white-papers.htm
|\\arco..