Thursday, June 30, 2005

Exchange ActiveSync and the /Exchange virtual directory

Lucky me, I am working on an issue very similar to this and I happen to run into this blog post by Selva Nalliah It is really good detail on how ActiveSync works now and will hopefully work when SP2 ships.

 

 

As many of you already know, Exchange ActiveSync uses HTTP-DAV to access the user’s mailbox. By default these HTTP requests are all sent to the /Exchange virtual directory on the mailbox server. However, in certain deployments like the hosting scenario there can be multiple virtual directories each tied to a particular Domain Name. How does Exchange ActiveSync figure out what mailbox server to go to? What virtual directory to use? What is the mailbox name that is used? Here’s some answers…

 

If you’ve configured a device to sync to an Exchange server you would have noticed that the only information a user supplies is his/her credentials and the server name - no information as to the user’s mailbox. When a device makes a request to Exchange ActiveSync on the front end server, Exchange ActiveSync first makes an LDAP request to the Active Directory to get back the following attributes on the authenticated user (note that this is not the complete list):

 

displayName

mail

HomeMDB

ProxyAddresses

 

The HomeMDB attribute will be set to the mailbox server name which is how Exchange ActiveSync knows which server to go to for that user. By default Exchange ActiveSync will send its request to the /Exchange virtual directory. So a HTTP-DAV request from Exchange ActiveSync to a mailbox server named mytestserver may look like this:

 

SEARCH /exchange/mobile1/

Host: mytestserver

Brief: t

Accept-Language: en

Content-Type: text/xml

Content-Length: 2181

Connection: Keep-Alive

Range: rows=0-511

 

Now, in some cases this default behavior is not desirable – for instance, in the hosting scenario you may have different virtual directories such as:

 

/Exchange for the blah.com domain

/Foo for foo.com domain

/Bar for bar.com domain

 

Since all requests will end up going to the /Exchange virtual directory only user’s of the blah.com domain can sync. So, is there a way to solve this so the users of all domains can sync? Well, if you have Sp2 you can!! In Sp2 we changed our url format to use the SMTP mailbox addressing scheme so all requests can go to the same virtual directory even if the users are on different domains.  But first let’s take a look at how this currently works in Sp1 and earlier where you could only have it working for a single domain.

 

Exchange ActiveSync provides a registry key that can be set to make it use a different virtual directory other than the default /Exchange one. The key is under the HKLM and needs an IIS restart to take affect:

 

HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters\ExchangeVDir

 

If this key is set to the value foo for instance, then all requests to the mailbox server will be sent to the /foo virtual directory as follows:

 

SEARCH /foo/mobile1/

Host: mytestserver

Brief: t

Accept-Language: en

Content-Type: text/xml

Content-Length: 2181

Connection: Keep-Alive

Range: rows=0-511

 

We can now have all users on the foo.com domain syncing to the Exchange server, however, the users of the other domains won’t be able to.

 

There is one other piece of information that is important here – the mailbox name. Notice the /mobile1/ part of the url which is the name of the mailbox that we are trying to access. The request above assumes that there exists a mailbox for mobile1@foo.com. How did Exchange ActiveSync figure out the mailbox name? The mail attribute on the user object that we get back from the AD contains the primary SMTP address for that user. Exchange ActiveSync simply strips out the left hand side (LHS) of that address and uses that as the mailbox name. This can however break in certain scenarios, what if the user mobile1 did not have a mailbox for mobile1@foo.com??

 

Exchange ActiveSync provides a registry key that can be set to use a proxy address rather than the primary SMTP address. The key is under the HKLM and needs an IIS restart to take affect:

 

HKLM\SYSTEM\CurrentControlSet\Services\MasSync\Parameters\SMTPProxy

 

In the example above if we set this key to the value foo.com we can then make Exchange ActiveSync use the mailbox name that matches the address for foo.com. Exchange ActiveSync first checks to see if this key is set. If it is set it walks thru all the proxy email addresses for that user and tries to match up the Right Hand Side (RHS) of the address with the SMTPProxy string set above. If a match is found it then uses the LHS of the matching address, else, it defaults to the LHS of the primary SMTP address. Let’s take the example of the mobile1 user above with the following AD attributes set:

 

displayName          = Mobile Person

mail                       = mobile1@blah.com

HomeMDB              = mytestserver

ProxyAddresses     = person@bar.com

   mperson@foo.com

 

If the proxy registry key is not set, Exchange ActiveSync would have derived the mailbox name from the primary SMTP address (mail attribute) as follows:

 

mobile1@blah.com

|-------|

   LHS

 

If the key is set to foo.com then Exchange ActiveSync will try and match the RHS of the proxy addresses first as follows:

 

person@bar.com

           |-------|

               RHS

 

mperson@foo.com

|--------| |-------| ç

    LHS          RHS

 

In the second case above the RHS will match foo.com and so the requests will be sent to the mailbox mperson corresponding to mperson@foo.com which solves our problem.

 

SEARCH /foo/mperson/

Host: mytestserver

Brief: t

Accept-Language: en

Content-Type: text/xml

Content-Length: 2181

Connection: Keep-Alive

Range: rows=0-511

 

In Sp2, we use the SMTP mailbox addressing scheme which was introduced in Sp1 for OWA. This scheme allows us to specify the full emailaddress (not just mailbox name) in the url as follows:

 

SEARCH /exchange/mperson@foo.com

 

What does this buy us and how do we use it? With this new scheme you can host multiple domains in multiple virtual directories with all users being able to use Exchange ActiveSync. The SMTP mailbox addressing scheme basically eliminates the need to point a user to the virtual directory that matches their domain. They can go to any one of the exchange virtual directories regardless of the domain that it’s set to. In the url above, note that the request is actually being sent to the /Exchange virtual directory which is set to the default blah.com domain. Since the full SMTP address is supplied the domain used is foo.com rather than blah.com. What’s nice is there’s no change needed to get all this to work – when the front end server is upgraded to Sp2 all requests will immediately start using the new format above so user’s who previously couldn’t sync can sync now!

 

What’s the catch? Well, there is one requirement for this new feature – the mailbox server that Exchange ActiveSync is accessing must be running at least Sp1.

 

So, with Sp2, you can host multiple domains and all users can sync!

Monday, June 27, 2005

Exchange Server Best Practices Analyzer Tool 2.1

A new build of ExBPA is aailable. Download at the source...

Build 2.1.7599.0

The Exchange Server Best Practices Analyzer programmatically collects settings and values from data repositories such as Active Directory, registry, metabase and performance monitor. Once collected, a set of comprehensive ‘best practice’ rules are applied to the topology.

Administrators running this tool will get a detailed report listing the recommendations that can be made to the environment to achieve greater performance, scalability and uptime

Wednesday, June 22, 2005

History of OWA

Here is an interesting post by Jim Van Eaton on the history of OWA...


"The Exchange Web Client" was the first web email client produced by Microsoft.  It had an interesting green and black color scheme but it did most of the basic needs for doing messaging.  We didn't have enough time to add calendaring support in the first version.  What we did in this first version was the first step in what has now become a new way of building web applications.

OWA was born out of the sheer will of my friend Bob Gering when he decided we should look exactly like Outlook.  We started changing our frameset design, colors and graphics to look and feel like Outlook.  It was this desire to look, act and feel like Outlook that caused us to move web applications forward in a new evolutionary path.

Traditional web applications constantly refresh the document for just about every action. During Exchange 5.5 development in 1996/97 we used hidden frames to communicate to the server when sending messages so we wouldn't clear the user's document.  However, we still had many frames updating during navigation of the mailbox.  We also developed a Java applet for the date picker control in the calendar view to augment the user experience since DHTML on the current browsers at that time was just about non-existent.  In the end we found that the applet did not meet our performance needs because virtual machine initialization was too expensive. OWA 5.5 had richer support than prior versions but it still lacked the type of experience that users get in a win32 application but it did work on just about every browser under the sun.

In 1998 we started on the incredible task of rewriting OWA for Exchange 2000.  There were competing teams that were working on this task.  WebDav had a team, led by Russ Simpson, working on a very basic hotmail like experience.  The architecture of this version was the most interesting part.  It was scalable and fast because it was actually built into the Exchange store process.  Bob Gering, Ward Beattie, Iain McDonald and I were on the CDO (Collaboration Data Objects) team building a version with DHTML controls on an alpha version of IE5.  Management fixed the redundant effort issue and joined the two teams together with Ward leading the way.  It made perfect sense to combine the efforts of great plumbers along with great painters. 
Continued at source...

Microsoft to debut Web-based Communicator

Microsoft unveiled plans on Tuesday to introduce a Web-based version of its Communicator enterprise messaging software in order to offer customers increased flexibility in accessing the company's collaboration and communications tools.

Speaking at the Collaborative Technologies Conference in New York, Anoop Gupta, corporate vice president of Microsoft's Real-Time Collaboration Group, detailed the company's plans to introduce a beta version of the product in mid-July. Dubbed Microsoft Office Communicator Web Access, the software aims to help provide customers with an additional option for accessing the software giant's corporate IM system.

The company plans to introduce the latest desktop version of Communicator, labeled Microsoft Office Communicator 2005, sometime before the end of June, and has already begun manufacturing the product.

According to Microsoft, using Communicator Web Access together with the company's Live Communications Server software will allow workers to access its IM system from any device connected to the Internet. Gupta called the introduction the next step in Microsoft's plan to provide "ubiquitous access to rich presence and an integrated communications experience."

Ed Simnett, group product manager for real-time collaboration at Microsoft, said that one of the primary tenets of the company's real-time collaboration strategy focuses on maximizing the reach of its software. The executive said the approach is illustrated by efforts such as the company's recent deal with Research In Motion to develop messaging software for devices that link to servers using software from both RIM and Microsoft.

"Customers have told us that a Web client is an important extra piece of the arsenal," Simnett said. "It also plays to the overall strength of real-time collaboration and the platform strategy that we have. People should be able to communicate from anywhere at any time."

Communicator Web Access will parallel the firm's Outlook Web Access e-mail offering in terms of giving workers expanded opportunities for using the company's communications tools, particularly when they are out of the office, he said. In addition, companies that haven't upgraded their desktop software to the latest Windows operating system will still be able to access the tools.

Simnett said that technical details of the client software are still being worked out, but he indicated that the interface for Communicator Web Access will closely mimic the controls the company has built into the desktop version of the messaging tools.

Microsoft has previously highlighted Communicator as an indicator of the type of collaboration technology it is building into the next version of its Office business software. Due out sometime next year, Office 12 will arm workers with a variety of new options to communicate with co-workers when it is used alongside the Live Communications Server software, the company said.

For instance, out-of-office messages will pop up automatically in Communicator, as will a user's IM presence information. If companies integrate the software with their traditional or Internet telephony gear, workers can also start phone calls through their PC and redirect incoming calls when they are going to be away from their desk.

Monday, June 20, 2005

Sun, Microsoft To Ship Identity Management Federation Services

The availability of more advanced and secure identity-management platforms and technology for connecting companies is making B2B more palatable to the corporate masses.
To that end, Sun Microsystems and Microsoft are extending their identity management platforms with federation capabilities to enable cross-company pollination.

On Monday, Sun unveiled the Sun Java System Federation Manager and Sun Java System Identity Manager Service Provider Edition. The new products are designed to allow customers to extend identity management beyond traditional boundaries to partners, suppliers, new devices and external applications, Sun executives said.

For example, Federation Manager will help customers create secure partner networks by automatically linking identities across multiple sites, said Eric Leach, director of product management for Sun Java System Federation Manager at the Santa Clara, Calif.-based vendor. The product also will enable integration among Web services.

With the Service Provider Edition, customers and service providers will get a tool for automating provisioning and account registration through portals, according to Sun. Customers also will be able to create new applications and customize services from third-party providers.

The new products, slated to be rolled out within 90 days, are add-ons to Sun's Java Enterprise System and plug into the Directory Server Enterprise Edition and Sun Identity Manager. For enabling cross-company authentication, the products are much easier to use than passing certificates, Leach said.

The products are priced on a per-user basis. Federation Manager starts at $150,000, and the Service Provider Edition with Federation Manager included begins at $300,000, Sun executives said.

Microsoft, meanwhile, in the fourth quarter plans to launch an upgrade to Windows Server 2003 that features Active Directory Federation Services. The services, which are slated to be delivered in the Release 2 edition of Windows sServer, will offer cross-company authentication of users, devices and resources.

Sun executives said their company's new federation products support industry standards and will complement Sun and Microsoft's work to enable interoperability between their platforms.

For example, Sun's Federation Manager supports Security Assertions Markup Language (SAML) and several standards backed by the Liberty Alliance, including the Liberty Identity Federation Framework and the Liberty Identity Web Services Framework. And last month, Sun and Microsoft announced the development of new specifications that will enable Web single sign-on between systems that use Liberty protocols and Microsoft's homegrown WS-* Web services architectures. 

News Source:  http://informationweek.com/story/showArticle.jhtml;jsessionid=AFZD05E3M5C4QQSNDBGCKHSCJUMEKJVN?articleID=164901231

Wednesday, June 15, 2005

Update for Outlook 2003 Junk Email Filter

This optional update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail.

Monday, June 13, 2005

Yes!! Microsoft expands reach of best practices tool

In my opinion the Exchange Best Practices analyser Tool is the coolest tool Microsoft released last year. I think all product groups at Microsoft should create such a tool, just like they all make management packs for MOM. Well good news, this is exactly what is going to happen next year! [:D]

Beginning in 2006, Microsoft will release versions of the free tool for all of its platforms, said Paul Flessner, senior vice president of server applications, at the recent TechEd 2005 conference. The system analyzers follow the company's Windows Server System Common Engineering Criteria, aimed at making integration and management of its products easier, he said.

Ed Donnelly, senior systems engineer with Kaplan Inc., in New York City, has been using the Exchange Best     
It gives a good baseline for building forward, depending on the server build we do.

Practices Analyzer and plans to use the other tools as they become available.

"It gives a good baseline for building forward, depending on the server build we do," said Donnelly, whose company provides educational and career services. After matching best practices with Microsoft, he said, you can tailor your own environment as needed, knowing you've met the company's suggested standards. "Each [analyzer tool] should also tell you what you're missing, and be updated with each service pack."

In March, the company released an update for the Exchange tool, adding support for Microsoft Operations Manager (MOM).

The Exchange Best Practices Analyzer automatically examines a Microsoft Exchange Server deployment, including Active Directory, to check the configuration and general health of the system. To use the tool, administrators need to be running Microsoft .NET Framework 1.1 on each Exchange server.

"It's nice to find out what we're supposed to be doing correctly and have some kind of game plan," said Scott Semrau, a network administrator with touch-free car wash system maker PDQ Manufacturing Inc., in DePere, Wis. His organization has downloaded the Exchange tool and is in the process of testing it.

Systems that will see best practice analyzers in 2006 include SQL Server, Content Management Server and Microsoft Office Live Communications Server. Administrators will have the ability to compare the configuration of their systems against Microsoft's best practices database, monitor system health and access online documentation of reported issues.

Full Story At Source

 

Thursday, June 09, 2005

Microsoft Readies Identity Integration Server SP2, 'Gemini' Upgrade

As identity management and access take center stage in the software arena, Microsoft is developing a service pack for its Identity Integration Server 2003 and a major upgrade, code-named Gemini, due out in 2007.
At Tech Ed 2005, Microsoft said it is building out its Microsoft Identity Integration Server (MIIS) platform--formerly known as Microsoft Metadirectory Services (MMS)--to offer improved security and operational efficiencies, better enable online business transactions and help customers meet regulatory requirements such as Sarbanes-Oxley and HIPAA.

In 2006, Microsoft plans to release MIIS SP2, which will bring self-service password reset for end users and a new ERP Management Agent (MA) for integrating SAP and PeopleSoft identity information into MIIS, said Andreas Luther, group product management for MIIS in Microsoft's Identity and Access Group. MIIS SP1 and Resource Kit v 2.0, both released in late 2004, provided password synchronization, a Provisioning Wizard and basic workflow application that demonstrated how to build workflows in MIIS, according to Microsoft.

Yet that's just the beginning of Microsoft's identity management and access plans, Luther said. Further out, in the Longhorn Server time frame, Microsoft plans to release its Gemini version of MIIS. The upgraded server, slated to come out in 2007, or about three months after Longhorn Server ships, will offer core functionality required for process integration services, including rich workflow, centralized auditing and reporting, codeless provisioning, self-entitlement management and a self-service platform, he said.

The platform allows corporations to manage identity data--such as account information, passwords, configurations and access rights--stored in heterogeneous directory services throughout the enterprise. Microsoft acquired ZoomIT and its metadirectory platform in 1999 and renamed it Microsoft Metadirectory Services. It was released as Microsoft Identity Integration Server 2003 Enterprise Edition in 2003.

Identity management is crucial to enabling B2B transactions between companies and their partners and suppliers. In Microsoft's world, B2B will get a big jump-start later this year with the R2 release of Windows Server 2003, which offers Active Directory Federation Services. MIIS, for instance, will work with the Active Directory Federation Services to enable cross-company identity management and authentication.

"MIIS will offer a complete password management story, with powerful workflow and business process integration," Luther said, adding that there needs to be strong safeguards to protect companies that engage in B2B transactions. "When you federate with partners, you have to manage user accounts. If you create accounts for partners, what if your partner doesn't tell you that an employee leaves?"

The Gemini provisioning capability is an integrated toolset that will manage the life cycle of digital identities and entitlement, Luther said. The enhanced provisioning will offer automated deprovisioning of accounts and centralized auditing of access to resources. He added that the unified Gemini workflow engine and model will enable full workflow support for provisioning and allow for the development of end-user self-service applications.

"It will give you a UI for defining rules when and where entitlements are created, and there's no more coding required," Luther said. "It's ready-to-use, out-of-the-box, self-service and compliance checking."  Continue At Source

 

This describes what is coming in E2K3 SP2

 

Exchange Server 2003 Service Pack 2 is Coming!

 
* *
* *

Get a sneak preview of the new features and improvements coming in Service Pack 2 (SP2), scheduled for release in the second half of 2005. SP2 builds on the capabilities of Exchange Server 2003 to offer you even better protection, reliability, easier administration, as well as improved mobile messaging when used in combination with the Microsoft Windows Mobile 5.0 Messaging and Security Feature Pack.

 

What Is SP2?

SP2 is a cumulative update that enhances your Exchange Server 2003 messaging environment by adding:

Mobile E-Mail Improvements

SP2 offers a huge leap forward in mobility capabilities. With SP2, Exchange Server 2003 can offer a significantly improved Outlook experience on mobile devices as well as additional security and device control. As always, the Exchange ActiveSync protocol does not require expensive software or outsourcing fees to access data on your Exchange server.

Key mobility enhancements in SP2:

New seamless Direct Push e-mail experience. No longer is there a reliance on short message service (SMS) to notify and ensure the device automatically retrieves new e-mail from your Exchange server. SP2 will use an HTTP connection, maintained by the device, to push new e-mail, calendar, contact, and task notifications to the device. This new model even works over wireless fidelity (Wi-Fi) networks.

Additional data compression translating to a faster experience when sending and receiving messages and reduced synch times.

Additional Outlook properties, including support for Task synchronization and pictures in Contacts. In addition, you can now look up people by using the Global Address List (GAL) over the air.

Greater control and security, including:

Policy setting. Force a password to unlock a device.

Local wipe. Reset the password after x number of incorrect logon attempts.

Remote wipe. Reset remote devices over the Web.

Such policies help to ensure corporate data or applications are not compromised when devices are lost or get into the wrong hands.

New optional support for certificate-based authentication to eliminate the need to store corporate credentials on a device.

Added support for Secure/Multipurpose Internet Mail Extensions (S/MIME) to sign and encrypt messages coming to and from mobile devices.

For details about the other mobility features in Exchange Server 2003, see the Mobility in Exchange Server 2003 page.

Most mobile e-mail improvements require that your device run the Windows Mobile 5.0 Messaging and Security Feature Pack, which will be available at or near the time that SP2 is released. Some features such as support for Tasks and pictures in Contacts will not require the feature pack.

Licensees of the Exchange ActiveSync protocol (such as palmOne, Motorola, Nokia, Symbian) can take advantage of these improvements through updates to their messaging applications or devices. The roadmap for those devices is owned and managed by the licensee.

Mobile improvements

Better Protection Against Spam

SP2 delivers improved protection against spam to help ensure a secure and reliable messaging environment, including:

Updated and integrated Exchange Intelligent Message Filter. Based on the same patented SmartScreen filtering technology developed by Microsoft Research and now incorporated in Microsoft Office Outlook 2003, MSN Internet Software and Services, and MSN Hotmail, SP2 will incorporate the latest data and updates to the Exchange Intelligent Message Filter. Improvements to this filter ensure a continued focus on identifying spam and reducing false positives. These updates include new capabilities in the fight against spam including blocking phishing schemes. Phishing schemes attempt through deception to fraudulently solicit sensitive personal information by masquerading as legitimate Web sites.

New support for Sender ID e-mail authentication protocol. This new feature further helps prevent unwanted mailbox phishing and spoofing schemes by verifying the IP address of the e-mail sender against the purported owner of the sending domain. Spoofing attacks occur when one person or program is able to masquerade successfully as another to gain access to personal e-mail messages. The result of the Sender ID check is used as input to the Exchange Intelligent Message Filter. The sender must have registered a list of the valid IP addresses in DNS for accuracy. To learn more about Sender ID, see the Sender ID page on the Microsoft Safety site.

Mailbox Advancements

Drive down operational costs and the complexity of your messaging environments with advances such as:

Increase in mailbox storage size limits to 75 gigabyte (GB) for Exchange Server 2003 Standard Edition in response to customer feedback and evolving mailbox storage needs.

New offline address book format offers significantly improved performance.

Cache mode enforcement with added flexibility. You now can force clients into cached mode to help improve performance and increase the number of active users per server. This is especially beneficial to organizations seeking to further site and server consolidation.

Finer controls for public folder management to reduce administrative requirements.

Full support for Novell GroupWise 6.x connectors and migration tools.

Iberian and Brazilian Portuguese spelling checker will be available for Microsoft Office Outlook Web Access.

 

Wednesday, June 08, 2005

Solving the Phone Synchronization Problem End-to-End

(or, The Design of Exchange Direct Push in Exchange 2003 SP2)

Background

I bought my first cell phone in the summer of 2000 – the venerable Nokia 5160.  With the attendant giddy excitement of a new consumer electronics purchase, I started adding names and numbers to the addressbook on the phone.  This bubble was to burst when I would arrive at work to realize that the contacts and appointments I’d spent the last few years entering into Outlook were isolated from those on the phone.  There may have been custom solutions to keeping the two synchronized, but a cursory search on Nokia’s site did not yield anything obvious – certainly, nothing out-of-the-box existed at that time for my setup.

Fine, I thought.  For now, I’ll resign myself to manually entering each contact twice – once on the phone, and once in Outlook.  But this sucks.

And so it was until the Nokia 8390 came out.  I bought it on literally the first day that Seattle’s AT&T Wireless store stocked them, as this was the first phone offered by Nokia that met my specifications:

  • Being as I was unschooled in the ways of SIM unlocking, the phone had to be offered by my service provider.
  • The phone had to sport PC connectivity, be that over infrared or USB, and synchronization software for Outlook.
  • The phone had to look cool – the Nokia 9000 series phones were just too big and corporate-looking for me.

Note that between the 5160 and the 8390, I also owned the 8260 (yes, the Charlie’s Angels phone).  Consider what this means[1]:  Upon buying the 8260, I had to manually copy every contact from the 5160 to the 8260 – if the store personnel had the capacity to use custom tools to do this for me, they didn’t offer.  And this process had to be repeated when I moved from the 8260 to the 8390.  Finally, all the while, I ran the risk of losing my current phone and, with it, all of my carefully-entered contacts.  Best case, this meant an incredibly laborious, error-prone, eye-crossing two hours spent manually entering contacts into my replacement phone – and only if I happened to be diligent about doubly entering every contact into both Outlook and the phone.  Worst case, this meant some lost contacts and the all-too-familiar emails whose contents read something like, "I’ve lost my phone and your phone numbers; please send me your contact information!"

If the double-entry of contacts in Outlook and the phone sucked, this really sucked.

With the 8390 in hand, I was ready to trounce several of these issues:

  • With my contacts being synchronized with Outlook (and subsequently replicated up to my Exchange mailbox), I was insulated against my phone getting lost or destroyed or (as what wound up happening) inexplicably frying itself while on a business trip.
  • I need only enter contacts and calendar information once, whether in Outlook or on the phone, and synchronization would take care of reconciling the two.
  • Buying a new phone no longer implied the aforementioned back-breaking two hours’ labor.

I installed the synchronization software onto my laptop and connected the 8390 using infrared.  Problems surfaced immediately upon completing the first synchronization, however:

  • The contacts for which I had postal address information in Outlook were mapped, uselessly, to "United States of America."  Thanks.
  • General "low fidelity" synchronization of contact and calendar items – i.e., missing/incorrectly mapped fields.  No synchronization of email.
  • Exceptions to recurring appointments (e.g., "We meet at 1pm every week except this week, when we’ll meet at 2pm.") were unsupported.
  • The truncation of text fields for appointments seemed overly aggressive: I often knew that I had a meeting but was not entirely sure where it was or what it concerned.
  • The desktop synchronization software would occasionally crash with the dialog "Pure virtual method called."  What?

Ok; so, annoying, but not the end of the world.  Some of this can be attributed to ambiguities in mapping from one set of schema for contact and calendar items to another, to limited storage on the device, and perhaps to early versions of the software (though I was using version 4).  I lived with this for about a year, burned through two 8390’s, upgraded to the Nokia 7210, and lived with that and a similar synchronization experience for about another year.

During that time, things were manageable: the phone upgrades I mentioned were fairly painless because my Exchange account contained the authoritative copies of the data, and, with each new phone, I just pulled down all the data by way of Outlook at the first synchronization.  However, it was still less than ideal: upon modifying a contact or an appointment on my calendar, I had to remember to align the infrared ports of my phone and laptop (I tried repeatedly and unsuccessfully to find a USB cable for connecting the two), kick off the synchronization software, and wait for it to complete.  Making this a part of my daily routine was just tedious.

Enter the Motorola MPx200.  This was the first phone offered by my service provider that ran a Windows Mobile operating system and was of an appropriately small form factor[2].  The significance of the phone running a Windows Mobile operating system is that the phone would be running ActiveSync, which would provide high-fidelity synchronization of the email, calendar appointments, and contacts in my Exchange mailbox[3].  This would be supported both over-the-air with a GPRS connection and via USB/infrared using the desktop ActiveSync software that was provided along with the phone.

A further nicety of the MPx200 was the cradle and the single power/data USB connector it used – this meant that I could cradle the phone on my desk upon arriving to work, let it charge and sync all day, and pluck it from the cradle upon heading home, fully charged and synchronized[4].

The Design of AUTD

So, things are looking pretty good now (our story began in the summer of 2000; it is now the fall of 2003).  What’s the problem, then?  Well, the device synchronizes itself on a schedule, the most frequent setting of which is every five minutes.  I’ve always interpreted the setting "How often would you like to sync?" as "By how much would you like to be out of date?" This meant that I may well pluck the device from its cradle before the next scheduled sync has occurred and miss some updates.  Further, scheduled syncs over the air are fairly costly: most folders don’t contain changes.  Finally, these unnecessary syncs cost power and adversely affect the lifetime of the battery of the device.

Yes, we offered an always up-to-date (AUTD) solution based on text messaging at that time, but I wasn’t happy with what was required in terms of provisioning and the server-side enforcement of latency so as to mitigate the impact of AUTDv1 on server performance.

What to do.

Around this time, we had begun looking into what it would take to offer an up-to-date mobile email solution ("AUTD," from here on) that competed with the likes of RIM, Good, et al.  I liked the up-to-date nature of their solutions but had not personally adopted them for reasons of device choice (again with the form factor), setup costs (in terms of money, deployment overhead, and operational overhead), or both.  Being on the Exchange team, we’ve always got two sets of customers: the administrative staff and end users, and we wanted to build a solution that worked well for both.  By enumerating our requirements and constraints, we essentially painted ourselves into a corner (happily, this corner contained the solution):

  • The deployment of AUTD must be turn-key for the administrative staff.  Just install Exchange, check a checkbox or two, and you’re off and running.
  • The deployment of AUTD must not require a business relationship between any of Microsoft, the enterprise deploying AUTD, or the mobile operator.
  • The solution must not require a network operations center (NOC).
  • Since, by and large, mobile devices are not internet-routable without a NOC and without having first contacted an internet-resident peer, the means by which AUTD works must be initiated by the device.
  • Enterprise administrators will laugh at us if we ask them to open inbound ports on their networks other than 80 (HTTP) and 443 (HTTPS).  Some of them laugh at us, anyway.
  • There must be no notion of “dropped” notifications.
  • The device side of the solution must not require any provisioning beyond what the user must already do in order to setup ActiveSync.

Within this definition of the problem, we came up with the following solution:

  • The device issues an HTTP request to Exchange, which asks Exchange to report any changes that occur in the mailbox of the requesting user within a specified time limit.  The URL of this HTTP request is the same as that of other AirSync commands ("/Microsoft-Server-ActiveSync") with some differing query string parameters.  The body of the HTTP request allows the client to specify those folders that Exchange should monitor for changes.  Typically, these will be the Inbox, Calendar, Contacts, and Tasks folders.
  • Upon receiving this request, Exchange will monitor the specified folders until either the time limit expires or a change (such as the arrival of a piece of email) occurs in one of those folders, whichever comes first.  Exchange will then issue a response to this request that notes in which folders the changes occurred.  Of course, this will be empty if the time limit elapsed before any changes occurred.
  • Upon receiving an empty response, the device simply re-issues the request.  This loop of issuing a request for change notifications, receiving an empty response, and re-issuing the request for change notifications is called "the heartbeat."
  • Upon receiving a non-empty response, the device issues a synchronization request against each folder in the response.  When those complete, it re-issues the request for change notifications.

I’ve omitted some details here, but that is what is going on under the covers when you check the "Enable up-to-date notifications via HTTP" checkbox in Exchange System Manager in Exchange 2003 SP2, and it has the benefit of working on any mobile operator network that supports internet connectivity.  Since the hopes of increased revenues of most mobile operators appear to be pinned on the possibility of selling users on data-enabled applications, this seemed like a safe enough bet.

Further, by using HTTP, we do not require enterprises to open any inbound ports beyond what they’ve already had to open in order to support Outlook Web Access (OWA), Outlook’s RPC-over-HTTP feature, and ActiveSync itself.  Finally, the client-initiated nature of HTTP makes the device ultimately responsible for connectivity with Exchange, so upon receiving the request for change notifications from the device, Exchange will return a response immediately if any changes have occurred since the last synchronization.  This is how we prevent "dropped" notifications.  If the device ever drifts out of coverage, it will enter a re-try loop and connect as soon as it is able.  The network resilience logic of the device can also be triggered on the timeout limit having elapsed before a response from the server is received.

So there we have it: an up-to-date mobile email solution that is friendly for administrators and users alike.  Changes trickle into the phone in the same way that they do into Outlook on the desktop.  In fact, updates appear on the phone before they do in Outlook and OWA!

Now then, if you’ve been paying attention, you’ve probably noticed that AUTD requires a persistent data connection twixt the device and Exchange, and you’ve got a few issues with this:

  • Won’t the always-on data connection hose the battery of the device?  If we were constantly sending and receiving packets, yes.  However, note that for much of the lifetime of a request for change notifications, we are just waiting for a response.  GPRS radios do not consume power unless they are actively transmitting.  Further, the lifetime of a request for change notifications is chosen independently by each device, and, in practice, these requests tend to live for upwards of twenty minutes in the no-email case.  The means by which the device chooses this lifetime is tuned to minimize bytes over the wire and maximize battery life.  Five minute scheduled sync is more poorly behaved in this regard.
  • Won’t the always-on data connection result in massive data charges for users?  Not really – the synchronization operations that are performed in AUTD are targeted at only those folders that contain changes, so you’re never issuing lots of empty syncs as you are with a scheduled or manual sync.  Five minute scheduled sync is more poorly behaved in this regard, too.
  • How much data traffic does AUTD require?  We get this question a lot.  The best answer is that we have no idea.  How much email do you get in a day?  That’s about how much traffic AUTD requires.  Unhappy with that number?  Consider sending less email or ending certain personal and professional relationships.

What the previous three points add up to is that AUTD is actually better for mobile operator networks and device battery life than the solution based on scheduled sync that is used by devices that mobile operators sell today.  We’ve had a bit of difficulty in getting this point across to some mobile operators.

  • Will the increased connection load bring down Exchange front-end machines?  Servicing OWA and RPC-over-HTTP already result in thousands of outstanding connections to the front-end machines in our own deployment of Exchange ("we use it before you do").  The additional connection load imposed by AUTD is a drop in the bucket, relatively speaking.  Further, before AUTD could be deployed to service our corporate mailboxes here, we had to get past a security review (well, three, actually) with various corporate IT and security folks.  Meaning, we’re running it here and with no additional hardware.
  • By eliminating the NOC, isn’t this solution less secure?  This is among my favorite questions, and it’s usually followed up with some hand-waving about the connection to the enterprise "somehow" getting "hijacked."  The answer is, it is exactly as secure as the last online purchase you made with your credit card, exactly as secure as the last time you checked your email with OWA, and exactly as secure as the last time you used Outlook with RPC-over-HTTP.  That is, we use SSL (which itself negotiates over-the-wire encryption using RC4 or 3DES) to communicate between the device and the server.  I suppose that you could run this with SSL disabled, but you also risk a concussion if you run top-speed into a brick wall.  Just a little fyi.
  • What do the mobile operators think about all this?  Good question.  An end-to-end prototype of this solution was built in early 2004, and the next year was spent in trials with mobile operators all over the world, taking their feedback and addressing their concerns.  At the end of that process, I feel pretty good about what we’ve got.

As you might guess, we’ve been running early versions of this in Exchange for a few months now.  One of the more satisfying testaments to the utility of our AUTD solution is watching upper management bump into each other in the halls as they consult their devices for the email that just arrived or for the location of the meeting for which they’re already ten minutes late.

Conclusion

To let out a little secret, I’m not actually all that interested in having up-to-date email[5] on my phone, though that aspect of it is a big favorite for our upper-management types around here.  For me, having updates that I make to my calendar and contacts “just appear” on the phone without any special, conscious action on my part was the motivating idea behind all of this.

- Sami Khoury
 

[1] Ok, consider what this means besides the apparent fact that I like Nokia phones.
[2] AT&T Wireless may have carried PDAs running the PocketPC operating system around that time, but, on social grounds, I refuse to carry around one of those things.
[3] The ActiveSync protocol is proprietary but Microsoft has begun licensing to third party vendors like Motorola, Nokia, PalmOne, and Symbian.  Given that, the choice of devices that allow for high-fidelity synchronization with Exchange is no longer limited to those running Windows Mobile operating systems.
[4] Motorola, if you’re listening, this is one of the omissions from the MPx220 that is keeping me from buying one.
[5] Truth be told, I am actively disinterested in having email from work constantly appearing on my phone, but my boss is probably reading this.

Tuesday, June 07, 2005

Exchange 2003 Standard 16GB Limit: Good Riddance

Possibly the biggest improvement introduced with the upcoming service pack 2 for Exchange Server 2003 is the lifting of the 16BG store limit for the Standard version.  SP2 adds a 75GB limit.   This is great news for those of us in the small to medium business market.

Beta test this promising Exchange database tool: The Mighty Console for Exchange

This tool will help you perform some difficult tasks using an easy wizard with eplanations and advise.



Features: Exchange utility syntax generator. Wizards and Graphics for quick Explanation. Guided procedures for Exchange tasks. Log history capabilities. More info http://fixthisbox.com/product1.htm

Exchange Server 2003 Service Pack 2 is Coming!

Get a sneak preview of the new features and improvements coming in Service Pack 2 (SP2), scheduled for release in the second half of 2005. SP2 builds on the capabilities of Exchange Server 2003 to offer you even better protection, reliability, easier administration, as well as improved mobile messaging when used in combination with the Microsoft Windows Mobile 5.0 Messaging and Security Feature Pack.

Exchange Server 2003 SP2 FAQ

Windows Mobile 5.0 Messaging and Security Feature Pack

Better Protection Against Spam:
Mobile improvements


Continue At Source

News Source: www.microsoft.com

Monday, June 06, 2005

Microsoft announces Windows Mobile Direct Push Technology

Windows Mobile 2005 Magneto small

When Microsoft unveiled Windows Mobile 5.0 last month they left out all gooey details about the supposedly BlackBerry-killing push email technology it was going to include. We were all wondering what the deal was (maybe it wasn’t ready or something), but earlier today Steve Ballmer put an end to all of the speculation and announced their new Messaging and Security Feature Pack for Windows Mobile 5.0, an upgrade for Exchange 2003 Servers with Service Pack 2 which’ll add support for Microsoft’s new Windows Mobile Direct Push Technology. They’re obviously going straight for RIM’s heart with this one, and the new software will let you wirelessly push all Outlook information, including email, calendar, contacts, etc directly to a Windows Mobile-powered handheld without having to install any additional servers.

Sunday, June 05, 2005

How Microsoft is using Virtual Server

Many of you would like to know how Virtual Server is being used at Microsoft. Here's a response from Jeff Woolsey, Lead Program Manager for virtualization. Thanks Jeff!

Virtual Server is being used in a variety of ways at Microsoft, including for test and development and online training, such as Microsoft Learning.

Test and Development

Virtual Server is used by test teams throughout Microsoft, including Exchange, SQL, SBS, MOM, and many others. This is because Virtual Server allows you to rapidly deploy test servers within virtual machines while minimizing hardware requirements. Also, Virtual Server makes debugging easier. Debugging typically requires that a test computer is attached to a developer’s computer via a serial cable. With Virtual Server there's no need for this. The process is as follows:

  1. Testers reproduce the issue in a virtual machine.
  2. The virtual machine is saved at the point the issue occurs.
  3. The virtual machine is copied to the developer’s computer.
  4. The developer connects the virtual machine to a debugger though a named pipe (a virtual serial port) and debugs the issue in the development environment.

Production Use by Microsoft Learning

In the past year, Microsoft Learning has converted the majority of their online training from scripted Flash-type demos to live interactive training using Virtual Server. They started off slowly and have been ramping up with the increase in demand. Users log in and perform step-by-step interactive training with Virtual Server. On the back end, this is all done using virtual machines and Undo disks. When the customer logs in, an Undo disk is created for the session. When the user finished and logs out, the Undo disk is discarded and immediately the virtual machine is ready for the next user.

Benefits

Microsoft Learning is servicing more customers than ever. This is a production environment in use everyday: 30,143 attendees in January (972 attendees daily) alone with a 206,390 YTD. Because of the huge success of this program, Microsoft Learning is adding more hardware to increase the number of available labs.

Here are a few of the positive results they’ve seen…

  • The 90-minute lab sessions are the most popular.
  • Lab session use has gone up.
  • Time spent in the lab has gone up (averaging 75 minutes per lab now).
  • Customer satisfaction is up (way up!).

Continue at source


 

Exchange Server Exchange Profile Update

Microsoft has updated the tool that updates Outlook profiles after moving mailboxes across Exchange organizations or administrative groups.

Download At Source