Upload
jasonlan
View
7.804
Download
5
Tags:
Embed Size (px)
DESCRIPTION
This is my presentation from MEDC 2007 on how to deploy Windows Mobile Email to 40,000 users
Citation preview
Jason LangridgeEnterprise Mobility Solution SpecialistMobile Communications Business GroupMicrosoftE-mail: [email protected]: http://blogs.msdn.com/jasonlan
ITP202 How Can You Deliver E-mail to 40,000 Users with Exchange Server and Windows Mobile?
Session Objectives and Takeaways
Session objective Describe infrastructure requirements and scalability considerations for a large scale rollout of mobile devices Describe device provisioning and user training tools available for a large scale rollout
Explain how to successfully plan a large scale mobile deployment with Microsoft Exchange Server 2007
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
YO
Y
% s
hip
pin
g g
row
th
35
30
25
20
15
10
5
0
CAGR 2006-2010
Source: Gartner Dataquest, and IDC 2006
18.6%Mobile PCs
5.8%Mobile Phones
3.9%Desktop PCs
34.1%ConvergedMobile Phones
Business Wants Connected Mobility Solutions
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
Exchange Mobile Access Deployment
Exchange Front End
Server(s)/Client Access Servers
Mailbox Server
Mailbox Server
Internet(Cellular
Networks)
Wired lineWireless line
Legend
Wireless PDA
HTTPS (443)
Smart phone
Wi-FiPDA
Wi-FiSmart phone
Internet(802.11x - hotspots)
Wi-FiPDA
Wi-FiSmart phone
Wireless Intranet
(802.11x)
Corporate Network
ISA Server(Optional)
HTTPS (443)
Outlook from home(rpc/http)
OWA from kiosk or from home
Wi-Fi Laptop
Wi-Fi Laptop
ISA Server Benefits
ISA Server is “recommended” not “required”
Any firewall that can publish port 443 (SSL) can be used
ISA is recommended because it has:
The ability to pre-authenticate all traffic before it reaches your Exchange ServerThe option to inspect Exchange ActiveSync traffic passing through
it and validate it is genuineISA Server 2006 provides Kerberos-constrained delegation to the Exchange server
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
> 140 > 140 Windows Mobile phones worldwide
So Many Devices to Choose From!
User Profiling and Device Selection
Mobile device is a very personal choice
Need to accommodate choice while delivering standardization
Typical portfolio will includePhone-style device Keyboarded device
Device Decisions
Line of Business Collaboration Concierge
When someone Senior asks for an unsupported device...
Procurement DecisionsBilling
CorporateIndividual LiableCorporate Responsible – Individual Liable
Global/local decision-making
Breaking out service plan and devices?
Length of commitment
Early termination fees
Data tariffs Flat ratePer user or Data buckets
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
Device ManagementProvisioning methods
WAP/Client Provisioning OMA DM Provisioning
OMA DM Client
DesktopActiveSync
WAP Push
AppInstaller
Over-the-AirOMA DM
Over-the-AirExchange
Provisioning
Over-the-AirWAP/Client
Provisioning
Desktop ActiveSync®(RAPIConfig)
USBBluetoot
h.CAB
SMSInitiatedOMA DM
SMSInitiate
dWAP
ExchangeActiveSync
In-ROMConfiguration
XML
Cold BootInitialization
Get an installable onto the
device
Configuration Service Providers
Device Management ChallengesEnterprise
Mobile Operato
rEnsure device
data protected
Enable secure network access
Deploy rich device apps
Ensure secure device
Ensure reliable device
Operator-specific
configurationEnable rich
device services
Data access anywhere/anytime
Ability to run rich applications Ensure
secure deviceA reliable and secure device
DeviceOwner
Device Management Considerations
Devices are harder to detect then PCs
How many are already being used in your organization?
Do you have a policy on devices/applications?
Who will manage the devices? Mobile OperatorEnterprise
Exchange Server 2007 Manageability
Self-service modelUsers can do remote wipe from OWA without calling help deskIT pros don’t become a bottleneck
Provide greater control to the admin
More granular security policies and access control
Easy to maintainGreater manageability and support options
Manageability
More granular access controlBy device ID: Allows only enterprise-provisioned devices
By user agent : Allows only enterprise-recommended models
Per-user policies
New incremental policiesStorage card encryption enforcement
Allow/disallow attachments and maximum size
Allow/disallow UNC/SharePoint access
New device lock policiesDevice timeout enhancements
Password expiration
Password history
User Pin/password reset
Policies and access controls
ManageabilityDevice management
Track and manage device partnerships
Track device change history
See devices connected to Exchange Server
Identify and troubleshoot problems seen by devices
Reset users’ PIN over the air
Users can wipe their own device from OWA
ManageabilityServer management
Improved protocol logging to aid troubleshooting
MOM supportAlerts/rules: To alert IT pros when something is wrongDiagnostic tasks/probes: To ensure everything is working
Summary reports about device sync usage
Integrated setup/admin to reduce administrative costs
MOM Availability Report
Exchange Server 2007 Device Management
Mobile Operator Management Tool
Microsoft Systems Management Server 2003 (SMS) and Microsoft System Center Configuration Manager 2007
SMS 2003 Device Management
Downloadable “Feature Pack” available on the Web
Client settings and core features
Pocket PC 2002 and 2003 and 5.0 only; no smartphone support
Intranet only; no support for devices over the Internet
ActiveSync to discover and install
Microsoft Windows CE .Net 4.2 and 5 on the ARM processor
Scripting Host
Configuration Manager 2007 Device Management
Integrated Device Management in core product
Support for all DMFP features plus:Smartphone support
Internet-based client management
Native Mode security (required for Internet facing)
Connection management
Windows CE 6 + CE on X86 Processor in SP1
Dropping Windows Mobile 02 support
Dropping DMScript support
Configuration Manager 2007
Core capabilities Device managementHardware/software inventoryFile collectionSoftware distributionSettings management
Password policy management
Security policy management
Support for Smartphone
Internet-based management
LOB device management
Windows CE on ARM at RTM, x86-based Windows CE device support coming in SP1
DeploymentFull integration with Configuration Manager 2007Over the air client upgrade for SMS 2003 DMFP devicesAutomated client distribution via SMS Advanced Client desktopStorage card or “self service” install
DMSec Partner Offering
Windows Mobile and Exchange Server 2003 meets the needs for the majority of business customers
For customers that wish to extend security or management capabilities a select group of Microsoft partners are offering discounted solutions for a limited time
Customer chooses one security and one DM partner solution
We have partnerships with the following vendors:
Security: Credant Technologies, Trust DigitalDevice Management : iAnywhere, Odyssey Software
Device Management
Application lock-down and control
Automatic distribution and installation of software updates to remote devices
Support for Systems Management Server (SMS)
OTA file management
Collection, logging, and publishing of device information
Fully-automated provisioning of remote devices
Automatic device discovery and registration
Security
Data at rest encryption using FIPS 140-2 (AES & 3DES) validations
Centrally-managed end point policy management
End point security enforcement
Network Access Control
OTA device management, software distribution, configuration provisioning & updating
Compliance reporting
* The Odyssey solution has an optional console and can support other third party consoles. While Odyssey does not have its own reporting tool, they support the standard reporting tools in the marketplace.
** The iAnywhere solution included in the DMSec Offer represents a subset of the entire Afaria solution and does not include security components. Only Afaria Session Manager, Afaria Inventory Manager, and Afaria Configuration Manager for the Windows Mobile platform are included.
FEATURES ODYSSEY* iANYWHERE** TRUST DIGITAL CREDANT
Centralized server No Yes Yes Yes
Data encryption No No FIPS 140-2 (3DES, AES) FIPS 140-2 (3DES, AES)
Removable storage encryption No No Yes Yes
Selective encryption No No Yes Yes
Authentication Yes Yes Yes Yes
Asset management Yes Yes No Yes
Network access management No No Yes Yes
Device provisioning Yes Yes Yes Yes
User self-provisioning & self-help No No Yes Yes
IT policy admin. w/dynamic policy updating No No Yes Yes
File management Yes Yes No No
Automated application updating Yes Yes Yes No
Selective function/application control No No Yes Yes
Remote control Yes No No No
Diagnostic tools Yes Yes No No
Device backup No Yes No No
Local device wipe No No Yes Yes
Remote device wipe No No Yes Yes
System access/mgmt. Yes Yes Yes No
Image distribution Yes No Yes No
Logging Yes Yes Yes Yes
Reporting No Yes Yes Yes
Selective Bluetooth mgmt No No Yes Yes
Exchange integration No No Yes Yes
Active Directory integration No Yes Yes Yes
SMS integration Yes No No No
Private APN support Yes Yes Yes Yes
DMSEC Partner Capability Matrix
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
IT Support
Troubleshooting where the problem lies is biggest challenge
Mobile device Support is very different to PC or even laptop support
Time coverageIssues generally around connectivityDifferent vendors involved: Mobile Operator, IT, device manufacturer, and potentially an outsourcer
IT Skills Required
Experience working with Active Directory
Good Knowledge of Exchange Server 2003/2007, Microsoft Office Outlook Web access and Exchange ActiveSync
Working knowledge of mobile devices and mobile networks
Experience using or managing Microsoft Windows Mobile 5.0
Familiar with network concepts such as firewalls, reverse proxy, certificates, and security protocols (EAP, TLS, WPA, WEP, and 802.1x)
IT Training
Learn it: Microsoft E-Learning course, Course 5139: Designing, Implementing, and Managing a Microsoft Windows Mobile Infrastructure
Prove it: Microsoft MCP Exam 70-500, Microsoft Windows Mobile Designing, Implementing, and Managing
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
Devices That are No Longer Required
Perform a master reset
Remove any removable media, as the master reset will affect only the data on the device itself
Return the device and removable media to your manager
Contact the mobile operator and terminate or transfer the service
Transfer service to new deviceFor GSM: Move SIM cardFor CDMA: Contact mobile operator
Dispose of unneeded devices in an environmentally responsible manner
Devices That are Lost or Stolen
Notify security
Notify help deskCan leverage remote wipe capability if available as
part of device/security management solution
Use self-service wipe tools if available
Contact the mobile operator and suspend or terminate the service
Notify your manager
File a police report. (Insurance companies often require this step before they will reimburse you for the loss.)
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
Microsoft Mobile Messaging
Common URL namespace for mobile messaging clients
OWA, Exchange ActiveSync (EAS), Outlook Anywhere (RPC/HTTP)
Integration: all mobile messaging services on a common Exchange Server 2007 CAS platform
Mobile messaging service usageOWA: ~70,000 unique users/monthRPC/HTTP: ~80,000 unique users/monthEAS: ~38,000 unique users/month
Highly scalable Exchange Server 2007 CAS infrastructure
Load balancing and fault toleranceOur servers are dual CPU 2.2GHz with 4GB memory
Topology
Exchange 2007CAS Servers
ISA Server2006
Exchange 2007 Mailbox Servers
Exchange 2007CAS Servers
ISA Server2006
Exchange 2007 Mailbox Servers
Exchange 2007CAS Servers
ISA Server2006
Exchange 2007 Mailbox Servers
Dublin:-ExternalURL “https://emeamsg.microsoft.com/...”
Singapore:-ExternalURL “https://apsmsg.microsoft.com/...”
Sao Paulo:-ExternalURL “https://spamsg.microsoft.com/...”
Redmond:-ExternalURL “https://msg.microsoft.com/...”
Exchange 2007CAS Servers
ISA Server2006
Exchange 2007 Mailbox Servers
Internet
Device Standardization
What does this mean?Process for selecting hardware for internal employees to utilize within the companyIncluding requirements for internal beta programs
What are some of the benefits?Documentation/educationHelpdesk supportPricing and availabilityEnterprise warrantyInfrastructure interoperability
Support Call Generators
15%
11%
7%
4%
63%
Help configure install
Other symptom
Corp WLANconfiguration
Request forinformation
Mobile operatorconnectivity failure
Self-help End-User Documentation (Intranet)
4404/12/23
4504/12/23
Self-help End-User Documentation (Takeaway Guides)
Microsoft Provisioning Tool
By the Numbers
Costs / FY06
- User Base - 41,000
- Call Volume (Yr) - 8,800
- Call Volume (Mth) - 733
- Calls Per/U (Yr) - .21
- Total Cost - $402k
Costs / FY07 (Projected)
- User Base - 50,000
- Call Volume (Yr) - 10,300
- Call Volume (Mth) - 858
- Calls Per/U (Yr) - .20
- Total Cost - $488k
Agenda
Infrastructure
Procurement
Provisioning and Management
Support
Decommissioning
Microsoft Internal Usage
Conclusion
Conclusion
Manage mobile devices like a laptop/PCHowever handheld-specific issues should be taken into consideration
Create standards for purchasing, provisioning and management
Ensure end-to-end security for mobile usersDon’t dismiss security vs. usability
Provide help desk support for mobile users
Determine a plan for retirement and upgrades of devices
Reference
Direct Push deployment guidehttp://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx
Whitepaper on Mobile Messaging with Microsoft Exchange Server 2003 SP2 and Windows Mobile 5.0 http://www.microsoft.com/exchange/evaluation/features/mobility/e2k3sp2.mspx
The Benefits of Microsoft Mobile Messaging http://www.microsoft.com/windowsmobile/business/strategy/roi.mspx
Microsoft IT Scalability Experience with Windows Mobile 2003 and Exchange Server 2003 Mobile Messaging http://www.microsoft.com/windowsmobile/business/strategy/scalability.mspx
My bloghttp://blogs.msdn.com/jasonlan
Exchange bloghttp://blogs.technet.com/exchange
Fill out your session evaluationEnter to win a Windows Mobile® phone or Zune™
Geek out with a huge rack of serversEnterprise Mobility in Action is in the Expo Hall
While You're Here
Meet the geeksThe Expert Cabana is packed with MEDC speakers and MVPs
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date
of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.