Jason LangridgeEnterprise Mobility Solution SpecialistMobile Communications Business GroupMicrosoftE-mail: jasonlan@microsoft.comBlog: http://blogs.msdn.com/jasonlan

ITP202 How Can You Deliver E-mail to 40,000 Users with Exchange Server and Windows Mobile?

Session Objectives and Takeaways

Session objective Describe infrastructure requirements and scalability considerations for a large scale rollout of mobile devices Describe device provisioning and user training tools available for a large scale rollout

Explain how to successfully plan a large scale mobile deployment with Microsoft Exchange Server 2007

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

YO

Y

% s

hip

pin

g g

row

th

35

30

25

20

15

10

5

0

CAGR 2006-2010

Source: Gartner Dataquest, and IDC 2006

18.6%Mobile PCs

5.8%Mobile Phones

3.9%Desktop PCs

34.1%ConvergedMobile Phones

Business Wants Connected Mobility Solutions

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

Exchange Mobile Access Deployment

Exchange Front End

Server(s)/Client Access Servers

Mailbox Server

Mailbox Server

Internet(Cellular

Networks)

Wired lineWireless line

Legend

Wireless PDA

HTTPS (443)

Smart phone

Wi-FiPDA

Wi-FiSmart phone

Internet(802.11x - hotspots)

Wi-FiPDA

Wi-FiSmart phone

Wireless Intranet

(802.11x)

Corporate Network

ISA Server(Optional)

HTTPS (443)

Outlook from home(rpc/http)

OWA from kiosk or from home

Wi-Fi Laptop

Wi-Fi Laptop

ISA Server Benefits

ISA Server is “recommended” not “required”

Any firewall that can publish port 443 (SSL) can be used

ISA is recommended because it has:

The ability to pre-authenticate all traffic before it reaches your Exchange ServerThe option to inspect Exchange ActiveSync traffic passing through

it and validate it is genuineISA Server 2006 provides Kerberos-constrained delegation to the Exchange server

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

> 140 > 140 Windows Mobile phones worldwide

So Many Devices to Choose From!

User Profiling and Device Selection

Mobile device is a very personal choice

Need to accommodate choice while delivering standardization

Typical portfolio will includePhone-style device Keyboarded device

Device Decisions

Line of Business Collaboration Concierge

When someone Senior asks for an unsupported device...

Procurement DecisionsBilling

CorporateIndividual LiableCorporate Responsible – Individual Liable

Global/local decision-making

Breaking out service plan and devices?

Length of commitment

Early termination fees

Data tariffs Flat ratePer user or Data buckets

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

Device ManagementProvisioning methods

WAP/Client Provisioning OMA DM Provisioning

OMA DM Client

DesktopActiveSync

WAP Push

AppInstaller

Over-the-AirOMA DM

Over-the-AirExchange

Provisioning

Over-the-AirWAP/Client

Provisioning

Desktop ActiveSync®(RAPIConfig)

USBBluetoot

h.CAB

SMSInitiatedOMA DM

SMSInitiate

dWAP

ExchangeActiveSync

In-ROMConfiguration

XML

Cold BootInitialization

Get an installable onto the

device

Configuration Service Providers

Device Management ChallengesEnterprise

Mobile Operato

rEnsure device

data protected

Enable secure network access

Deploy rich device apps

Ensure secure device

Ensure reliable device

Operator-specific

configurationEnable rich

device services

Data access anywhere/anytime

Ability to run rich applications Ensure

secure deviceA reliable and secure device

DeviceOwner

Device Management Considerations

Devices are harder to detect then PCs

How many are already being used in your organization?

Do you have a policy on devices/applications?

Who will manage the devices? Mobile OperatorEnterprise

Exchange Server 2007 Manageability

Self-service modelUsers can do remote wipe from OWA without calling help deskIT pros don’t become a bottleneck

Provide greater control to the admin

More granular security policies and access control

Easy to maintainGreater manageability and support options

Manageability

More granular access controlBy device ID: Allows only enterprise-provisioned devices

By user agent : Allows only enterprise-recommended models

Per-user policies

New incremental policiesStorage card encryption enforcement

Allow/disallow attachments and maximum size

Allow/disallow UNC/SharePoint access

New device lock policiesDevice timeout enhancements

Password expiration

Password history

User Pin/password reset

Policies and access controls

ManageabilityDevice management

Track and manage device partnerships

Track device change history

See devices connected to Exchange Server

Identify and troubleshoot problems seen by devices

Reset users’ PIN over the air

Users can wipe their own device from OWA

ManageabilityServer management

Improved protocol logging to aid troubleshooting

MOM supportAlerts/rules: To alert IT pros when something is wrongDiagnostic tasks/probes: To ensure everything is working

Summary reports about device sync usage

Integrated setup/admin to reduce administrative costs

MOM Availability Report

Exchange Server 2007 Device Management

Mobile Operator Management Tool

Microsoft Systems Management Server 2003 (SMS) and Microsoft System Center Configuration Manager 2007

SMS 2003 Device Management

Downloadable “Feature Pack” available on the Web

Client settings and core features

Pocket PC 2002 and 2003 and 5.0 only; no smartphone support

Intranet only; no support for devices over the Internet

ActiveSync to discover and install

Microsoft Windows CE .Net 4.2 and 5 on the ARM processor

Scripting Host

Configuration Manager 2007 Device Management

Integrated Device Management in core product

Support for all DMFP features plus:Smartphone support

Internet-based client management

Native Mode security (required for Internet facing)

Connection management

Windows CE 6 + CE on X86 Processor in SP1

Dropping Windows Mobile 02 support

Dropping DMScript support

Configuration Manager 2007

Core capabilities Device managementHardware/software inventoryFile collectionSoftware distributionSettings management

Password policy management

Security policy management

Support for Smartphone

Internet-based management

LOB device management

Windows CE on ARM at RTM, x86-based Windows CE device support coming in SP1

DeploymentFull integration with Configuration Manager 2007Over the air client upgrade for SMS 2003 DMFP devicesAutomated client distribution via SMS Advanced Client desktopStorage card or “self service” install

DMSec Partner Offering

Windows Mobile and Exchange Server 2003 meets the needs for the majority of business customers

For customers that wish to extend security or management capabilities a select group of Microsoft partners are offering discounted solutions for a limited time

Customer chooses one security and one DM partner solution

We have partnerships with the following vendors:

Security: Credant Technologies, Trust DigitalDevice Management : iAnywhere, Odyssey Software

Device Management

Application lock-down and control

Automatic distribution and installation of software updates to remote devices

Support for Systems Management Server (SMS)

OTA file management

Collection, logging, and publishing of device information

Fully-automated provisioning of remote devices

Automatic device discovery and registration

Security

Data at rest encryption using FIPS 140-2 (AES & 3DES) validations

Centrally-managed end point policy management

End point security enforcement

Network Access Control

OTA device management, software distribution, configuration provisioning & updating

Compliance reporting

* The Odyssey solution has an optional console and can support other third party consoles. While Odyssey does not have its own reporting tool, they support the standard reporting tools in the marketplace.

** The iAnywhere solution included in the DMSec Offer represents a subset of the entire Afaria solution and does not include security components. Only Afaria Session Manager, Afaria Inventory Manager, and Afaria Configuration Manager for the Windows Mobile platform are included.

FEATURES ODYSSEY* iANYWHERE** TRUST DIGITAL CREDANT

Centralized server No Yes Yes Yes

Data encryption No No FIPS 140-2 (3DES, AES) FIPS 140-2 (3DES, AES)

Removable storage encryption No No Yes Yes

Selective encryption No No Yes Yes

Authentication Yes Yes Yes Yes

Asset management Yes Yes No Yes

Network access management No No Yes Yes

Device provisioning Yes Yes Yes Yes

User self-provisioning & self-help No No Yes Yes

IT policy admin. w/dynamic policy updating No No Yes Yes

File management Yes Yes No No

Automated application updating Yes Yes Yes No

Selective function/application control No No Yes Yes

Remote control Yes No No No

Diagnostic tools Yes Yes No No

Device backup No Yes No No

Local device wipe No No Yes Yes

Remote device wipe No No Yes Yes

System access/mgmt. Yes Yes Yes No

Image distribution Yes No Yes No

Logging Yes Yes Yes Yes

Reporting No Yes Yes Yes

Selective Bluetooth mgmt No No Yes Yes

Exchange integration No No Yes Yes

Active Directory integration No Yes Yes Yes

SMS integration Yes No No No

Private APN support Yes Yes Yes Yes

DMSEC Partner Capability Matrix

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

IT Support

Troubleshooting where the problem lies is biggest challenge

Mobile device Support is very different to PC or even laptop support

Time coverageIssues generally around connectivityDifferent vendors involved: Mobile Operator, IT, device manufacturer, and potentially an outsourcer

IT Skills Required

Experience working with Active Directory

Good Knowledge of Exchange Server 2003/2007, Microsoft Office Outlook Web access and Exchange ActiveSync

Working knowledge of mobile devices and mobile networks

Experience using or managing Microsoft Windows Mobile 5.0

Familiar with network concepts such as firewalls, reverse proxy, certificates, and security protocols (EAP, TLS, WPA, WEP, and 802.1x)

IT Training

Learn it: Microsoft E-Learning course, Course 5139: Designing, Implementing, and Managing a Microsoft Windows Mobile Infrastructure

Prove it: Microsoft MCP Exam 70-500, Microsoft Windows Mobile Designing, Implementing, and Managing

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

Devices That are No Longer Required

Perform a master reset

Remove any removable media, as the master reset will affect only the data on the device itself

Return the device and removable media to your manager

Contact the mobile operator and terminate or transfer the service

Transfer service to new deviceFor GSM: Move SIM cardFor CDMA: Contact mobile operator

Dispose of unneeded devices in an environmentally responsible manner

Devices That are Lost or Stolen

Notify security

Notify help deskCan leverage remote wipe capability if available as

part of device/security management solution

Use self-service wipe tools if available

Contact the mobile operator and suspend or terminate the service

Notify your manager

File a police report. (Insurance companies often require this step before they will reimburse you for the loss.)

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

Microsoft Mobile Messaging

Common URL namespace for mobile messaging clients

OWA, Exchange ActiveSync (EAS), Outlook Anywhere (RPC/HTTP)

Integration: all mobile messaging services on a common Exchange Server 2007 CAS platform

Mobile messaging service usageOWA: ~70,000 unique users/monthRPC/HTTP: ~80,000 unique users/monthEAS: ~38,000 unique users/month

Highly scalable Exchange Server 2007 CAS infrastructure

Load balancing and fault toleranceOur servers are dual CPU 2.2GHz with 4GB memory

Topology

Exchange 2007CAS Servers

ISA Server2006

Exchange 2007 Mailbox Servers

Exchange 2007CAS Servers

ISA Server2006

Exchange 2007 Mailbox Servers

Exchange 2007CAS Servers

ISA Server2006

Exchange 2007 Mailbox Servers

Dublin:-ExternalURL “https://emeamsg.microsoft.com/...”

Singapore:-ExternalURL “https://apsmsg.microsoft.com/...”

Sao Paulo:-ExternalURL “https://spamsg.microsoft.com/...”

Redmond:-ExternalURL “https://msg.microsoft.com/...”

Exchange 2007CAS Servers

ISA Server2006

Exchange 2007 Mailbox Servers

Internet

Device Standardization

What does this mean?Process for selecting hardware for internal employees to utilize within the companyIncluding requirements for internal beta programs

What are some of the benefits?Documentation/educationHelpdesk supportPricing and availabilityEnterprise warrantyInfrastructure interoperability

Support Call Generators

15%

11%

7%

4%

63%

Help configure install

Other symptom

Corp WLANconfiguration

Request forinformation

Mobile operatorconnectivity failure

Self-help End-User Documentation (Intranet)

4404/12/23

4504/12/23

Self-help End-User Documentation (Takeaway Guides)

Microsoft Provisioning Tool

By the Numbers

Costs / FY06

- User Base - 41,000

- Call Volume (Yr) - 8,800

- Call Volume (Mth) - 733

- Calls Per/U (Yr) - .21

- Total Cost - $402k

Costs / FY07 (Projected)

- User Base - 50,000

- Call Volume (Yr) - 10,300

- Call Volume (Mth) - 858

- Calls Per/U (Yr) - .20

- Total Cost - $488k

Agenda

Infrastructure

Procurement

Provisioning and Management

Support

Decommissioning

Microsoft Internal Usage

Conclusion

Conclusion

Manage mobile devices like a laptop/PCHowever handheld-specific issues should be taken into consideration

Create standards for purchasing, provisioning and management

Ensure end-to-end security for mobile usersDon’t dismiss security vs. usability

Provide help desk support for mobile users

Determine a plan for retirement and upgrades of devices

Reference

Direct Push deployment guidehttp://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx

Whitepaper on Mobile Messaging with Microsoft Exchange Server 2003 SP2 and Windows Mobile 5.0 http://www.microsoft.com/exchange/evaluation/features/mobility/e2k3sp2.mspx

The Benefits of Microsoft Mobile Messaging http://www.microsoft.com/windowsmobile/business/strategy/roi.mspx

Microsoft IT Scalability Experience with Windows Mobile 2003 and Exchange Server 2003 Mobile Messaging http://www.microsoft.com/windowsmobile/business/strategy/scalability.mspx

My bloghttp://blogs.msdn.com/jasonlan

Exchange bloghttp://blogs.technet.com/exchange

Fill out your session evaluationEnter to win a Windows Mobile® phone or Zune™

Geek out with a huge rack of serversEnterprise Mobility in Action is in the Expo Hall

While You're Here

Meet the geeksThe Expert Cabana is packed with MEDC speakers and MVPs

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date

of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.