Managing the Client Access Server • Chapter 5 287 DirectPush works by keeping an HTTPS connection alive between a mobile device and the Exchange 2007 CAS server. Because DirectPush uses long-standing HTTPS requests, it’s important that both your mobile carrier and your fi rewall are confi gured with a time-out value from the default to 15 to 30 minutes. If a short time-out value is confi gured, it will cause the device to initiate a new HTTPS request much more frequently, which not only shortens battery life on your device, but is also more costly since more data will be transferred. Figure 5.42 DirectPush behind the Scenes Exchange 2007 Client Access Server Mobile 5.0 with MSFP or Crossbow devices 1. Device sends PING request to Exchange 2007 CAS 2. Exchange 2007 CAS holds the pending request until heartbeat interval expires 3. If no mail arrives before heartbeat expires, the device will send another PING request 4. If new mail arrives before the heartbeat expires, the server notifies the device that a change has occurred in the mailbox 5. Device promptly requests the Exchange 2007 CAS to send mail; upon completion the process repeats So what about the current Windows mobile devices on the market today? Are they supported by Exchange Server 2007? Yes, all devices with Exchange ActiveSync will be able to synchronize with an Exchange 2007 mailbox. If you don’t have a Windows mobile 5.0 device with the Messaging and Security Feature Pack (MSFP) installed, a part of the Adaptation Kit Update V2 (AKU2) ROM, you can use a third-party solution such as RoadSync from DataViz (http://www.dataviz.com) to sync with Exchange 2007. Currently, the Exchange ActiveSync protocol is licensed by the following companies: ■ Nokia ■ Sony Ericsson TIP If you use an ISA 2004 or 2006 fi rewall in your organization, Microsoft KB article 905013 (http://support.microsoft.com/kb/905013) describes the steps necessary in order to confi gure the fi rewall to support long-standing HTTPS requests. 288 Chapter 5 • Managing the Client Access Server ■ Motorola ■ Symbian ■ Palm ■ DataViz For more information about mobile device support in Exchange Server 2007, see www.microsoft.com/exchange/evaluation/features/owa_mobile.mspx. Okay, enough talk about DirectPush. Let’s take a look at the other new or enhanced mobile features included with Exchange Server 2007: ■ Support for HTML messages Messages can now be viewed in HTML format, which means you now can read messages containing HTML code, tables, and so on ( just as with most newsletters). Replies to an HTML-formatted e-mail message will not disrupt formatting either, keeping HTML e-mail threads intact. In the past, the mobile device converted the message to plain text. This was also true when you replied to or forwarded the HTML formatted message. ■ Support for follow-up fl ags Exchange Server 2007 supports using quick fl ags from a mobile device running Crossbow, the codename for the next release of Windows mobile (in beta at the time of this writing). This means that quick fl ags set from a Crossbow device will be synchronized to the mailbox, and be visible in both Outlook and OWA, too. The same is true the other way. ■ Support for fast message retrieval Fetching the body of an e-mail message has been improved further. You no longer need to select Mark for download or click Get the rest of this message since this will happen automatically in the background. Note also that this feature requires the new Crossbow version of Windows Mobile. ■ Meeting attendee information You can now synchronize information about attendee availability to your mobile device; pretty much the same as you do in Outlook now. You can forward or reply to a meeting request, as well as see the acceptance status of attendees. In addition, you can even see GAL information for each attendee. ■ Enhanced Exchange Search With the enhanced Exchange search feature, you can now search your whole mailbox, instead of just the messages cached locally on the mobile device. The search feature supports rich/query fi lters, meaning you can search for messages using the test, data, from, to, fl ags, categories, attachments, importance, and restricted to specifi c fi elds. The number of items returned can be constrained and/or paged through. Lastly, the search is lightning fast since it’s only initiated from the device and is physically executed on the server. Note that this feature requires Crossbow on the mobile device. ■ Windows SharePoint Services and Universal Naming Convention (UNC) document access Just as with OWA 2007, you can access documents stored on either a fi le server (UNC shares) or a SharePoint server. You can even forward a large document without downloading it to the mobile device fi rst! Note that this feature requires Crossbow on the mobile device. Managing the Client Access Server • Chapter 5 289 ■ Reset PIN/Password With Exchange Server 2007, you can require that a device password be entered on a mobile device after a period of inactivity. If this device password should be forgotten at a later time, it’s possible to unlock the device by using a device recovery password. Note that this feature requires Crossbow on the mobile device. ■ Enhanced device security through password policies With Exchange Server 2007, you can enhance the security of a Windows mobile device by confi guring additional password requirement settings, such as password history tracking, password expiration, and by prohibiting the use of passwords that are too simple (password complexity). We take a closer look at these features later in this section. Note that this feature requires Crossbow on the mobile device. ■ AutoDiscover for over the air (OTA) provisioning Exchange 2007 ActiveSync supports the new Web-based AutoDiscover service, which we talked about earlier in this section. Support for AutoDiscover simplifi es provisioning since you only need to specify your e-mail address and password when confi guring the mobile device for Exchange ActiveSync. Note that this feature requires Crossbow on the mobile device. ■ Support for Out of Offi ce confi guration Like with Outlook 2007 and OWA 2007, you can set Out of Offi ce (OOF) messages directly from your mobile device. The OOF messages are saved directly to the Exchange 2007 server so an OOF message set on a mobile device can be seen in Outlook and OWA as well. Note that this feature requires Crossbow on the mobile device. I bet you agree this is a pretty comprehensive list of new features and improvements. Unfortunately, there are also a few features that didn’t make it into the RTM version of Exchange Server 2007. The following is a list of those features: ■ Information Rights Management (IRM) Originally, the plan was to include IRM support for mobile devices in the RTM version of Exchange Server 2007, but because of some stability issues in rare situations this feature was removed just before its release. ■ Outlook Mobile Access (OMA) OMA has been dropped completely and will therefore not be included in an Exchange 2007 SP. I’m certain only a very few of us will miss this, shall I say, slightly clumsy Web-based mobile device Web mail client. ■ Support for S/MIME As with OWA 2007, unfortunately the RTM version of Exchange Server 2007 doesn’t support S/MIME. This is not because the feature has been dropped, but due to the fact that the Exchange Product group simply didn’t have the time to fi nish it before its release. I am sure many of us would not have had any issues waiting a few more months for the RTM version if S/MIME for OWA 2007 and Windows mobile devices were included. 290 Chapter 5 • Managing the Client Access Server Confi guring the Exchange ActiveSync Virtual Directory As with Exchange Server 2003, Exchange ActiveSync is still accessed using the Microsoft-Server- ActiveSync virtual directory, which by default is located under the Default Web Site in IIS Manager, as can be seen in Figure 5.43. Figure 5.43 Microsoft Server ActiveSync Virtual Directory in IIS Manager TIP All Microsoft-Server-ActiveSync virtual directory–related settings, with the exception of SSL which must be confi gured using the IIS Manager, can also be confi gured using the Exchange Management Shell. You do so using the Set- ActiveSyncVirtualDirectory cmdlet. You can view the properties of the virtual directory using the Get-ActiveSyncVirtualDirectory cmdlet. The IIS Manager is still the tool used to confi gure settings such as authentication methods, IP addresses, and domain name restrictions, as well as secure channel (SSL). However, with the EAS virtual directory related settings, you can control many directly from within the Exchange Management Console. Managing the Client Access Server • Chapter 5 291 If we expand the Server Confi guration work center node and click the Client Access subnode, we’ll get a list of the CAS servers in our Exchange 2007 organization. Select a CAS, and then click the Exchange ActiveSync tab in the Work pane. Open the Property page for the Microsoft-Server- ActiveSync virtual directory. On the General tab, you can fi nd information such as the name of the CAS, the Web site to which the virtual directory belongs, whether SSL is enabled or not, and when the virtual directory was last modifi ed (see Figure 5.44). In addition, we have the option of specifying the internal and external URL used to access the CAS using Exchange ActiveSync. The internal URL is confi gured by default, but the external URL must be entered manually. The external URL is used by the AutoDiscover service when a mobile device supporting AutoDiscover tries to connect to the CAS using only the e-mail address and password. Figure 5.44 The Properties Page of the Microsoft Server ActiveSync Virtual Directory in EMC . alive between a mobile device and the Exchange 2007 CAS server. Because DirectPush uses long-standing HTTPS requests, it’s important that both your mobile carrier and your fi rewall are confi gured. importance, and restricted to specifi c fi elds. The number of items returned can be constrained and/ or paged through. Lastly, the search is lightning fast since it’s only initiated from the device and. 291 If we expand the Server Confi guration work center node and click the Client Access subnode, we’ll get a list of the CAS servers in our Exchange 2007 organization. Select a CAS, and then click