Deploying a Mobile Messaging Solution with Windows Mobile 5.0-based Devices

6/2/2010

This document presents the recommended deployment with ISA Server 2006 as an advanced firewall in a perimeter network. This configuration and other options are described in Network Architecture Alternatives.

For detailed information about additional deployments, see the following appendices in this document:

• Appendix A: Overview of Deploying Exchange ActiveSync Certificate-Based Authentication
• Appendix B: Install and Configure an ISA Server 2004 Environment

Deployment Process Overview

The following steps summarize deployment with ISA Server 2006 as an advanced firewall in a perimeter network.

Step 1: Upgrade to Exchange Server 2003 SP2

Step 2: Update All Servers with Security Patches

Step 3: Protect Communications Between the Mobile Devices and Your Exchange Server

• Deploy SSL to encrypt messaging traffic
• Enable SSL on the Default Web Site
• Configure basic authentication for the Exchange ActiveSync virtual directory
  Optional: Configure certificate-based authentication (See Appendix A.)
  Optional: Update RSA SecurID Agent
• Set Up LDAP Servers
• Protect IIS by Limiting Potential Attack Surfaces

Step 4: Protect Communications Between the Exchange Server 2003 SP2 Server and Other Servers

• Use IPSec to Encrypt IP Traffic (Recommended)

Step 5: Install and Configure ISA Server 2006 or Other Firewall

• Install ISA Server 2006 (Recommended)
• Install server certificate on the ISA Server computer
• Configure ISA Server with your LDAP server set
• Create the Exchange ActiveSync Publishing Rule by Using Bridging
• Set All Firewall Idle Session Time-out Settings to 30 Minutes
• Test OWA and Exchange ActiveSync

Step 6: Configure and Manage Mobile Device Access on the Exchange Server

• Enable Exchange ActiveSync for All Users
• Enable User Initiated Synchronization
• Enable direct push technology
• Set Security Policy Settings for Mobile Devices
• Monitor Mobile Performance on Exchange Server

Step 7: Install the Exchange ActiveSync Mobile Administration Web Tool

Step 8: Manage and Configure Mobile Devices

• Set up Mobile Connection to Exchange Server
• Use the Exchange ActiveSync Mobile Administration Web Tool to Track Mobile Devices
• Provision or Configure Mobile Devices