Analysis: Getting The Network iPhone-Ready

The integration capability, to be included in the forthcoming iPhone 2.0 software, has set the stage for VARs and network managers to consider whether a shift to integrate iPhones into existing Exchange platforms is a feasible one.

Before taking that leap (even if the CEO is eager to access his corporate data via his new, 3G iPhone) here are a few considerations and planning strategies that should be taken into account:

Assess current deployment of smartphones and PDAs

A network with a hodgepodge of mobile devices is a difficult network to manage. If you're a solution provider, make the case for standardizing mobile devices; be it ones that will work with Exchange (via Windows Mobile) or deploying iPhones across the organization. The long-term benefit of standardization will make for easier troubleshooting and a solid base for scalability.

Assess security and compliance needs

Compliance regulations (like HIPAA) mandate securing sensitive data; that includes data residing on mobile devices. A great new feature of the iPhone is the ability to work with Microsoft Office attachments. But what if an attachment delivered to an iPhone is encrypted or compressed because of compliance security requirements? Currently, as per Apple, the iPhone cannot decrypt or unzip secured e-mail attachments.

Apple is banking on the available SDK and some third-party entity to create an application that can read encrypted or zipped Office files from an iPhone. Until then, anyone responsible for enterprises under compliancy rules must outline policies and procedures regarding secured, sensitive data delivered to mobile devices.

Security on mobile devices has always been a challenge. The most pressing concern is a lost or stolen device that contains sensitive data. That's why the iPhone's ability to work with Remote Wipe to remove any security information or established network partnerships is a big deal. Remote Wipe can be performed on the iPhone with Microsoft's ActiveSync Mobile Administration Web Tool.

In addition, iPhone in tandem with ActiveSync offers a slew of security options including required password enforcement on the device, password complexity requirements and SSL encryption.

Housekeeping tasks

To integrate iPhone with Exchange a network admin must do the following: Ensure ActiveSync is enabled; this is done via Internet Information Services, fondly known as IIS. Make sure port 443 is open; this port is opened if Outlook Web Access (OWA) is enabled for an organization with default settings. Give users ActiveSync permissions; this is done in Exchange 2007 through mailbox properties. Configure ISA server (if implemented) to allow mobile connections. Use Active Directory for user and group management and permissions.

VPN'ing

If allowing iPhones to VPN into a network, there are security parameters to consider: iPhone has a built-in VPN client capable of supporting Cisco IPSec, L2TP over IPSec and PPTP protocols. Decide on which protocol works best for you or your customer's business.

Going Wireless

Wireless is the big hoo-hah now. iPhone and ActiveSync support secured wireless connections through 802.1x and WPA2.

Consider the Exchange Road Map

iPhone 2.0 will only be supported on Exchange 2003 and 2007. There are still an abundance of corporate networks on Exchange 2000. Is it feasible for them to go straight to 2007? Inevitably, the standard business OS will be Server 2008.

There has yet to be a workable way to upgrade Server 2003 to 2008 without breaking Exchange. A workable scenario: Server 2008 domain controller with an Exchange 2003 box as a domain member. No need to fret about Exchange on 2008 until there is a workable upgrade path.

Exciting, isn't it, the official marriage of Apple and Microsoft in the enterprise? It's been a long time coming and, with careful planning and thoughtful implementation, can be a union in your or your customer's network that is made in heaven and not hell.