Wireless Device Support and Usability
When Microsoft releases Mobile Information Server, the platform will have device modules for only WML 1.1 and pre-WAP (Handheld Device Markup Language—HDML) cell phone technologies and devices that support SMS and SMTP notification functionality. To make the most of Mobile Information Server's functionality, devices should support browse and notification (e.g., WAP- and SMS-capable smart phones). You could initially use Mobile Information Server with Personal Digital Assistants (PDAs) that support SMTP or WAP functionality, but using browse or notification independently limits the value of the wireless application.
Using WAP and SMS phones is very different from using laptops and even PDAs. Phone screens are quite small and typically monochrome, and multitapping a phone's numeric keypad to enter letters of the alphabet is slow and awkward. Many articles and reviews attempt to discredit WAP because of this inferior cell phone interface. However, WAP isn't about surfing the Web on a cell phone, and WAP-based applications don't aim to replace or simulate the functionality of desktops or laptops. Rather, WAP applications let users access corporate data from virtually anywhere and at any time. This extended ability to access targeted and time-sensitive information is essential to many business users. Carriers that use WAP and pre-WAP technology to offer wireless Web services seem to miss this point when they advertise in the mainstream media.
For example, I use my WAP phone to access corporate email throughout the day when I'm not in my office or when firing up my laptop would be inconvenient. Although I can't easily write long email messages, I can check for important email messages and meeting requests. When something requires immediate attention, I can respond with a short email message or a phone call. I leave everything else until I can use my laptop and OWA. Thus, my wireless phone perfectly complements my laptop. Outlook Mobile Access lets me easily accept or decline meeting requests, access the GAL, and view and update my calendar. And I can use custom applications that my company has developed to enter my timesheets and access other functionality through Mobile Information Server's Intranet Browse component. Although getting used to this smart phoneonly approach took some time, I much prefer this one-device approach to available pager and PDA solutions.
Security
Security is the paramount concern for wireless as well as wired networks. Ensuring that the user is authenticated and can access only approved resources and that only the intended recipient can read information going to and coming from the server is vital. Mobile Information Server leverages several techniques to provide security for wireless users. Most of these techniques aren't unique to Mobile Information Server but are proven industry techniques that are widely used for wired communications.
Contrary to popular belief, radio frequency (RF) wireless links are the most secure part of data transfer between the enterprise and a wireless device. Data encryption is built directly into network protocols such as GSM.
In addition to bearer encryption and use of technologies such as GSM, application-level encryption provides end-to-end protection between the device and Mobile Information Server. Because data sent over a wireless infrastructure takes several hops, encryption and decryption must occur several times, and the method of data encryption varies depending on whether browse or notification is occurring. Application-level wireless browse security is similar to security used for Web applications over wired networks. A wireless-device user who initiates a request for data must be authenticated, which requires that the user's credentials travel securely from the wireless device through the Mobile Information Server system to the back-end server. Mobile Information Server uses application-level encryption techniques at each hop.
- Wireless Transport Layer Security (WTLS) secures the transaction between the wireless device and the WAP gateway.
- Secure Sockets Layer (SSL) encryption provides security between the WAP gateway and Mobile Information Server.
- IP Security (IPSec) typically encrypts the transmission between the Mobile Information Server system and the corporate data source. Even if IPSec isn't used, data traveling from the demilitarized zone (DMZ) to the internal network isn't open to external interception.
Application-level wireless notification security works a bit differently than browse security and depends on whether you use SMS or SMTP. Microsoft recommends establishing a VPN connection from the Enterprise Edition server to the Carrier Edition server. The VPN transmits encrypted notifications from Enterprise Edition event sources to the carrier network. If Carrier Edition isn't available, notifications are sent unencrypted through SMTP.
AD serves as a single source for information such as logon credentials and access rights and plays a key role in Mobile Information Server security. When the user connects to Mobile Information Server applications, Mobile Information Server prompts the user to log on with a username and password. Microsoft recommends that for maximum security, you require strong passwords and configure wireless users to use wireless account aliases that have limited network access. Wireless aliases are separate user accounts that you configure as part of the Mobile Information Server installation to allow access only to wireless resources. You can set up wireless aliases in the primary enterprise domain or in an auxiliary domain you create specifically for wireless users.
However, auxiliary domains and user account aliases increase the complexity of the wireless system. Unless you require more than basic security that encrypts network authentication details from the wireless device to the corporate system, giving wireless users access to the primary domain and user accounts should be sufficiently secure. This approach also provides full access to all appropriate intranet wireless resources. If you implement encryption with WTLS, SSL, IPSec, and a VPN, the wireless system approaches the known and accepted security level of wired solutions.
Finally, the Mobile Information Server system should live in the DMZ outside the host's internal firewall but inside the host's external firewall. Putting Mobile Information Server in the DMZ ensures that a user who accesses the server can't access intranet resources without being authenticated.
New Technology, New Opportunities
If you're considering implementing wireless technology in your enterprise, you'll need to consider the technology's Return on Investment (ROI). Wireless solutions are high-tech and cool, but you need to decide whether to implement them based on whether they can deliver benefits and profits to the enterprise. Some early adopters of wireless solutions have achieved promising results. For some insights into analyzing ROI, see the sidebar "Return on Investment."
Mobile Information Server incorporates tight integration with AD and Exchange 2000 as well as industry-standard wireless application and security protocols to provide a solid platform on which developers can build wireless enterprise applications. Although wireless email solutions are likely to make up the first wave of wireless solutions, Mobile Information Server makes possible virtually any type of wireless enterprise application.
End of Article
Prev. page
1
2
[3]
next page -->
