iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment

Table of Contents

iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introduction to iPhone with Exchange Server 2010

Overview of Apple iOS device range and features

Overview of Microsoft Exchange Server 2010

Competing products

Core features of Exchange Server 2010

Mobility features

Exchange Server licensing and versions available

Overview of Office 365 and Exchange Online

Complementary features

Integration with on-premises systems

Versions available

Overview of Exchange ActiveSync

Overview of provisioning

Summary

2. Architecture and Implementation Planning

Overview of Exchange Server 2010 roles

Client Access Role

Providing high availability for the Client Access Role

Client Access Arrays

Hardware or Virtual Load Balancers

Mailbox Role

Providing high availability for the Mailbox role using Database Availability Groups

Replication technology

Site resilience

Hub Transport Role

Mail Routing in Exchange Server 2010

Providing high availability for the Hub Transport Role

Edge Transport Role

Providing high availability for the Edge Transport Role

Alternatives to using the Edge Transport Role

Unified Messaging Role

Providing high availability for the Unified Messaging Role

Active Directory

Capacity planning for Exchange ActiveSync clients

Our example organization

Combined Client Access/Hub Transport/Mailbox Server Role requirements

Load Balancer

Active Directory considerations

Planning for namespaces and certificates

Subject Alternative Name certificates

Network configuration

Summary

3. Exchange Server Configuration for iOS Connectivity

More about our example environment

Network diagram

IP addressing

Installation of Microsoft Exchange Server 2010

Basic server configuration

Disk configuration

Network configuration

Obtaining installation media

Active Directory preparation

Installation of pre-requisites

Installation of Exchange Server 2010

Configuring Microsoft Exchange Server 2010

Configuring databases

Configuring the Database Availability Group

Configuring the Client Access Array and Load Balancing

Configuring DNS names

Configuring certificates

Configuring Outlook Anywhere

Configuring Send Connector

Configuring accepted domains and Receive Connectors

Testing client connectivity

Creating a test Mailbox

Testing basic client connectivity

Testing AutoDiscover and ActiveSync functionality

Testing iPhone connectivity

Summary

4. Office 365 Configuration for iOS Connectivity

Sign-up process for Office 365

Domain and DNS configuration

Testing and troubleshooting

Checking DNS entries

Creating accounts

Testing the account using Outlook Web App

Checking ActiveSync connectivity

Connecting an iOS device to Office 365

Summary

5. Creating and Enforcing Policies

The purpose of Exchange ActiveSync policies

Exchange ActiveSync policies

Require Password

Allow Simple Password

Minimum Password Length

Require Alphanumeric Password

Time without user input before the password must be re-entered

Password Expiration Policy

Enforce Password History

Device Encryption

Include Past E-mail Items (Days)

Allow Direct Push while Roaming

Allow Camera

Allow Browser

Creating and managing ActiveSync Mailbox policies

Using Exchange Management Console

Modifying the default policy

Creating a new policy

Assigning the new policy to a Mailbox

Using Exchange Control Panel

Modifying the default policy

Creating a new policy

Assigning the new policy to a Mailbox

Using Exchange Management Shell

Modifying the default policy

Creating a new policy

Assigning the new policy to a Mailbox

Restricting device types

Summary

6. Configuring Certificate-based Authentication in Exchange Server 2010

Overview of certificate-based authentication

Considerations for certificate-based authentication

Installation of the certificate authority

Configuration of the certificate authority

Provisioning and publishing user certificates

Creating the Enrolment Agent certificate

Creating a certificate on behalf of a user

Configuring Exchange Server 2010 for certificate-based authentication

Configuring IIS pre-requisites

Configuring Exchange ActiveSync

Testing certificate-based authentication using Outlook Web App

Summary

7. Provisioning iOS Client Devices

Overview of device Configuration Profiles

Obtaining and installing the iPhone Configuration Utility

iTunes and device activation

Creating Configuration Profiles for users

General

Passcode

Restrictions

Exchange ActiveSync

Subscribed calendars

Credentials — embedding the User certificate

Other options

Wi-Fi and VPN

E-mail, LDAP, CalDAV, and CardDAV

SCEP and Mobile Device Management

Deploying Configuration Profiles to devices using the iPhone Configuration Utility

Device activation

Deploying the Configuration Profile

Creating a generic Configuration Profile

Deploying a generic Configuration Profile from the Exchange Server

Configuring IIS

Installing the generic Configuration Profile on devices

Summary

8. Sharing Mailboxes and Calendars

Overview of shared mailboxes

Challenges associated with shared mailboxes

Creating and connecting users to shared mailboxes

Creating a shared mailbox

Granting permissions

Accessing the shared mailbox using Outlook

Accessing the shared mailbox using Outlook Web App

Configuring a shared mailbox for iOS device access

Methods to connect iOS devices

Connecting an iOS device manually

Connecting an iOS device using an iPhone configuration profile

Overview of iCal calendar sharing

Configuring iCal calendar sharing

Enabling Calendar Publishing

Configuring Sharing Policies

Sharing iCal calendars

Using Outlook Web App to publish a calendar

Using Outlook 2010 to publish a calendar

Connecting iOS devices to Shared Calendars

Adding calendars on an ad-hoc basis

Using the iPhone Configuration Utility to add shared calendars

Summary

9. iOS Client Device Management

Identifying iOS devices in use

Viewing an individual user's ActiveSync devices

How ActiveSync information is stored in Active Directory

Viewing and managing a user's ActiveSync devices using Exchange Management Console

Exporting ActiveSync device information

Using the Export-ActiveSyncLog command

Obtaining more detailed information

Troubleshooting connection problems for iOS devices

Testing ActiveSync functionality

Analyzing reports

Enabling device-side logging

Using administrator features for disabling and remote wipe of devices

Disabling ActiveSync for a user

Using remote wipe

End-user features for remote wipe of devices

Summary

Index

iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment

iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment

Copyright © 2012 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: March 2012

Production Reference: 1130312

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-84969-148-2

www.packtpub.com

Cover Image by Siddharth Ravishankar (<[email protected]> )

Credits

Author

Steve Goodman

Reviewers

Jeff Guillet

Laercio Simoes

Henrik Walther

Acquisition Editor

Wilson D'souza

Lead Technical Editor

Shreerang Deshpande

Technical Editor

Vanjeet D'souza

Project Coordinator

Joel Goveya

Proofreader

Aaron Nash

Indexer

Monica Ajmera Mehta

Production Coordinator

Aparna Bhagat

Cover Work

Aparna Bhagat

About the Author

Steve Goodman has worked in the IT industry for over 12 years and is currently a Technical Architect at one of the UK's leading IT services providers, working on the design and delivery of Exchange, Active Directory, and Virtualization solutions for organizations across the UK.

When he's not helping companies improve their IT infrastructure, he regularly writes about Exchange, Office 365, and PowerShell topics on his website (http://www.stevieg.org/). A multiple MCITP, MCSE, and MCT, Steve was also awarded the MCC Award in 2011 by Microsoft for his contributions to the Exchange community.

I'd like to thank my wonderful wife Lisa, and beautiful daughter Isabelle for all their love and patience throughout the writing of this book; and being there for me when I needed kind words of support.

I'd also like to thank my technical reviewers, Henrik Walther, Jeff Guillet, and Laercio Simoes for their support with this book and their continuing dedication and contributions to the Exchange community.

About the Reviewers

Jeff Guillet is an Exchange 2010 Microsoft Certified Master and MVP. He works as a senior consultant for ExtraTeam, a Microsoft Gold Partner, in Pleasanton, CA. Jeff holds MCITP:Enterprise Administrator, MCITP:Enterprise Messaging Administrator, MCITP:Lync Administrator, and CISSP certifications.

Jeff is the co-author of Windows Server 2008 Hyper-V Unleashed. He was the technical editor of the books Lync Server 2010 Unleashed and Windows Server 2008 Unleashed, and also a contributing author of several books including Exchange Server 2010 Unleashed, Windows Server 2008 R2 Unleashed, and Exchange Server 2007 Unleashed, all books from Sams Publishing.

He also publishes the well-known EXPTA {blog}, a technical blog with over one million readers worldwide. Please visit http://www.expta.com for the latest Exchange news.

Laercio Simoes has 20 years' experience in Software Development. A PhD in Electrical Engineering, he graduated from the Singularity University. He has won multiple awards in several entrepreneur contests.

He runs a startup company (http://www.hpcbrasil.com/) and is currently building a medical platform data platform (http://www.flextracker.com.br/).

This is his first book as a reviewer.

To my wife Gislaine and my kids Maria Clara, Giuseppe, and Miguel.

Henrik Walther is a consultant working with Microsoft Consulting Service (MCS) at Microsoft Denmark. Here his primary working areas is Exchange on-premise and Office 365 solutions for the largest customers in Denmark. He has been in the IT industry for more than 17 years primarily working with Microsoft BackOffice solutions such as Exchange Server. Henrik is usually involved in all phases of the project. More specifically the envisioning, planning, and design phases and often also the deployment and migration phases.

Prior to joining Microsoft, Henrik held the Exchange MVP for eight years and back in 2007, he became a Microsoft Certified Master: Exchange.

In addition to being a consultant at Microsoft, Henrik is a respected Technical Writer. Among other things, he's been on the team that did most of the Exchange 2007 related white papers for Microsoft IT Showcase as well as on the team that created questions for the Exchange 2010 MCP exams. He is currently contracted by Microsoft TechNet Exchange Product group to write content for the core Exchange documentation and the TechNet Wiki.

www.PacktPub.com

Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

http://PacktLib.PacktPub.com

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print and bookmark content

On demand and accessible via web browser

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

Have you been tasked with getting iPhones into the hands of your business executives, and need to ensure they can reliably and securely access corporate e-mail? This book will teach you what you need to know about getting Exchange 2010 set up and then help you deploy iPhones in a secure and manageable way.

Starting with the basics, you'll learn about what Apple mobile devices have to offer and how they have evolved into devices suitable for business use. If you're new to Exchange Server 2010, you'll learn the basics of Microsoft's world leading messaging suite, before learning how to plan, install, and configure a highly available Exchange environment. You will also understand how to configure Office 365 and learn how both can be configured to apply policies to iPhone, iPad, and the iPod Touch. You'll also learn how to configure advanced features, such as certificate authentication, how to create and deploy configuration profiles for devices, and how to manage your devices once they are in the hands of your users.

After reading this book, you will be confident about introducing Apple mobile devices into your organization.

What this book covers

Chapter 1, Introduction to iPhone with Exchange Server 2010 introduces the Apple mobile device range and Exchange Server 2010 starting with the fundamentals and explaining the concepts used in later chapters.

Chapter 2, Architecture and Implementation Planning covers planning the architecture that you will need in place for Exchange Server. You'll learn about the individual Exchange Server roles and how to plan your underlying infrastructure so it not only allows Apple mobile devices to connect, but meets the needs of your company.

Chapter 3, Exchange Server Configuration for iOS Connectivity follows on from the planning in the previous chapter to walk through the process of installing and configuring a highly available Exchange infrastructure that Apple mobile devices, amongst others, can connect to.

Chapter 4, Office 365 Configuration for iOS Connectivity looks at an alternative approach to configuring and running Exchange Server, by using Microsoft's Office 365. We'll see how this simplifies the implementation process and still allows us to connect and manage Apple mobile devices.

Chapter 5, Creating and Enforcing Policies explores how Exchange Server allows us to control end-user devices, from restricting the features that can be used on Apple mobile devices to ensuring only allowed devices can connect to your Exchange infrastructure.

Chapter 6, Configuring Certificate Based Authentication in Exchange Server 2010 walks through how to configure and manage a small public key infrastructure aimed at improving the security of your Exchange environment through the use of user certificates on Apple mobile devices.

Chapter 7, Provisioning iOS Client Devices introduces the iPhone Configuration Utility, the Apple tool specifically aimed at controlling Apple mobile device features and configuration, along with exploring the methods available to deploy profiles to mobile devices.

Chapter 8, Sharing Mailboxes and Calendars covers a variety of methods that allow you to overcome Exchange limitations for access to shared mailboxes from clients other than Outlook and how to configure advanced features in Exchange Server 2010 allowing users to share individual calendars in a way compatible Apple mobile devices.

Chapter 9, iOS Client Device Management the final chapter, explores the ongoing management tasks associated with a mobile device estate along with how to perform common troubleshooting and auditing tasks.

Who this book is for

This book is aimed at system administrators who don't necessarily know about Exchange Server 2010 or ActiveSync-based mobile devices. A basic level of knowledge around Windows Servers is expected, and knowledge of smartphones and email systems in general will make some topics a little easier. Experienced Exchange Server 2010 administrators will gain most value from chapter five onwards, as these chapters build upon a working Exchange 2010 organization.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Directories, files, and code in text are shown as follows: We uploaded the Configuration Profile to the C:\inetpub\wwwroot directory.

Any command-line input or output is written as follows:

C:\WINDOWS\SYSTEM32\INETSRV\APPCMD.EXE set config Default Web Site -section:system.webServer/security/authentication/clientCertificateMappingAuthentication /enabled:True /commit:apphost

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: We'll open the Windows Server 2008 R2 Server Manager and right-click on Roles.

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.

To send us general feedback, simply send an e-mail to<[email protected]>, and mention the book title through the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.

Piracy

Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at<[email protected]> with a link to the suspected pirated material.

We appreciate your help in protecting our authors, and our ability to bring you valuable content.

Questions

You can contact us at<[email protected]> if you are having a problem with any aspect of the book, and we