Finally, after working here a year, corporate got around to upgrading from Exchange 5.5 To Exchange 2003. In case you don't already know, this opens up a bunch of options that are available in the new version. It didn't take long before I was exploring some of those options. Here are a few of the cooler things that I've configured.
OK, OK, OWA has been around for a long time. In fact, I was already configured to use OWA with my Exchange 5.5 Server. So what's so exciting about the new one? In a word, security.
While it's possible to secure OWA in Exchange 5.5, it's a whole lot easier in the newer version. I configured a Certificate Authority on my domain and issued a certificate to my Exchange server. Once this is done, I can now require my OWA site to use 128 bit encryption. Since only my clients are accessing the site, I can distribute the key to those clients. This effectively encrypts the data stream from my server to the client to reduce the possibility of valuable data or passwords being intercepted.
Once the site is secure, Forms Based authentication is configured. This provides a more robust method of removing any cached passwords from the client computer. This is important in that it prevents passwords from remaining on public computers, such as the ones that might be found in an airport terminal.
Got a cell phone? Can it access web pages? Ever need to get to email and don't have a PC available?
This is when OMA gets real handy. This is similar to OMA, but it's designed for the small cell phone, smart phone, and PDA screens. This is one way to make email available to those road warriors that don't want to have to break out a computer everytime they need to check an email real quick.
A lot of people don't realize this is available. In fact, Blackberry has made a fortune off the fact that a Windows CE device can't see new email on the Exchange server until that PDA is docked with a PC that can access that server. But wait. It can. The server can even push email to the PDA. Anywhere in the service area. Without the extra cost of a blackberry server or the pain of having to leave a computer on somewhere.
That's right. Nobody seems to know this, but Exchange server can push email to a Windows Smart Phone or PDA. ActiveSync can be configured to run across the Internet, making sure the email on your mobile device is always up to date with the latest email, calendar items, contacts, etc. It can be configured one of two ways. The device can be configured to poll the server at regular intervals. Say every five or ten minutes, the phone checks the server and downloads any updates. OR. The Exchange Server can be configured to send a text message calling for an update whenever a new mail item is received. Once the mobile device receives the text message, it checks the server and downloads the updates. This ensures that the mobile user gets new mail immediately. Make sure the mobile user has unlimited text messaging, though, since this is the method the server uses to notify the device of new mail.
In todays broadband connected homes, this works really well. Basically, the RPC packets that Outlook uses to connect to an Exchange Server get encapsulated inside a HTTP packet. This can then be secured with 128 bit encryption and sent over the Internet. The result is Outlook at home or on the road, acting exactly the same as Outlook in the office. No VPN required.
So here's how it works. On the server, configure an RPC Proxy server. This accepts the HTTP traffic, strips it down into RPC and forwards the request to the appropriate network server. There will be some security setups here for the certificate.
Most of the work is done on the client. The most effective method I've found is to copy the existing Outlook email profile and then changing Outlook to ask which profile to use. By copying the original profile, both profiles will use the same local cache file and prevent duplicate synchronizations. Then change the new profile to connect using HTTP. Make sure to check the boxes to "Connect using SSL" and "Mutually Authenticate" using the address msstd:server url where server url is the URL address of the Exchange server.
Keep in mind that the client must meet particular requirements in order for this to work. The client must be Windows XP running Office 2003. Things will work better if the URL for the Exchange server is listed in the "Trusted" list in Internet Explorer. This becomes even more important when moving to Internet Explorer 7. Finally, the Certificate that the server uses must be installed on the client. If you go to the OWA website using the same certificate and you get a certificate prompt, then RPC over HTTP will fail. Outlook will not prompt when this happens, it will just fail back to TCP/IP and the Internet connection will not work.
I've found that once this is configured correctly, this is a very reliable and user-friendly method of accessing Email across the Internet. Because it utilizes the Outlook client, the user has a consistent and familiar interface.