Email is by far the most widely used and arguably the most mission-critical enterprise application. Wireless enterprise email will be the wireless industry's killer application and will open the door for many other wireless enterprise applications. Microsoft Mobile Information 2001 Server is poised to fling that door wide.
Mobile Information Server is middleware that provides wireless access to Microsoft Exchange 2000 Server and Exchange Server 5.5 email, calendars, and contacts and to other enterprise data sources, such as Microsoft SQL Server databases. Most enterprise wireless email solutions available today (e.g., Palm VIIx, Research In Motion's—RIM's—BlackBerry) provide access to corporate email through POP3 and often require duplicating messages to an external consumer wireless email account. Wireless middleware is a more effective and secure method of accessing enterprise email from wireless or mobile devices. Acting as a proxy, wireless middleware lets mobile users access email and other enterprise data sources directly without forwarding or replicating messages and data to nonsecure external systems.
Like many companies, Microsoft is making a core shift toward wireless and mobile solutions through new products and services. Mobile Information Server is a key piece of that strategy. Mobile Information Server will ship with two built-in applications: Outlook Mobile Access and Intranet Browse. Outlook Mobile Access will let users access Exchange Server based personal information manager (PIM) data. Using Outlook Mobile Access, Mobile Information Server provides a view into users' mailboxes that's optimized for the small displays and constrained bandwidth that characterize wireless devices. Intranet Browse provides access to any intranet-hosted Wireless Application Protocol (WAP) application. (For an overview of WAP, see the sidebar "Wireless Application Protocol.") Mobile Information Server integrates closely with Windows 2000 and Exchange 2000 and has a strong security model based on Active Directory (AD).
An understanding of Mobile Information Server features and enabling technologies will help prepare you to implement this technology after it becomes commercially available later this year. My information is based on beta versions of the product, so some of the terminology and features I describe might change before Mobile Information Server's release to manufacturing (RTM).
Mobile Information Server Overview
Mobile Information Server, which Microsoft plans to release commercially in mid-2001, is one of Microsoft's .NET Enterprise Servers. Mobile Information Server comes in two editions: Enterprise Edition and Carrier Edition. Both editions of Mobile Information Server contain the same core components, but Carrier Edition includes additional functionality for carrier use. For example, Carrier Edition includes various connectors, such as the Short Message Service (SMS) connector, which provides direct access to the wireless carrier's SMS Center for direct SMS message delivery. The two editions work together to provide Mobile Information Server functionality, but you can also implement and operate them independently.
One key point to understand is that Mobile Information Server isn't a WAP gateway but rather is middleware for delivering services to mobile devices over wireless networks. WAP and pre-WAP (i.e., the Openwave UP.Link Server) gateways still are required between wireless networks (e.g., Global System for Mobile Communication—GSM, Code Division Multiple Access—CDMA, Cellular Digital Packet Data—CDPD) and wired networks (e.g., TCP, UDP).
Mobile Information Server contains two core components: the Message Processor and the Extensible Location Register. These core components provide data-processing functionality for different types of wireless devices. Mobile Information Server uses Microsoft Message Queue Services (MSMQ) to exchange messages between internal components. MSMQ isn't a core component of Mobile Information Server but must be installed on the same server. Developers can use the Mobile Information Server software development kit (SDK) to develop applications that interact with any corporate data source (e.g., AD, SQL Server, custom Exchange Server applications).
In addition to core components, Mobile Information Server contains data-source applications, device modules, event-source applications, administration components, and carrier connectors. Data-source application components interact with data sources to deliver data to the core (i.e., server) components. The core components in turn process, render, and route the data to the wireless device.
Mobile Information Server provides two basic types of functionality to wireless applications: browse and notification. Browse requires that a user initiate a URL request for a wireless application. Because the user initiates the interaction, this functionality is also known as data pull.
Notification alerts a user to events such as a SQL Server event or the arrival of an urgent message. Mobile Information Server sends the notification to the user as a short message through SMS, UP.Link Server Alerts, or (in the future) through a WAP push protocol. Message notification usually causes the wireless device to beep or vibrate to alert the user that a message has arrived. Notification functionality is also known as data push because the user doesn't need to take any action except to read the notification message. However, notifications can also involve data pull if, when users click a message to read it, they link to a browse application.
Device modules are COM objects that format data for the target device. A device module contains information—such as screen size, whether the device supports images, and maximum message size—for a particular device type. Mobile Information Server stores user device information—such as the device type, the device's SMTP address, and the wireless carrier the device uses—in AD. Mobile Information Server includes default device modules for plaintext devices (e.g., for SMS phone-service messaging) and for WAP 1.1 devices. As new devices enter the market, manufacturers will also provide modules that support the new devices. After Mobile Information Server is commercially available, you can expect to see modules and support for other device types, such as BlackBerry and Pocket PC.
Event-source applications react to events. Mobile Information Server predefines some events; developers of custom event-source applications will provide event sources for additional system and application events. Mobile Information Server sends notifications to devices depending on the event source's rules. For example, Outlook Mobile Access uses Exchange 2000 event sources to notify users when important messages are delivered to users' mailboxes.
Administration components provide administrative functionality for carrier connectors, device modules, event sources, and applications. The Microsoft Management Console (MMC) Mobile Information Server snap-in lets administrators configure and control Mobile Information Server components. This snap-in, in conjunction with other MMC snap-ins (e.g., for AD and Exchange Server), lets you control the entire Mobile Information Server system through the MMC interface.
As I mentioned, Mobile Information Server includes the Outlook Mobile Access and Intranet Browse applications. Outlook Mobile Access works like Outlook Web Access (OWA) for wireless devices: Outlook Mobile Access gives users access to their Exchange 2000 and Exchange Server 5.5 email, calendar, tasks, and contacts and to the Global Address List (GAL). Outlook Mobile Access users interact directly with their mailboxes to perform actions such as reading, replying to, forwarding, and deleting messages. Mobile Information Server carries out all actions in realtime and records updates immediately in the user's Exchange mailbox. Outlook Mobile Access requires Win2K and AD.
Intranet Browse provides access to any WAP application that the enterprise can host on intranet Web servers. The WAP application can be an out-of-the-box solution, such as a wireless sales automation application module from Siebel Systems, or a custom application that uses Wireless Markup Language (WML) and Active Server Pages (ASP). When you configure access to an intranet-hosted WAP application through Intranet Browse, you specify the WAP application's intranet location. Users access Intranet Browse applications by entering the appropriate URL from the wireless device. When the user connects, Mobile Information Server authenticates the user, then redirects the request to the intranet-hosted Web server.
In addition to the application and server components I've mentioned, Carrier Edition includes connectors, which connect Mobile Information Server to the carrier network and provide secure notification access to the device. When a carrier hosts Carrier Edition, the carrier's connector settings specify the URL for the carrier's Mobile Information Server. Enterprise Edition then uses HTTP to communicate with Carrier Edition.
Each network requires its own carrier connector to support devices. For example, AT&T Wireless Services, Sprint PCS, and VoiceStream Wireless network carriers require different carrier connectors. Carrier Edition enables Mobile Information Server to deliver SMS messages directly to the carrier network's SMS Center without requiring unencrypted SMTP transfer. When you don't use Carrier Edition, Mobile Information Server uses the SMTP carrier connector to deliver notifications to wireless devices.
As Mobile Information Server matures, more built-in and third-party applications will appear from Independent Software Vendors (ISVs) and wireless application service providers (WASPs). The number of wireless solutions that vendors could develop and deploy on the platform is endless. For example, a developer might create a Mobile Information Server stock trading application that lets the user set stock trading preferences through a Web browser. The application could use notification functionality to alert the user when a particular stock reaches a certain price point, and the user could use browse functionality to respond to the notification with a stock trade.
Microsoft also bundles Microsoft Outlook Mobile Manager with Mobile Information Server. Outlook Mobile Manager is client software that runs on a desktop and redirects messages to the mobile device as notifications. Outlook Mobile Manager features natural language processing, Microsoft IntelliShrink text compression, and mobility preferences to facilitate delivering Outlook data to the device. But because Outlook Mobile Manager runs on the user's workstation, the software's features are available only when the workstation is running. Thus, until Microsoft moves some of this functionality to the server, Outlook Mobile Manager isn't directly relevant to enterprise mobility solutions.
Infrastructure and Hosting
The infrastructure you need to support Mobile Information Server is similar to the infrastructure you need for other Internet applications. Figure 1 shows a sample infrastructure that includes the primary Mobile Information Server components and shows how those components interact with other enterprise servers. An enterprise, a carrier, or a WASP can host various infrastructure components. You might configure the components differently depending on your requirements, the number of users you want to support, and the security level you need.
Hosting Mobile Information Server in the enterprise data center provides maximum control and security. Because corporate hosting requires appropriate hardware, software, physical infrastructure, and staff resources, this approach usually is more costly than carrier- or WASP-hosted approaches. But now that WAP has officially entered the US market with Cingular Wireless's WAP service and VoiceStream Wireless's WebStream WAP service, corporate-hosted WAP gateways are possible in some cases.
Hosting Mobile Information Server will become a source of increasing revenue for carriers. Many carriers include WAP gateway services as part of their wireless Internet services and will use Carrier Edition to offer enterprise solutions. Such a carrier service will let wireless subscribers access corporate email systems through the carrier's infrastructure. An advantage of carrier-hosted solutions is that carriers will support the entire Mobile Information Server infrastructure. Economies of volume and a per-userper-month billing model should help carriers lower costs. Also, carriers can enhance security by implementing direct enterprise and carrier frame links (i.e., leased lines) to prevent data from entering public networks.
A WASP-hosted enterprise infrastructure will be another option for implementing wireless solutions. A WASP is a company that implements Mobile Information Server and other wireless infrastructure in addition to offering enterprise solutions. As with a carrier-hosted approach, the initial costs for the enterprise are lower than with a corporate-hosted solution. WASP hosting is likely to be the best choice for small companies. For large companies, a carrier or WASP's per-userper-month billing model can become a large ongoing expense that might exceed the cost of a corporate-hosted solution.
Wireless Device Support and Usability
When Microsoft releases Mobile Information Server, the platform will have device modules for only WML 1.1 and pre-WAP (Handheld Device Markup Language—HDML) cell phone technologies and devices that support SMS and SMTP notification functionality. To make the most of Mobile Information Server's functionality, devices should support browse and notification (e.g., WAP- and SMS-capable smart phones). You could initially use Mobile Information Server with Personal Digital Assistants (PDAs) that support SMTP or WAP functionality, but using browse or notification independently limits the value of the wireless application.
Using WAP and SMS phones is very different from using laptops and even PDAs. Phone screens are quite small and typically monochrome, and multitapping a phone's numeric keypad to enter letters of the alphabet is slow and awkward. Many articles and reviews attempt to discredit WAP because of this inferior cell phone interface. However, WAP isn't about surfing the Web on a cell phone, and WAP-based applications don't aim to replace or simulate the functionality of desktops or laptops. Rather, WAP applications let users access corporate data from virtually anywhere and at any time. This extended ability to access targeted and time-sensitive information is essential to many business users. Carriers that use WAP and pre-WAP technology to offer wireless Web services seem to miss this point when they advertise in the mainstream media.
For example, I use my WAP phone to access corporate email throughout the day when I'm not in my office or when firing up my laptop would be inconvenient. Although I can't easily write long email messages, I can check for important email messages and meeting requests. When something requires immediate attention, I can respond with a short email message or a phone call. I leave everything else until I can use my laptop and OWA. Thus, my wireless phone perfectly complements my laptop. Outlook Mobile Access lets me easily accept or decline meeting requests, access the GAL, and view and update my calendar. And I can use custom applications that my company has developed to enter my timesheets and access other functionality through Mobile Information Server's Intranet Browse component. Although getting used to this smart phoneonly approach took some time, I much prefer this one-device approach to available pager and PDA solutions.
Security
Security is the paramount concern for wireless as well as wired networks. Ensuring that the user is authenticated and can access only approved resources and that only the intended recipient can read information going to and coming from the server is vital. Mobile Information Server leverages several techniques to provide security for wireless users. Most of these techniques aren't unique to Mobile Information Server but are proven industry techniques that are widely used for wired communications.
Contrary to popular belief, radio frequency (RF) wireless links are the most secure part of data transfer between the enterprise and a wireless device. Data encryption is built directly into network protocols such as GSM.
In addition to bearer encryption and use of technologies such as GSM, application-level encryption provides end-to-end protection between the device and Mobile Information Server. Because data sent over a wireless infrastructure takes several hops, encryption and decryption must occur several times, and the method of data encryption varies depending on whether browse or notification is occurring. Application-level wireless browse security is similar to security used for Web applications over wired networks. A wireless-device user who initiates a request for data must be authenticated, which requires that the user's credentials travel securely from the wireless device through the Mobile Information Server system to the back-end server. Mobile Information Server uses application-level encryption techniques at each hop.
- Wireless Transport Layer Security (WTLS) secures the transaction between the wireless device and the WAP gateway.
- Secure Sockets Layer (SSL) encryption provides security between the WAP gateway and Mobile Information Server.
- IP Security (IPSec) typically encrypts the transmission between the Mobile Information Server system and the corporate data source. Even if IPSec isn't used, data traveling from the demilitarized zone (DMZ) to the internal network isn't open to external interception.
Application-level wireless notification security works a bit differently than browse security and depends on whether you use SMS or SMTP. Microsoft recommends establishing a VPN connection from the Enterprise Edition server to the Carrier Edition server. The VPN transmits encrypted notifications from Enterprise Edition event sources to the carrier network. If Carrier Edition isn't available, notifications are sent unencrypted through SMTP.
AD serves as a single source for information such as logon credentials and access rights and plays a key role in Mobile Information Server security. When the user connects to Mobile Information Server applications, Mobile Information Server prompts the user to log on with a username and password. Microsoft recommends that for maximum security, you require strong passwords and configure wireless users to use wireless account aliases that have limited network access. Wireless aliases are separate user accounts that you configure as part of the Mobile Information Server installation to allow access only to wireless resources. You can set up wireless aliases in the primary enterprise domain or in an auxiliary domain you create specifically for wireless users.
However, auxiliary domains and user account aliases increase the complexity of the wireless system. Unless you require more than basic security that encrypts network authentication details from the wireless device to the corporate system, giving wireless users access to the primary domain and user accounts should be sufficiently secure. This approach also provides full access to all appropriate intranet wireless resources. If you implement encryption with WTLS, SSL, IPSec, and a VPN, the wireless system approaches the known and accepted security level of wired solutions.
Finally, the Mobile Information Server system should live in the DMZ outside the host's internal firewall but inside the host's external firewall. Putting Mobile Information Server in the DMZ ensures that a user who accesses the server can't access intranet resources without being authenticated.
New Technology, New Opportunities
If you're considering implementing wireless technology in your enterprise, you'll need to consider the technology's Return on Investment (ROI). Wireless solutions are high-tech and cool, but you need to decide whether to implement them based on whether they can deliver benefits and profits to the enterprise. Some early adopters of wireless solutions have achieved promising results. For some insights into analyzing ROI, see the sidebar "Return on Investment."
Mobile Information Server incorporates tight integration with AD and Exchange 2000 as well as industry-standard wireless application and security protocols to provide a solid platform on which developers can build wireless enterprise applications. Although wireless email solutions are likely to make up the first wave of wireless solutions, Mobile Information Server makes possible virtually any type of wireless enterprise application.
