In my last column, I began an in-depth look at Microsoft's Mobile Information 2001 Server (MMIS) by discussing some of the MMIS platform's main features. This week, I continue with these topics and look more closely at the recommended architecture and security considerations.
Although you can host Microsoft Mobile Information Server Enterprise Edition (MMIS-EE) in several configurations, Microsoft recommends that you locate MMIS-EE within your enterprise's demilitarized zone (DMZ). This configuration lets you open external firewall ports to allow Internet access on ports 80 (HTTP) and 443 (Secure Sockets Layer—SSL). You can then use the necessary ports to configure your internal firewall so that MMIS-EE can connect to a Microsoft Exchange Server system and other enterprise data sources. Be aware that MMIS-EE is a member server of your domain, so no Active Directory (AD) information resides locally; MMIS performs all authentication requests internally against the AD domain controller (DC) or BDC. Also, if you plan to support more than 4000 users in one region or if you have multiple Exchange servers in different regions, Microsoft recommends that you implement a separate MMIS-EE server for each region.
MMIS Security Features
Security is a primary concern with any enterprise system, especially with mobility solutions. MMIS offers several features to help you ensure security. First, you can use an IP Security (IPSec)-based VPN to connect MMIS-EE and Microsoft Mobile Information Server Carrier Edition (MMIS-CE). This connection ensures that any notifications you transmit to mobile users travel securely to the carrier network.
Second, you can also use IPSec to secure transmissions among MMIS-EE, Exchange, and other enterprise servers. This precaution is particularly important if you're using an Application Service Provider (ASP) for Exchange-hosted services.
Third, MMIS-EE supports application-level security with SSL and Wireless Transport Layer Security (WTLS). To implement this type of security, you must install SSL certificates in IIS on the MMIS-EE server. You can then reference Outlook Mobile Access (OMA) and Intranet Browse applications with HTTPS, so that data is secured by 40-bit encryption as the information travels between the wireless device and MMIS-EE.
Fourth, MMIS-EE lets you securely use alias accounts and auxiliary domains. When you implement MMIS-EE, you can store mobile-user details and permissions in separate alias accounts and link that alias account information to the user's primary enterprise account. These aliases let you isolate wireless users so that if a hacker intercepts one of these users' logon details, the hacker can't use that logon information without gaining access to MMIS-EE for general network access.
Over the past 2 weeks, Microsoft has released several press releases regarding its mobility solutions. First, several vendors are now offering Pocket PC 2002 devices. (For more information about these new devices, see John Ruley's commentary later in this newsletter.) Second, Microsoft has posted additional information about Mobile Information Server 2002 at the company's Web site. \[http://www.microsoft.com/miserver/overview/enterprise2002.asp\]
Another notable announcement about mobility solutions came from Onset Technologies, which features email-attachment support for WAP-enabled devices connecting to MMIS. These products include the ability to convert email attachments to text or to images that are viewable on WAP-enabled devices, and the ability to fax those attachments from your mobile device. For example, if you're at a hotel or with a client and you need the attachment, you can just fax it to the hotel fax machine. It's a very nice feature and an example of many things to come in this industry.
A final note to all readers: If you'd like me to cover specific topics in future issues of Mobile & Wireless UPDATE, email me at [email protected] Likewise, if you have specific questions about wireless computing, send them to me and I'll prepare an occasional Q&A feature. The mobile and wireless industry is growing rapidly, and I want to make sure you're getting the most relevant information. Next time, I'll continue to look at MMIS with an overview of MMIS-EE deployment.