SmartPhones and the Global Address List

Microsoft has released a small piece of software that allows mobile devices to access the Global Address List within your Exchange environment. While ActiveSync is the agent most think of when SmartPhones are mentioned, this particular add-on actually leverages the Public Virtual Directory in IIS and not the ActiveSync agent. In this article, I will show you the program’s features and what you need to do to get it working in your environment. There are a few assumptions here; you are using ActiveSync to keep Pocket Outlook up to date with your Exchange Server 2003 mailbox and you have network connectivity to a Front End server or your Mailbox Server/Front End Server. Also, for this tool to work, the server you connect to must have the /Public virtual directory loaded in IIS. (It is there by default)

If you have read my blog, then you already know that I had a boating mishap during Spring Break. My MPX220, Garmin GPSV and my pride got dunked in salt water and damaged. The next week was spent discovering all the new features of Windows Mobile 5 on my brand new Cingular 8125 (HTC Wizard). Two irritating things I found right away was that my new $500 phone did not have the new AKU 2.0 up-to-date features and Windows Mobile 5 still has no access into the Global Address List. After days of searching, I found that Cingular may one day post an update for AKU 2.0 and Microsoft has an excellent add-on for mobile devices called Microsoft Global Contact Access.

Microsoft Global Contact Access

There are two flavors of this application. One is roughly 400K and is designed for the smaller SmartPhone screens and the other is 700K and is better suited for Pocket PCs. The Samsung i700, the Palm Treo 700W and Cingular 8125 devices are technically both, but you would be encouraged to use Pocket PC applications for the most part since those are formatted for the larger screens and usually comes with a few more features. The download locations for each are located on the downloads page of the Windows Mobile add-on site:

http://www.microsoft.com/windowsmobile/downloads/global/default.mspxnewtools

Installation is easy as you need only to run the setup on your machine and let ActiveSync install the application. For you propeller heads, you can still just copy the CAB file to the device and launch it to install the application.

Once installed, you should notice three additional applications in the Start Men
u; Find Contact Online, New Email and New Meeting. If you are running the SmartPhone version you will not get the New Emailapplication.

New Meeting

Since the names are all self-explanatory, let’s just go over the basics first.

newmeetingNew Meeting fires up a meeting request pane. If you know the SMTP address of the attendees you wish to invite then you need only to key their addresses into the Attendees box. Remember to separate the names with a semi-colon.

If you want to choose these users from the GAL, then use the Find Contacts Online option from the Options selection at the bottom of the screen.

The Find Contact application is then launched. findcontactKey in the name of the person you wish to find and click Find to begin the launch. After the lookup is complete, you should see the results. Scroll down to choose the correct contact and click Done when you found the right one.

Note: If you have not configured the logon credentials for these new tools, you should then get prompted to enter your password and potentially the domain name, user name, server name, etc. These settings should match what you have already entered for the ActiveSync components.

freebusyNow things start to get really interesting. Now that you have selected all the attendees, the meeting time, subject line, notes, etc you can check the group’s free-busy data. (Yeah, you heard me right)

 

 

 

How Find Contact Works

As I mentioned before, these tools to not currently leverage ActiveSync. In my larger SmartPhone deployments, I have created new Virtual Servers in IIS (on the Front Ends) to support Active-Sync and NAT’ed these IPs and Virtual servers from the outside using only port 443. Of course Network Load Balancing is much better, but in some situations I can’t use it.

SmartPhonelockdownWhat you have with this design is the minimum footprint required to support ActiveSync synchronization over the wire. Unfortunately, this configuration is so locked-down; it will not allow the Find Contact features to work! Here is why:

ActiveSync uses GETS, POSTS and OPENS to synchronize against the /Microsoft-Server-ActiveSync application that is loaded on the Exchange 2003 Servers:

POST, /Microsoft-Server-ActiveSync, User=STEVEBRYANT&DeviceId=200687CAB5517E14783A6C62D31D4DC1&DeviceType=PocketPC&Cmd=GetItemEstimate&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C7I5801S74670R0S0L0H0P

So my locked down configuration works just peachy. Unfortunately, the Find Contact function must access the /Public virtual directory since that is where Free/Busy information is kept:

GET, /public/, Cmd=freebusy&start=2006-04-18T00:00:00-04:00&end=2006-04-19T00:00:00-04:00&interval=30&u=SMTP:Jason%2eSherry%40theproexchange%2ecom&u=SMTP:Steve%2eA%2eBryant%40theproexchange%2ecom

To ensure these online GAL-lookup features work, you will need to make sure the /Public virtual directory is loaded.

This does not mean that you need any of the OWA tools installed though. Mobile ActiveSync and the GAL Lookup tools will work just fine using minimal components in IIS. Loading the Public virtual directory will provide support for the necessary Cmd=freebusy and Cmd=galfind commands as the Find Contact application does not use the web controls needed for OWA.

New locked down design

What we have learned is that these new features are very important to Windows Mobile users so your design should allow for access.

newSmartPhonelockdown

As I mentioned before, this design would be far more sophisticated with Network Load Balancing on the Front End Servers and some type of reverse-proxy server such as ISA 2004 or Firepass F5 between the Internet clients and the Front End servers. It is also important to note that the ONLY port that should be opened is 443.

 

Advertisements