Chapter 16
Managing Mobile Devices
In This Chapter
Looking at mobile devices
Configuring Windows Mobile devices for Exchange access
Examining BlackBerry and BlackBerry Enterprise Server (BES)
Considering security implications
A computer consultant once purchased a used BlackBerry device on eBay for $15.50. When he put in a new battery and turned on the device, he discovered that it contained confidential e-mails and personal contact information for executives of a well-known financial institution.
Oops!
It turns out that a former executive with the company sold his old BlackBerry on eBay a few months after he left the firm. He’d assumed that because he’d removed the battery, everything on the BlackBerry had been erased.
The point of this true story is that mobile devices such as smartphones and tablet computers pose a special set of challenges for network administrators. These challenges are now being faced even by administrators of small networks. Just a few years ago, only large companies had BlackBerry or other mobile devices that integrated with Exchange e-mail, for example. Now it isn’t uncommon for companies with just a few employees to have mobile devices connected to the company network.
This chapter is a brief introduction to mobile devices and the operating systems they run, with an emphasis on iPhone and Android devices. You find out more about how these devices can interact with Exchange e-mail and the steps you can take to ensure their security.
The Many Types of Mobile Devices
Once upon a time, there were mobile phones and PDAs. A mobile phone was just that: a handheld telephone you could take with you. The good ones had nice features such as a call log, an address book, and perhaps a crude game, but not much else. PDAs — Personal Digital Assistants — were little handheld computers designed to replace the old-fashioned Day-Timer books people used to carry around with them to keep track of their appointment calendars and address books.
All that changed when cellular providers began adding data capabilities to their networks. Now cellphones can have complete mobile Internet access. This fact has resulted in the addition of sophisticated PDA features to mobile phones and phone features to PDAs so that the distinctions are blurred.
A mobile device can be any one of a wide assortment of devices that you can hold in one hand and that are connected through a wireless network. The term handheld is a similar generic name for such devices. The following list describes some of the most common specifics of mobile devices:
Mobile phone: Primary purpose is to enable phone service. Most mobile phones also include text messaging, address books, appointment calendars, and games; they may also provide Internet access.
Smartphone: A mobile phone with advanced features not typically found on mobile phones. There’s no clearly drawn line between mobile phones and smartphones. One distinction is whether the phone can provide integrated access to corporate e-mail. The screen on a smartphone is typically bigger than the screen on a traditional cellphone, and most models (such as the iPhone and most Android devices) don’t have hard keyboards.
BlackBerry: BlackBerry devices are sophisticated PDAs that have cellphone capabilities. The most distinctive feature of BlackBerry devices is their capability to synchronize with Exchange e-mail servers to provide instant access to your corporate e-mail. Typically, this synchronization requires a special server — BlackBerry Enterprise Server (BES) — running on the corporate network. BlackBerry devices use a proprietary operating system (OS) developed by RIM.
iPhone and iPad: Apple’s iPhone has taken the smartphone market by storm. Although there are still more BlackBerry devices in use than iPhones, iPhone is gaining market share and may soon overtake BlackBerry. Unlike a BlackBerry, an iPhone doesn’t require a separate server to enable full Exchange mailbox synchronization.
Android: Android is an open source OS for smartphones, developed by Google. Android is designed in many ways to mimic the features of the iPhone, so experienced iPhone users will find Android phones to be very similar. At the time I wrote this chapter, the overwhelming majority of new smartphones being sold were Android devices.
Considering Security for Mobile Devices
As a network administrator, one of your main responsibilities regarding mobile devices is to keep them secure. Unfortunately, that’s a significant challenge. Here are some reasons why:
Mobile devices connect to your network via other networks that are out of your control. You can go to great lengths to set up firewalls, encryption, and a host of other security features, but mobile devices connect via public networks whose administrators may not be as conscientious as you.
Mobile devices are easy to lose. A user might leave her smartphone at a restaurant or hotel, or it might fall out of her pocket on the subway.
Mobile devices run OSes that aren’t as security conscious as Windows.
Users who wouldn’t dare install renegade software on their desktop computers think nothing of downloading free games or other applications to their handheld devices. Who knows what kinds of viruses or Trojans these downloads carry?
Inevitably, someone will buy his own handheld device and connect it to your network without your knowledge or permission.
Here are some recommendations for beefing up security for your mobile devices:
Establish clear, consistent policies for mobile devices, and enforce them.
Make sure employees understand that they aren’t allowed to bring their own devices into your network. Allow only company-owned devices to connect.
Train your users in the security risks associated with using mobile devices.
Implement antivirus protection for your mobile devices.
Managing iOS Devices
In 2007, the Apple iPhone, one of the most innovative little gadgets in many, many years, hit the technology market. As a result, in just a few short years, the iPhone captured a huge slice of a market dominated almost exclusively by RIM and its BlackBerry devices. Since then, the iPhone’s share of the mobile-phone market has grown beyond that of the former king, BlackBerry.
The success of the iPhone was due in large part to the genius of its OS: iOS. In 2010, Apple released the iPad, a tablet computer that runs the same iOS as the iPhone. And in 2012, Apple introduced a smaller version of the iPad: the iPad mini. Together, these devices are commonly known as iOS devices.
Understanding the iPhone
The iPhone is essentially a combination of four devices:
A cellphone
An iPod with a memory capacity of 8GB to 64GB
A digital camera
An Internet device with its own web browser (Safari) and applications, such as e-mail, calendar, and contact management
The most immediately noticeable feature of the iPhone is its lack of a keyboard. Instead, nearly the entire front surface of the iPhone is a high-resolution, touch-sensitive LCD display. The display is not only the main output device of the iPhone, but also its main input device. The display can become a keypad input for dialing a telephone number or a keyboard for entering text. You can also use various finger gestures, such as tapping icons to start programs or pinching to zoom in the display.
The iPhone has several other innovative features:
An accelerometer tracks the motion of the iPhone in three directions. The main use of the accelerometer is to adjust the orientation of the display from landscape to portrait based on how the user is holding the phone. Some other applications — mostly games — use the accelerometer as well.
A Wi-Fi interface lets the iPhone connect to local Wi-Fi networks for faster Internet access.
GPS capability provides location awareness for many applications, including Google Maps.
The virtual private network (VPN) client lets you connect to your internal network.
Of all the unique features of the iPhone, probably the most important is its huge collection of third-party applications that can be downloaded from a special web portal, the App Store. Many of these applications are free or cost just a few dollars. (Many are just 99 cents or $1.99.) As of this writing, more than 500,000 applications — everything from business productivity to games — were available from the App Store.
Understanding the iPad
The iPad is essentially an iPhone without the phone but with a larger screen. The iPhone comes with a 3.5" screen; the iPad has a 9.7" screen; and its smaller cousin, the iPad mini, has a 7.9" screen.
Apart from these basic differences, an iPad is nearly identical to an iPhone. Any application that can run on an iPhone can also run on an iPad, and many applications are designed to take special advantage of the iPad’s larger screen.
All the information that follows in this chapter applies equally to iPhones and iPads.
Integrating iOS Devices with Exchange
An iOS device can integrate with Microsoft Exchange e-mail. You must follow three procedures to make that integration possible:
1. Enable the Mobile Services feature of Microsoft Exchange.
2. Enable ActiveSync for the user’s mailbox.
3. Configure the iPhone to connect to the user’s Exchange mailbox.
The following sections describe these procedures.
Enabling Exchange Mobile Services
To enable an Exchange mailbox for an iOS device, you must enable the Exchange Mobile Services feature on the Exchange server. You must complete this procedure just once for each Exchange server. Here are the steps:
1. Log on to the Exchange server with an Exchange Administrator account.
2. Choose Start⇒Administrative Tools⇒Exchange System Manager.
3. In the navigation pane of Exchange System Manager, expand the Global Settings node.
4. Right-click Mobile Services and then choose Properties from the contextual menu.
The dialog box shown in Figure 16-1 appears.
5. Select all the check boxes on the General tab.
This step enables all the capabilities of Outlook Mobile Access.
Figure 16-1: Enabling Outlook Mobile Access.
6. Click OK.
7. Close Exchange System Manager.
You’re done!
Enabling ActiveSync for a user’s mailbox
After you enable Exchange Mobile Services for your Exchange server, you can enable ActiveSync for the user’s Exchange mailbox. Enabling ActiveSync allows the mailbox to be synchronized with a remote mail client such as an iPhone. Here are the steps:
1. Choose Start⇒Administrative Tools⇒Active Directory Users and Computers.
The Active Directory Users and Computers console opens.
2. Expand the domain and then locate the user you want to enable mobile access for.
3. Right-click the user and then choose Properties from the contextual menu.
4. Click the Exchange Features tab.
The Exchange Features options are displayed, as shown in Figure 16-2.
Figure 16-2: Enabling mobile access for a user.
5. Enable all three options listed under Mobile Services.
If the options aren’t already enabled, right-click each option and choose Enable from the contextual menu.
6. Click OK.
7. Repeat Steps 5 and 6 for any other users you want to enable mobile access for.
8. Close Active Directory Users and Computers.
That’s all there is to it. After you enable these features, any users running Windows Mobile can synchronize their handheld devices with their Exchange mailboxes.
Configuring an iOS device for Exchange e-mail
After ActiveSync is enabled for the mailbox, you can configure an iPhone or iPad to tap into the Exchange account by following these steps:
1. On the iPhone or iPad, tap Settings; tap Mail, Contacts, Calendars; and then tap Add Account.
The screen shown in Figure 16-3 appears.
Figure 16-3: Add an e-mail account.
2. Tap Add Account.
The screen shown in Figure 16-4 appears, allowing you to choose the type of e-mail account you want to add.
Figure 16-4: The iPhone can support many types of e-mail accounts.
3. Tap Microsoft Exchange.
The screen shown in Figure 16-5 appears, where you can enter basic information for your Exchange account.
Figure 16-5: Enter your e-mail address and logon information.
4. Enter your e-mail address, Windows username, and password.
For most installations, you should leave the Domain field empty. (If the e-mail configuration doesn’t work, come back to this screen, and enter your domain name here.)
5. Tap Next.
The screen shown in Figure 16-6 appears.
Figure 16-6: Enter your Exchange server information.
6. Enter either the DNS name or the IP address of your Exchange server in the Server field.
For example, if your Exchange server uses the name mail.mydomain.com, enter that in the Server field.
7. Tap Next.
The screen shown in Figure 16-7 appears. Here, you select which mailbox features you want to synchronize: Mail, Contacts, or Calendars.
Figure 16-7: Select features to synchronize.
8. Select the features you want to synchronize and then tap Done.
The e-mail account is created.
After the e-mail account has been configured, the user can access it via the Mail icon on the iPhone’s home screen.
Managing Android Devices
For the better part of a year, Apple had the touchscreen smartphone market all to itself. But in late 2008, T-Mobile released a touchscreen smartphone called the Dream, made by HTC. This smartphone was the first of many phones based on the Android OS developed by Google. Android-based phones are similar to iPhones in many ways, but they also have many differences. The most important difference is that the Android OS is available on many phones, whereas the iOS operating system is proprietary to Apple and available only on Apple devices.
This section is a brief introduction to the Android platform. You find out a bit about what Android actually is, and you discover the procedures for setting up Exchange e-mail access on an Android phone.
In many ways, Android phones are similar to iPhones. Like iPhones, Android phones feature a touchscreen display, have built-in MP3 music players, and provide access to a large library of downloadable third-party applications. In essence, Android phones are competitors with iPhones.
Crucial differences exist between Android phones and iPhones, however. The most important difference — in many ways, the only important difference — is that Android phones are based on an open source OS derived from Linux, which can be extended and adapted to work on a wide variety of hardware devices from different vendors. With the iPhone, you’re locked into Apple hardware. With an Android phone, though, you can buy hardware from a variety of manufacturers.
Looking at the Android OS
Most people associate the Android OS with Google, and it’s true that Google is the driving force behind Android. The Android OS is an open source OS managed by the Open Handset Alliance (OHA). Google still plays a major role in the development of Android, but more than 50 companies are involved in the OHA, including hardware manufacturers (such as HTC, Intel, and Motorola), software companies (such as Google and eBay), and mobile-phone operators (such as T-Mobile and Sprint-Nextel).
Technically speaking, Android is more than just an OS. It’s also a complete software stack, which comprises several key components that work together to create the complete Android platform:
The OS core, which is based on the popular Linux OS
A middleware layer, which provides drivers and other support code to enable the OS core to work with the hardware devices that make up a complete phone, such as a touch-sensitive display, the cellphone radio, the speaker and microphone, Bluetooth or Wi-Fi networking components, and so on
A set of core applications that the user interacts with to make phone calls, read e-mail, send text messages, take pictures, and so on
A Software Developers Kit (SDK) that lets third-party software developers create their own applications to run on an Android phone, as well as a marketplace where the applications can be marketed and sold, much as the App Store lets iPhone developers market and sell applications for the iPhone
Besides the basic features provided by all OSes, here are a few bonus features of the Android software stack:
An optimized graphical display engine that can produce sophisticated 2-D and 3-D graphics
GPS capabilities that provide location awareness that can be integrated with applications such as Google Maps
Compass and accelerometer capabilities that can determine whether the phone is in motion and in which direction it’s pointed
A built-in SQL database server for data storage
Support for several network technologies, including 3G, 4G, Bluetooth, and Wi-Fi
Built-in media support, including common formats for still images, audio, and video files
Perusing Android’s core applications
The Android OS comes preconfigured with several standard applications, which provide the functionality that most people demand from a modern smartphone. These applications include
Dialer: Provides the basic cellphone function that lets users make calls.
Browser: A built-in web browser that’s similar to Google’s Chrome browser.
Messaging: Provides text (SMS) and multimedia (MMS) messaging.
Email: A basic e-mail client that works best with Google’s Gmail but that can be configured to work with other e-mail servers, including Exchange.
Contacts: Provides a contacts list that integrates with the Dialer and Email applications.
Camera: Lets you use the phone’s camera hardware (if any) to take pictures.
Calculator: A simple calculator application.
Alarm Clock: A basic alarm clock. You can set up to three different alarms.
Maps: An integrated version of Google Maps.
YouTube: An integrated version of YouTube.
Music: An MP3 player similar to the iPod. You can purchase and download music files from Amazon.
Google Play: Lets you purchase and download third-party applications for the Android phone.
Settings: Lets you control various settings for the phone.
Integrating Android with Exchange
The Android’s core Email application can integrate with Microsoft Exchange e-mail. To do that, you must enable Exchange Mobile Services and then enable ActiveSync for the user’s mailbox. For more information, see the sections “Enabling Exchange Mobile Services” and “Enabling ActiveSync for a user’s mailbox,” earlier in this chapter.
After you enable Exchange Mobile Services and ActiveSync on your Exchange server, you can easily configure the Android phone for e-mail access. Just run the Email application on the Android phone, and follow the configuration steps, which ask you for basic information such as your e-mail address, username, password, and Exchange mail server.