The OP's IT Department explained the situation correctly. Besides some bay area startups, you will not see iPhone's access to corporate mail servers this year.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
My IT Department's response to the iPhone
- Thread starter jersey10
- Start date
- Sort by reaction score
If the OP's company is as strict as mine, there's no way he/she would get away with that. In an IT dept that strict they probably watch every outgoing email, and that would be considered a security breach.
Maybe I am just talking from the perspective of my experience, but it's very difficult to get around an IT dept that does not want you to have personal access at work.
what is so different with a windows mobile phone being able to use exchange and the iPhone with 2.0. I know people at work with windows mobile point to the webmail address and use their user name and password to log in. And everything syncs up. Is there a possibility the iphone 2.0/3g cant? Sorry for a repeat question.
I run an IT dept with exchange 2003 and setup the Exchange Push email when it was released. i have various windows mobile devices running on the push email and have found it very easy to setup. the only problem i can see is that my setup requires a security certificate to connect. apart from that it was very easy.
okay so here's what you should do. this is assuming you're at least on exchange 2003 SP2.
Go into Exchange System Manager - Global Settings - Mobile Services - Properties
Check all the boxes in Active Sync & Outlook Mobile Access
Go into Active Directory & drill down to the user with the smartphone
Go to the user properties & make sure all the OMA options are enabled under the Exchange Features tab
You can test your progress by pulling up a browser & going to https://owaservername.com/OMA you should get a login prompt. just enter your username & it should load a VERY barebone owa-type page. it'll just list a few folders & commands. you really just want to make sure you can login. if you can login, you've gotten the "hard" part taken care of.
On the smartphone, you would have something like Versamail (which is free off the palm website & includes the exchange push). You go into the email account settings for versamail & point the address of your server to https://owaservername.com/exchange
each phone with each provider is a bit different. but we do have a few employees here that use treo smartphones with verizon service. as long as you can get into the exchange push settings on the smartphone to point it to your OWA address, you're golden.
the most common mistake i've seen with any employee getting a smartphone, tilt, blackberry, nokia, etc is that they sign up for the wrong plan. they'll get the personal email plan & not the corporate email plan. that is required to get exchange push on the phone.
okay so here's what you should do. this is assuming you're at least on exchange 2003 SP2.
Go into Exchange System Manager - Global Settings - Mobile Services - Properties
Check all the boxes in Active Sync & Outlook Mobile Access
Go into Active Directory & drill down to the user with the smartphone
Go to the user properties & make sure all the OMA options are enabled under the Exchange Features tab
You can test your progress by pulling up a browser & going to https://owaservername.com/OMA you should get a login prompt. just enter your username & it should load a VERY barebone owa-type page. it'll just list a few folders & commands. you really just want to make sure you can login. if you can login, you've gotten the "hard" part taken care of.
On the smartphone, you would have something like Versamail (which is free off the palm website & includes the exchange push). You go into the email account settings for versamail & point the address of your server to https://owaservername.com/exchange
each phone with each provider is a bit different. but we do have a few employees here that use treo smartphones with verizon service. as long as you can get into the exchange push settings on the smartphone to point it to your OWA address, you're golden.
the most common mistake i've seen with any employee getting a smartphone, tilt, blackberry, nokia, etc is that they sign up for the wrong plan. they'll get the personal email plan & not the corporate email plan. that is required to get exchange push on the phone.
I already raised an issue with this about half a dozen posts above yours:
From the SDK blurb:
So, unless you can show this is not the case, it seems that they do have to go through the app store and Apple have to approve their apps.
I believe they mean they have to approve publicly available third party apps.
Corporate apps would get their own private page. Which, as I've been saying for some time now, will not be acceptable at many businesses.
Not only does it sound like a security nightmare ("you let WHO host our app?" or "you let our app sit OUTSIDE our Intranet, are you insane? you're fired"), but it totally ignores a lot of infrastructure support that many apps have.
For example, access. Access is often controlled by one-time passwords such as with the common SecurId electronic token... connected to corporate security servers.
Secondly, revisioning. Many times you have to roll back a version. Or when giving one out, it must be tied to that person's account. Often there are custom built programs to do this. Or again, the necessity to access corporate databases.
Unless corporations can host their own onsite, totally independent "store", Apple has once again choked off their best potential business customers... the ones with tens of thousands of users.
While they are obviously trying to appeal to business to some extent with Exchange support, I think you're probably overestimating how important big businesses are to Apple. After all, in the computer market they've pretty obviously been aiming at home users and small businesses for years now, with great success. I'm sure they could make a pretty good success of the iPhone by aiming it at the same market segments.
If the infrastructure is already setup for ActiveSync on Windows Mobile phones, then you're good to go: It works exactly the same on iPhone. The issues arise when ActiveSync hasn't been enabled at all
Are your mail servers directly connected to the outside world?
I think some companies (and the government) have mail relays face the outside world and have OWA/ISA servers that allow webmail access to exchange. All the while making sure the actual exchange servers are behind a firewall. The problem is if you don't already have webmail set up you either have to expose your exchange servers to the outside world (not bloody likely for some mail systems) or purchase another server (OWA/ISA) and spend the time setting it up in the DMZ.
You could, just list the stuff in a word document.
And if you have to store it on Apple's servers and Apple don't keep it secure you can sue. Anything else is just being totally and utterly paranoid. I assume the contract will say that they take responsibility for keeping your files secure.
I'm sure Apple will allow you to re-upload an old version.
I'm sure that'll be possible.
Why wouldn't that be doable?
What ports need opening. As far as i was aware the only ports that need opening are HTTPS and HTTP. and if you have outlook web access enabled on the server they should be allready open. i only have SMTP, HTTP & HTTPS open directly to my server and it works fine. Also exchange 2003 SP2 has the facility to do push emails
our server is dirtectly on the internet behind a dedicated hardware firewall. the only ports that are allowed through are http https and smtp. we have AV,Spam filters on the server
that is because i am nice. also i am incharge of the IT and i want push email on my iPhone. and it was free to setup. no license fee or anything
They are the only ports that need opening. The issue with many "Enterprise Class" customers is that there is no way they will ever expose their Exchange Servers to the outside world like that - they will likely have them behind relay servers that do AV scanning, etc, before forwarding emails onto the actual exchange servers. Great if you want a secure mail service that cannot be accessed from outside the corporate domain (except for incoming / outgoing mail as above). Not so great if you want ActiveSync...
Meaingless, considering the breaches even at banks these days. Or server outages. And I can't imagine any Washington DC entity storing secure apps at Apple. There will be many places that need local, independent hosting.
Whenever I do an app for say, a large company with 10,000 salespeople or 20,000 delivery people, or even 10 Pentagon members, then I need to be able to do the following:
1) Only allow access to those with a secure card. That means the Apple Store must be tied to a secure card server. And that means the connection must be internal, not over the internet to some host at Apple.
2) Tie a version to a user. That means the Apple Store must consult remote databases. I don't think Apple's hosts are going to be programmable so that we can set them up to talk to a private database and deliver the correct version. Even if they could, see (1) above.
This is just the tip of the iceberg. Again, there needs to be local hosting abilities for many places, or they won't be able to go with an iPhone.
I'm just saying that Apple isn't set up to support them in this case. Many companies / entities want to be in control of their own assets. Not give away control to Apple.
Change control is at the heart of SOx - and that includes installing any IT kit onto a network or reconfiguring business systems that hold financial data within a live environment. Anything that has a risk to the financial well-being of the business falls within the remit of SOx, including email servers, ERP systems (or any other server that, if fails, could impact the business or where it needs to be secured against fraudulent activity etc).I don't have any links to hand to point you to except to say that I've recently been through a hefty IT SOx audit where all infrastructure change control was looked at.
I got some links (see a few posts up). It is normally good practice to log changes made, I just didn't realize that SOX could "mandate" some sort of change control for non financial systems. It seems like when a financial system can be indirectly or directly affected by IT changes stuff is supposed to get logged.
I don't envy you guys. But then again, I work in government IT so our rules are a little "different"
.My friend got a sprint htc touch and just pointed to our webmail address which is webmail2.amamd.com/exchange and everything works perfect. With that in mind is that how the iphone will work?
Should be the same. my old phone befor the iPhone was a HTC wizard (rebranded o2 XDA mini) that is all i had to do once i setup exchange.
Aren't audits fun!
SOX goes way deeper than most people imagine. Depending on your industry (Financial in my case), they have differing requirements. We safe store over a billion rows of data each and every day that has to be stored off-site for a period of seven years. SOX costs the financial industry huge amounts of money. It also has to be recallable on demand, so if we had a system that hasn't been used for 5 years and they want to see data from 6 years ago, we keep old systems buzzing just in case. Old tape readers, old systems, etc.. The paper trail and documentation are required for a couple of government organizations. We get audited every 5 or 6 years and hand over small libraries of documentation (They still like printed copies
). In terms of iPhone support, most shops will probably sit tight and wait for the Gartner type evaluations as well as the various security firms reports. Once that takes place, small pilot programs and finally a budgeted project.
Like most of the other IT Guys have added, there's hurdles to all of this. I don't see this happening in a big way until the 2009-2010 timeframe and maybe one or two more firmware updates.
Question for you: My company already allows OWA. I use it all the time when I don't have access to a full Outlook client from my laptop/desktop. If we already have OWA, does that mean Activesync is enabled already? If so, what info do I need to enter in the new iPhone to allow push email? Right now I need domain/username/password to login to OWA. Is that all that I would need for push email?
I am just gathing info to use if I have to run this by my IT group. Is there a way for me to check/test on my own to see if Activesync is already enabled?