Installing an Exchange Server 2003 Server for Mobile Access

The installation of an Exchange 2003 server for mobile connectivity does not require the installation of any special server, software, update, or gateway product. Exchange 2003 has mobility built in to the Exchange 2003 software. By simply installing Exchange 2003 on a server as part of an upgrade from Exchange 5.5 or Exchange 2000, or as part of a completely clean installation, the mobility functions are automatically included. See Chapter 3, "Installing Exchange Server 2003," for the installation of Exchange Server 2003, or Chapters 15, "Migrating from Exchange v5.5 to Exchange Server 2003," and 16, "Migrating from Exchange 2000 to Exchange Server 2003," on the migration from Exchange 5.5 or Exchange 2000. These chapters cover the process of installing or migrating the basic Exchange 2003 server software.

Creating a Separate Front-end Server for Mobile Connections

As noted in the section "Preparing for Mobility in an Exchange 2003 Environment," earlier in this chapter, an organization may choose to split the front-end client access server from the back-end database server functions. To separate the front-end and back-end server functions

1. Install a new Exchange Server 2003 into an existing Exchange site.

2. Set the properties of the new Exchange server to be a front-end server only.

3. Clean up nonessential components on the new front-end server to prepare it to be just a front-end server.

Setting an Exchange Server to Be a Front-end Server Only

To be configured as a front-end server to an existing Exchange 2003 site, the server should be configured to be a front-end server only. By default, an Exchange server is activated to be both a front-end and a back-end server. To make a server into a dedicated front-end server, do the following:

1. On an Exchange 2003 server that has already been joined to the site, open the Exchange System Manager.

2. Traverse through the Exchange System Manager through Administrative Groups, Administrative Group Name , Servers.

3. Right-click on the server and select Properties.

4. Click on This is a front-end server, as shown in Figure 23.2.

   Figure 23.2. Selecting a server as a front-end server.

   

5. Select OK.

Removing Information Stores

After a server is set to be a front-end server, certain unneeded functions can be deleted from the server. This not only makes the server run more efficiently , but it also makes the server more secure. One of the tasks of cleaning up an Exchange front-end server is to remove the information store and databases.

To delete the information stores on a front-end server, do the following:

1. Click on Start, Programs, Microsoft Exchange, System Manager.

2. Navigate to Administrative Groups, Administrative Group Name, Servers, Server Name, Storage Groups.

3. Right-click on Mailbox Store and choose Delete.

4. Click Yes.

5. Click OK.

6. Using Windows Explorer, navigate to the directory where the databases are stored and manually delete the database files.

Adding Additional Front-end Servers for Scalability

After the first dedicated Exchange 2003 front-end server has been added to the site, additional servers can be added by following the same procedure as noted in the section "Installing an Exchange Server 2003 Server for Mobile Access," earlier in this chapter. The addition of front-end servers provides better scalability for client systems to connect to their Exchange mailboxes. The front-end server by default can host any Exchange client, not just Pocet PC and Outlook Mobile Access clients . The front-end servers are also full hosts for Outlook Web Access clients, full Outlook clients, and POP3 and IMAP clients. This provides the organization with the ability to add and remove front-end servers as the client demand increases or decreases in the organization. Because front-end servers do not host mailbox or information routing functions, they are much easier to add and remove than full Exchange servers participating in a site.

Configuring Firewall Ports to Secure Communications

There are several ways a mobile client can connect to a dedicated Exchange front-end server or Exchange server acting as both the front-end and back-end server. The client system can connect to the Exchange server in the following ways:

• Securely over Port 443, using Secure Sockets Layer (SSL)

• Unsecured over Port 80

• Connected through a VPN client

Of these three methods , the preferred method is to use a secured SSL connection over Port 443. The SSL connection provides both security and the fastest performance. An unsecured connection minimizes the configuration task of installing a certificate on the Exchange server for SSL communications and is simpler to configure; however, without encrypted communications, traffic between the mobile device and the Exchange server is being transmitted in a format that can be intercepted and deciphered by any individual with a radio frequency packet analyzer.

A VPN connection from a mobile device to an Exchange server can leverage existing VPN technologies implemented in an organization; however, the overhead of the VPN client can reduce performance by 515%. Because many of the public wireless services transmit at rates less than 3050 Kbps, the 515% degradation in performance caused by a VPN client can impact the user experience.

By enabling SSL and using SSL encryption between the mobile device and Exchange 2003, an organization can optimize performance while maintaining a secured connection.

If SSL is used, Port 443 should be enabled through the firewall to the Exchange front-end server. If no encryption will be enabled, only standard Port 80 is enabled. If a VPN connection is created, that establishes a connection from the client to the Microsoft Routing and Remote Access (RRAS) server that will then enable the VPN client to route to the Exchange 2003 server for client access.