Filed under: Internet, Internet Tools, iPhone
MS Exchange on iPhone with iceWEB
If you've got a job that requires you to use MS Exchange, and have avoided the iPhone because of it, this may be of interest to you. IceWEB has announced that their hosted MS Exchange subscription service now supports the iPhone. Subscriptions start at $8.50US per month, and allow mobile users to send and receive Exchange email.I haven't used Exchange, but I know that many people depend on it. Let's hope this will convince your IT department to get you an iPhone!
[Via MacNN]
Reader Comments (Page 1 of 1)
joel j said 5:15PM on 7-09-2007
From looking at the website it appears that IceMail would actually be hosting ones mail. For those working at a corporate entity that already have an exchange hosting solution (either through a third party or the hosting on a company owned server) this won't be a solution since their employer would need move their hosting from the current system to IceMail.
If IceWeb were to sell software instead of just the hosting service than a corporate entity would have the option of running the software on one of their own servers and make the service available to their users that make connections to exchange from outside the company.
It would be interesting to see a complete Exchange solution for the iPhone. On other Exchange compatible devices in addition to syncing e-mail Exchange also syncs contacts, notes, calendar, and RSS subscriptions. It also enables one to remotely delete items from the their computers and devices that sync with exchange.
Reply
Kishen said 5:45PM on 7-09-2007
@joel J, and Dave Caolo
IceMail are just allowing the iPhone to get email using IMAP, which is nothing new! That would not support calendar and contacts synching, nor the special security features of Exchange Activesync (e.g. Remote Wipe).
The reason so many corporate IT depts are not interested in this is because they don't want to open up extra ports on the network and because they can't enforce security policies on the device.
Anyway, hopefully the rumours are true and Apple has licensed the activesync protocol from microsoft.
Cheers
Reply
gboone said 5:50PM on 7-09-2007
hey remember when this blog was the unofficial apple weblog, and not the unofficial iphone weblog?
Reply
Sam Katz said 5:53PM on 7-09-2007
All they need is to enable:
a VPN if desired
IMAP over SSL
itunes on the client (if needed to sync exchange)
that's it!
Reply
David Wu said 5:55PM on 7-09-2007
It would be great to be able to convince our IT department to get us iPhones, but apparently, AT&T (and Apple?) are not allowing iPhones to be activiated with corporate accounts, which our company uses, so we cannot get any iPhones (though we had planned to on the day of the release). We were all quite looking forward to it and were utterly disappointed to find this out on the day of. And as of yet, there is still no word on whether or not they will allow corporate plans to use the iPhone... I've tried emailing people at both Apple and AT&T, and I haven't gotten any meaningful response.
Reply
blancobrawler said 6:50PM on 7-09-2007
"All they need to do..."
You act as though that is a simple little process. Often a large IT group is not going to change common practice for one device when the see that other devices are suitable alternatives.
Also saying enable VPN is a bit simplistic. We have VPN where I work, but we do not run an implementation which the iPhone supports. The best solution in my opinion is to at least have a device level solution that allows the iPhone to come in through an OWA server. Not only do the newer windows based smart phones come in this way, but so do the older palm treos that had versamail as well as entourage on a mac desktop.
Reply
Matt S. said 7:07PM on 7-09-2007
That's not a solution - Corporate email needs to be highly secure. The only device we have that works is a Blackberry because it's got a corporate server we connect to our Exchange server and it's fully encrypted end to end. Even the Blackberry itself can be encrypted, in the event it's stolen, the data is secure. The data flowing over the Internet is encrypted between the Blackberry device and the Blackberry server.
The Exchange server is behind a firewall and only accessible via VPN which is not compatible with Mac OS X VPN and therefore not with the iPhone.
In order for the iPhone to become corporate friendly it needs AES 256 (Leopard FileVault) encryption with the encryption keys backed up on a secure corporate server. It needs to support more advanced VPN systems. And why oh why do they claim Exchange support but only give you IMAP? That's not Exchange support at all!
Reply
James said 9:55PM on 7-09-2007
IT support (aka Exchange support) has always come off a little shady, like when whatshisface said he hacked a macbook and then would not confirm it or prove it.
Nobody has answered these questions:
1) Is there a reason to not allow iMAP with exchange other than "that's not what we have done before"? Is this somehow less secure? If so, how?
2) Are the VPNs that are in use and NOT supported by the iPhone somehow better/more secure than the VPN that is supported by the iPhone (and OS X) by default? If so: why? Is OS X's VPN support fundamentally flawed? What prevents a company from using a OS X friendly VPN?
3) Isn't a phone that does NOT support 3rd party apps inherently more secure than one that does?
Until somebody answers these questions with *real* answers, I can't help but assume that the iPhone Enterprise problem is as much the fault of the IT department as it is the iPhone. If I'm wrong: please answer the questions above and explain why.
Reply
Shahid said 11:05PM on 7-09-2007
Darn it. This would have been excellent if it were an Activesync software-based client. Of course it could not integrate the contacts/calendar/tasks into the iPhone shell, but at least you could always have that data right there in the program. The program could abide by all of the requirements of Activesync, and could require one to enter a security code before entering the program, etc. This would keep IT happy while also providing a satisfactory solution to employees. Unfortunately, I guess that is not what this program offers.
Reply
Mike said 12:08AM on 7-10-2007
Hi James,
Just some thoughts from an Exchange admin on some of your questions:
1) Is there a reason to not allow iMAP with exchange other than "that's not what we have done before"? Is this somehow less secure? If so, how?
- speaking as an admin, the more protocols you open up on your server, the more you've widened the possible attack options. ActiveSync uses the same SSL based ports/services that OWA already uses, so most environments already have this set up. In smaller shops it's easier to make a change to please a few people, but when you start considering one more service to keep track of and another port to monitor, you need a pretty good reason to do it. Also you've really got to look at IMAP as the bare bones for a wireless sync experience. The iPhone is very slick and I love the interface, but I think Apple's trying their hand at the consumer market first before taking a dip in the Enterprise pool. IMAP doesn't support wireless synchronization for calendar, contacts, or tasks. If a user is coming from Blackberry or ActiveSync based devices, this can be a real deal breaker.
2) Are the VPNs that are in use and NOT supported by the iPhone somehow better/more secure than the VPN that is supported by the iPhone (and OS X) by default? If so: why? Is OS X's VPN support fundamentally flawed? What prevents a company from using a OS X friendly VPN?
- The VPNs I can't speak as well about not being a security team guy for my company. I can tell you going back to the initial response though that ActiveSync works without requiring a VPN solution (uses HTTPS) and can be further locked down with ISA server while Blackberry is a conversation initiated by the server on your internal network to RIM's NOC, so there are no inbound connection requirements for the handhelds. They just talk to RIM's NOC who the BES server is talking to and they've got real time sync without the extra burden of a VPN. We did have a VPN in place prior to ISA, and I can tell you that the experience on a SSL encrypted connection vs. the PPTP VPN that was there before is like night and day. SSL based through ISA is considerably faster and more reliable.
3) Isn't a phone that does NOT support 3rd party apps inherently more secure than one that does?
- Security for a company isn't just 'what can they install', but more like 'what the hell do we do if they lose this thing?'. With Blackberry and ActiveSync, we can enforce policies in regards to password requirements, device time outs, and remotely perform a wipe of the device or have the device wipe itself if the wrong # of passwords is entered. Blackberry is still pretty far ahead of Microsoft when it comes to how granular these get, but you get the idea (Blackberry devices you can lock out third party apps by policy. MS doesn't do that yet without third party management tool, but they do exist).
I think the bottom line here is that the iPhone is incredibly slick and an undeniable target of gadget lust by anyone that's an engadget/engadget wireless reader (it's even got me looking at tuaw! :)). What it's not yet though is ready for the enterprise. I don't think this is any accident. Apple can sell these so successfully without tapping that market that there's no need for them to go there yet. I do think you'll see Apple license either BlackberryConnect from RIM or ActiveSync from Microsoft to include in the iPhone at some point in time. When they do that, it'll be the equivalent of when the iPod was available for Windows. The floodgates into corporate customers will be open and guys like me will have to get some instructions ready for their end users.
Reply
Sam Katz said 12:21AM on 7-10-2007
Just so that you know.. IMAP over SSL is supported, and should (minus the lack of features like task and calendar sync and remote wipe) be 100% as secure as exchange running over SSL, if not more so because it's a standard protocol.
I'd love to see your security guy respond, simply because he may have more expertise, although your comments were useful.
also, keep in mind that IMAP doesn't store the e-mail on the device, it accesses it on the server. Locking out a device out of the account should be a simple matter of changing the password.. without the host computer to sync to, I have not seen that the iphone has a way to change the password internally.
don't mean any offense.
--Sam
Reply
Alex in Amsterdam said 1:43AM on 7-10-2007
OK, I'm not so tech savy as you all, but can you eggheads answer this question? I can use my Treo to access my company email. I was told that since we can access our work email via exchange server on the web, we can access email with a Treo. So, does that mean I could use an iPhone the same way?
Reply
Bryan said 5:17AM on 7-10-2007
@Sam --
Almost every IMAP client, including the iPhone, stores a cache of the emails locally, for performance reasons and to enable offline use.
Don't believe me? Enable 'Airplane Mode' on your iPhone, and try browsing your IMAP mailboxes. You should be able to see all of the previously downloaded messages.
--Bryan
Reply
blancobrawler said 8:57AM on 7-10-2007
@Alex in Amsterdam
Short answer is no. The Treo you are using most likely connects to your exchange through OWA (Outlook Web Access - which is most likely the web email you are referring to) via activesync, versamail, or some other conduit. The iPhone does not currently interface with OWA.
@Sam
Yes imap over ssl is supported, but most likely you will need to vpn in, which as I stated before not everyone runs a vpn implementation supported by the iPhone. Do you really think it would be a reasonable course of action for a company who is already running a vpn solution with good results, to add a brand new interface just for a few iPhone users?
It is an attitude like that which makes my job difficult. I'm the mac guy in a primarily MS shop (5000 + windows desktops, -30 Macs), and when Apple gives me the opportunity to interface with the existing MS infrastructure, I am able to offer new functionality and better interoperability. Where macs have chosen not to play nice (wether by choice or otherwise) my end user suffers.
Reply
Martin said 10:59AM on 7-10-2007
Off topic --
I have nothing against the iPhone, but can it get it's own dedicated blog? 90% of the posts in the last week have been iPhone related, and it sucks wading through it to get to Mac stuff.
Or is there a way to filter out certain tags?
Reply
basscadet said 2:32PM on 7-10-2007
The iphone is in no way a productivity smartphone, it's a lot closer to entertainment phone, an ipod with GSM call features and internet surfing. I doubt any company would cover its cost even if it came in corporate AT&T accounts. Too much of a toy and less tool, it does shine as personal (although overpriced) entertainment phone but IMO it isn't good enough for company use.
@ martin
There was an iphone-less feed started here the week before launch, not sure it still runs though.
Reply
basscadet said 2:34PM on 7-10-2007
@martin
here it is:
http://www.tuaw.com/2007/06/22/iphone-free-tuaw-feed/
Reply