System Center Mobile Device Manager isn't an Exchange Server add-on, but a separate product designed to work with
Exchange server and augment its abilities. It can be compared to Office Communications Server (OCS). Exchange Server 2007 has its own unified messaging capabilities, but OCS augments them by providing a complete unified communications solution. Similarly, Mobile Device Manager extends Exchange's built-in mobile device management capabilities.
Mobile Device Manager offers three separate server roles: the management server, the enrollment server and the gateway server. Although you can install all three of these roles onto the same server, ideally they should be separated into different servers -- or at least separate virtual machines -- to maximize performance and security.
The management server: This role is core of Mobile Device Manager. One of the management server's functions is to apply security policies to mobile devices. However, for the most part, Mobile Device Manager offers the same basic security settings that are available to mobile devices through Exchange Server 2007 SP1.
You may be wondering what the advantage is in using Mobile Device Manager. In general, it allows you to join mobile devices to a Windows domain, just as you can join desktops, laptops and servers to a domain. This makes it possible to apply security settings to mobile devices through group policy settings. There are more than 130 different group policy settings that can be applied to mobile devices.
Note: You can only join a mobile device to a domain if it is running Windows Mobile 6.1 or higher.
Management capabilities available through the management server include the ability to inventory mobile devices and to generate various reports.
Mobile Device Manager makes it easier to manage applications that are running on mobile devices. Like Exchange Server, Mobile Device Manager allows you to decide which applications are allowed to and aren't allowed to run on the devices. Mobile Device Manager can also be used to deploy applications to mobile devices.
Note: Mobile Device Manager requires SQL server since it stores device configuration information in a SQL Server database.
If you're going to use Mobile Device Manager to deploy applications to mobile device applications, Windows Server Update Services (WSUS) 3.0 or higher is also required. WSUS is normally used to deploy software updates, but Mobile Device Manager can't deploy Windows Mobile updates to mobile devices. Doing so would require that the device's BIOS be flashed.
The enrollment server: This server facilitates the task of provisioning mobile devices. The enrollment process joins the mobile device to an Active Directory domain and assigns a certificate to the device. This certificate allows mutual authentication between the mobile device and the gateway server.
The gateway server: This is essentially a VPN server that's designed for users with mobile devices. Users can use the gateway server to access resources on the corporate network -- provided that the users have the appropriate permissions. This is important because Exchange ActiveSync allows users to access their Exchange mailboxes.
In certain instances, Exchange can act as a proxy if a link to a file is embedded in an email message. This allows users to access files that are stored on file shares or in Microsoft SharePoint document libraries. Traditionally, most mobile users have not had access to other network resources while away from the office.
Having a full-blown VPN solution available to mobile users makes devices more useful. It also creates the possibility for developers to write mobile versions of line-of-business applications that are used within an organization.
System Center Mobile Device Manager not only makes it easier to manage mobile devices across an enterprise, it also makes mobile devices more useful by providing access to traditionally non-mobile network resources.
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.