Module 4: Mobility Sync/Push 3
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Enabling Users for Synchronization
All users are enabled by default. The Exchange administrator can globally
disable sync for all users. This is configurable in Exchange System manager
under Global Settings/Mobile Services.
Enable user initiated synchronization - Selecting this checkbox allows users
to synchronize their Exchange information with their mobile device.
4 Module 4: Mobility Sync/Push
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Enable up-to-date notifications - Selecting this checkbox allows users to
receive AUTD notifications in order to keep their mobile device up to date with
information on their Exchange server.
When the administrator changes the settings on this page, changes are written to
the msExchOmaAdminWirelessEnable attribute on the Microsoft® Outlook®
Mobile Access (OMA) container in Global Settings. This setting is also
available on individual user objects.
Users can be enabled/disabled on a per user basis through the Exchange
Features tab in AD Users and Computers.
Files installed with Exchange ActiveSync
In Exchsrvr\bin folder:
Massync.dll - OMA Sync ISAPI extension DLL
Masperf.dll - OMA Sync Performance Counter DLL
MasPerf.ini - OMA Sync Performance Counter INI
Masperf.h - OMA Sync Performance Counter header
Exchsrvr\OMA\Sync is a blank folder so if someone tries to gain access to
the sync folder, it is mapped to a folder that does not give access to all of the
Exchange files.
Module 4: Mobility Sync/Push 5
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Sync Client Architecture
The sync protocol is a request/response protocol built on a client/server
communications model. It is built on the HTTP protocol, using the HTTP POST
request/response mechanism and the HTTP OPTIONS command. The HTTP
POST header specifies a protocol command and, if the command requires it,
command data is sent in the HTTP POST body. The data is usually formatted as
compressed Wireless Binary XML (WBXML), which makes efficient use of
the constrained bandwidth of mobile clients.
The client initiates communication by posting a request. When the server
receives the request, it parses the request and then sends an HTTP POST
response containing the requested data in its body.
The sync protocol requires a TCP/IP connection between the client and server.
The underlying network layers, however, are implementation-specific. Three
common transport layers that support the protocol are GPRS, CDMA 1xRTT
and IEEE 802.11. The sync protocol requires that any transmission errors be
handled by the networking software, and that the protocol messages sent
between the client and server be complete and error-free.
The sync protocol is designed to enable any mobile client to efficiently
synchronize PIM data with data stored on an Exchange server. To achieve this,
the client uses the sync protocol to talk to the Exchange front-end server
component, which provides the synchronization engine as well as the means to
retrieve data from the Exchange stores.
Figure 1 shows the functional components of the client/server communications
model used by the sync protocol.
6 Module 4: Mobility Sync/Push
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Figure 1 Protocol communication between the client and server
The following steps occur for all commands the client sends to the server:
1. The client creates a request and sends it to the sync server as an HTTPS
POST.
2. The sync server processes the request, communicating with the Exchange
back-end server to access the user’s PIM data.
3. The sync server creates a response and sends it to the client as an HTTPS
POST response.
4. The client processes the response and, if necessary, updates the local PIM
data.
The following steps occur when the client sends a Sync command:
1. The client identifies any changes made to local PIM data since the last sync.
2. The client creates a Sync command containing these changes.
3. The client sends the command to the sync server as an HTTPS POST.
4. The sync server identifies changes made to data on the server since the last
sync, communicating with the Exchange back-end server to access the
user’s data.
5. The sync server resolves any conflicts between changes made to items on
the client and on the server.
6. The sync server creates a response containing server changes to be
replicated on the client.
7. The sync server sends the response as an HTTPS POST response.
The client processes the response and updates the local PIM data.
Module 4: Mobility Sync/Push 7
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Object Management on the Device
PIM data is stored in “collections” – one for contacts, one for calendar, and one
for each e-mail folder. The sync protocol supports syncing multiple e-mail
folders. For each collection, the client software stores a SyncKey, which
contains 39-48 characters, 38 for the globally unique identifier (GUID), and 1-
10 for the incrementing number. The client also stores a CollectionId, which is
a string around 40 characters for each folder as a unique identifier for the folder.
The client sends the SyncKey to the server with each sync request.
Each object that is synced – message, contact or calendar item – has a unique
identifier assigned by the server. This ServerId is a 48-character string that is
stored by the client. The identifier is used during sync to identify objects that
are stored on both the client and server.
8 Module 4: Mobility Sync/Push
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Sync Protocol Versions and Device Support
ActiveSync requires that the client and the server use the same protocol version.
Mobile Information Server uses the AirSync Protocol v1.0 for ActiveSync.
Exchange Server 2003 uses the new and improved AirSync protocol v2.0 for
ActiveSync, but also supports AirSync protocol v1.0 for backward
compatibility.
Server Protocols Supported
Mobile Information Server 2002 1.0
Exchange Server 2003 1.0 and 2.0
Pocket PC 2002 client uses AirSync protocol v1.0 for ActiveSync. It can be
used against MIS and Exchange Server 2003 using v1.0.
Pocket PC 2003 client supports v1.0 and v2.0 protocols. It can negotiate the
protocol to be used.
Device Protocols Supported
Pocket PC 2002 1.0
Pocket PC 2003 1.0 and 2.0
Therefore Pocket PC 2002 and Pocket 2003 devices can be used against MIS
and Exchange 2003.
Server Devices Supported
Mobile Information Server 2002 Pocket PC 2002 and Pocket PC 2003
Exchange Server 2003 Pocket PC 2002 and Pocket PC 2003
Module 4: Mobility Sync/Push 9
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
Sync Protocol Negotiation
If a Pocket PC 2003 device is configured to connect to MIS, on the first sync,
the device automatically configures the client to sync using v1 protocol. If it is
configured to connect to Exchange 2003 server, on the first sync, the device
automatically configures the client to sync using v2 protocol.
This protocol negotiation is done when
1. The device is cold booted.
2. When the server name on the device is changed, a sync is attempted first. If
the server returns a Sync Key error, protocol negotiation is done.
3. PIM information on the device is deleted. The data types inbox, contacts
and calendar are unselected thereby deleting PIM information on the device.
4. When a MIS 2002 deployment has been upgraded to Exchange 2003
deployment.
To optimize performance, this negotiation is only done if the client protocol
version is not already set to the higher protocol version it can support. The
negotiation is done automatically. There is no user interface (UI) to enable this.
During the negotiation, the client sends an OPTIONS command to the server.
The OPTIONS response from the server returns information about all the
protocol versions it can support in a comma delimited format. This information
is returned in the MS-ASProtocolVersions parameter.
10 Module 4: Mobility Sync/Push
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
If the response contains v1, the ClientProtocolVersion is
set to v1. If the response returns both, the
ClientProtocolVersion is set to v2. The client maintains
the protocolversion and also another parameter to indicate
whether negotiation has taken place.=-=-=-= Client Request
=-=-=-=
OPTIONS Microsoft-Server-
ActiveSync?User=vanithp&DeviceId=3DC1E291F008003188000050BF
325173&DeviceType=PocketPC
Accept-Language: en-us
-=-=-=- Start of Body -=-=-=-
=-=- [26/4/2003 23:45:59.0] -=-=
=-=-=-= Server Response =-=-=-
HTTP/1.1 200 OK
Content-Length: 0
Date: Sat, 26 Apr 2003 23:45:58 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Pragma: no-cache
Public: OPTIONS, POST
Allow: OPTIONS, POST
MS-Server-ActiveSync: 2.0.3273.0
MS-ASProtocolVersions: 1.0,2.0
MS-ASProtocolCommands:
Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHier
archy,CreateCollection,DeleteCollection,MoveCollection,Fold
erSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,Get
ItemEstimate,MeetingResponse,Notify
Module 4: Mobility Sync/Push 11
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
SSL
The Server ActiveSync client on a PocketPC 2002 device is hard coded to use
Secure Sockets Layer (SSL). Therefore an SSL certificate should be installed
on Exchange 2003 server or the Exchange 2003 front end server to terminate
the SSL connection, unless the SSL session is terminated before it reaches the
Exchange server.
The Server ActiveSync client on Pocket PC 2002 also does certificate
validation. The following is a list of root certificates installed by default on
PocketPC 2002 devices
Verisign/RSA Secure Server
Verisign Class 1 Public Primary certification authority (CA)
Verisign Class 2 Public Primary CA
Verisign Class 3 Public Primary CA
Verisign Class 3 Public Primary CA (2028)
GTE Cybertrust ROOT
GTE Cybertrust Solutions ROOT
Thawte Server CA
Thawte Premium Server CA
Entrust.net Secure Server
Entrust.net CA (2048 bit)
If you are using a certificate that is not signed by a CA listed above or not
trusted on the PocketPC 2002, you can either use the Addrootcert utility to add
your cert to the list of trusted root certificates or you can disable certificate
validation on the device by using a CAB file provided on the Microsoft Mobile
Information Server 2002 CD for PPC 2002 or certchk for PPC 2003 available in
the Exchange 2003 Web Releases.
PPC 2002
12 Module 4: Mobility Sync/Push
Last Saved: 7/18/2003 12:03 PM
Last Printed: 7/18/2003 6:59 PM
See the readme that is provided with the CAB file for more information. Using
the CAB file does not remove the requirement for a certificate. It simply
disables certificate validation by changing a registry setting on the device.
To do this manually, use a registry editor on the device and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\AirSync\Connection.
Choose New DWORD, type "Secure" for value name and 0 for
value data.
The Server ActiveSync client on a PocketPC 2003 does not require SSL. There
is a checkbox on the client “This server uses secure connections (SSL)” to
enable SSL. It is highly recommended that SSL be used to secure
communications. If SSL is not used, the user’s credentials are sent in clear text
across the wire and this is clearly not a desirable option.
Authentication in a Front End/Back End configuration
1. The device sends the credentials using basic authentication (over SSL if the
option “This server uses secure connections (SSL) is checked to the front-
end server. The front end authenticates the user.
2. Exchange ActiveSync queries the Active Directory to obtain the user’s
display name, primary SMTP address and the Exchange server name.
3. A Kerberos ticket is obtained from the Kerberos Distribution Center (KDC)
and Exchange ActiveSync presents the ticket to the backend Exchange
server.
4. Information is retrieved from the back end and returned to the device.
Pocket PC 2003
Không có nhận xét nào:
Đăng nhận xét