[THIN] Re: Access Gateway and Exchange ActiveSync

I looked at that and it didn't seem to work. I didn't spend a lot of
time on it though. As the particular sites and users which need this
feature also use the Access Gateway for other things like Accessing
Published applications, Intranets etc.... and the PDA wouldn't work in
this mode with ActiveSync.

 

I hope that they do eventually incorporate this Activesync support into
future releases. It could potentially save a lot of infrastructure costs
for sites not using ISA as a perimeter firewall.

 

Tony Lyne
Consultant

Senior Systems Engineer 

 

 

 

+64 6 353 7300

  <http://www.gen-i.co.nz> 

+64 6 356 6800

+64 27 472 0696

tony.lyne@xxxxxxxxxxx <mailto:tony.lyne@xxxxxxxxxxx> 

www.gen-i.co.nz <http://www.gen-i.co.nz> 

53 Queen Street, PO Box 1470,
Palmerston North, New Zealand

"This communication, including any attachments, is confidential. If you
are not the intended recipient, you should not read it - please contact
me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002."

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Thursday, 21 June 2007 7:12 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway and Exchange ActiveSync

 

I think I see your point, there are some weird "cracks" between these
products, this might be one that does not have a direct application.
Stupid question- what if you published the Exchange site as a web link
in the AAC portal page, would that "pass through" in the correct way?

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Tony Lyne
Sent: Wednesday, June 20, 2007 6:42 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway and Exchange ActiveSync

 

Hmmmm, Exchange ActiveSync is one of those strange beasts, where the URL
you supply must be also the place where authentication is performed on
the Exchange server. Ive looked at things like this and how to pass the
authentication credentials through from the logon point through to the
Exchange server, or even specifying the Exchange Activesync virtual
sites in the Web email resources and it doesn't work. Mobile ActiveSync
on the PDA basically requires a full unmodified or proxied connection
through to the Exchange server to sync mail. This is where the ISA
server comes in.

 

VPN is working fine on laptops etc, however Citrix don't yet have a VPN
client for the PDA's. I hear there is one in development for the
PDA/Windows Mobile platform, but am not sure of its release date.

 

The thing is, with the standard edition of the CAG you have the ability
of specifying a URL location for a web resource and it just proxies it
through after authentication and unmodified, this bit will work. But it
doesn't check the form factor of the connecting device. So you either
have ActiveSync or nothing. AAC is a little more intuitive here, but its
form factor checking isn't quite there yet when it comes to seeing if
the PDA connecting up is wanting just to establish an activesync session
with a backend Exchange server to sync calendars and Mail (well that's
what I can make out anyway).....

 

Tony Lyne
Consultant

Senior Systems Engineer 



 

 

+64 6 353 7300

 <http://www.gen-i.co.nz> 

+64 6 356 6800

+64 27 472 0696

tony.lyne@xxxxxxxxxxx <mailto:tony.lyne@xxxxxxxxxxx> 

www.gen-i.co.nz <http://www.gen-i.co.nz> 

53 Queen Street, PO Box 1470,
Palmerston North, New Zealand

"This communication, including any attachments, is confidential. If you
are not the intended recipient, you should not read it - please contact
me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002."

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Thursday, 21 June 2007 12:17 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway and Exchange ActiveSync

 

If you can get it to work "directly" have you considered a portal start
page that offers a link to ACC or a link to the ActiveSync HTTPS site?
This would be a start page for those people which can take them either
way.

 

Also, when you add AAC you shouldn't lose VPN functionality, did you
look at the connections and resources and configure them accordingly?

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Tony Lyne
Sent: Tuesday, June 19, 2007 2:40 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway and Exchange ActiveSync

 

Exchange Active Sync is one of the Mobile features native to Exchange
2003. It essentially allows Windows based mobile phones running Windows
Mobile OS to synchronies mail, calendar and contacts back to the back
end exchange environment. 

The Exchange Activesync side establishes an HTTPS session back to the
Exchange folder on your exchange server (Front end server on multiple
exchange server site implementations etc...) and synchronizes mail using
standard HTTPS. Mapi doesn't feature here.

 

It's really an extension of OWA in exchange.

 

Most of my sites who aren't running an ISA server as a perimeter
firewall, have to end up using an ISA server located in a DMZ to reverse
proxy the OWA/OMA/ActiveSync stuff back to the Exchange environment.
This all works fine and ISA does it very well, but a dedicated server
just to do this is often seen as overkill for such a small task.

 

Since its essentially just a web resource which is published out, from
discussions I've read on various forums the CAG standard can be fudged
to get it to work. But when you add in the Advanced Access Control
component into the mix, it adds in an additional level of complexity
which I'm finding tends to break Exchange ActiveSync. 

 

Basically it would be real nice to try and get the CAG to do this, so
sites which are running an ISA server in a DMZ just as a reverse proxy
to do this ActiveSync stuff can drop the additional server and have a
single point (CAG) for all remote computing.

 

I've filled out a enhancement request for Citrix to consider this in up
and coming releases, but I'm not holding my breath.

 

Tony Lyne
Consultant

Senior Systems Engineer 



 

 

+64 6 353 7300

 <http://www.gen-i.co.nz> 

+64 6 356 6800

+64 27 472 0696

tony.lyne@xxxxxxxxxxx <mailto:tony.lyne@xxxxxxxxxxx> 

www.gen-i.co.nz <http://www.gen-i.co.nz> 

53 Queen Street, PO Box 1470,
Palmerston North, New Zealand

"This communication, including any attachments, is confidential. If you
are not the intended recipient, you should not read it - please contact
me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002."

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Greenberg
Sent: Tuesday, 19 June 2007 6:30 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Access Gateway and Exchange ActiveSync

 

Tony, 

 

What does the Exchange ActiveSync function entail exactly? I assume you
are talking about having a mobile device talk via IP to an Exchange
server to synchronize. Is that correct? Is it a MAPI communication?

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85262

(602) 432-8649

www.thinclient.net

steveg@xxxxxxxxxxxxxx

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Tony Lyne
Sent: Monday, June 18, 2007 9:19 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Access Gateway and Exchange ActiveSync

 

Hey guys,

 

Does anyone know if there is a fudge or a workaround where we can get
the Mobile devices (Windows Mobile OS) to perform the Exchange
ActiveSync function via a Access Gateway Advanced implementation.

 

I've had a good look through various discussion threads and it looks
like its possible via the Standard edition, but not for the Advanced
edition, given the added complexities of the AAC component.

 

I've heard rumours that Citrix are developing a mobile VPN client for
Windows Mobile devices, but am unsure as to what the time frame is for
this.

 

Any suggestions would be appreciated.

 

Thanks,

 

Tony Lyne
Consultant

Senior Systems Engineer 



 

 

+64 6 353 7300

 <http://www.gen-i.co.nz> 

+64 6 356 6800

+64 27 472 0696

tony.lyne@xxxxxxxxxxx <mailto:tony.lyne@xxxxxxxxxxx> 

www.gen-i.co.nz <http://www.gen-i.co.nz> 

53 Queen Street, PO Box 1470,
Palmerston North, New Zealand

"This communication, including any attachments, is confidential. If you
are not the intended recipient, you should not read it - please contact
me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002."

GIF image

GIF image

Other related posts: