Granting Exchange Access to iPhones and iPads: Hello Threat Management Gateway
According to a recently released study by ComScore, Apple’s smartphone (i.e. iPhone) has a 25% share of the smartphone subscriber market, and the smartphone market as a whole continues to grow. Apple’s other mobile hit, the iPad, is expected to “dominate the tablet market” according to research firm IDC.
The mass adoption of Apple’s “iDevices” means firms need to determine how to provide business users access to common applications, such as Microsoft Exchange, via the iPhone and iPad. While not all businesses are blessing the iPhone or iPad for business use, increasingly these devices are being accepted and integrated into corporate computing policies.
There are multiple ways that an Apple iPhone or iPad can reach an Exchange server. Some of the most common are:
Internet Security & Acceleration (ISA) & Threat Management Gateway (TMG) Server: This is a type of Microsoft software firewall that runs on its own server and allows traffic from authorized devices, such as iPhones and iPads, to the Exchange server.
Front-end Exchange Server: This is an Exchange server that is open to the Internet.
Virtual Private Network (VPN): This provides users secure remote access to the company’s Local Area Network (LAN) and thus gives access to the Exchange server.
Open the Ports: This method is unsecure as there is no firewall blocking traffic to the Exchange server, which means anything could access it.
For this article we’ll focus on the Threat Management Gateway as we are seeing it commonly used in the industry to provide Apple devices with access to Exchange. To help demonstrate the role of the TMG, here is a diagram that shows where the Threat Management Gateway can be used (image compliments of Microsoft TechNet Wiki)
According to Microsoft, the Threat Management Gateway is a comprehensive and integrated edge security gateway that helps provide protection from multiple Internet-based threats, secure connectivity, and simplified management.
TMG builds on top of existing ISA Server functionality and delivers a 64-bit Windows Server 2008-compatible product with new protection capabilities, including optional Web anti-malware. It has been designed to help provide comprehensive threat management, secure Internet access, and secure remote access for small-to-medium-sized organizations (up to 300 users).
At Eze Castle Integration we have deployed this technology for numerous clients and would be happy to answer any questions you may have.