Recently Sprint started offering Palm Pre device, touting a revolutionary new WebOS and integration with social networking. Initially, this device was described by it’s funding partners as an iPhone Killer and has certainly attracted it’s fair amount of attention for it’s very cool feature set. But how about using it in business, with Exchange?
Click here for Sprint Interactive Setup Guides. Sprint also offers a very handy interactive setup for Exchange, just click on each step and it will highlight the part to click on. (Exchange Setup). For ExchangeDefender purposes:
1. Tap the Email icon on the Quick Launch.
2. Note: If you have already set up an email account and want to add another one, tap the Email applications menu > Preferences & Accounts > Scroll Down > Add an Account, before following these instructions.
Enter in the your Microsoft Exchange email. For this example, press J to prompt one to fill in.
3. Tap the Password field and type in the corresponding password. Here, press 0 to prompt one to fill in.
4. Tap Sign In.
5. Tap the MAIL TYPE field then tap Exchange (EAS).
6. Verify the information in the other fields and change the info as needed based on the information you obtained from your email provider or system administrator. Server names are either donald or daisy or scrooge or huey or duey or … In support.ownwebnow.com click on Service Manager > Exchange Hosting and click on the Info tag for any of the accounts you require information for. You will need the full server name as well as the domain name (which is the OWN NT domain name, not your fully qualified domain name like yourcompany.com)
7. Once the information is complete, tap Sign In.
8. Once setup is complete, you can exit the application by first pressing the Center button.
9. Click the animated arrow to simulate throwing the card off the top of the screen, to close the application.
The Security Gotcha
There are several factors you need to consider when deploying Palm Pre in business with Exchange. Namely, the Exchange Remote Device Wipe feature is not present at the moment so you will not be able to wipe the device from your Exchange Outlook Web Access. There is an alternative however, Palm Pre supports SMS wipe:
“Enhance security by remotely erasing data from your device if it gets lost or stolen without the need for IT support regardless of what email system you are using.”
Disclaimer: “Remote erase deletes all data from your phone including files stored using USB drive mode. Remote erase command sent via SMS and must be received by activated phone within 24 hours. Wireless coverage area only. Requires data services at additional cost.”
The SMS message must be received by the device within 24 hours in order to wipe the device. If someone steals your device, powers it down for at least 24 hours, you will not be able to remotely wipe it.
This restriction may cause you to consider storing sensitive data on your device and is a good cause for establishing other security policies like a complex device password, keeping a limited amount of data on the phone, etc.
Other Exchange Security Considerations and Exchange requirements
Palm Pre does not support ActiveSync Security policies, so if you have a firmly defined security policy in Exchange before allowing ActiveSync (such as PIN requirements) you will have to set those manually on the device before attempting the first sync. From Palm:
“Palm understands that some business customers need support for specific Exchange ActiveSync (EAS) policies. We are working to develop support for EAS PIN and password enforcement, as well as EAS remote wipe, for webOS and hope to announce these new features within the next 60 days. We will deliver the features through our over-the-air update system, which Palm has already started using to bring new updates to Pre users as they become available. Until then, Palm Pre customers can enable a PIN or password directly on a device, and can also remotely wipe a device via a Palm profile. Palm profiles can be managed by Pre users at palmws.com.”
As of firmware 1.0.3, Palm Pre can connect to an Exchange server without using SSL. This is an optional upgrade so if your server does not have SSL support installed you will have to either install a certificate or upgrade to this firmware:
Note: None of the ExchangeDefender servers allow plain text / non-SSL connections. All connections require encryption.
Special gotcha for SBS 2003 users and the SSL Certificate issue: If you use the self-signed certificate automatically generated by CEICW, Palm Pre will attempt to connect to the CN for the .internal host, not the public domain name.
Furthermore, advanced EAS functionality started with Exchange 2003 SP2 so to get the most out of your device you will need to upgrade. The build number for Exchange 2003 SP2 is 7638.2
While Palm Pre supports Exchange to an extent, it is primarily designed as a consumer device and currently does not support the basic security policies required for safe business use. While HTML email, push mail and Exchange sync will work, make sure you consider the security tradeoffs.
Needless to say, the consumer appeal of webOS and Palm Pre will make Palm Pre show up in corporate world just as the iPhone did. Start preparing your network and educating your users now.