12 Chapter 1 Deploying iPhone and iPod touch
Network Configuration
 Make sure port 443 is open on the firewall. If your company uses Outlook Web
Access, port 443 is most likely already open.
 Verify that a server certificate is installed on the Exchange frontend server and enable
Require Basic SSL for the Exchange ActiveSync virtual directory.
 On the Microsoft Internet Security and Acceleration (ISA) Server, verify that a server
certificate is installed and update the public DNS to properly resolve incoming
connections.
 Make sure the DNS for your network returns a single, externally-routable address to
the Exchange ActiveSync server for both intranet and Internet clients. This is required
so the device can use the same IP address for communicating with the server when
both types of connections are active.
 On the ISA Server, create a web listener as well as an Exchange web client access
publishing rule. This is a necessary step in enabling Exchange ActiveSync. See
Microsoft’s documentation for details.
 For all firewalls and network appliances, set the idle session timeout to 30 minutes.
Refer to Microsoft Exchange documentation for alternative heartbeat and timeout
intervals.
Exchange Account Setup
 Enable Exchange ActiveSync for specific users or groups using the Active Directory
service. These are enabled by default for all mobile devices at the organizational level
in Exchange Server 2003 and Exchange Server 2007. For Exchange Server 2007, see
Recipient Configuration in the Exchange Management Console.
 Configure mobile features, policies, and device security settings using the Exchange
System Manager. For Exchange Server 2007, this is done in the Exchange
Management Console.
 Download and install the Microsoft Exchange ActiveSync Mobile Administration Web
Tool, which is necessary to initiate a remote wipe. For Exchange Server 2007, remote
wipe can also be initiated using Outlook Web Access.
WPA/WPA2 Enterprise Wi-Fi Networks
Support for WPA Enterprise and WPA2 Enterprise ensures that corporate wireless
networks are securely accessed on iPhone and iPod touch. WPA/WPA2 Enterprise uses
128-bit encryption, a proven block-based encryption method that provides a high level
of assurance that corporate data remains protected.
With support for 802.1X authentication, iPhone and iPod touch can be integrated into a
broad range of RADIUS server environments. 802.1X wireless authentication methods
are supported and include EAP-TLS, EAP-TTLS, EAP-FAST, PEAPv0, PEAPv1 and LEAP.