DroidForums.net is the original Verizon Android Forum! Registered Users do not see these ads. Please Register - It's Free!
Results 1 to 10 of 10

Thread: accessing exchange email securely

  1. Senior Droid
    born2golf's Avatar
    Member #
    118125
    Join Date
    Sep 2010
    Location
    Long Island
    Posts
    242
    Liked
    1 times
    Phone
    Razr Maxx
    #1

    accessing exchange email securely

    Hi All, I'm in a bit of a bind. I work for a company that takes IT Security very seriously. They currently only support blackberry via BES for email. I am a remote worker, so 24x7 I am accessing my corporate email via VPN on my laptop or via my phone (formerly bberry). Because of our rigid security requirements they will not allow inbound IMAP connections into the network. And in a perfect world they would demand the ability to remote wipe our handhelds.

    For the past 30 days we have been evaluating the goodlink enterprise server and I have been lucky enough to be on that eval. Generally speaking I thought that the experience was excellent, but unfortunately there is not enough critical mass of android/iphone users to get them to buy the goodlink server at the current price they received (note: I did some digging, and found that their were quoted LIST price with no discounts. If anyone on here is a goodlink reseller please PM me and let's make a deal).

    OK, so considering all of that, my only available option is to access my email via outlook web access, which still requires multi-step authentications through an SSLVPN gateway. And the experience kinda sucks, a lot.

    In the near future I'll be able to use an android VPN software client to access the network which would in theory allow me access to the exchange server as though I am on the network (just as my laptop), which is how a few iPhone users are doing it today. But the required software is in a long beta phase and I am not that patient. This solution sounds nice on paper, but in reality, there are some functional issues such as if I initiate a VPN from my droid it will kill the VPN connection on my laptop since we only permit a single tunnel per user. Also, in theory, while I'm trying to conserve battery strength I have juice defender killing my 3G connection when the screen is not in use, and this in turn would kill my VPN connection. That would require me to re-authenticate every time I want to check my mail and we do not permit the storing of credentials within the VPN client.

    So my question to the group is what other options do I have? Can anyone offer me other routes to getting my exchange mail onto my droid 2?
  2.  
     
     
     
  3. Junior Droid
    Ski-me's Avatar
    Member #
    112606
    Join Date
    Sep 2010
    Posts
    7
    Phone
    Droid 2
    #2
    My company recommends the Touchdown program to sync with their server. Secure data is a priority so I'm guessing they have tested it. Quite a few blackberrys here but using Touchdown lets us use the Droid 2 stuff. It syncs my work outlook calendar, tasks and emails almost instantly. Sometimes it hits the phone faster than Outlook!

    Worth a trial run. $20 after a month if you like it.
  4. Master Droid
    solar's Avatar
    Member #
    13366
    Join Date
    Dec 2009
    Location
    So Cal
    Posts
    801
    Liked
    9 times
    Phone
    Droid Razr Maxx HD
    #3
    Touchdown will work perfectly as it support remote wipe. Any phone with 2.2 on it (droid 2 included) support secure exchange and remote wipe capabilities w/ policies also though. so even without touchdown, they should be able to allow it.
  5. Senior Droid
    born2golf's Avatar
    Member #
    118125
    Join Date
    Sep 2010
    Location
    Long Island
    Posts
    242
    Liked
    1 times
    Phone
    Razr Maxx
    #4
    Quote Originally Posted by Ski-me View Post
    My company recommends the Touchdown program to sync with their server. Secure data is a priority so I'm guessing they have tested it. Quite a few blackberrys here but using Touchdown lets us use the Droid 2 stuff. It syncs my work outlook calendar, tasks and emails almost instantly. Sometimes it hits the phone faster than Outlook!

    Worth a trial run. $20 after a month if you like it.
    Touchdown requires the corporate email server to be accessible via the internet, or for the phone to be on the same network as the exchange server with directly via WiFi or through a VPN. And requires the MSExchange server to be setup for activesync. Our current configuration fails to meet any of these requirements.
  6. Junior Droid
    pdoxsey's Avatar
    Member #
    23780
    Join Date
    Jan 2010
    Posts
    21
    Phone
    Motorola Droid 2
    #5
    [QUOTE=born2golf;928394 Touchdown requires the corporate email server to be accessible via the internet, or for the phone to be on the same network as the exchange server with directly via WiFi or through a VPN. And requires the MSExchange server to be setup for activesync. Our current configuration fails to meet any of these requirements.[/QUOTE]

    You need to find a app that will keep a constant VPN connection. Or set up a sync to outlook and always leave your work PC on and Outlook running.
  7. Master Droid
    solar's Avatar
    Member #
    13366
    Join Date
    Dec 2009
    Location
    So Cal
    Posts
    801
    Liked
    9 times
    Phone
    Droid Razr Maxx HD
    #6
    Quote Originally Posted by born2golf View Post
    Quote Originally Posted by Ski-me View Post
    My company recommends the Touchdown program to sync with their server. Secure data is a priority so I'm guessing they have tested it. Quite a few blackberrys here but using Touchdown lets us use the Droid 2 stuff. It syncs my work outlook calendar, tasks and emails almost instantly. Sometimes it hits the phone faster than Outlook!

    Worth a trial run. $20 after a month if you like it.
    Touchdown requires the corporate email server to be accessible via the internet, or for the phone to be on the same network as the exchange server with directly via WiFi or through a VPN. And requires the MSExchange server to be setup for activesync. Our current configuration fails to meet any of these requirements.
    All mail server are accessable from the internet to some extent otherwise they would not be very good mail servers since they could receive no mail. Are you saying they you cannot get mail when you are outside of the office at all? It as to have an address to connect to for it to receive from either the Internet or a hosted mail gateway. Also, activesync is setup by default on most versions of exchange (If I remember correctly)
  8. Senior Droid
    born2golf's Avatar
    Member #
    118125
    Join Date
    Sep 2010
    Location
    Long Island
    Posts
    242
    Liked
    1 times
    Phone
    Razr Maxx
    #7
    @Solar, As I previously stated my company takes security VERY seriously. For anyone to expect the default settings on a microsoft exchange server (or any server for that matter) to be considered "secure" would fall far short of the truth. So No, activesync is not currently enabled.

    As for your other observation, there is a big difference between an email server being "accessible from the internet" versus "having internet access". Obviously a mail server must have access to the internet in order to transport mail. Mail transport is done on a separate and somewhat open protocol (SMTP). But just because a mail sever can access the internet to transport mail does not mean ones mailbox is available via the internet. Mailboxes should only be available via secure protocols, such as activesync. Which operates on different TCP ports that would require configurations to be done on the firewall, at the very least.
  9. Master Droid
    solar's Avatar
    Member #
    13366
    Join Date
    Dec 2009
    Location
    So Cal
    Posts
    801
    Liked
    9 times
    Phone
    Droid Razr Maxx HD
    #8
    Firewalls don't commonly block activesync ports (Incoming: 990,999,5678, 5721,26675 Outgoing: 5697) It would have to have been done manually, just as activesync would have to been disabled manually. There is no reason to diable activesync unless they didn't want anyone to have access to the service. Activesync can be disabled and enabled on a per person basis. Its not all or nothing. Any good IT admin does not take a "block all ports and open as needed approach" as this causes nothing but headaches and it unnessessary.

    You stated earlier that they don't allo IMAP, which is a lot different that what most devies use to connect to an exchange server with. If they have blocked all access expect VPN authenticated access, then i'm sorry to say you're likely SOL.
  10. Droid Newbie
    ramtek's Avatar
    Member #
    142905
    Join Date
    Nov 2010
    Posts
    2
    Phone
    droid ii
    #9
    Sorry, we good IT guys do precisely this. We allow unlimited outbound but only allow inbound access for what you need from where you need it. As for exchange access I set up active sync servers in a dmz (with no information stores mounted) for this purpose since a portion of the IIS configuration can't be SSL encrypted. It allows you to have one server for phones without sacrificing security by opening ports on you store hosting servers.
  11. Senior Droid
    born2golf's Avatar
    Member #
    118125
    Join Date
    Sep 2010
    Location
    Long Island
    Posts
    242
    Liked
    1 times
    Phone
    Razr Maxx
    #10
    Quote Originally Posted by ramtek View Post
    Sorry, we good IT guys do precisely this. We allow unlimited outbound but only allow inbound access for what you need from where you need it. As for exchange access I set up active sync servers in a dmz (with no information stores mounted) for this purpose since a portion of the IIS configuration can't be SSL encrypted. It allows you to have one server for phones without sacrificing security by opening ports on you store hosting servers.
    LOL...You are braver than me. I didn't even want to broach that subject since his post was so counter-intuitive to what it means to be secure in the first place. If his statement was true, why would you need a firewall? Apparently his security is not worth a few headaches.

    Anyway, back to my original request. It appears my company is now budgeting to purchase Goodlink in 2011. So hopefully I only have a few months left working through outlook web access.

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 16
    Last Post: 10-16-2010, 09:11 AM
  2. Exchange Email Signature in Stock Email application
    By kmdavisjr in forum Android Hacks and Help
    Replies: 1
    Last Post: 03-26-2010, 04:34 PM
  3. Exchange Email
    By ccps in forum Android General Discussions
    Replies: 0
    Last Post: 01-11-2010, 11:41 AM
  4. exchange sent email
    By thegleam in forum Android Tech Support
    Replies: 3
    Last Post: 11-16-2009, 11:48 AM
  5. Accessing Exchange e-mail will cost an extra $15 per month
    By garrett in forum Android General Discussions
    Replies: 10
    Last Post: 11-03-2009, 10:00 AM

Search tags for this page

android connect to exchange server over vpn
,

android exchange vpn

,
android get mail from exchange server without vpn
,

android vpn exchange email

,
android vpn exchange server
,
droid secure exchange
,
touchdown android vpn
,
touchdown vpn
,

what does getting toke failed mean

,
what does.token fail means on android imcredible2
Click on a term to search our site for related topics.
Find us on Google+