Accessing Corporate Networks
As part of assessing how each enterprise can best
maximize the capabilities of the Pocket PC, they need to assess changes to
their systems. During the
normal course of events of working with Pocket PCs, IT Managers and
Network Administrators will be faced with making decisions about how best
to integrate these changes into their network environment.
While each network environment is different, this article focuses
on explaining different options to integrate Pocket PCs more tightly into
I’m sure you recognize that the main reason you want a device like a Pocket PC is to store information on it. Well this requires you to assess what software you are using for your Personal Information Manager (PIM). Right now Microsoft only supports synchronization with Outlook 2000 and 2002 with ActiveSync 3.5 that is included out of the box on the Pocket PC 2002. If you need to synchronize with another PIM, you will need to consider a 3rd party synchronization solution like Intellisync from Puma (www.pumatech.com). Also, if you are accessing Lotus Notes then you may prefer to use the application called Commontime from Cadenza (www.cadendza.com). Microsoft offers a server based synchronization solution in their Mobile Information Server as does Extended Systems does with XTNDConnect. In my previous article, I have discussed the features and capabilities of these applications. In all cases, you need to decide what type of connection you are willing to support for synchronization.
These connections range from serial, USB, infrared,
Ethernet, 802.11b, Bluetooth, modem and Virtual Private Network (VPN).
Part of the decision is whether or not to support distributed
synchronization vs. centralized. I suggest that you review your network’s capabilities to
support these scenarios so you can inform your users what you support and
what you do not. In almost
all cases, the use of serial, USB and infrared do not offer any security
compromise since they are point to point and the user already is authorize
to use the PC.
Network Based Options
The decision to support Ethernet and 802.11b is
easier since the user has to be on your premises and their PC turned on if
you are not using a server based solution.
The Pocket PCs support DHCP assigned IP addresses and use WINS to
identify the PC to synchronize with.
If you are using an original Pocket PC you must enter the IP
address of the WINS server or the desktop PC’s IP address as the WINS
server in the Pocket PC to sync. In the case of Ethernet all the user
needs is access to an Ethernet port. In the case of 802.11b they could be outside the building in
the parking lot or even next door. So
if you need high security, network based solutions should be limited to
staff that are trusted not to abuse their access.
If you choose to use 802.11b you need to asses your network
security for wireless since the built-in wired encryption privacy (WEP)
included with the hardware has been easily compromised.
Remote Access Options
The Pocket PC 2002 supports the ability to connect to
your network an synchronize with a PC or server remotely. This can be
accomplished by using the built-in RAS support found in Windows NT or 2000
servers as well as using ActiveSync’s support for a modem attached to a
PC. If you choose to use a Windows NT or 2000 server you need to install
the WINS service in order to synchronize since this is the way the Pocket
PC will identify the PC to sync with.
Also, you can use 3rd party RAS solutions from vendors
like Intel and Cisco however you need to make sure that their
configuration supports bridging Netbios traffic on ports 137,138 and 139.
Also, the Pocket PC supports 3 different authentication methods
called PAP (insecure), CHAP (secure) and MSCHAP (Secure).
The Pocket PC does not support encrypting the whole data stream or
proprietary clients. I do not
suggest supporting modems attached to PCs since they can not be monitored
and managed centrally. Since
the network administrator can not prevent the use of a desktop modem, they
should develop a policy that clarifies how the modem is to be used in
their environment. In addition the Pocket PC supports the use of wireless
cellular technology to dialup to your RAS server or desktop modem using
standard GSM or CDMA cellular phone.
This solution does not support the use of high speed data services
like GPRS or 1xRTT which also use cellar to communicate.
Bluetooth also fits into this category since it provides a local
wireless solution to communicating between your Pocket PC and your cell
phone. It is much
simpler to use once it is setup, however that may require additional steps
initially that the IT staff must perform to make it easy for the end user.
Virtual Private Network Options
The Pocket PC 2002 has built in support for the use
of Virtual Private Networks (VPNs). A
VPN is method of accessing a network via the internet using an encrypted
data stream. Microsoft chose only to support their Windows NT and Windows
2000 based VPN solutions. If
you want to access other VPNs other vendors, I suggest investigating
Movian VPN from www.certicom.com,
which supports vendors like Cisco and Nortel.
Also, Checkpoint is beta testing a Pocket PC client as well.
Users can use a VPN from a network connection to the internet or
dialing up to the internet on phone lines or via cellular. Also, VPN based solutions are compatible with GPRS and 1xRTT
high speed cellular wireless as well however you should check with your
cellular vendor to make sure they have tested it for compatibility.
Now you have some direction
on how to integrate the Pocket PC into your networking environment.
I have created help pages for communications via modem (http://www.pocketpcfaq.com/wce/isp-tshoot.htm)
and networks (http://www.pocketpcfaq.com/faqs/networktrouble.htm)
which you may find helpful in diagnosing your communications. Next month I
will cover the topics of configuring your e-mail and websites to be
compatible with the Pocket PC.