Thursday 24 December 2009

Merry Christmas!

Merry Christmas to everyone! :)

Enjoy the holidays and I'll be back in the New Year, where I'm sure we will have more information on TMG and UAG, as well as more exciting products and developments from e92plus.

Microsoft CRM 4.0 on a non-IE browser and IAG

At e92plus we use Microsoft CRM 4.0 as our CRM system. It is a good product that allows a lot of flexibility, granularity and customisation, but the downside out of the box is that it will only work with an IE browser.

Not a major issue you may think as all the computers at work are all Windows devices.

As you can see in the previous post, we were in the process of replacing our mobile telephones at work, and as part of the rollout, I wanted to offer IAG via the mobile phone. I know it works(albeit very slowly) on a Blackberry and (pretty well with 3G) on iPhones.

Now if we were issuing mobile devices with internet access to the staff, I not only want them able to access the IAG, I also want to give them the ability to access our CRM system.

My choices were to look at Windows Mobile devices, but there is either a comprise on cost or functionality, or find a way to get CRM available on other browsers.

A bit of Googling from Neil Langridge (Marketing Manager for e92plus) turned up the following links:

http://blogs.msdn.com/crm/archive/2009/07/09/product-release-mobile-express-for-microsoft-dynamics-crm-4-0.aspx
http://weblogs.asp.net/gayanperera/archive/2009/07/10/dynamics-crm-4-mobile-express-released.aspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=F592EC6C-F412-4FD5-9A80-CD3BCBD26D8B&displaylang=en

After following the instructions on installing the 28Mb file, we then started testing.

I used Firefox, Safari, Opera and Chrome as my test browsers and they all worked perfectly. The view is slightly cut down, but we now have CRM on other browsers.

The next step was publishing this on IAG as a Generic Web Application (as I did for CRM on IE). Remember to use the server name, correct port number as well as the /m after the URL. I created an access policy to check the users browser, so that if they are using IE they have two icons (one for full blown CRM, and other for the "streamlined" version), and if they are using a non-IE browser they only see the "streamlined" version of CRM.

I have been playing with a number of mobile phones recently, and this works perfectly on Blackberrys, iPhones, Nokia and HTC Windows Mobile devices.

ActiveSync on IAG, with iPhones

The mobile phone contracts at work are up, so I have been investigating alternatives. We were previously using Blackberrys, but I've been investigating more cost effective options. Since the Blackberry server was installed, we have upgraded to Exchange 2007, which gives us the aability to us Push Mail/ActiveSync, something that was not an option on our previous mail server.

I was given a couple of test phones to trail ActiveSync on a Windows Mobile and a Nokia device.

First off, I had to ensure ActiveSync was enable on the Exchange server, and fortunately a "vanilla" build of Exchange 2007 haas it enable on install.

The thing was the create a NAT rule on my firewall to allow the ActiveSync traffic from the intenet to the Exchange server. This was only a temporary rule while I was testing ActiveSync worked, before the rule was removed again.

My security/paranoia head would not allow me to leave this rule in place, as I would not recommend to anyone to have a rule that allows direct connectivity from the internet to any mail server. (BTW that also includes email, as there are plenty of mail relay options, such as a Barracuda Spam Firewall - Blog post for another day!)

Here at e92plus as the saying goes "We eat our own dog food", where we use a Celestix WSA IAG appliance as a remote access solution.

The next step was for me to create way for the mobile device to connect to my Exchange server, without a direct connection. I configured one of our external IP addresses to NAT into the DMZ of our firewall. I then had to add an additional IP address on the external adapter of the Celestix WSA appliance to match the DMZ IP address of the NAT rule. I also created a new prefix for our domain, and mapped that to the external IP address I'm using.

Now on to IAG, create a new webmail trunk and selected ActiveSync. I defined the domain, selected the DMZ IP address, defined the details of my Exchange server, aand then activated the configuration.

I took the Trusted Root Certificate from my Exchange server and applied that to the IAG appliance.

From the mobile devices, I defined the domain, username and password. For the server address, I use the new IAG portal address.

It worked perfectly on the demo Nokia E63 and the HTC Touch, although the interfaces were different the information required to login was the same. This allows the devices to sync up emails, contacts, calendar and tasks.

After much deliberation, I decided that I wanted an iPhone as my mobile device. Although I am still waiting for the SIM to be activated, ActiveSync is syncing my email, contacts and calendar via my wireless network, so once the iPhone can get onto the O2 3G network, it will be working as it should!

For added security/paranoia, on the Exchange server I have also enabled mandatory passwords on the device, madatory encryption of the storage and the ability to remote wipe the devices, so pretty much the core features of a Blackberry server, at a much lower cost!