• Illustration: MAPI RPCs Over HTTP
• Illustration: Outlook Web Access Similarity with Outlook 11

The combination of Exchange Server 2003 and Outlook 2003 gives mobile Outlook users improved Internet access to e-mail and other Exchange functions, and Exchange 2003 alone gives browser and wireless device users an experience that's closer to that of desktop Outlook users. Mobile users—telecommuters, travelers, and wireless device users—represent a large and rapidly growing user segment, and addressing their needs is important if Microsoft expects to win new customers for its wireless and messaging products.

Serving Mobile Users

Mobile users increasingly expect e-mail and related functions, such as group scheduling, to be available at home, on the road, and when they have only intermittent access to the Internet or their corporate network. To serve these users, Microsoft has long provided offline support through the combination of Exchange and Outlook, as well as through Outlook Web Access (OWA), a Web-based client that gives users access to e-mail and other Exchange functions through a browser.

Microsoft also bundled Pocket Outlook into many of its Windows CE platforms; released Mobile Information Server (MIS) 2002 to provide browser and Pocket Outlook access to Exchange; built 802.11b (Wi-Fi) wireless support into its entire line of OSs; and built relationships with cellular carriers offering wireless data services.

However, annoying limitations, such as inefficient caching of data downloaded from an Exchange server, still made Microsoft’s current mobile messaging solutions difficult for users.

With this in mind, improved mobile support is a major focus of Exchange Server 2003 and Outlook 2003. Specifically, Microsoft improved the offline capabilities of Outlook, dramatically improved OWA, and rolled most MIS functions into Exchange.

Better Offline Support in Outlook 2003

Mobile Outlook users must often work with intermittent network connections to their Exchange servers. Dial-up users might not want to tie up phone lines for the entire time they are using Exchange, and users on wireless networks often move in and out of coverage areas, breaking the connection to their Exchange server. When offline, most users still need access to their mailboxes, schedules, contacts, tasks, and Exchange address lists and need to be able to compose mail for transmission once back online. The combination of Exchange 2003 and Outlook 2003 radically improves support for these scenarios.

Outlook 2002 and earlier versions have always been able to store data locally when disconnected. However, the implementation of this offline support is problematic in the current generation of products for the following reasons:

• When starting Outlook 2002, users must decide whether to connect to the Exchange server or to the offline store (OST). If a user connects to Exchange and the network connection is broken, Outlook does not automatically fall back to using the OST. (Prior to Outlook 2002, Outlook would even hang when this occurred.)
• Synchronization only occurs at preset intervals and is not optimized for low-bandwidth connections.
• When the user is working online, locally stored data is not used; Outlook requests a new copy from the Exchange server each time the user opens a previously synchronized item.
• The remote procedure calls (RPCs) needed by Exchange’s Messaging API (MAPI) are difficult to route securely through a firewall; as a result, synchronization of the OST with the user’s Exchange mailbox and selected public folders over the Internet requires first establishing a virtual private network (VPN) connection. (Note that a new Internet Security and Acceleration (ISA) Server Feature Pack removes this requirement. See "ISA Server Update Gates Exchange" on page 13 of the Feb. 2003 Update.)

Outlook 2003 and Exchange 2003 introduce three improvements that help alleviate these problems: Outlook "cached mode," synchronization enhancements, and support for tunneling MAPI RPCs through Hypertext Transfer Protocol (HTTP).

Outlook 2003 "cached mode." Outlook 2003’s local OST can function as a cache instead of a separate message database, giving Exchange users many of the properties and advantages of the Local Web Store abandoned by Microsoft in 2001.

In cached mode, which works with any version of Exchange server, Outlook always works from the OST, whether the user is online or offline. Incoming and outgoing items are continuously synchronized in the background with the OST whenever a connection to the server is available. Users see no obvious changes when the network connection to the Exchange server is lost; messages just go into queues until the connection is restored.

Cached mode provides benefits even when working online: as data is always read out of the cache first, the load on the Exchange server and the network is significantly reduced, in some cases allowing Exchange servers to support more users. Microsoft also claims that cached mode can halve Outlook’s network traffic.

Synchronization enhancements. Improvements to the synchronization protocol accelerate synchronization between Outlook 2003 and Exchange Server 2003. This especially benefits mobile users with low-bandwidth connections. The improved MAPI protocol automatically uses data compression and has been further optimized to reduce the total number of bytes sent over the network. For example, changes to cached data are batched together before synchronizing. Outlook 2003 can be configured to download only headers initially, allowing users to download the full body and attachments of only selected messages.

MAPI over HTTP. When Outlook 2003 users on Windows XP systems need to connect securely over the Internet to Exchange 2003 servers located behind a firewall, they no longer need to use a VPN. Although previous versions of Outlook could automatically initiate a VPN connection when synchronizing, many organizations either did not support a VPN or did not wish to make one available to all Exchange users (since it exposes other network resources as well). Yet, they wanted their mobile users to have the full benefits of the Outlook client.

The new client and server can be configured to tunnel MAPI RPC communications through the HTTP protocol, which is much easier to configure to pass through firewalls without exposing other resources or opening security holes. This feature requires at least one Exchange 2003 server to act as a proxy to translate RPCs between the internal Exchange and AD servers into MAPI-over-HTTP packets, which are then exchanged with Outlook 2003. It also uses the Secure Sockets Layer (SSL) of HTTPS to encrypt data and authentication credentials to and from the Outlook 2003 clients. (For details, see the illustration "MAPI RPCs over HTTP".)

Although similar in concept, this new protocol does not constitute a true XML Web service and does not use the Simple Object Access Protocol (SOAP).

Outlook Web Access Gets a Major Overhaul

OWA allows users to access their mailboxes and other Exchange functions, such as their calendars, from a browser. Most organizations currently use OWA in Exchange 5.5 or Exchange 2000 to augment Outlook rather than as the sole means of access, because it is much slower and lacks many features of the Outlook user interface, such as the ability to preview messages or use mouse right-click options. OWA also does not provide access to task information stored on the Exchange server.

Although it requires a continuous network connection, OWA can still be valuable to mobile users connecting to Exchange from computers that do not have Outlook installed or when the user has no Outlook settings configured, particularly when connecting from a public computer on the Internet.

With Exchange 2003, Microsoft has completely revamped OWA to bring it much closer to the feature set and performance of the full Outlook 2003 client. When accessed from Internet Explorer (IE) 5.0 or above, OWA users can finally do the following:

• Access their tasks
• Preview messages
• Check spelling
• Receive new message and meeting notifications
• Set server-based delivery rules
• Read or send digitally signed or encrypted messages using the S/MIME protocol
• Display the OWA user interface in different languages, according to the browser’s language setting.

Although the OWA user interface is still not identical to Outlook 2003’s, it is much closer than earlier versions. (See the illustration "Outlook Web Access Similar to Outlook 2003".) However, it works best with IE 5.0 and above—many OWA features are downgraded or unavailable when accessed from other browsers.

In addition, the new version of OWA is much faster than previous versions. Network traffic is reduced, and while OWA is still not an ASP.NET-based application, it takes advantage of Internet Information Server (IIS) 6.0’s reliability and performance improvements when run on Windows Server 2003. (For background on these improvements, see "Rewritten IIS Anchors Windows .NET Server" on page 3 of the July 2002 Update.)

The new OWA also addresses a security concern that affected previous versions: users connecting from public computers could inadvertently leave logged-on OWA sessions or cached security credentials. These could be used by the next user to access the previous user’s Exchange data and even send mail under that user’s name. Occasionally, public computers have locked-open browser windows, which make it especially difficult to prevent this scenario.

Exchange 2003’s OWA has new security features that help prevent these problems. The new OWA interface includes a "Log Off" button, and when Exchange 2003 OWA users log off when using IE 6.0 Service Pack 1 browsers, the IE credential cache is automatically cleared. However, this does not solve the problem of locked-open browsers. Fortunately, OWA can now be configured to use cookie-based authentication tokens (instead of IE’s cached credentials), which are forcibly expired at OWA logout or after a preset inactivity timeout elapses.

Wireless Windows CE Support

With Exchange 2003, no additional products are needed to allow wireless Windows CE-based devices—primarily Pocket PCs and Smartphones—to be full-fledged Exchange clients. Instead of merely synchronizing messages while physically docked to an Outlook client PC, these devices can send and receive Outlook data directly over the air with Exchange servers, either by synchronizing their Pocket Outlook programs with their Exchange mailboxes or by using browsers.

This capability, called Outlook Mobile Access (OMA), was formerly provided by a separate server running Microsoft’s MIS 2002. However, Microsoft has discontinued further development of MIS and will instead embed OMA functionality directly into Exchange 2003, thus eliminating the requirement for separate MIS servers. (See "Mobile Server Goes into Exchange, ISA" on page 7 of the Apr. 2002 Update.)

Exchange 2003’s OMA is an ASP.NET application and is a minor upgrade of MIS 2002’s OMA. Analogous to the choice of using Outlook versus OWA, OMA allows users of wireless non-PC devices to access Exchange in two different ways:

Server Active Sync. The Pocket Outlook program (included with Pocket PCs, Windows-powered Smartphones, and some other Windows CE devices) can synchronize users' mailboxes, contacts, calendars, and tasks directly with Exchange servers using the HTTP protocol over wireless networks. Synchronization occurs periodically in the background whenever a wireless connection is present. Because synchronization uses HTTP, firewalls can be configured to allow this traffic to be relayed between the Internet and the Exchange server.

Microsoft says that future CE devices will be able to receive push notifications that initiate synchronization between a user’s device and his Exchange mailbox. This will allow users to get new messages and other changes immediately, rather than waiting until the next sync.

Via browser. Users of many types of non-PC wireless devices can use a browser to access Exchange data when a live connection is available. Exchange 2003’s OMA supports browsers that use HTML, xHTML, and cHTML. These include Wireless Access Protocol (WAP) 2.0 browsers, i-mode phone browsers, and PalmOS browsers. OMA also provides limited support for WAP 1.x browsers. Although most Pocket PC and Smartphone users will prefer to use Pocket Outlook, browser access opens Exchange to use by other devices, and Pocket PC and Smartphone users can still employ the Pocket IE browser if they need to check an Exchange mailbox other than the one they normally sync with.

Although conceptually similar to OWA, OMA is a completely separate product and is specially designed to present a user interface adapted to the particular limitations of various types of microbrowsers, even those without touch screen support. For example, users on a WAP 2.0 cell phone browser have an interface very different from users connecting with Pocket IE. OMA also can send short message service (SMS) notifications to users when certain Exchange events occur, such as when the times for scheduled meetings change.