Exchange Server 2007 from a client point of view
Test shows that client connectivity is general quick and easy
In our testing from the client side, we found that while it’s easy to connect to the Exchange 2007 backend in most cases, it’s not completely without its problems.
Exchange 2007 server's bells and whistles mean nothing without client accessibility. In our testing from the client side, we found that while it’s easy to connect to the Exchange 2007 back end in most cases, it’s not completely without its problems.
It comes as no surprise that Microsoft’s preferred client access method for Exchange 2007 is Outlook 2007, part of the recently released Office 2007 and available only on Windows platforms.
While Exchange 2007 server is also open for use with other e-mail client access methods, such as Thunderbird (the e-mail counterpart to Firefox) and Microsoft’s older Mac Office e-mail product called Entourage, this subpar access does not include any of the groupware-focused features, such as shared contact, mail, files/folders, group calendars and Microsoft SharePoint services.
The accessibility afforded for Exchange 2007 clients is quite varied. Obtaining simple e-mail access through standard POP3 and IMAP protocols across all clients was easy in our tests.
We used a number of e-mail client applications successfully, including Thunderbird (under Linux, MacOS, and Windows XP/Vista Ultimate), Apple Mail, and Netscape clients all ran successfully and flawlessly.
Exchange 2007, as in previous versions, supports a Microsoft Internet Information Server (IIS)-based Outlook Web Access (OWA) browser application to deliver Web-based mail. We found that Web-based e-mail access worked well under Internet Explorer 6 and 7, as well as Apple Safari 2.0 and Mozilla/Firefox 2.0 browsers. IE 7 presents some problems with connectivity if there are certificate errors (such as an incorrect root certificate or the wrong type of certificate), but if everything is configured correctly, it works well.
The OWA browser application when connecting to Exchange 2007 does not support the option to suppress externally referenced content (usually pictures) that are situated on a Web site or other Internet source, letting the mail sender record that the content have been seen/read in the e-mail. This inability to suppress rich (and revealing) content is disturbing, as it leaves this security measure to be handled by third-party applications.
Outlook 2007 is touted to have an automatic configuration. The lore is that one adds user account name, domain, and password information, and, like magic, all should be configured. It can happen that way. Our test showed that this autoconfiguration works simply on LANs and VPN connections.
However, if one initially connects Outlook 2007 via a Web connection (and not a LAN or VPN connection), a different authentication mechanism is used. This external initial connection requires that an organization distribute certificates to the user, and the user must install these certificates to establish a trust relationship directly between Outlook 2007 and Exchange Server 2007; this can be easily scripted with the certificate delivery to prevent user installation-time missteps.
We used a method that sets up a proxy relationship of the Outlook 2007 service that ran over Port 80 (the HTTP port) and is then translated in the Exchange Server — with the authenticated credentials generated by the user-installed certificate.
We also used the IMAP feature of a Motorla Q phone (running Windows Mobile 5 OS) to read mail, and to easily synchronize information across an Verizon network connection to the primary server. Outlook Mobile also can perform the same connectivity but with the enhancement of synchronization of contacts, e-mail and calendars. We found this is simple to set up with instructions for savvy users, but the process begs for a scripting method that could be used to provide configuration tasks for users of Windows Mobile 5 devices.
Henderson is a principal at ExtremeLabs in Indianapolis. Thayer is an independent security consultant. They can be reached at thenderson@extremelabs.com and rodney@canola-jones.com, respectively.
Copyright © 2007 IDG Communications, Inc.