BES queries related to ActiveSync


I know this topic has been debated to death but I had two questions that I was hoping people could help me with :) Our management are toying with the idea of replacing BES with ActiveSync going forward.

From reading up on the Internet, the three major benefits of BES over EAS are:

1. Push/Pull: Reading here

"Mobile devices that support Direct Push issue an HTTPS request to the Exchange server that asks Exchange Server to report any new or changed e-mail messages, calendar, contact, and task items. If changes occur within the lifespan of the HTTPS request, the Exchange server issues a response to the device that includes which folders have new or changed items. The device then issues a synchronization request to the server. After synchronization is complete, a new HTTPS request is generated to re-start the process."

To me, this isn't real Push technology! Basically, the EAS client is 'checking in' with Exchange regularly to see if it has new mail.
Would I be correct in saying that if BES knows there is a new message for a user (via the UDP notification), then it sends the message directly. The handheld doesn't actually need to keep checking in with BES?

That said, does this make much of a difference given that most people are on unlimited data plans now?

2. Security

BES uses 3DES which is 'virtually unbreakable'. EAS uses HTTPS. Isn't HTTPS virtually unbreakable too though?

I think everyone agrees BES has loads more IT policies though.

3. Data compression

BES's compression of data is much more effecient than EAS's. But - again - what effect does this have on the user given the unlimited data plans?

4. Troubleshooting

BES logs, when used with BRK, are great are pinpointing issues. EAS IIS logs is very much 'needle in  a haystack'  situation.

I'm interested in both BES and EAS viewpoints!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1.  I know the windows mobile devices used to stay up to date by receiving these hidden SMS messages that would get sent from the Exchange server and would force the mobile device to perform a send/receive.  I don't think most EAS-capable devices nowadays work like this.  Most just open an internet connection and will keep the data connection open all day long.  Since it's an active data connection, it will be able to stay connected to the Exchange server the whole time and Exchange will push updates to it almost instantly.  The effect of this on the phone's battery life is usually fairly severe though, and regular charging of the phone is required (say, once a day).  This varies on make/model/location obviously, but compared to a Blackberry device that can go for several days without needing a recharge, there's an definite difference.

2.  I think HTTPS is plenty secure, especially considering the key strength for most certificates that you purchase from a 3rd party is at least 2048-bit.

With Exchange 2007 and 2010, you can have MUCH more control over your activesync enabled devices than previous versions of Exchange.  There are lots of policy options related to enabling/disabling the camera, preventing programs from being installed, preventing removable memory from being used, forcing the user to protect the device with a passcode, etc. that you can configure in Exchange.  You can also have different sets of policies and apply them to different activesync users.  As long as the phone is fully activesync capable, it will abide by those policies.  Actually, it will tell you when you go to first sync with the server that the server has policies that must be enforced on the device and will prompt you to continue.  You may want to verify with the device manufacturer to see what EAS policies it supports.  I know the iPhone for example actually supports most of them, but some older Palm devices do not.

Finally, there IS a remote wipe capability built in to ActiveSync.

3.  Agreed about the data compression.  It won't be much different between EAS and BES
4.  This is one area where BES is probably better.  If you're comfortable reading IIS logs then you'll be OK with ActiveSync but I think the logging in BES is a little more comprehensive.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
1. Yes, you're correct. The handheld doesn't establish a direct TCP connection with the BES, which ActiveSync devices do (SSL session direct to the client-access server).

2. It's not that SSL isn't as secure, it's just a different type of security. 3DES and AES are used in packet encryption, whereas HTTPS encrypts a tunnel. While both do the same sort of job, one is designed for wireless networks and the other for wired. These days wireless/mobile networks are fairly good at maintaining TCP sessions - several years ago they weren't as good, hence why MS used SMS "poke and pull" to "push" email out to the devices.

Another aspect to security to the BES is IT Policy. While you have IT Policies with ActiveSync, you've only got a limited amount (from memory 16 if you have Exchange Enterprise licensing??) which barely covers the basics. Having a comprehensive set of Policies available to you (even if you don't think you'll use them) means that should a situation arise where you need to enforce greater control and security, you can without having to think about implementing a third party product.

3. Data compression comes in to play in a few ways, including data plans (particularly if you have roaming users, then it plays a very big part!). Consider the device as a human. This human needs to shift a parcel from point A to point B. If the parcel is heavy the human will run out of energy faster as it takes more effort to shift the heavier parcel. Conversely if the parcel is light the human can shift more parcels for the same amount of energy, or last longer. When it comes to your user's and their devices, factor in their typical usage - perhaps a high-drain device is fine as they don't leave the office much and can have the device on charge fairly regularly. Just be careful of giving high-drain devices to users who aren't able to charge that frequently.

4. To be honest, after many years of troubleshooting using BES logs they're still almost a language on their own! The BRK definitely does help, but where I'd pitch this as an even battle is the level of manufacturer (RIM vs MS) technical support. Both are very good and very comprehensive.

Finally, take a look at this link written by someone who's been around on these forums for quite some time, GLComputing:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.