LGriffin19
asked on
Activesync v APNS Concurrency
Hi
I am looking at two methods for mobile devices to receive email on iOS/Android devices, especially taking into account the need for the mail to be up to date without the user necessarily opening the application into the foreground.
From what I can see, there are two main methods;
1. Native Exchange ActiveSync using Direct Push
2. Using a third party solution with APNS
My understanding of ActiveSync with Direct Push is that the mobile email application will maintain a long lives HTTPS connection to the proxy in the DMZ and then to Exchange. The timeout will be 15 mins, upon which a new session is created. So, from the perspective of the proxy in the DMZ, if there were 1000 users with mobile devices, that's about 1000 concurrent connections from their devices since with Direct Push there would be an almost constant connection. Is this correct?
With the second method, APNS, my understanding is that the third party software server within the company's network would send a push notification to the mobile app via APNS. This would make the app 'wake up' and initiate a connection to Exchange via the proxy server to update the application. From a concurrency perspective, this should be much less since the connection is only when there is new email.
Am I thinking along the right lines here.
I am looking at two methods for mobile devices to receive email on iOS/Android devices, especially taking into account the need for the mail to be up to date without the user necessarily opening the application into the foreground.
From what I can see, there are two main methods;
1. Native Exchange ActiveSync using Direct Push
2. Using a third party solution with APNS
My understanding of ActiveSync with Direct Push is that the mobile email application will maintain a long lives HTTPS connection to the proxy in the DMZ and then to Exchange. The timeout will be 15 mins, upon which a new session is created. So, from the perspective of the proxy in the DMZ, if there were 1000 users with mobile devices, that's about 1000 concurrent connections from their devices since with Direct Push there would be an almost constant connection. Is this correct?
With the second method, APNS, my understanding is that the third party software server within the company's network would send a push notification to the mobile app via APNS. This would make the app 'wake up' and initiate a connection to Exchange via the proxy server to update the application. From a concurrency perspective, this should be much less since the connection is only when there is new email.
Am I thinking along the right lines here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've never heard of that type of deployment. Typically, APNS are used by iOS and third-parties to control or deliver notifications not the downloading payloads. How big is your org? Can you provide me with some links on the procedure and use cases?
What is the driving force behind this request...are you experiencing sluggishness or bottlenecking or is there a third-party app requiring APNS like MDM provider?
Unless, there is some overwhelming documentation/reason as to why someone should do this and assuming that every Fortune 500 company using Exchange, Microsoft itself and all Hosted Exchange providers have gotten it wrong somehow or have overlooked this as a implementation methodology...I'd stay with best practices...[they] stand the test of time and is will not overly complicate your configuration when things go south.
I'm still interested in the articles if you have them though!
What is the driving force behind this request...are you experiencing sluggishness or bottlenecking or is there a third-party app requiring APNS like MDM provider?
Unless, there is some overwhelming documentation/reason as to why someone should do this and assuming that every Fortune 500 company using Exchange, Microsoft itself and all Hosted Exchange providers have gotten it wrong somehow or have overlooked this as a implementation methodology...I'd stay with best practices...[they] stand the test of time and is will not overly complicate your configuration when things go south.
I'm still interested in the articles if you have them though!
ASKER
Sure, attached is a link to how Citrix do it:
http://support.citrix.com/article/CTX200226
A lot of companies do not use native ActiveSync because it does not have the controls necessary for some financial organisations. They use Citrix, MaaS, GOOD and so on that utilise the method above,.
http://support.citrix.com/article/CTX200226
A lot of companies do not use native ActiveSync because it does not have the controls necessary for some financial organisations. They use Citrix, MaaS, GOOD and so on that utilise the method above,.
This article clearly states all the issues that Citrix has had with trying to achieve what EAS has been doing for over a decade. Citrix's response to their own issues is to utilize APNS just like every other app does. To reiterate APNS do NOT deliver any kind of payload...only notifications. Some quotes from your article,
If you take a deep dive into MDM its exceptionally "wet behind the ears" - ridiculously immature IMO. Add iOS' stupidity of not allowing proper APIs to be written by developers only increases these impedances. Fortunately, iOS lost market share around 7 years ago to Android, which actually provides some of the best MDM functionality I've seen. However, its still not a great solution (MDM) by any means and I have yet to see any MDM, including AirWatch (which I feel has the most functionality of all that I've come across), deliver features that EAS cannot beside an App Library. Granted with Android and Windows Phone using AirWatch you can remotely control a users device but that is still in beta (I've used it first hand). That said, I have not tested Exchange Online's new integrated MDM. If its anything like EOP (formerly FOPE) I will be pleasantly delighted.
I'm not opposed to third-party MDM....if anything I'm in dire search for a great solution but the MDM industry at large needs to develop something that will actual be viable for management and not just providing useless stats and system dumps. MaaS sucks IMO. Citrix appears to be really struggling by the admissions in their article. I have not had any experience with GOOD only that I've heard its pretty solid. RIM (Blackberry) or GOOD Messaging would be considered alternatives to EAS as they use their own protocols for connectivity. For example, EAS vs GOOD, etc.
What features are you looking for in particular? You can do the following with EAS:
• remote secure wipe
• remote allocated secure wipe (Exchange data only)
• SMIME - secure connections between external servers such as vendors, etc. Government agencies
• use this exclusively for security reasons.
• force device encryption
• force transmission encryption
• force password auth
• force password policies
• remove the ability to use certain apps
• GAL Sync
• Automated mailbox configuration
• Automapped Shared Mailboxes
Does that make sense? Thoughts?
We are developing an APNS push based notification service. We are NOT developing a Push Email solution.
In general, this is how every app on iOS using APNS pushes work. The push tells the app to wake up and it may not be instantly. If you see the badge count and open the app, it might still need to refresh to show you what is the new item.I think you might be misunderstanding these concepts. So, APNS vs EAS is an apples to oranges comparison. One only handles notification and the other handles not only notification but also a number of other functions as well as payload delivery. Case in point, when you deploy MaaS360, AirWatch, Spiceworks, they all may or may not utilize APNS but all of the rely on EAS to deliver the payload...they are never syncing with the Exchange server directly - they only accent the core infrastructure.
If you take a deep dive into MDM its exceptionally "wet behind the ears" - ridiculously immature IMO. Add iOS' stupidity of not allowing proper APIs to be written by developers only increases these impedances. Fortunately, iOS lost market share around 7 years ago to Android, which actually provides some of the best MDM functionality I've seen. However, its still not a great solution (MDM) by any means and I have yet to see any MDM, including AirWatch (which I feel has the most functionality of all that I've come across), deliver features that EAS cannot beside an App Library. Granted with Android and Windows Phone using AirWatch you can remotely control a users device but that is still in beta (I've used it first hand). That said, I have not tested Exchange Online's new integrated MDM. If its anything like EOP (formerly FOPE) I will be pleasantly delighted.
I'm not opposed to third-party MDM....if anything I'm in dire search for a great solution but the MDM industry at large needs to develop something that will actual be viable for management and not just providing useless stats and system dumps. MaaS sucks IMO. Citrix appears to be really struggling by the admissions in their article. I have not had any experience with GOOD only that I've heard its pretty solid. RIM (Blackberry) or GOOD Messaging would be considered alternatives to EAS as they use their own protocols for connectivity. For example, EAS vs GOOD, etc.
What features are you looking for in particular? You can do the following with EAS:
• remote secure wipe
• remote allocated secure wipe (Exchange data only)
• SMIME - secure connections between external servers such as vendors, etc. Government agencies
• use this exclusively for security reasons.
• force device encryption
• force transmission encryption
• force password auth
• force password policies
• remove the ability to use certain apps
• GAL Sync
• Automated mailbox configuration
• Automapped Shared Mailboxes
Does that make sense? Thoughts?
The majority of the MDM solutions now work in the same way - connection from the device to the server via their own system, then the final connection from their product on an internal server to Exchange is via ActiveSync, or occasionally EWS. Any that are doing anything else are moving to EAS/EWS in the very near future as it is pretty much future proof, and will also support older versions of Exchange down to 2007 (anyone using 2003 or older really doesn't care about security).
BES 5 uses MAPI for making the connection, but BES 10 and higher uses the method I have outlined above. I think Good did the same thing, but are moving to EWS. Everyone else pretty much went straight for the ActiveSync connection.
APNS is an Apple thing, therefore by considering it you are pretty much restricting yourself to a very small part of the market. I would strongly discourage any enterprise of any size not to even consider the Apple devices - they are NOT Enterprise ready in my opinion. I have two major clients who deployed iPhones to their staff under pressure from them to do so - they both withdrew the devices from their staff within six months when their support and service costs tripled. Did make a pretty nice sum selling the devices back to the provider though and switching to a mix of Android and Blackberry OS 10, depending on the end user's need.
Simon.
BES 5 uses MAPI for making the connection, but BES 10 and higher uses the method I have outlined above. I think Good did the same thing, but are moving to EWS. Everyone else pretty much went straight for the ActiveSync connection.
APNS is an Apple thing, therefore by considering it you are pretty much restricting yourself to a very small part of the market. I would strongly discourage any enterprise of any size not to even consider the Apple devices - they are NOT Enterprise ready in my opinion. I have two major clients who deployed iPhones to their staff under pressure from them to do so - they both withdrew the devices from their staff within six months when their support and service costs tripled. Did make a pretty nice sum selling the devices back to the provider though and switching to a mix of Android and Blackberry OS 10, depending on the end user's need.
Simon.
Just trying to get a little closer to the core of your issues...are you worried that the 1000 concurrent connections will overload your router/firewall? If so, consider that that is a *very* low concurrent connection count for modern edge devices to handle. My home router allows 45,000 concurrent connections (though I did have to flash it with DD-WRT to do that), and the majority of enterprise level edge devices will allow significantly more than that (a mid range firewall will allow over 200,000 concurrent connections). I would not worry about the concurrency footprint. It's a non-issue.
ASKER
Thanks both.
ACBrown - no, not worried, just wanted to understand more than anything :)
ACBrown - no, not worried, just wanted to understand more than anything :)
Your welcome!
Did we answer all your questions?
Did we answer all your questions?
ASKER
Thanks for responding! Yes, aware that EAS and APNS are two different concepts, however where I'm looking to compare them is in terms of "background downloading" of emails.
EAS uses Direct Push to maintain that long living connection to Exchange from the mobile device.
Some vendors use EAS for the connection between their mobile server and Exchage, however use APNS for to provide the "background downloading" rather than use native EAS/Direct Push on the mobile device.