Contents Hide
In order to synchronise data from the handheld device to BrightXpress, there must be a TCP/IP network connection. There are several options when considering how to connect the handheld device to BrightXpress. Connection options range from serial, USB, infrared, Ethernet, 802.11x, Bluetooth, modem, and Virtual Private Network (VPN).
ActiveSync is the basic synchronisation software provided by Microsoft, for the Pocket PC and Windows CE devices. It is supplied with the devices, and downloadable from the Microsoft website.
Usually the handheld device comes with a cradle, for battery recharge, and connection to a host computer, via a serial cable.
Once a device is connected via ActiveSync, it will be granted the same connectivity as the host computer. So, if the host can connect to BrightXpress, then the device will also be able to connect. It is not necessary to have an ActiveSync Partnership to connect.
The host computer may be connected to BrightXpress via LAN (Local Area Network), or it may be connecting via a VPN (Virtual Private Network). In either case, a connection via ActiveSync is possible.
With this type of connection, there is no security compromise, because it is point to point and the user is already authorised to use the host computer.
Some handheld devices provide integrated wireless LAN functionality. In this way, the device may connect with the WLAN access point and then to BrightXpress on the LAN.
Wireless LAN (WLAN) connectivity is useful in a controlled environment, such as a warehouse, that can be fully illuminated by wireless access points. This method offers cheap, reliable, and fast synchronisation.
Using WLAN, it is also possible to gain web access via remote hotspots, and this may also be used as a method to synchronise.
Security is of important concern when considering deploying a WLAN. For the best security, use Wi-Fi Protected Access (WPA) instead of WEP encryption. The weaknesses in WEP have been well publicised.
The handheld device may have built-in telephone functionality itself; such as Pocket PC Phone Edition. Otherwise, a connection may be made between the device and an external phone via cable or Bluetooth.
BrightForms can then be configured to make a dial-up connection using the phone. The dial-up connection may be set up with a modem and remote access service, or with a VPN provider.
RADIUS stands for Remote Authentication Dial-In User Service. This type of connection allows remote users to access the company's computer network via a third party provider's secure private network.
The provider has a managed core network that centrally co-ordinates the different connections used by the remote staff and establishes a private session between the remote worker and the company's computer network (LAN).
To enable secure access, the provider creates a unique 'realm' for the company within the provider's secure private network. This securely partitions the services from other organisations and ensures that only authorised staff have remote access.
Remote workers usually can access the network using fixed line dial up, and ISDN connections, as well as wireless mobile connections. Remote workers log on using a username and password. The username includes a unique 'realm' identifier. In this way, traffic is routed to the company network.
The usernames and passwords are set-up using RADIUS software through its management system. The provider may provide this management system or one may use their own embedded or third party RADIUS software.
When setting up this type of service, there needs to be a dedicated link that connects the company computer network to the provider's secure private network. For instance, this may be an ISDN or a Frame Relay link.
BrightForms can then be configured to make a dial-up connection using the phone. The dial-up connection may be set up with a modem to dial the provided phone number and the RADIUS logon name and password.
Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection for connecting to the enterprise private network from various remote locations.
VPDN's provide secure connections, are cost-effective, and scalable; hence they are thoroughly recommended as the method for synchronisation with BrightXpress.
Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with client software for their devices. The remote users can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network.
There are different ways in which encryption is done to secure data. Most VPN client programs and VPN gateways do not support all the encryption methods.
Microsoft servers can be configured as VPN gateways that support the Point-To-Point Tunnelling Protocol (PPTP), which is a Microsoft method for encrypting data to create VPN's.
Pocket PC has support for PPTP so that you can connect to VPN gateways that support the PPTP protocol. Refer to Appendix (A) - How to configure VPN access on Pocket PC, for more details.
PPTP is not the only method for encrypting data for VPN's. Another popular method is IP Security, or IPSec, and that is not supported by default on any Pocket PC device. There are vendors that provide VPN clients for Pocket PCs that do support IPSec, and which will work with many different VPN gateways.
Pocket PC 2003 has added support for IPSec, and for having multiple VPN access configurations.
The requirement for data synchronisation is to have an open standard TCP/IP network connection. Therefore there are multiple options for connecting the handheld devices to BrightXpress.
Windows Mobile Pocket PC has a Connection Manager that can be configured for accessing what it refers to as two different types of networks. The first network is the Internet itself, and secondly, what it refers to as the “Work Network”. It can organise and automate connections.
The final sections of this appendix describe how to configure VPN access on Windows Mobile 5, Pocket PC 2003 and 2002 respectively.
Initiating the connection to a corporate network varies depending on the type of server you want to connect to.
There are two basic types of networks, My ISP (or Internet), and My Work Network. The My ISP settings are for general network connections. For example, you would put your dial-up network settings here for your personal Internet service provider. It is through this type of network that you access resources with fully qualified domain names (FQDN) such as http://www.yahoo.com or pop3.bellsouth.net. The second type is Work. This is for non-FQDN resources, such as corp.servername or workpc.
If you want to retrieve email you need to create a service in Inbox for the email server, and configure that service to use the Default Work Settings for the connection. With the service properly configured you simply have to run a Send and Receive, and a VPN connection will be automatically established.
If you want to open a web site on a corporate network using Pocket Internet Explorer, simply enter the URL for the site in the address bar. If the server portion of the URL is a short-name, for example http://myserver/index.html, then it will use My Work Network. However, if the server portion of the URL is fully-qualified, which means it has dots in it, that will be interpreted as server on the Internet.
This can be overridden in the Pocket PC, using the Advanced -> Select Networks -> Exceptions. Here you are able to specify FQDN resources that you wish to access using My Work Network.
