Exchange 2003 SP2's Direct Push Technology

How exactly does Direct Push work? DirectPush maintains an HTTP Secure (HTTPS) connection between the Exchange server and the mobile device, a session that's kept alive by using heartbeats. In this way, the Exchange server can notify a mobile device whether or not a change has occurred in the device's associated mailbox; if a change occurs in the mailbox, the server can initiate synchronization. Since the device keeps an open session to the Exchange server, you might think the connection could become rather expensive. However, the device simply sits and waits for a response; it doesn't send or receive any data while it's in this pending state—so you won't incur data charges. Because the mobile device doesn't sync unless there's a change in the mailbox, as is the case with scheduled or manual syncs, the device uses less power—again saving on money as well as battery life. Additionally, any data synchronized between the mailbox and mobile devices is compressed by using GNU zip (gzip) compression.

Figure 2 shows the basic steps in Direct Push synchronization. First, the mobile device pings the server and goes through the EAS sync process as described earlier. (Note that the EAS Ping command is a completely new command that Microsoft created solely for Direct Push; it has nothing to do with the Internet Control Message Protocol—ICMP—Ping, so you don't need to worry that the Ping will blocked at a firewall.) At the end of the synchronization, the device sends an EAS Ping to the front-end Exchange server, which has a timeout value of 15 minutes, which keeps the connection open for 15 minutes after the final Ping. During the next 15-minute period, if nothing changes in the monitored mailbox folders, the Ping times out and the front-end server sends a request to the mobile device for another Ping. This Ping process continues until a change occurs in the monitored mailbox folders. The front- end server then uses the existing HTTPS connection to notify the device that a change has occurred. The device then initiates synchronization—but syncs only the folder where the item is and not the user's entire mailbox, which saves bandwidth and data charges.

A Closer Look at Ping
What does the Ping command look like? As the sample network trace in Figure 3 shows, when a mobile device establishes a new connection, the device tells the Exchange server which folders the device wants to be notified about along with the desired heart- beat interval, measured in seconds (shown by the Lifetime tag), during which it expects to hear from the server. EAS creates subscriptions to the back-end Exchange server by using the WebDAV SUBSCRIBE and UNSUBSCRIBE commands. As mentioned earlier, if no mail comes in to the Exchange server during the 15-minute period, the device pings the Exchange server again. Note that after the first Ping, subsequent Pings are a minimal size because no other information between the Ping tags is required. If the mobile device sends the Ping on an existing connection, no re-authentication is needed.

If during a Ping's timeout period a change occurs (i.e., new mail comes in), the back-end Exchange server notifies the front-end server of the change over UDP port 2883, and the front-end server informs the device that there's mail in a specific folder or folders. It's important, therefore, that UDP port 2883 remain open between the front- and back-end servers, although you can change the port number if necessary. The status code next to the <Status> tag in Figure 4 indicates success, failure, timeout, or other error conditions. If the folder hierarchy itself has changed, the server tells the device to initiate a sync by including the tags <Folder>0 <Folder> in the list of changed folders. If no status is specified, the code is assumed to be 1—that is, no changes.

Firewalls and Direct Push
If you want to enable Direct Push on your Exchange network, you need to take into account certain considerations when setting up firewalls. In particular, you should set the timeout values on the path from the mobile device to the front-end server to be greater than the Ping interval value. If the timeout values are lower than the Ping interval value, the connection will be dropped and the device will have to reissue the Ping.

The steps involved in configuring a firewall to work with Direct Push depend on the type of firewall used in your organization. For information about how to configure Direct Push and the ISA Server 2004 firewall, see the Microsoft article "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" (http://support.microsoft.com/?kbid =905013). This article also provides additional information that will help you assess the choices you might need to make when setting up other firewalls.

After the firewall is correctly configured, you should also adjust the timeout values for the IIS server on the default Web site's front-end server. I've found that a value between 15 and 30 minutes (900 to 1800 seconds) works well in small-to-midsized business (SMB) networks that use Direct Push.

Economical, Up-to-Date Access
Direct Push is the latest evolution of the AUTD technology that's been in Exchange 2003 since its release. As you've seen, Direct Push lets a mobile device continuously ping the Exchange server and automatically sync with the server only when new mail comes into the user's Exchange mailbox. DirectPush ensures that Windows Mobile 5.0–device users have similarly up-to-date access to mail, calendars, and contacts as they have in the office—at an economical cost.