Apple iPod and iPod Touch WPA/WPA2 Enterprise Wi-Fi Networks

12 Chapter 1 Deploying iPhone and iPod touch

Network Configuration

ÂMake sure port 443 is open on the firewall. If your company uses Outlook Web

Access, port 443 is most likely already open.

ÂVerify that a server certificate is installed on the Exchange frontend server and enable

Require Basic SSL for the Exchange ActiveSync virtual directory.

ÂOn the Microsoft Internet Security and Acceleration (ISA) Server, verify that a server

certificate is installed and update the public DNS to properly resolve incoming

connections.

ÂMake sure the DNS for your network returns a single, externally-routable address to

the Exchange ActiveSync server for both intranet and Internet clients. This is required

so the device can use the same IP address for communicating with the server when

both types of connections are active.

ÂOn the ISA Server, create a web listener as well as an Exchange web client access

publishing rule. This is a necessary step in enabling Exchange ActiveSync. See

Microsoft’s documentation for details.

ÂFor all firewalls and network appliances, set the idle session timeout to 30 minutes.

Refer to Microsoft Exchange documentation for alternative heartbeat and timeout

intervals.

Exchange Account Setup

ÂEnable Exchange ActiveSync for specific users or groups using the Active Directory

service. These are enabled by default for all mobile devices at the organizational level

in Exchange Server 2003 and Exchange Server 2007. For Exchange Server 2007, see

Recipient Configuration in the Exchange Management Console.

ÂConfigure mobile features, policies, and device security settings using the Exchange

System Manager. For Exchange Server 2007, this is done in the Exchange

Management Console.

ÂDownload and install the Microsoft Exchange ActiveSync Mobile Administration Web

Tool, which is necessary to initiate a remote wipe. For Exchange Server 2007, remote

wipe can also be initiated using Outlook Web Access.

WPA/WPA2 Enterprise Wi-Fi Networks

Support for WPA Enterprise and WPA2 Enterprise ensures that corporate wireless

networks are securely accessed on iPhone and iPod touch. WPA/WPA2 Enterprise uses

128-bit encryption, a proven block-based encryption method that provides a high level

of assurance that corporate data remains protected.

With support for 802.1X authentication, iPhone and iPod touch can be integrated into a

broad range of RADIUS server environments. 802.1X wireless authentication methods

are supported and include EAP-TLS, EAP-TTLS, EAP-FAST, PEAPv0, PEAPv1 and LEAP.