This week it seems some of our competitors have been busy on email - sending a Powerpoint round to customers and mobile operators scare mongering about the architecture of Direct Push claiming that implementing it is 'opening thousands of firewall ports and connections'

So let's be really clear here:

1) Exchange 2003 Mobile Messaging requires you to open 1 port - port 443 for SSL.  (So 1 port is considerable less than thousands)

2) The secondary concern is around potential for Denial of Service Attacks (DoS).  A DoS attack could be mounted against IIS by opening a larger number of TCP connections but never actually issuing an HTTP request.  IIS mitigates this threat by requiring that a client submit a fully-formed HTTP request within a certain time before dropping the connection.

Sami Khoury over on the Exchange team blog posted a great article in August on this very topic which is definately worth a read:

The other area that our 'competitors' are claiming is that you have to implement ISA Server, SMS and a whole bunch of other technology to make our solution work....

Again - this is incorrect.  When we (Microsoft) talk about our Mobile Messaging solution we often 'recommend' ISA Server but it is not 'required'.  The solution will work with any reverse proxy/firewall.  The reason why we recommend ISA Server is because it has :

  • The ability to pre-authenticate all SSL traffic before it reaches your Exchange Front End Server.
  • The option to inspect Exchange Activesync traffic passing through it and validate it is genuine.

The secondary point is critically important as many other solutions in the market do not allow you to inspect traffic so there is no way to protect against Trojan attacks.  

Whilst I'm all up for competition I do get frustrated with some organisations making completely unsubstantiated attacks on our products.