I wanted to continue my theme of Windows Embedded Handheld (formally Windows Mobile 6.5) still being an excellent platform for enterprise line of business applications.  And as I’ve mentioned previously, connecting that mobile application to the back end is all important, especially when that back end is inside the four walls.  With Microsoft Mobile Device Manager you can provide your mobile workforce with secure authenticated access to business-sensitive data, which you might not allow for unmanaged devices.  And with minimal changes to the IT infrastructure or the server application.

There are a few components to the Mobile Device Manager system.  To start, you need to enroll your mobile device to become a Mobile Device Manager managed device.   The process basically links a certificate, device Active Directory object and the user domain account together.  This is all done by the Mobile Device Manager Enrollment Server sitting inside the network.

Once enrolled, your Windows Embedded Handheld mobile device is free to use a mobile VPN via the Mobile Device Manager Gateway Server.  The MDM Gateway server sits on the outside of the network or DMZ and authenticates and handles traffic between the mobile devices out on a cellular or wireless network into the enterprise network via an encrypted IPSec tunnel.  Then “bob’s your uncle”  - your mobile client application is able to access that server application or database inside the enterprise network.

Another part of this “Connected” LOB application story is deploying and updating the application on the mobile device.  Mobile Device Manager is able to regularly check for software distribution packages based on applicability and approval etc and deploy them to the Windows Embedded Handheld 6.5 devices via a standard OMA command XML file.

There is loads more detail on Mobile Device Manager 2008 SP1 here on MSDN.

I know I left out some “Device Management” parts - the good parts - from the Mobile Device Manager story … but that’s for another post!