Ground control

What's not to like about wireless messaging? Roaming employees can pick up their messages, leave messages for others, access database information, and sync schedules and groupware projects ' all from personal digital assistants or cell phones.But although wireless messaging is pretty much all upside for users, it poses potential trouble spots for administrators. Security is, of course, a major concern. And smoothly integrating mobile access to your existing infrastructure requires forethought in the selection of equipment and careful planning for management.The first step in implementing a wireless solution is a thorough needs analysis. What do you want to accomplish by adding wireless capabilities to your agency or department?No doubt your employees have wish lists that start, 'Wouldn't it be great if ' .' Collecting those wishes will help you create feature sets that will be part of your criteria for selecting back-end solutions.The first item on everyone's wish list usually is e-mail access. Indeed, e-mail is the simplest ' and probably the most immediately useful ' connection to make. But that's only the beginning. Checking schedules, making and changing appointments, and getting contact information is more complicated, requiring access to back-end information stores. But it's extremely useful to the mobile employee. Access to agency information, such as databases, is more difficult still, but it offers tremendous gains in productivity.'Agencies should think about what else they want to do besides e-mail,' said Scott Totzke, vice president of the global security group at Research in Motion. For some agencies, lookups in a criminal database can be important. Some law enforcement jurisdictions are trying out wireless applications to issue electronic tickets, including options for immediate payment by credit card or bank authorization. Others are developing systems for recording traffic accident information electronically at the scene, reducing paperwork.Designing your agency's wireless architecture and planning for integration with existing resources will go more smoothly once you've clearly defined what capabilities are desired.The next thing to consider is the scale of implementation: Who needs wireless access and to what degree? Does everyone need full interactive access? Can others get along with lower-level read-only access, such as for online phone directories? Many administrators develop profiles of common types of wireless users and then assign a profile to each employee. Possibilities include:Obviously, your decisions in this area will affect your selection of client hardware and, just as important, your security strategy.OK, you now know what your users need, and whom you want to give access to which parts of your existing infrastructure. It's time to go shopping for client devices.Your primary concern should be security. Every device, in addition to potentially containing sensitive material, is essentially an access port to your network, so strict control is necessary. Whatever IT policies apply to office computers must also apply to wireless devices.Unless your security needs are minimal, you're going to want to select client equipment that can be centrally managed so that the administrator can enforce policies, such as requiring anti-virus and preventing installation of unauthorized software.In addition, the proliferation of wireless devices with such a wide variety of capabilities also presents a complicated choice for back-end integration. If you have a variety of wireless devices that use different protocols, for example, you may find yourself having to set up multiple servers.Finally, you also must consider the availability of wireless coverage wherever your employees are, especially in overseas locations. Service coverage requirements could dictate your choice of devices.Next, you'll need to determine your hosting environment. You have two basic choices for hosting your wireless server: in-house (either behind the firewall or in a DMZ), or hosted by an application service provider or another vendor. Most agencies prefer to host their own wireless servers. Exceptions include situations with large numbers of wireless users deployed globally and circumstances requiring multiple integrations, possibly across agency boundaries. In such cases, trading direct control for extensive access could make more sense.Assuming that you're going with an in-house arrangement, you'll want your wireless server, at the least, to play nicely with your e-mail system. Since Microsoft is the 400-pound gorilla of e-mail, most vendors support MS Exchange Server. Many also support IBM Lotus Domino and Novell GroupWise. Besides commercial servers, some agencies might need to interoperate with government installations, such as the Defense Messaging System. Some solutions connect directly to the target server, others through a network operations center. Make sure any vendor you choose supports your platform.Once you have devices in place, you can think about the services you want to use wirelessly. E-mail, calendaring, contact lists, task information, enterprise groupware and agency applications are all possibilities.You should be able to set up device configurations that you ' or the user ' can roll out as necessary. Keep in mind a basic trade-off here: The wider the variety of wireless platforms you want to support, the more complex the collection of configuration setups you have to manage. An IT department should be able to define all of its policies for wireless access, such as how often to change passwords and which third-party applications can be installed. 'Central policies for wireless devices can be managed more simply than for PCs,' Totzke said.The access may be wireless, but you want to retain central management capabilities, including device management, security and administration. 'Ideally, these capabilities are built into the back-end product,' Totzke said. Role-based administration can simplify tasks, especially in conjunction with the user profiles discussed earlier. Rigorous logging and statistics features are essential to support devices properly, to obtain cost-justifying data and plan necessary changes.Administrators can even track device information, such as battery life, processor speed and installed applications. 'Solutions should offer high-quality data analysis and reporting tools,' said James Suttie, president and CEO of Infowave Software Inc.Provisioning ' that is, supplying both initial software and updates to client devices ' can be done over a wireless channel or device cradle, or via cable synchronization or a Web site. A Web-based management console can take some of the device management load off of IT administrators. User provisioning can be done one-by-one, by address list, by groups or from a formatted text file. Speed, simplicity and security are important factors here.Are you letting users install third-party software on their devices? If so, define clearly what's out of bounds. Also, backup and restore for device data is as important with wireless devices as it is with desktop machines, only more complicated because of the occasionally connected nature of wireless devices. Remember: The more easily you can restore lost data to a user, the more godlike you become.A wireless solution should provide extensive security features for your supported devices, up to and including the ability to lock and wipe data from lost or stolen devices.And don't forget that security goes both ways: Don't open unnecessary holes in your firewall just to support wireless. Your solution should support the level of security your agency requires, including the Advanced Encryption Standard, Triple Data Encryption Standard (both end-to-end and on the device itself), passwords, authentication, encrypted transmissions, single-sign-on access, two-factor authentication and public/private keys. Also, remember that ease of use is essential to maintaining security. For example, it must be simple for users to sign, encrypt and decode messages.Finally, of course, it's essential to ensure that vendors have evidence of compliance with the government requirements that apply to your agency.'Finding a single vendor who can provide devices, software and the back-end middleware may avoid incompatibility headaches,' Totzke said. Just make sure you aren't sacrificing essential features to get that compatibility.Some agency applications might require multiple-factor authentication security. Agencies that deal with the Defense or Homeland Security departments, or law enforcement are most likely to need this extra security. Some vendors offer authentication components that plug into the device, which can challenge the mobility of the device. Others, including Research in Motion, have wireless devices, such as a smart-card reader.Also, if your agency is dealing with limited bandwidth, your wireless server can help you out in various ways. For instance, devices can gather headers first and then suck down new message bodies as bandwidth becomes available. Or messages over a certain size can go to a separate folder. The wireless server can also adjust data retrieval depending on the available connection speed. Compression, at least of attachments, on the wireless server, along with client-side decompression utilities, also can ease the strain.Price is always a consideration, especially with wireless e-mail, because it isn't considered a critical application. Many pricing structures are possible, including monthly subscriptions, yearly pricing, outright purchase and operator integration, where each operator charges a moderate setup fee but no monthly fee. When getting cost estimates, be sure to request yearly maintenance and support figures.Finally, plan for the future. Quiz vendors about how well their solutions scale, both for additional users and for more traffic per user. Get scenarios for deployments of increasing size, such as 50, 200 and 2,000 clients.'One evident development among mobile application software vendors is the trend toward software productization,' Suttie said. As mobile software solutions mature and require less customization, vendors will create mobile software similar to desktop software offerings. That should simplify things.