An enterprise, however, can add a WAP gateway in its own network and terminate the WTLS tunnel from the WAP clients there instead of at the service provider's WAP gateway. This four-tier approach provides better control over the security of WAP communication between the enterprise and its clients. The enterprise's WAP gateway must perform the WAP-to-Web format transcoding because the WTLS tunnel ends at the enterprise's gateway.
In an alternative four-tier deployment model, a special WAP gateway transcodes data from databases and messaging, scheduling, and other applications (rather than HTML data) to the WML content displayable on WAP devices. The WAP application gateway in the enterprise sends WML data in IP packets secured by TLS to the service provider's gateway. The service provider's gateway converts the IP packets to WAP packets with WTLS security. Thus, this four-tier model has the same security vulnerability as the three-tier model. Mobile Information Server is an application gateway that sits in the enterprise's network between the service provider's WAP gateway and the enterprise's origin server. Figure 5 shows both four-tier deployment models.
An enterprise that wants to handle both WTLS processing and WAP-to-Web or WAP-to-application transcoding on gateways in its own network can use a five-tier deployment model to put the two functions on two systems. Most WAP gateways that perform application-data transcoding don't provide the WTLS function.
Mobile Information Server
Mobile Information Server is Microsoft's platform for supporting wireless applications. The platform will run on Windows 2000 Server and will let WAP devices access .NET Enterprise Servers, such as Exchange Server, Microsoft IIS, and Microsoft SQL Server. The first version of Mobile Information Server is scheduled to be released this year and will come in two flavors: Enterprise Edition and Carrier Edition. Corporations will use the enterprise edition to WAP-enable their Windows and Web applications. Carriers and service providers will use the carrier edition, which will include all the enterprise edition features and will add some carrier-specific features to provide data services for diverse wireless network infrastructures.
Microsoft will ship Mobile Information Server with the Outlook Mobile Access application, which WAP-enables Exchange 2000 Server and Exchange Server 5.5. Mobile Information Server with Outlook Mobile Access will function as a special-purpose WAP gateway that performs application-data transcoding between Exchange Server and mobile devices that have WML microbrowsers. Outlook Mobile Access will support only WML microbrowsers, but the Mobile Information Server platform will also support HTML and HDML microbrowsers. Outlook Mobile Access won't support WAP's push protocols, Push OTA protocol and PAP; it will use the popular Short Message Service (SMS) wireless protocol instead.
Mobile Information Server will also come with an application called Outlook Mobile Manager. Outlook Mobile Manager will run on a user's Outlook desktop without Mobile Information Server and will act as a wireless notification agent. Outlook Mobile Manager can use SMTP to send notifications to any wireless device that has an email address. You will even be able to configure Outlook Mobile Manager to control which email messages, calendar entries, contacts, and tasks it will notify you about. Microsoft is working with telecom companies such as Ericsson and QUALCOMM to develop more wireless applications that will run on Mobile Information Server.
How It Works
To deploy Mobile Information Server with Outlook Mobile Access, you will use a four-tier model, as Figure 6 shows, or a five-tier model. In a four-tier deployment, the WAP mobile client sends a WAP request to your service provider's WAP gateway, which translates the request into HTTP and forwards it to the Mobile Information Server in your network. The Mobile Information Server can reside in your Internet demilitarized zone (DMZ) so that communications from the service provider's WAP gateway to your Mobile Information Server remain outside your intranet.
Mobile Information Server then sends a request for the user's credentials to the WAP client through the service provider's WAP gateway. The client submits his or her name and password to the Mobile Information Server through the WAP gateway. Mobile Information Server authenticates the client against Active Directory (AD). Mobile Information Server supports two kinds of credentials. Mobile credentials require you to create separate AD user accounts for wireless remote access from Mobile Information Server. Native credentials use clients' standard AD accounts, but clients can't change their password without a wired Windows machine.
After Mobile Information Server verifies the user's credentials, the server converts the HTTP request from the WAP gateway to an HTTP-DAV request and sends it to Exchange Server. Exchange Server sends an HTTP-DAV response to Mobile Information Server, which transcodes the response into WML and sends it to the client through the WAP gateway. To secure your communications, you should ask your service provider to support WTLS between the client and gateway and TLS or SSL between the gateway and your Mobile Information Server.
Anywhere, Anytime, Any Device
Having learned the basics of WAP and Mobile Information Server, you're ready to consider building a WAP-enabled network. For more information about WAP, see "Related Web Sites." After your WAP network is in place, your mobile users can access your corporate data anywhere, anytime, and from any device.