Results 1 to 4 of 4
  1. Snyder81's Avatar
    Posts
    48 Posts
    Global Posts
    91 Global Posts
       #1  
    Are there any other folks out there who use RSA's SecurID or another token for two-factor authentication? Any Exchange Admins?

    I am able to successfully setup VersaMail to run with ActiveSync over the air, but only if I allow direct access to port 443 on my front-end Exchange server from all IP addresses, which is not an option. And we can't tell users to use MovianVPN or another IPSec VPN solution for the Palm, since they don't exist yet(Will they ever???). Details - http://www.palmone.com/us/wireless/vpn/.

    Our current setup uses Exchange 2003's forms based authentication, where when a user connects from outside the corporate intranet, they are redirected to a web page by the Exchange Server and required to enter their SecurID credentials. This works fine with Webmail and PocketPC devices when using ActiveSync wirelessly, but VersaMail just chokes when the redirection to that webpage occurs.

    Is there a way to set this up so VersaMail understands how to handle the redirection request?

    The below webpage indicates it is possible, but provides no white paper guidance - just "Consult your organization's IT department for more information." I am part of IT and if I could find some documentation on VersaMail I'd start there, but it seems to be a very mysterious program.

    Does anyone have ANY ideas? I tried to call PalmOne's support, but could not get past the Tier 1 support in India with canned responses. I'm currently on hold with Tier 2 support at Sprint PCS.

    http://kb.palmone.com/SRVS/CGI-BIN/W...7681)#security

    "Some extremely security-conscious organizations may require users to go through a proxy server, or login using a Virtual Private Network (VPN) before using Exchange ActiveSync. VersaMail on the Treo smartphone will cooperate with VPN clients and proxy servers. Consult your organization's IT department for more information."
  2. Snyder81's Avatar
    Posts
    48 Posts
    Global Posts
    91 Global Posts
       #2  
    Tier 2 support at SprintPCS said they believed it was not possible, but I'm not giving up yet. What sucks is I can't even find out who actually develops VersaMail. I submitted this letter to PalmOne's business sales department - Maybe they can't route it to the correct person. Anyone have Ed Colligan's e-mail address?


    "I work for a company of about xxxx employees and manage the Mobile Services in IT. We are currently a Blackberry-only outfit with regard to corporate e-mail solutions, with ~xxx devices currently deployed, but growing at a fairly substantial annual rate. I really like the Treo 600 and the Treo 650 products, and am seriously considering moving towards Treo's in the near future, at least to the point of making them available as an alternative to Blackberry.

    Here's the problem - The Treo 650 supports Microsoft Exchange's ActiveSync using PalmOne's VersaMail 3.0 software which comes bundles with the Treo 650. I have been trying to get support on this product and have run into a huge dead-end. There is a MAJOR lack of support for VersaMail even though it is touted as being PalmOne's corporate e-mail solution. I have a few simple questions about the program that could easily be answered by speaking with the developer(s), but no one in PalmOne's organization that I have corresponded with so far has any clue who even develops VersaMail. Why is there such a disconnect between support and development?

    Here is the problem more specifically, so perhaps it can be routed along to the proper technical person. We currently run an Exchange 2003 e-mail environment. We can turn ActiveSync on so it is accessible from the Internet, but doing that requires some form of two-factor authentication per company policy. PocketPC's that use ActiveSync and mobile workers who use Exchange Webmail are able to access their e-mail because when a device contacts the e-mail server, they are redirected to an authentication web page to enter their SecurID login information, then the session continues as normal, asking for a username and password, then proceeding to run ActiveSync.

    As far as I can tell, Versamail does not support this form of authentication, but I have no way of knowing until someone who actually understands the program is able to tell me if this assumption is correct or if there is a way to implement it.

    If this cannot be supported or if I cannot get an answer, there is no way I can even consider deploying Treo's out to the hundreds of potential users here.

    Quite honestly, PalmOne seems to have shot itself in the foot with business customers because you don't have a reliable corporate e-mail solution(or at least no support or documentation if it is "reliable") AND you STILL have not released an IPSec VPN client for the Palm, which would also solve many organizations' security concerns, EVEN THOUGH it is advertised as "being released soon" for as long as I can remember. Your support page at http://www.palmone.com/us/wireless/vpn/ indicates that you are currently working with Certicom Corp and that MovianVPN which supports IPSec is "coming soon" for the Treo 650. The last I read about Movian was they were moving away from VPN clients for end users. So is that webpage on Palmone.com accurate? Is there actually a MovianVPN client in development for the Treo 650?

    The bottom line is that I'm truly interested in pursuing Palm products, namely the Treo 650, for this organization, but I can't seem to find anyone who is able to help me. I have been transferred all over the place in the phone queues, been cut off more times then I can count, but I still don't have answers.

    Please contact me ASAP so we can see if this an issue we can work through.

    One last thing - I know there are currently other third-party corporate e-mail solutions such as Good Technology's GoodLink, but the entire point of being able to use ActiveSync is getting away from running another server, service, and bearing all the costs associated with that service, so please don't answer this request with a response about third-party e-mail solutions.

    Sincerely,
    Snyder81
  3. #3  
    VersaMail is developed by PalmOne internally.

    Currently, I believe, redirects are not supported in the EAS initial solution. Even if redirection was supported, the solution you mention is interesting because a web client would need to interpret the response and display the secureid form, then continue on with EAS. Interesting technically.

    Don't know if this would be an option for you or not, but in the short term you could play with OWA in Blazer on the 650.
  4. Snyder81's Avatar
    Posts
    48 Posts
    Global Posts
    91 Global Posts
       #4  
    I can use OWA, but it's a lot more difficult to navigate on the small screen. OMA works fine too, but it's because it's through a browser. After some more experimentation, I'm thinking this may be possible. RSA released a set of templates to work with ActiveSync so I'm hoping the EAS built into VersaMail has enough of a feature set to make this work. I tested a PocketPC and it hits the redirect page to login ok, but crashes into oblivion after submitting the two-factor credentials, so it's not even working on PPC's at this point. I'll get that figured out first, then dive into VersaMail. Thanks for the feedback.

Posting Permissions