Push email systems from RIM, Apple set to square off
A topic of hot debate following Apple's iPhone enterprise announcements last week is whether the company's ActiveSync approach to push email will inevitably prove superior to Research in Motion's three-tier, NOC-based architecture.
In a report issued Monday, analysts for American Technology Research outline the purported advantages of each strategy, but at the same time argued that while both firms are set to compete more aggressively with one another, they're equally positioned to achieve massive share gains over incumbent handset suppliers.
Specifically, analyst Rob Sanderson and Shaw Wu said they see products from the two smartphone vendors addressing an increasingly larger percentage of the nearly 1.3 billion unit global cell phone market over the next 10 years, and that they expect the two firms to combine for 35 million smartphone sales this year alone.
To its advantage, Apple has a stronger service story and the best in-class user interface design, while RIM has leverage given its well-established enterprise story and expertise in efficient design.
In RIM's favor
For its approach to enterprise level wireless "push" email, RIM employs a network operations center (NOC) as a sub-network that connects to more than 300 wireless carriers around the world. This agnostic approach served for use with nearly any carrier, stands as the only true "push" email solution available today, according to the analysts, forgoing IP-addressing in favor of indexing BlackBerry devices on the network using PIN codes.
"This allows a server (like BlackBerry Enterprise Server (BES)) to call the device at any time to push information (like an email message)," they wrote. "The NOC offers security advantages because it does not require an inbound firewall port to remain open, it eliminates the opportunity for denial of service attacks, and the NOC can prevent 'bad packets' from reaching devices."
Sanderson and Wu say the use of a NOC approach helps carriers manage traffic flow -- throttling back at times of capacity overloads -- and allowing for continual improvements to compression and routing. An example of this is RIM's Dynamic Packet Allocation (DPA) technology, which determines how many packets a Blackberry can accept and how quickly based on connection quality in a specific cell-site and other factors.
Meanwhile, the BES component connects to mail servers like Exchange, Lotus Notes and Novell Groupwise, passing emails, calendar, and contact information through the NOC to wireless devices.
"The BES server and the BlackBerry handheld share a unique randomly generated security key based on triple-DES encryption which is considered unbreakable," they explained. "The BES server encrypts all information with this key while behind the corporate firewall, before passing through the NOC. The only decryption key in existence resides on the handheld device, which gives BlackBerry the highest level of security in the industry."
As such, the analysts noted that RIM is the only vendor to have thus far received top-level security accreditations in North America and Europe. This has helped make BlackBerries the exclusive smartphone of secure conscious agencies like the US Department of Defense and the Department of Homeland Security. For this reason, the analysts say "claims of security issues raised by ActiveSync advocates seem completely meritless."
Another advantage of RIM's BES component is bandwidth consumption management, as email data packets see significant reductions in size due to advanced compression technologies that see attachments sent not as native attachments, but in a format better suited for wireless transfer.
In addition, Sanderson and Wu note that the BES architecture provides IT managers with a single point of management for an entire fleet of handheld devices belonging to an organization, including remote activation, security “wiping”, and the ability to perform over-the-air software installation.
"BES is not costly. BES has a wide-range of pricing models, the larger components of which are a customer access license (CAL) and T-support," they wrote. "On average, the annual software and support revenue RIM collects is about $30 per year per enterprise subscriber."
Batting for Apple
On the flip side, the analysts point to Apple's ActiveSync approach to push email as one of the ways IT manages could help cut costs through the architecture's reduced reliance on storage, server and network resources. While it may not yet offer the robustness of RIM's three-tier approach -- Exchange Server, BES and the NOC -- ActiveSync is much cheaper and simpler from a management standpoint.
"The key issue with an external NOC is why does every enterprise e-mail sent and received have to pass through a third-party (in this case in Canada)?," noted Sanderson and Wu. "This raises security risks as the e-mail is sent outside a company's firewall to an additional party besides the public network." With Apple's ActiveSync approach, emails will be authenticated within a company's firewall, then transfered directly over a public network to iPhones, bypassing the need for an NOC.
But despite being available since the advent of the BlackBerry, ActiveSync has not been nearly as successful. Even with the support of device makers like Motorola, Palm, Samsung and Nokia, IT corporations are still dominated by BlackBerry technology.
"We see several technical limitations including: 1) security, 2) scalability, 3) network efficiency and 4) power efficiency," Sanderson and Wu wrote. "We also see non-technical related issues. For instance, service and support can be a problem for IT managers as there are several vendors involved (Microsoft, device maker, carrier) whereas for BlackBerry there is only one number to call in the event of a failure."
More specifically, the analysts say Security may be a major drawback due to ActiveSync's reliance on an inbound port remaining open on the iPhone, which users are more likely to misplace or lose than similarly configured notebook computer running Outlook. Complicating these issues are scalability concerns brought about by the lack of a fixed IP address on cell phones.
"From our understanding, current Microsoft-based solutions continually ping the network to not time-out and maintain the device’s IP address," they explained. "Keeping the IP-session open is how Microsoft replicates a push-like experience without a NOC. We believe this will present scalability issues if these devices proliferate as a growing number of devices are squatting on a finite allocation of IP-addresses."
This approach, the analysts added, is also likely to have a adverse affect on network and power efficiency due to the constant pinging, which is believed to consume in excess of 2-10 times the bandwidth of RIM's approach, weighing on battery life at the same time.
Nevertheless, Sanderson and Wu remain open minded towards Apple's prospects of bettering the ActiveSync experience, noting that the company maintains several assets that should make its implementation superior to those that came before it. Such examples are a robust and efficient iPhone OS, an e-mail client that has been built from the ground up to handle Exchange, and the closest experience yet of a personal computer on a mobile device platform.
They also point to the company's easy programming tools for enterprise developers and tighter integration with PC and server hardware already familiar to the IT sector.
In a report issued Monday, analysts for American Technology Research outline the purported advantages of each strategy, but at the same time argued that while both firms are set to compete more aggressively with one another, they're equally positioned to achieve massive share gains over incumbent handset suppliers.
Specifically, analyst Rob Sanderson and Shaw Wu said they see products from the two smartphone vendors addressing an increasingly larger percentage of the nearly 1.3 billion unit global cell phone market over the next 10 years, and that they expect the two firms to combine for 35 million smartphone sales this year alone.
To its advantage, Apple has a stronger service story and the best in-class user interface design, while RIM has leverage given its well-established enterprise story and expertise in efficient design.
In RIM's favor
For its approach to enterprise level wireless "push" email, RIM employs a network operations center (NOC) as a sub-network that connects to more than 300 wireless carriers around the world. This agnostic approach served for use with nearly any carrier, stands as the only true "push" email solution available today, according to the analysts, forgoing IP-addressing in favor of indexing BlackBerry devices on the network using PIN codes.
"This allows a server (like BlackBerry Enterprise Server (BES)) to call the device at any time to push information (like an email message)," they wrote. "The NOC offers security advantages because it does not require an inbound firewall port to remain open, it eliminates the opportunity for denial of service attacks, and the NOC can prevent 'bad packets' from reaching devices."
Sanderson and Wu say the use of a NOC approach helps carriers manage traffic flow -- throttling back at times of capacity overloads -- and allowing for continual improvements to compression and routing. An example of this is RIM's Dynamic Packet Allocation (DPA) technology, which determines how many packets a Blackberry can accept and how quickly based on connection quality in a specific cell-site and other factors.
Meanwhile, the BES component connects to mail servers like Exchange, Lotus Notes and Novell Groupwise, passing emails, calendar, and contact information through the NOC to wireless devices.
"The BES server and the BlackBerry handheld share a unique randomly generated security key based on triple-DES encryption which is considered unbreakable," they explained. "The BES server encrypts all information with this key while behind the corporate firewall, before passing through the NOC. The only decryption key in existence resides on the handheld device, which gives BlackBerry the highest level of security in the industry."
As such, the analysts noted that RIM is the only vendor to have thus far received top-level security accreditations in North America and Europe. This has helped make BlackBerries the exclusive smartphone of secure conscious agencies like the US Department of Defense and the Department of Homeland Security. For this reason, the analysts say "claims of security issues raised by ActiveSync advocates seem completely meritless."
Another advantage of RIM's BES component is bandwidth consumption management, as email data packets see significant reductions in size due to advanced compression technologies that see attachments sent not as native attachments, but in a format better suited for wireless transfer.
In addition, Sanderson and Wu note that the BES architecture provides IT managers with a single point of management for an entire fleet of handheld devices belonging to an organization, including remote activation, security “wiping”, and the ability to perform over-the-air software installation.
"BES is not costly. BES has a wide-range of pricing models, the larger components of which are a customer access license (CAL) and T-support," they wrote. "On average, the annual software and support revenue RIM collects is about $30 per year per enterprise subscriber."
Batting for Apple
On the flip side, the analysts point to Apple's ActiveSync approach to push email as one of the ways IT manages could help cut costs through the architecture's reduced reliance on storage, server and network resources. While it may not yet offer the robustness of RIM's three-tier approach -- Exchange Server, BES and the NOC -- ActiveSync is much cheaper and simpler from a management standpoint.
"The key issue with an external NOC is why does every enterprise e-mail sent and received have to pass through a third-party (in this case in Canada)?," noted Sanderson and Wu. "This raises security risks as the e-mail is sent outside a company's firewall to an additional party besides the public network." With Apple's ActiveSync approach, emails will be authenticated within a company's firewall, then transfered directly over a public network to iPhones, bypassing the need for an NOC.
But despite being available since the advent of the BlackBerry, ActiveSync has not been nearly as successful. Even with the support of device makers like Motorola, Palm, Samsung and Nokia, IT corporations are still dominated by BlackBerry technology.
"We see several technical limitations including: 1) security, 2) scalability, 3) network efficiency and 4) power efficiency," Sanderson and Wu wrote. "We also see non-technical related issues. For instance, service and support can be a problem for IT managers as there are several vendors involved (Microsoft, device maker, carrier) whereas for BlackBerry there is only one number to call in the event of a failure."
More specifically, the analysts say Security may be a major drawback due to ActiveSync's reliance on an inbound port remaining open on the iPhone, which users are more likely to misplace or lose than similarly configured notebook computer running Outlook. Complicating these issues are scalability concerns brought about by the lack of a fixed IP address on cell phones.
"From our understanding, current Microsoft-based solutions continually ping the network to not time-out and maintain the device’s IP address," they explained. "Keeping the IP-session open is how Microsoft replicates a push-like experience without a NOC. We believe this will present scalability issues if these devices proliferate as a growing number of devices are squatting on a finite allocation of IP-addresses."
This approach, the analysts added, is also likely to have a adverse affect on network and power efficiency due to the constant pinging, which is believed to consume in excess of 2-10 times the bandwidth of RIM's approach, weighing on battery life at the same time.
Nevertheless, Sanderson and Wu remain open minded towards Apple's prospects of bettering the ActiveSync experience, noting that the company maintains several assets that should make its implementation superior to those that came before it. Such examples are a robust and efficient iPhone OS, an e-mail client that has been built from the ground up to handle Exchange, and the closest experience yet of a personal computer on a mobile device platform.
They also point to the company's easy programming tools for enterprise developers and tighter integration with PC and server hardware already familiar to the IT sector.
Comments
I think "security conscious agencies" was what the author meant to say.
Of course the reason that this is a bad idea and that RIM has the PIN numbers is that an IMEI can be spoofed...
Remote file deletion is a good enterprise feature. Push email is just a perceived "need" to satisfy people's false sense of worth based on how fast they think they need an email.
Apple has the same advantages as RIM. They make the device and they have limited providers.
Also, each iPhone has a unique ID similar to the RIM PIN. Apple could easily provide middleware that pushes through their select networks to devices based on their ID on the network.
I could see such a solution being integrated into Apple's OS X Server and maybe provided as an add-on to other E-mail servers such as Exchange for enterprise use. The key is not the NOC but controlling the environment from the device (iPhone or touch) to the server...
In terms of the IP address, you need some way to find the devices to push to them. Having some static element that doesn't change as a device moves from public wireless networks to private wi-fi and different areas is tough. Again, this can be dealt with through their wireless partners, similar to the way they now offer visual voice mail. If the message is sent to the provider and routed to the IP occupied by your unique key in the iPhone they can accomplish a similar task.
All that said the article sums of RIM's advantage as ownership of device and communications. Apple has the ability to do the same it they want. The question is whether they care enough about the enterprise market.
Are there other push e-mail solutions around, other than Microsoft's ActiveSync?
What's really a shame is that all this hubbub about a feature nobody actually needs.
Remote file deletion is a good enterprise feature. Push email is just a perceived "need" to satisfy people's false sense of worth based on how fast they think they need an email.
Gustav, I'm glad someone like you is here to tell me exactly how to perceive my working requirements. I feel much better now that you have pointed out that what I thought was a professional requirement is nothing more than a false sense of self-worth. Thank you sooooo much! </sarcasm>
{Personal attack deleted - JL}
What's really a shame is that all this hubbub about a feature nobody actually needs.
Remote file deletion is a good enterprise feature. Push email is just a perceived "need" to satisfy people's false sense of worth based on how fast they think they need an email.
There is a difference between what people need and what people want, but at the same time they both offer the opportunity to sell something to these people. The difference is that even if someone needs something they might not buy, but if someone wants something, then they are more likely to buy even if the don't need it.
A solution provider will satisfy the customers wants, because that's what they are there for. Who are they to decide if the customer doesn't need it.
There's a totally free push email solution that requires no licences, no 3rd party NOCs and Apple already supports on their servers and is available on Linux, UNIX, Windows...
It's called IMAP. You may have heard of it.
Pity the iPhone doesn't support it other than via Yahoo.
I don't think keeping the IP session open really relates to having a unique IP address. It's just a session after all, iPhone doesn't become a server in this scenario.
It needs to maintain the session for the purpose of the IP address. Otherwise Push won't work with Exchange Activesync.
Couldn't ActiveSync be coupled with a NOC (Network Operations Center), for companies wanting to delegate the work? In this scenario the e-mails would be forwarded to the shared NOC, as is done with RIM and then the iPhone would connect to that, instead of the corporate network. Additionally this provides the ability for many players to offer the same service and thus help spread the load. Of course as a business you will want to choose a NOC based on reliability.
Are there other push e-mail solutions around, other than Microsoft's ActiveSync?
That would be duplicating what RIM does now, at great cost to whichever company is doing it.
What stuns me about this story is the stupidity of IT departments.
There's a totally free push email solution that requires no licences, no 3rd party NOCs and Apple already supports on their servers and is available on Linux, UNIX, Windows...
It's called IMAP. You may have heard of it.
Pity the iPhone doesn't support it other than via Yahoo.
Except that corporations don't seem to want to support that because of complexity, and the perceived lack of security.
Except that corporations don't seem to want to support that because of complexity, and the perceived lack of security.
IMAP can be used in SSL mode, though I am not sure if there is a way to prevent a given phone from accessing the server, if it gets lost?
What stuns me about this story is the stupidity of IT departments.
There's a totally free push email solution that requires no licences, no 3rd party NOCs and Apple already supports on their servers and is available on Linux, UNIX, Windows...
It's called IMAP. You may have heard of it.
Pity the iPhone doesn't support it other than via Yahoo.
I think you are confused on a number of points.
First, IMAP is not a push email solution for handsets. You are probably thinking of the IMAP IDLE function, which requires a dedicated IP address and continuous connection to the Internet. This would be terrible for battery performance and IP address allocation as noted previously. (For more about IMAP IDLE, read this: http://www.isode.com/whitepapers/imap-idle.html ). I believe the problem is at a deeper level than IMAP can address: the physical layer, rather than the transport layer ( http://en.wikipedia.org/wiki/Transport_layer ). If you have a dedicated Internet connection, like a computer hooked into Ethernet or wi-fi, then your computer is getting data pushed to it all the time. But a mobile device only connects for a few seconds at a time to save power. How, then, do you send instant email to it? Either your device has to poll every few seconds or minutes, or it uses a lower-power alternative. I will admit I don't know a lot about that so I'll stop there.
Second, the iPhone does indeed support IMAP beyond Yahoo. I have it set up for gmail ( http://mail.google.com/support/bin/a...n&answer=77702 ).
Third, you're not doing yourself any favors by calling IT staff stupid, at least if you don't do your homework first. ;-)
Except that corporations don't seem to want to support that because of complexity, and the perceived lack of security.
Perceived complexity and perceived lack of security.
In reality, it's neither complex or unsecure.
Except that corporations don't seem to want to support that because of complexity, and the perceived lack of security.
IMAP also does not do contacts, calendaring, and other groupware features found in Exchange or Notes. iCalendar / CalDAV are a step in the right direction to enable development of competing groupware products based around open standards, but it's going to be a while until those products are mature enough to actually compete: see Apple's own messy iCal Server implementation in Leopard Server.
IMAP can be used in SSL mode, though I am not sure if there is a way to prevent a given phone from accessing the server, if it gets lost?
No, IMAP was never intended for any of this. And IT people don't like the idea of opening that port in their firewall for it.
Perceived complexity and perceived lack of security.
In reality, it's neither complex or unsecure.
It certainly isn't popular with IT, and it's not because of laziness.