iPhone iOS 6.1.3 + ZCS 8.0.3 + ZeXtras mobile 1.8.5: Push-Mail/VPN secure EAS ?!
Results 1 to 5 of 5
Like Tree2Likes
  • 1 Post By Cine
  • 1 Post By Nachtfalke

Thread: iPhone iOS 6.1.3 + ZCS 8.0.3 + ZeXtras mobile 1.8.5: Push-Mail/VPN secure EAS ?!

  1. #1
    Member
    Join Date
    May 2013
    Location
    Germany
    Posts
    24

    Unhappy iPhone iOS 6.1.3 + ZCS 8.0.3 + ZeXtras mobile 1.8.5: Push-Mail/VPN secure EAS ?!

    Hello everybody,

    I have many questions about using ZCS with zextras mobile and iphones with iOS 6. Further I need to know if it is secure enough to use EAS with SSL or if I better need a VPN.

    This is what I am using at the moment:
    Zimbra Collaboration Suite 8.0.3 with the zextras suite in 30 day trial mode. The most important feature for me on the zextras suite is the zextras mobile part to use exachnge functionality.


    The E-Mail server is working and can send and recieve emails. I can connect my iPhone over WLAN with Exchange. Push mail is working as it should.


    When I am using an OpenVPNconnect client on my iPhone and I am connected using 3G then I can use the Exchange functionality, too, but I do not get any push notifications. If I manually check my e-mail account I get the mails using VPN. I have noticed that the iOS seems to shut down the VPN connection when the phone is going to sleep. Are there any possibilities from zextras mobile to do a workaround for this? Same problem is with WLAN - if the iPhone is not connected to a power supply it disconnects WLAN after some time in sleep mode.

    Probably zextras cannot do anything on that but I am just asking this to make sure that I did not miss any checkbox on the GUI ;-)


    So because there are the problems with disconnects on WLAN and VPN I am thinking about how secure it is if I open port 443 on my firewall directly to my zimbra server and connect my iPhone using 3G (without VPN) directly to my zimbra server on port 443 with SSL enabled. Is this a secure connection? Will all mails, contacts, calendars and so on be encrypted or is just the authentication/login encrypted?

    Or will this only be a feature with newer versions of zextras mobile and the provisioning features?


    And another question:
    When going to the zextras mobile GUI I can see the connected devices but they all are using only EAS 2.5. I tried with an iPad2 with iOS 6.0.1, with iPhone and iOS 6.1 and 6.1.3 and with a Google Nexus 4 with Android 4.2.2. All are only using EAS 2.5. Shouldn't this be any higher version?


    Puhh, that are many questions and probably not posted the best way but I hope you can help me on some understanding problems directly connected to zextras but on some other problems understanding EAS and so on, too. If I would find an easy and of course secure way to synchronize mails, contacts and calendar entries I am planning to buy some zextras mobile licences.

    So thank you very much for your time and help.
    I really appreciate it!

    Greetings
    Alex

  2. #2
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,342



    Quote Originally Posted by Nachtfalke View Post
    Hello everybody,

    I have many questions about using ZCS with zextras mobile and iphones with iOS 6.
    Hello Alex, welcome to the forums!
    I'll answer your questions one-by-one below, if you have more don't be afraid to ask

    Quote Originally Posted by Nachtfalke View Post
    Further I need to know if it is secure enough to use EAS with SSL or if I better need a VPN.
    It's 100% safe to use SSL only, as you surely have noticed using a dedicated VPN adds a complexity layer to something really easy to use...

    Quote Originally Posted by Nachtfalke View Post
    This is what I am using at the moment:
    Zimbra Collaboration Suite 8.0.3 with the zextras suite in 30 day trial mode. The most important feature for me on the zextras suite is the zextras mobile part to use exachnge functionality.


    The E-Mail server is working and can send and recieve emails. I can connect my iPhone over WLAN with Exchange. Push mail is working as it should.
    Perfect, this is the standard setup used by the vast majority of ZeXtras Mobile users...

    Quote Originally Posted by Nachtfalke View Post
    When I am using an OpenVPNconnect client on my iPhone and I am connected using 3G then I can use the Exchange functionality, too, but I do not get any push notifications. If I manually check my e-mail account I get the mails using VPN. I have noticed that the iOS seems to shut down the VPN connection when the phone is going to sleep. Are there any possibilities from zextras mobile to do a workaround for this? Same problem is with WLAN - if the iPhone is not connected to a power supply it disconnects WLAN after some time in sleep mode.

    Probably zextras cannot do anything on that but I am just asking this to make sure that I did not miss any checkbox on the GUI ;-)
    I found THIS LINK after a quick search, looks like this is the default behaviour and that there is more than a couple of users unhappy with it...
    The way the device and the server "connect" is completely transparent to ZeXtras Mobile, and there is no way to change a device's default connection behaviour from within ZeXtras Mobile as it's not a setting related to the EAS protocol.

    Quote Originally Posted by Nachtfalke View Post
    So because there are the problems with disconnects on WLAN and VPN I am thinking about how secure it is if I open port 443 on my firewall directly to my zimbra server and connect my iPhone using 3G (without VPN) directly to my zimbra server on port 443 with SSL enabled. Is this a secure connection? Will all mails, contacts, calendars and so on be encrypted or is just the authentication/login encrypted?

    Or will this only be a feature with newer versions of zextras mobile and the provisioning features?
    SSL is the de-facto standard for secure internet connections, and it's perfectly safe to use. If your device is configured to use SSL all the communications between the device itself and the server will be encrypted.

    Quote Originally Posted by Nachtfalke View Post
    And another question:
    When going to the zextras mobile GUI I can see the connected devices but they all are using only EAS 2.5. I tried with an iPad2 with iOS 6.0.1, with iPhone and iOS 6.1 and 6.1.3 and with a Google Nexus 4 with Android 4.2.2. All are only using EAS 2.5. Shouldn't this be any higher version?
    Right now ZeXtras Mobile only supports version 2.5 of the EAS protocol, but version 14.1 has been successfully implemented in our development builds and is undergoing a huge test phase. Official news will be available soon, stay tuned!

    Quote Originally Posted by Nachtfalke View Post
    Puhh, that are many questions and probably not posted the best way but I hope you can help me on some understanding problems directly connected to zextras but on some other problems understanding EAS and so on, too. If I would find an easy and of course secure way to synchronize mails, contacts and calendar entries I am planning to buy some zextras mobile licences.

    So thank you very much for your time and help.
    I really appreciate it!

    Greetings
    Alex
    You're welcome!
    And again, should you have any more questions feel free to ask...

    Have a nice day
    Cine
    the ZeXtras Team
    Nachtfalke likes this.
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

  3. #3
    Member
    Join Date
    May 2013
    Location
    Germany
    Posts
    24
    Hi Cine,

    thank you very much for your help. I really appreciate it!

    The link you posted above was something I found and read myself and it is really annoying. Further on newer devices which are using iOS the "VPN on demand" option is not supported by default anymore. I found the iPhone Configuration Utility (IPCU) on apple website which allows to configure an iPhone with VPN on demand. I configured this to establish the VPN when checking for E-Mails (not "Push Mail" but check every 15min) and in ~70% the iphone connects to VPN before checking for e-mails even if it is on standby/sleep.


    Another question about the "Push" functionality. As far as I understand this the client connects to the server and registers on the server. This is what I can see on the zextras mobile GUI, right? So the client keeps the connection open and the server can send/push new mails and events to the client.

    So this would mean that if the client goes to sleep then the server does not know "where" to push the mails, right? And this is the reason because I cannot get "push mail" of "old" mails when I wake up the iPhone !?


    Which encryption algorithm will be used when using SSL to secure the exchange connection? On OpenVPN I can select different algorithms which are more or less secure.

    Sorry for aksing not directly zextras related questions ;-)


    Greetings
    Alex

  4. #4
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,342
    Hello Alex!

    Your description of the "push sync" description fits almost perfectly... The connection is initiated by the device and kept alive by the server until a defined time passes, after which the server closes the connection and the device initiates another one (unless, obviously, new items arrived).
    If the client goes to sleep chances are that it actually drops the connection doing so, and shouldn't this happen the server will close the connection itself anyway after reaching the time limit.

    Regarding the encryption algorythms: SSL supports multiple cyphers, I suggest you to check out Cipher suites - Zimbra :: Wiki and Weak Cipher Suites Appear in Security Scans - Zimbra :: Wiki to have some basic info if you are worried about SSL security.


    Have a nice day,
    Cine
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

  5. #5
    Member
    Join Date
    May 2013
    Location
    Germany
    Posts
    24
    Hallo Cine,

    thank you for the link. I was searching for something like that but didn't find it.

    Thank you very much so far for your great help and go on with the great work!

    Greetings
    Alex
    d0s0n likes this.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •