34.2. Server Settings

In order to connect devices to the Intra2net system via ActiveSync, the following basic configurations must first be made or checked on the server:

  1. Check how the Intra2net system is connected to the Internet. To do this, check the type of active provider in the "Network > Provider > Profile" menu. If it is a (DSL) dial-up line, everything is fine and you can proceed to the next step.

    If it is a router provider type, check whether this router allocates an unchanged official IP to the Intra2net system or whether it assigns an IP from a private address range via NAT. In the latter case, port forwarding for TCP port 443 (https) to the IP of the Intra2net system must be configured on the router.

  2. Check the firewall ruleset for incoming connections from the Internet. It can be found in the "Network > Provider > Profiles : Firewall" menu for the active provider and can be examined with the magnifying glass icon. It must have "Incoming HTTPS connections active" enabled.

  3. The Intra2net system must be contactable by the mobile device via a DNS name on the Internet.

    If the Intra2net system has a static IP, set up a DNS entry in your own official domain for it. The system is then accessible under a name such as intra.clientname.de or mail.example.com. This can normally be set up free of charge and promptly by the webspace provider who manages your domain.

    If the Intra2net system is assigned a different IP for each Internet dial-in, a DynDNS service must be set up for addressing. See Section 10.13, „DynDNS“.

    A static IP cannot be used directly and without DNS names, since certification authorities are not allowed to issue certificates on IPs.

  4. Access to ActiveSync takes place exclusively via HTTPS. For the encryption a suitable certificate is required, which has been issued by an external certification authority for the external DNS name (see above). Proceed as described in Section 9.5, „Using an External Certificate Authority“ to set up this certificate.

    We strongly advise against trying to establish the ActiveSync connection with a self-signed certificate. For many devices this requires a more complex configuration and/or compromises the security of the connection. Setting up a certificate from an external certificate authority, on the other hand, is simple, fast, free and secure.

  5. Test whether access to HTTPS from the Internet works and whether the certificates are correctly configured. Use the menu "System > Diagnosis > External HTTPS".

  6. Check the quality of the passwords for all users who will be using ActiveSync. The passwords should be sufficiently long (at least 8 digits), comprising letters, numbers and special characters, if necessary. They should also not consist of, to a large extent, a word or characteristic names of a common language.

  7. Before a user can use ActiveSync, the "Access groupware data via ActiveSync" (under menu "Usermanager > Groups : Rights") must be enabled in a user group the user belongs to.

    [Tip]Tip

    We recommend to set up a separate user group specifically designed for ActiveSync and to include only users with verified password quality (see above).

  8. ActiveSync only transfers data from a single folder for each item type. For this reason, each user in the "Usermanager > Users : Groupware" menu should have their default folders to be set to be transferred via ActiveSync.

  9. Configure the individual devices as described in the following chapters.