N1BS IT Professional White Paper

August 2004Nokia One Business Server

White Paper:

Nokia One Business Server

A Breakthrough Advance for IT Support of aMobileEnterprise

______

August2004

Contents

Introduction

The Breakthrough with My View

Nokia One Business Server Design Objectives

My View Architecture

I. Input Validation/Correction/Conversion

II. Content Condensation

III. Layout Segmentation

IV. Content Presentation

Solid Security with Complete Control

Secure by Design

Robust Authentication and Encryption

Centralized Management

With Room to Grow

Conclusion

Notes Pertaining to this Revision (Revised Draft 07/30/04):

• The major change with this version involved replacing the previous section on “Management, Scalability and Security Provisions” with a new one (now titled “Solid Security with Complete Control”) based on the topics included in the 3-page summary of the Security white paper. Because the summary is an internal document, substantial editing was required.
• Owing to the additional details on security features, the main body increased from 7 to 9 pages, making the entire document (with the cover, contents and boilerplate) 12 pages long. If a smaller document is desired, please suggest what content should be edited/eliminated.
• Changes requested in the Business Executive white paper were also incorporated here to the extent they were applicable (e.g. N1BS not positioned as a “mobile access” gateway).
• The term “My View” (“Right Fit” or “One View”) continues to remains subject to approval, and should, therefore, be considered a placeholder in this document.
• No trademark symbols are employed; some help will be needed to add these correctly.
• Here are some notes from the previous drafts that may still be of interest:
  - This white paper is a technical “under the hood” piece targeting IT professionals. The material is based on the existing Architecture paper with the addition of a product overview section and modified to be more benefits-oriented.
  - It covers both the rationale behind and design of N1BS as a cost-effective way to support mobile users and achieve the benefits of mobility enterprise-wide.
  - The only “intersection” (overlap) with the business owner paper is the “Breakthrough with My View” section, which is abbreviated here.
  - One diagram has been inserted; a single placeholder is used for another.

Introduction

Mobility is here to stay. And this is great news for the enterprise, which benefits from anywhere, anytime, any device access to information. With the introduction of new mobile applications, however, come new administrative challenges. Nokia understands this reality of mobility. As a global leader in mobile solutions, Nokia endeavors to stay ahead of these challenges and deliver end-to-end solutions that enable easy implementation and management of enterprisemobility.

One of the primary challenges, already being encountered by “Early Adopters,” involves mobilizing content. The wealth of corporate content that now exists was created for the “big screen”—the large monitors on desktop and laptop PCs. Anyone who has ever attempted to access email or navigate an intranet with a personal digital assistant or mobile display phone appreciates the problem first-hand.

Most IT organizations historically have had two options for mobilizing content: the first is synchronization and the second is conversion.

Synchronization of personal information manager (PIM) datawith a PC now comes standard with most mobile devices. But additional viewers or “pocket” version applications are normally required, and each of these increases the burden on the user—and on the Help Desk. And many of these do only a marginal job of rendering rich content on small screens. In addition, synching can create a security risk by allowing workers to store corporate information on a portable device that might be lost or stolen. So while synchronization may have a necessary role to play, it is far from being a sufficient solution for enterprise-wide mobility.

The second traditional mobilization option for IT administration involves converting existing content to a new markup language designed for the small screen. But the effort can be quite complicated—and enormously costly! There is no convergence yet on a single language (the Wireless Markup Language, the Handheld Device Markup Language, Compact HTML, XML/XSL eXtensible Markup/Stylesheet Languages and others), and device-specific differences continue to complicate the creation of or conversion to common content. This option may make sense for certain vertical applications where a defacto standardmay exist, but with the variety of content across the typical enterprise, the approach is just not feasible.

Fortunately, IT departments now have a third option: the proxy gateway. Nokia One Business Server is just such a system. Nokia One Business Server is a purpose-builtappliance that dynamically and transparently transforms existing content—emails and attachments, PIM data and Web/intranet pages—for better viewing and navigating on virtually any small-screen device. The solution deploys seamlessly, operates securely, is easy to manage, and requires no special readers or other software on the mobile devices. Designed to satisfy the needs of workers throughout the world, Nokia One can be localized in 14 major languages. Together these capabilities allow IT departments to deliver a superior user experience while maintaining full control over the mobile application environment. With Nokia One, the productivity gains and other benefits of mobility can be achieved today securely and cost-effectively enterprise-wide.

This white paper provides IT decision-makers with an overview of Nokia One Business Server by providing a thorough understanding of how the breakthrough My View technology functions, including the “behind the scenes” design objectives and the “under the hood” architecture.

The Breakthrough with My View

Nokia One Business Server is a purpose-built appliance designed to fit seamlessly between the existing enterprise IT infrastructure and all mobile workers. Nokia One Business Server works transparently to reformat existing “big screen” content so that it is substantially easier to read and navigate on the smaller displays of mobile devices. The content can be anything from email messages and PIM data to HTML pages and full documents in a variety of different formats. This now familiar list of formats includes HTTP, MIME, DOC, XLS, PPT, RTF, PDF, EPS, JPEG, GIF, ZIP and more. The innovative My View technology is what makes this seemingly magical transformation as seamless as it is secure. The process itself is occurs dynamically—on-the-fly, in real-time—to make the user’s experience truly on-line and totally interactive.

The dynamic My View conversion process is also fully transparent in both directions: to and from the mobile device. For this reason, there is no need to change any existing enterprise applications or data, and no need to install and support any special client-side software for most needs. [NEW] For example, an employee with an ordinary PDA can read a report during the commute to work on the train. Across town another employee gets a phone number from a contact list displayed on her mobile phone to place a call while waiting in the lobby at a customer’s office. And yet another (from a few time zones away) uses his smart phone to check email and update the day’s calendar before leaving his hotel room for the conference he’s attending. To achieve this degree of “universal” access, Nokia One accommodates the full spectrum of mobile devices—from simple PDAs and basic mobile phones to sophisticated smart phones—whether from Nokia or another vendor. The most cost-effective way to achieve this objective, of course, is to utilize the Web browser that is now supported by virtually every mobile device.

Nokia One Business Server is a proxy gateway that converts existing corporate content,
dynamically and transparently, for optimal rendering on small-screen devices.

Here is how Nokia One with the breakthrough My View technology works: Designed as an inherently secure and high-performance appliance, Nokia One Business Server is deployed at the edge of the enterprise network between the mobile workers and the content servers. The My View process communicates on the “front end” with the mobile devices via secure browser protocols. On the “back end” facing the content servers, My View supports a variety of protocols used in various enterprise applications, including email, intranets and others. Because a gateway functions as a proxy through which all mobile traffic passes, the Business Server is normally deployed in a protected region of the enterprise network (behind the firewall) where access can be strictly monitored on a per-user, per-port and per-host basis.

The capabilities—and limitations—of the particular mobile device are used by My View to guide the content transformation process. For example, devices with really tiny displays and/or limited memory require a higher degree of segmentation and “compression” of text and graphics. After the source content has been suitably transformed, it is then translated into a markup language appropriate for the device. The transformation process also works two ways; that is, the gateway accepts input from the mobile device, allowing the employee to enter any requested information into individual fields or entire forms.

Nokia One Business Server Design Objectives

From the outset, Nokia was mindful of the challenges involved in making the wealth of content designed for large monitors readily available on the small screens of mobile devices. To make the solution friendly to both users and IT administrators alike, Nokia established the following eight demanding design objectives:

1. An enterprise-wide solution
   This objective would prove to be fundamental to the approach required. The solution would need to enable the IT department to mobilize all users throughout the enterprise—from the executive staff to the field sales organization.
2. Device independence
   The ability to support the full spectrum of mobile devices is essential in an enterprise-class solution. Devices commonly used include mobile phones, handheld communicator and PDAs, among others. Ideally, no special software (other than the ubiquitous Web browser) would be required for any device. Device independence allows the enterprise to maximize the return on investment for existing mobile devices, and utilize new devices that better satisfy future needs.
3. Network independence
   An enterprise-wide solution would have the ability to operate on any network, including the cellular communications infrastructure, and public or private wireless LANs. This would allow users to access information from any location anywhere in the world.
4. Source content independence
   An enterprise-class solution must be able to support virtually all applications and formats without requiring any changes to existing sources. Such independence would eliminate the (costly) need to “mobilize” (via manual conversion) the wealth of corporate information available online—potentially in different ways for different devices.
5. End-to-end Security
   Security is a critical consideration in IT departments today, and mobility presents a special set of security challenges. So the solution would need to be able to maintain integrity by securing content without imposing a burden on either the users or the IT staff. In order to fit seamlessly—and securely—within the existing enterprise security infrastructure, the solution would also need to utilize existing authentication provisions.
6. Reliable and manageable
   When the IT department gets involved, there are always requirements for dependable operation and robust management capabilities. Mission-critical reliability might need to leverage separate load-balancing switches, but the solution itself should be easy to install and manage with intuitive tools. Ease of management is especially important to lowering ongoing operating expenditures and, thereby, yields a satisfactory return on investment.
7. Affordable in both large and small deployments
   Because mobility is a relatively new phenomenon in most organizations, the IT department needs to be able to start small—mobilizing top management or key staff—and plan big for the inevitable expansion into every department in the organization. Therefore, the initial capital and ongoing operational expenditures should be cost-justifiable in a wide range of pilot and production applications, and the solution would need to scale readily to support additional users.
8. Extensible to allow for future enhancements
   The world of mobile communications changes constantly. What was thought to be impossible just a few years ago is now commonplace. The solution would need to accommodate such a dynamic environment by enabling robust support for new,state-of the art devices, the transformation of new or different source content formats, the addition of security enhancements, and whatever else the future holds.

My View Architecture

Nokia believes the best way to achieve all eight design objectives is with an appliance purpose-built as a proxy gateway. The proxy approach results in a bi-directional transparency that is able to grant users full access to any authorized content without requiring any changes to the existing infrastructure. The proxy-based design also establishes a flexible platform that can be made fully agnostic with respect to devices, networks, applications and content formats. Designing the solution as an access gateway appliance makes deployments simple, as well as secure, manageable and affordable.

The diagram below depicts the four main processes performed in the Business Server appliance by the integral My View technology:

1. Input Validation/Correction/Conversion – Prepares the source content for maximum efficiency and effectiveness throughout the remaining device-specific transformation processes.
2. Content Condensation – Reformats both text and images in a variety of ways to squeeze the maximum amount of information possible onto a small display.
3. Layout Segmentation – Partitions the source content in a way that preserves its structure while allowing all information to be displayed sequentially on a small screen.
4. Content Presentation – Makes the transformed content available in an optimal format for the device being used, and handles the two-way communications required by forms and cookies.

[DIAGRAM PLACEHOLDER: System Architecture]

I. Input Validation/Correction/Conversion

As the designation implies, this “Input” process performs three separate functions:

• Validation: The source document is inspected to determine if its format complies with applicable standards and conventions. HTML in particular is often incorrectly formatted.
• Correction: Any incompatibilities are fixed to conform to applicable standards and conventions. This important step establishes a predictable baseline for all additional transformations.
• Conversion: The content is converted to eXtensible Markup Language (XML) in preparation for the remaining three processes performed by the My View technology.

While all three of these functions are performed without regard to the target devices, their collective importance in content transformation cannot be overstated. By establishing a common denominator for all types of content—MIME, HTML, PDF, PostScript, RTF, DOC, GIF, JPEG, ZIP files etc.—the other device-specific processes can all proceed in an efficient and deterministic fashion.

II. Content Condensation

Content condensation is the first process to take into account the target device’s specific display characteristics, which are contained in a Device Specifications database. The database characterizes the full array of specific features for all devices supported, including:

• Markup language(s) used
• Document formats and maximum size
• Image formats and maximum size
• Display width and height in characters (for text)
• Display width and height in pixels (for graphics)
• Pixel depth (black & white, grayscale or color)
• Ability to handle tables, nested tables and forms

These and other device characteristics (including any user-specified preferences) are essential to achieving the best possible transformation. And as anyone who has used a display phone can verify, trying to read a large document with lots of pictures can be a trying experience—without the right transformation.

The content condensation process is performed on both text and graphics. Text is “compressed” using a combination of syntactic, lexical and semantic analysesto abbreviate words, names, dates, phrases, etc. These analyses employ finite-state grammar, probabilistic automata and proprietary algorithms to reduce the “footprint” of the original text. Such pruning of non-essential and/or redundant text and links can make a convoluted document substantially more readable. The result is that the maximum possible content gets displayed on the small screen, which greatly enhances the user experience.

The format and level of text compression can be modified by the administrator. For example, dates in Europe are presented as DD/MM rather than as MM/DD as they are in the U.S. Through the system’s preferences module, individual users can also adjust how “aggressively” text is compressed according to their own personal taste and tolerance for such things.

Graphics are similarly “compressed” for optimal display on the target device. This process first applies an “image triage” to detect and eliminate those that are stylistic only, such as navigational buttons. Then the image is analyzed to determine whether a compressed version will be viewable. If so, the pixel and/or color depth are reduced to match the capabilities of the target device. Next, the aspect ratio is altered for a better fit on the display, and finally, any unnecessary borders are cropped.

III. Layout Segmentation

Once the source content is in a known-good format and suitably condensed for the target device, the next step involves producing an optimal layout, which requires displaying the “main content” first.

Rearranging content in a complex document so that the “main content” comes first (with the background material and navigational aids coming later) can be a bit of a challenge. On a large desktop computer monitor, the two-dimensional layout of a hypertext document calls attention to the most important area(s). People looking at the CNN or Financial Times Web pages, for example, find their attention drawn to today’s headline story in the middle of the page, even though the page is cluttered with additional stories, ads, links and other content. The small-screen device, however, is effectively one-dimensional. The challenge, then, is to transform an inherently two-dimensional document into a ticker-tape style sequence. To perform this critical parsing and reordering task successfully, My View utilizes two pattern recognition algorithms that rank-order the significance of all content: the Main Content Algorithm and the Segmentation Algorithm. Both algorithms must function independently of the content’s domain, structure and format, while delivering a “lossless” transformation in real-time.