I’ve been spinning a lot of cycles lately on this SCMDM deployment. Not going to go into it in detail here, but the short version of it would be to think about a near-constant VPN connection between a Windows Mobile phone, and your corporate network.
The interesting data point that I found today was simply related to the way that our users experience the Internet. The random thought had occurred to me, is that because of the way that SCMDM works, nearly all of a users web traffic is going to go from their phone, to the carrier, across one of the intertubes to the MDM gateway, then back out across the intertube to the desired website. (Yeah, humor me here about all the interesting issues with THAT architecture).
Since all of the users web traffic flows from the gateway, what’s the behavior like when accessing sites that are regionally load balanced? For example, if I’m in France, and put google.com into a browser, then Akamai redirects my traffic to my local google instance, google.fr. If I’m in Germany, I go to google.de, etc… You get the point, this redirection works all over the world (if a site wants it to).
So now, if I am an employee in Germany, and take my SCMDM enrolled phone, and go to google.com, I’m redirected to….Yup, you guessed it: google.ie – wait huh? why would they go to Ireland? Well, for my employees, their phones would connect to the MDM gateway servers in our Dublin datacenter, so their internet egress point would be located in Dublin, and Akamai would direct them to their “local” instance – google.ie
Hmmm, so if I’m correct in understanding how all this behavior works, then that must also mean that the same weird redirection behavior occurs today for Microsoft users surfing the internet from the corporate network. Regardless of where in the world they are located, all internet egress occurs from one of the few proxy arrays located in a data center. So to validate this, I walked the 10 feet down the hallway, to where one of the ISA engineers sits. I explained to JW what I thought was going to happen to mobile phones, and asked how they were managing it with the ISA servers – answer: They aren’t.
Interesting data point for the day: In 5+ years of managing the ISA servers, he’s NEVER heard of a single complaint from users, about the behavior of being redirected to the wrong localized version of a website because of where the proxies are located.
This is all amazing to me – I can generate 100 help desk calls  because a subnet shows up with a bad building label, yet he can redirect users around the world to get content and never hears a peep.
 A useful bit of perspective on Microsoft employees. We publish quite a bit of information in Active Directory, and one thing we do is printer publishing. So a user in a building can locate a printer that’s near them – accomplished through mapping and maintaining sites and subnets in AD. If we have an incorrect subnet, we can slam the help desk with calls from users, declaring that “I’m in building 42 and trying to find a printer, and my laptop says I’m in building 34!!!!”