< Day Day Up > |
In the chapters prior to this, we've mentioned the term public folder several times and we've even examined how to configure policies for them, but we've not really introduced public folders or their purpose in the Exchange infrastructure. If you've used Usenet newsgroups, you've got a basic idea of one type of data that can be stored in public folders but Exchange provides much more than just newsgroups in its public folders! Public folders are basically a storage location that can be used to store various types of information, such as email, documents, multimedia files, and so on, for sharing with many users. Users can access Exchange public folders natively within the organization using the Outlook client. In addition, public folders can be accessed via Hypertext Transfer Protocol (HTTP) and the venerable Network News Transfer Protocol (NNTP) by users who might be located outside of your organization's network. As you might well suspect by now, public folders are created and located in public folder stores on Exchange servers. Public folders are mail-enabled and exist as objects within Active Directory. Public folders are arranged hierarchically in a tree structure known appropriately enough as the public folder tree. Parent folders contain child folders, and the folders that exist directly under the root of the public folder tree are called top-level folders. One of the more unique, and potentially troublesome, things about public folders is that they can actually be created and configured from within Outlook. We examine this more later in this chapter. As mentioned previously, public folders can be accessed by both internal and external clients assuming that you've configured the public folder permissions for such. Internal clients connect to the public folders using Messaging Application Programming Interface (MAPI) compliant Outlook, HTTP, or NNTP, as previously discussed. Now that you have a basic idea of what a public folder is, you might be wondering what the need for public folders is. Public folders have virtually endless possible uses and are only limited by your imagination. Perhaps the most common uses for public folders are hosting Usenet newsgroups for internal clients, hosting Usenet newsgroups for external clients (such as microsoft.public.cert.mcse), providing a storage location for Outlook forms, and providing a discussion area for internal users similar to a newsgroup. Public folders in Exchange Server 2003 have some nice features of which you should be aware:
Public Folder TreesAs mentioned previously, public folders are located in public folder trees, which are located on Exchange servers. When the Exchange installation is performed on a server, one default public folder store and public folder tree are created. The default public folder tree is thus replicated to all public folder servers by default. You can, however, create additional public folder trees as your organization might require. In the next paragraphs, we examine the specifics of default public folder trees and general-purpose public folder trees. The Default Public Folder TreeAs mentioned previously, the default public folder tree is created automatically with the Exchange installation and is configured to automatically replicate to all public folder servers by default. This is the public folder tree that you will see listed in the Exchange System Manager as "Public Folders" and in Outlook as "All Public Folders." Clients can access the default public folder tree using MAPI, HTTP, or NNTP. There can be only one public folder tree that can be accessed via MAPI, and that is the default public folder tree. As we discuss in the next section, all general-purpose public folder trees are accessed by using HTTP or NNTP. The default public folder tree contains the listing of all public folders located within that tree but does not contain the content of these folders. The content remains in its original location and is only referenced by the default public folder tree an important distinction to remember. General-Purpose Public Folder TreesGeneral-purpose public folder trees are typically created to house custom applications and data that might be pertinent to only one department within your organization. As an example, you might create one public folder tree to store various information that will be used by the Accounting department for research and other data. You could then create another public folder tree for your Engineering department to provide a centralized location to store research and development information for ongoing projects. General-purpose public folder trees can be configured to replicate to any selected Exchange 2000 Server or Exchange Server 2003 public folder server, thus allowing you granular control over where they are stored. Access to these public folder trees is via HTTP or NNTP only, thus you need to configure your Outlook clients to access them using the Folder Home Page feature. In addition, to allow users to access the general-purpose public folder trees, you need to create and configure an HTTP virtual server or virtual directory. We discuss both of these items later in this chapter. Public Folder PermissionsYou can configure permissions on most every object within Active Directory (with a few notable exceptions), and public folders are no exception. Like other directory objects, a public folder inherits its permissions from its parent object. A top-level public folder gets its default permissions from the administrative group to which it belongs, whereas a child folder inherits its permissions from the parent folder under which it is located in the public folder tree. Like NTFS permissions, public folder permissions are assigned by administrators (and public folder creators) to specify which users or security groups are allowed to perform specified actions in that public folder. Public folder permissions vary from NTFS permissions, however, in that you can assign both client access permissions and administrative permissions to a public folder.
The three categories of public folder permissions are detailed in Table 6.1.
We examine each type of public folder permission in more detail in the following sections. Client PermissionsThe client permissions on a public folder are a bit different than what you might typically be familiar with when configuring NTFS permissions. As you can see in Figure 6.1, client permissions revolve around roles. Figure 6.1. Examining public folder client permissions.You can choose from the following roles:
Directory RightsBy configuring the directory rights on a public folder, you can configure the standard NTFS permissions that you might be familiar with from the public folder object within Active Directory. The Directory Rights dialog box with a sample public folder is shown in Figure 6.2. Figure 6.2. Directory rights allow you to control who can configure permissions on a public folder.When configuring directory rights, you should be aware of the default status of the following groups:
Administrative RightsThe final type of public folder permission is administrative rights. Administrative rights allow you to configure who will be able to actually administrate the public folder something that client permissions and directory rights do not do for you. The Administrative Rights dialog box for an example public folder is shown in Figure 6.3. Figure 6.3. Administrative rights allow you to configure who can administer the public folder.The rights you can configure from this area are different than those granted by the Owner client permission. These rights deal with the system configuration of the public folder, not with the user permissions associated with the public folder. Public Folder ReplicationBy default, any newly created public folders are not replicated to other Exchange servers only one copy, the original copy, exists. For many reasons, you might want to configure your public folders to replicate to other public folder servers, thus creating replicas on these servers. Having replicas of public folders helps to evenly distribute the load caused by an abundance of client access to public folders as well as provides a form of redundancy in the event one or more public folder servers becomes unavailable. Just like Active Directory, Exchange public folder replicas exist in a multimaster environment in which no one public folder is the master copy. All replicas of a given public folder are identical (after replication has completed) and a change made to any replica is then replicated to all other replicas, including the original public folder. Public folder replication occurs through SMTP. Don't let this throw you for a loop though. Consider the obvious benefits this allows for public folder replication to occur using the same protocols and connectors you've already got installed in your Exchange organization. Because of this, replicas can exist on public folder servers that might actually be located on a different physical network or subnet, again providing a load-balancing effect for client access. Public folder replication is actually a somewhat complex process that is controlled by two different services.
As much sense as creating replicas of public folders makes, there are actually times when you might not want to configure a replica for a public folder. For example, if your public folder is used to hold Usenet newsgroups, the extra traffic due to replication is probably not worth any benefit you might reap. You would be better off, in this instance, to simply configure multiple public folder servers to independently provide this service, if required. Another instance in which you might not want to configure replication to occur is if you must maintain absolute version control over the contents of the public folder and ensure it is always 100% up to date. In this situation, you would be better off to ensure that all clients, local and remote, have adequate access to the single public folder location. These are two somewhat extreme cases, however. In the vast majority of public folder instances, you need to give consideration to configuring multiple replicas to increase availability and provide load balancing as discussed previously. Now that we've discussed public folder replication in general terms, we need to examine exactly how it works. The public folder replication process breaks down nicely into four distinctly different processes:
Public Folder ReferralThe final topic we must cover here is that of public folder referral or how clients actually make connections to public folders. The public folder to which the user wants to make a connection might be located in the same routing group as that user or perhaps on a server in another routing group. Recall that Exchange routing groups are similar to IP sites in that they are groups of servers that are connected by high-quality, permanent links. If a user is attempting to connect to a public folder that has a replica in the same routing group as the client (the routing group that contains the user's mailbox store), the client first attempts to connect to the replica using the default public store that is associated with the mailbox store for that user account. Recall from Chapter 5, "Managing Address Lists and Exchange Policies," the discussion on configuring mailbox store policies in which you could configure a default public folder store for a mailbox store. In the event that the replica in question does not exist on the default public folder store, the client then makes a connection to a randomly selected replica within the client's routing group. The process continues until the client either locates the desired replica or runs out of local replicas. In the event that the desired replica is not found locally (within the client's routing group), the client needs to gain access to a replica located in another (remote) routing group herein lies the act of public folder referral. Routing groups are connected to each other using group connectors. Routing group connectors have a cost value (think metric) associated with them that determines the flow of traffic out of that routing group. Cost values range from a low value of 1 to a high value of 100, with the lower values being the more preferred routes out of the routing group. When a client needs to connect to a remote routing group to access a public folder replica, the lowest cost connection is used. However, one more issue must be kept in mind in this situation whether public folder referrals are allowed across that routing group connector. By default, public folder referrals are allowed on routing group connectors. In addition, both routing group connectors in both routing groups must be configured to allow public folder referrals. As an alternative (and you knew there had to be one), you can actually configure a referral list directly on a public folder store, thus forcing clients seeking a referral to choose a store from the list. |
< Day Day Up > |