Understanding WebAccess Architecture

To understand the WebAccess component of your GroupWise system, it is important to understand the WebAccess architecture. This will help with installing, configuring, and troubleshooting the WebAccess components.

Understanding the WebAccess Agent

WebAccess is composed of three main pieces: the agent, the document viewer, and the application. The first piece is referred to as the WebAccess Agent and is responsible for requesting and receiving data from a user's mailbox. This WebAccess Agent can run on NetWare as an NLM (GWINTER.NLM), on Windows 2000/2003 as an executable (GWINTER.EXE) or as a Windows 2000/2003 service, and on Linux (gwinter). You can think of the WebAccess Agent as a client that communicates directly via TCP/IP with a post office agent (POA) via its client/server port, such as 1677.

Understanding the WebAccess Document Viewer Agent

A new process in GroupWise 7 is the Document Viewer Agent, which will transform all attachments into HTML viewable content, something previously handled by the WebAccess Agent itself. With the document-viewing task being a separate process, a corrupt or unwieldy attachment will not have an adverse impact on the WebAccess Agent. Historically in prior versions of GroupWise, the WebAccess Agent could be problematic in environments with large or corrupt mail message attachments. The Document Viewer Agent makes such problems a thing of the past.

Understanding the WebAccess Application

The third main part of WebAccess is referred to as the WebAccess Application. It is responsible for taking the data received by the WebAccess Agent and delivering it to the user's web browser that is being used to access WebAccess. The WebAccess Application runs on a web server as a Java servlet. It runs on any of the following supported web server platforms:

• Apache Web Server 1.3 plus Tomcat 3.3 plus the Jakarta Connector for NetWare 6.0

• Apache Web Server 2 plus Tomcat 4 plus the Jakarta Connector for NetWare 6.5 or Linux

• Microsoft Internet Information Server (IIS) 5 or later plus Tomcat 5.5 plus the Jakarta Connector for Windows 2000 or Windows 2003

• Apache 2 (or higher) plus a compatible servlet engine and connector for UNIX

Tip

Although you can still use Apache 1.3 plus Tomcat 3.3 on NetWare 6, we strongly advise you to consider upgrading your Apache services to Apache 2 plus Tomcat 4. This newer version is more robust and less prone to security attacks. Also, we strongly advise you to keep all of your web servers up-to-date, because we've seen issues with security leaks with nonup-to-date servers.

The WebAccess Application communicates with the WebAccess Agent via TCP/IP. By default, the WebAccess Agent listens on port 7205 for information coming from the WebAccess Application. The data that is exchanged between the Agent and the Application is encrypted using an encryption key. This is not your standard SSL type of encryption, but simply an encryption key that each piece (Agent and Application) uses to encrypt data between them. The encryption key is discussed later in this chapter in the section "Configuring the GroupWise WebAccess Gateway."

Understanding the WebAccess Process

Let's quickly see how a request coming in from a web browser in order to log in to a GroupWise mailbox would act. This will help you understand the flow of information through a WebAccess system, as well as help you see the relationship between the WebAccess Application and Agent:

1. A user enters the URL to GroupWise WebAccess into her browser. For example, the URL might be http://groupwise.wwwidgets.com.

2. The browser is directed to the web server that DNS resolves them to. The user then sees the GroupWise WebAccess login screen. (There are lots of options as to what you will have your users doing; for simplicity, the web server at http://groupwise.wwwidgets.com goes directly to the WebAccess login screen.) This screen is a standard HTML document that the web server is displaying. Figure 11.1 shows this screen.

   Figure 11.1. The GroupWise WebAccess login screen

   

   
   

3. The user enters a user ID (in the Username field) and password and clicks Login.

4. The web server hands this information over to the WebAccess Application that is running as a Java servlet on the web server. The servlet also detects the platform and manufacturer of the browser, and creates a session for this user, using the correct template types based on the browser type.

5. The WebAccess Application takes the user ID and password and determines which WebAccess Agent it should route the request to. It discovers that it needs to send the request to an IP address of X.X.X.X on port 7205.

6. The WebAccess Application encrypts the data using the encryption key found on the local web server and sends the username and password to the WebAccess Agent running on a NetWare, Windows, or Linux server via port 7205.

7. The WebAccess Agent receives the data, decrypts it using the same encryption key that was used to encrypt the data, and then does a lookup in the WPDOMAIN.DB to identify the domain and post office where the user is.

8. After the user's domain and post office are located, the WebAccess Agent determines how it will communicate with this particular post office. It discovers that it must communicate via TCP/IP.

9. The WebAccess Agent sends the user ID and password down to the POA object for the user's post office, and acts like a traditional GroupWise client, in that it connects to the POA via client/server port 1677. The POA picks up the request and authenticates the user into the mailbox.

This represents a quick and simple outline of how a user's request flows from an actual browser into a GroupWise mailbox. At this point, we don't discuss the return path of the data from the post office to the web browser. Basically, the return path for the data coming from the post office is in reverse order, minus a few of the lookups, because a session ID is in place to route the data back from the Agent to the Application.

This should give you a basic understanding of how the WebAccess Application and the Agent work together to access the user's mail via WebAccess. Now that you have an understanding of GroupWise WebAccess architecture, you're ready to install GroupWise WebAccess.