|Chapter 5 - Managing Exchange Servers|
|Monitoring and Managing Microsoft Exchange 2000 Server|
|by Mike Daugherty|
|Digital Press 2001|
Outlook Web Access (OWA) offers most of the functionality that is available from the Outlook MAPI client. Its primary advantage over the MAPI client is that OWA can be easily used over the Internet to provide access from remote locations. Microsoft has improved this version of OWA. Exchange 2000 uses the support for Extensible Markup Language (XML) in Internet Explorer 5.0 to increase the performance and OWA user interface. The user interface is more like Outlook, with drag-and-drop capability, pop-up menus , toolbars , hierarchy control, and rich-text editing when used with Internet Explorer.
Outlook Web Access is installed and configured automatically when you install Exchange 2000. The installation process adds an Exchange virtual root and a public virtual root to the IIS directory tree. These virtual roots point to their corresponding directories in Exchange 2000 Server.
User access to the Exchange folders is achieved by entering one of the following addresses in a Web browser.
To access the users personal mail folders from within the corporate network
To access the users personal mail folders from the Internet
http:// server/ public /folder/
To access a public folder from within the corporate network
http:// server.domain.com/ public /folder/
To access a public folder from the Internet
server is the name of the Exchange server.
domain.com is the fully qualified domain name of the domain in which the Exchange server resides.
exchange is the default private web folder.
alias is the users alias.
folder is the name of the public folder.
Because Outlook Web Access users will need to enter the Exchange server name and other information each time they access the OWA server, it is best to keep these names short and meaningful.
If you plan to have many OWA users, you should implement multiple servers in a front-end/back-end configuration. With front-end and backend servers, HTTP requests from an OWA client are processed as follows :
The front-end server receives the HTTP request from a users Web browser.
The front-end server authenticates the user and does an Active Directory lookup to determine which back-end server should receive the request.
The front-end server passes the request to the appropriate backend server running Outlook Web Access and Exchange 2000. The back-end server also authenticates the user before processing the request.
By proxying all HTTP requests through a front-end server, you can designate a single namespace (i.e., the name of the front-end server) for all OWA users to use to reach their mailboxes. Users need not know the name of the actual Exchange server that contains their mailbox. This allows you to freely move users from one Exchange server to another or to add additional Exchange mailbox servers as your user population grows. These mailbox moves are invisible to the users and do not require changing the URL they use to access Exchange.
Using a front-end/back-end configuration requires an HTTP virtual server. The following procedure can be used to configure Outlook Web Access for this type of environment:
Start the System Manager from the Windows 2000 Start menu by selecting Programs Microsoft Exchange System Manager.
In the Administrative Groups section, select the server where you want to create the HTTP virtual server. Double-click on the Protocols item under this server.
Right-click on HTTP, and select New HTTP Virtual Server.
In the Name field, enter a name for the new virtual server. The name you enter is for administrative purposes only. An HTTP virtual server is actually identified by the unique combination of hostname, TCP port, SSL port, and IP address that you assign. Users will access the virtual server using the hostname you provide.
Use the IP address drop-down list to select an IP address for the virtual server (Figure 5.1), or select the Advanced button to display the Advanced dialog box. In the Advanced dialog box, you can configure multiple identities for the virtual server.
You can select the Limit number of connections check box to limit the number of simultaneous connections to the number you enter.
Figure 5.1: The General tab
Enter a value in the Time-out (secs) field or accept the default time-out of 60 seconds.
The Exchange Path section is used to set the path for either mailboxes or a public folder. To modify the path for mailboxes, select the Mailboxes for: button, and then select Modify to display the Select STMP Domain dialog box. To modify the path for a public folder, select the Public folder: button, and then select Modify to display the Public Folder Selection dialog box.
Select the Access tab (Figure 5.2).
Figure 5.2: The Access tab
You can use the checkboxes in the Access Control section to identify the type of access that will be allowed.
You can use the buttons in the Execute Permissions section to identify the type of programs that can be executed while connected to this HTTP Virtual Server.
Select the Authentication button to display the Authentication Methods dialog box (Figure 5.3). You can use this dialog box to set user authentication on the virtual server. This authentication will determine whether to grant a user permission to connect to the system. There are three types of authentication:
Figure 5.3: The Authentication Methods dialog box
Anonymous access will allow any user to access the HTTP Virtual Server without providing a user name or password. If you select this option, you must enter an account name in the Anonymous account field.
Basic authentication will require that users provide a valid user name and password. You must enter a domain name in the Default domain field.
Integrated Windows Authentication will require that users provide a valid Windows 2000 user name and password.