Microsoft Exchange 2000 Server Adminstrator's Companion
OWA provides an environment for users to access both public folder store and mailbox store data using a browser. With OWA, clients based on UNIX, Macintosh, and Windows can view and work with any public folder, mailbox, Global Address List (GAL), or calendar.
NOTE
For UNIX users, OWA is the primary Outlook solution for e-mail, calendar, and collaboration functionality.
The Web Store
The OWA client in Exchange 2000 Server is dramatically different from the one in Exchange Server 5.5. One of the most important changes is the introduction of the Web Store.
The Web Store integrates knowledge sources by providing a single repository for the management of e-mail messages, documents, Web pages, and other types of data. It supports offline access, remote client access, and a range of APIs. The Web Store brings together file system services, database services, and collaboration services into a single integrated package, making it easier to find, use, and share information.
The Web Store supports HTTP, Web Distributed Authoring and Versioning (WebDAV), and Extensible Markup Language (XML), and each folder in the Web Store has a unique URL associated with it. Figures 17-21 through 17-24 illustrate how the same documents in the Web Store can be accessed through different interfaces. First, Figure 17-21 shows OWA accessing a public folder named Company Documents in the Web Store. Figure 17-22 illustrates how Office 2000 integrates with the Web Store and allows users to access documents in the Company Documents public folder. Figure 17-23 shows that these same documents can be accessed via Outlook 2000. Finally, Figure 17-24 shows how these documents can be accessed via the M: drive in Windows Explorer.
Figure 17-21. Accessing the Company Documents public folder with OWA.
Figure 17-22. Accessing the Company Documents public folder with Office 2000.
TIP
Web folders are built into Microsoft Office 2000 and are added to Microsoft Windows NT 4 and Windows 98 systems when you perform a full installation of Microsoft Internet Explorer 5 or when you install Office 2000. You can create a Web folder by adding a network place in My Network Places in Windows 2000 or in the My Computer—Web Folders section of Windows NT 4 and Windows 98.
Figure 17-23. Accessing the Company Documents public folder with Outlook 2000.
Figure 17-24. Accessing the Company Documents public folder via drive M: in Windows Explorer.
Some of the improvements to the performance and functionality of OWA in Exchange 2000 Server include the following:
- Support for embedded items and ActiveX objects.
- Support for public folders that contain contact and calendar items.
- Support for multimedia messages. OWA allows an audio or video clip to be embedded directly into a message and then sent to the recipient.
- Support for named URLs instead of GUIDs.
- Support for Internet Explorer 5.
OWA is not designed to be an advanced e-mail and collaboration utility. Therefore, before you deploy this feature, consider some of its limitations:
- Offline use is not supported. A user must connect to an Exchange server to view information.
- It does not support digital encryption, signatures, or Secure Multipurpose Mail Extensions (S/MIME).
- It does not permit discontinuous days to be shown side by side in the calendar. In fact, many views for meetings and task list management are not available in OWA.
- It does not support Outlook 97 forms.
- It does not support synchronization of local offline folders with server folders.
MORE INFO
It is beyond the scope of this book to cover the default Web server settings. For more information, refer to Microsoft Windows 2000 Server Resource Kit (Microsoft Press, 2000).
You administer OWA through the Internet Information Services snap-in. Once you have opened up the Internet Information Services snap-in and expanded your server to see its subordinate objects, you'll see the three virtual roots that Exchange creates when it is installed: Exchange (http://server/exchange), Public (http://server/public), and Exadmin (http://server/exadmin). These virtual roots point to the ExIFS roots—either the Mbx folder (Figure 17-25), the public folder, or the root for Exchange administration (Figure 17-26).
Figure 17-25. Virtual root that points to the Mbx root.
OWA has been redesigned to support many more users per server. The most important factor in determining user load is the type of activities your users will perform on the server. We suggest that you start with a trial deployment and use it to develop a baseline for enterprise deployment. Use the Performance Logs and Alerts snap-in to create this baseline. Specific items that you'll want to monitor include logons per day, number of messages read, and session time. Table 17-8 outlines the counters that you should use to obtain a baseline for an OWA server.
Figure 17-26. Virtual root that points to the Exadmin root.
Table 17-8. Counters for developing a baseline for an OWA server
Object | Counter/Instance | Description |
---|---|---|
Processor | % Processor Time | Indicates how busy the processor is |
System | Context Switches/Sec | Indicates the rate at which the processor is switching between threads |
Process | % Process Time/Store % Process Time/Inetinfo % Process Time/Lsass % Process Time/Mad | Indicates how much of the computer's CPU is being used by Exchange Server, IIS, and the security system (including Active Directory) |
Physical Disk | Disk Reads/Sec Disk Writes/Sec Current Disk Queue Length | Indicates the level of activity of the physical disk |
Memory | Available Bytes Page Reads/Sec Page Writes/Sec Page Faults/Sec | Indicates how much memory is in use and how much is being paged to disk |
Because Exchange 2000 Server does not use Active Server Pages (ASP), ASP and MAPI bottlenecks are no longer an issue, as they were in Exchange Server 5.5. The remaining bottlenecks include the standard hardware constraints of the CPU, memory, disk, and network.
OWA also works with front end/back end (FE/BE) servers, which can give you load-balancing features if you have a large number of users utilizing OWA. In terms of ports and firewalls, you'll need to have only port 80 open on your firewall, which in most installations is a standard port to open. OWA does work with SSL over port 443, and it also supports Kerberos. The unified namespace for users to access mail is http://<servername>/mail. The e-mail account namespace on each server would then be http://<servername>/mail/exchange/<mailbox>. These URLs work only with FE/BE configurations.
When using FE/BE servers, the front end server functionality is determined by the authentication method that you use. For instance, if you use Basic Authentication, the front end server authenticates the user by verifying the user name and unencrypted password. Exchange 2000 Server then establishes a local security context for the user and connects as that user from the front end server to the back end server. Basic Authentication works only if the security properties for each user exist on the front end server and if each user is granted the Log On Locally right.
If authentication information needs to be encrypted and cannot be determined by the front end server, the server must be able to pass the authentication request to another server. This capability is available only with Kerberos authentication, not NTLM (Windows NT Challenge/Response), and it requires Internet Explorer 5 or later running on Windows 2000 at the client end. Thus, if you require Kerberos authentication for OWA users, they must be running Internet Explorer 5 on Windows 2000. Table 17-9 lists the different authentication methods possible with IIS. You'll want to test these methods in your lab before deploying OWA.
Table 17-9. IIS authentication methods
Authentication Method | Benefits | Disadvantages |
---|---|---|
Anonymous | Supported by all clients; an easy way to allow access to unsecured public folders. | Does not provide security on an individual basis. All anonymous authenticated users can access any content to which the Anonymous user account (IUSER_Computername) has access. |
Basic | Supported by most clients; works through proxies and firewalls. | Password is sent as clear text unless the SSL protocol is used to encrypt it. |
Digest | The password is sent as a hashed value, which works through proxies and firewalls. This method works with all HTTP 1.1 compliant browsers. | Password is unencrypted in the Windows 2000 domain controller. Also, this method does not work through front end servers. |
Certificate | Very secure; supported by a broad range of clients. | Requires you to create, obtain, and manage certificates and then deploy them to the clients. |
Integrated Windows | The password is sent as an encrypted value for highest security. | Supported only by Internet Explorer 2 and later. It does not work through HTTP proxies, and it works through a front end server only when the client is using Internet Explorer 5 on Windows 2000. |
Distribute Password, Membership Basic | Not compatible with Exchange 2000 Server. |