Page 1 – Appnote--- Microsoft OWA June 2006

Appnote Microsoft Outlook Web Access (OWA) DX optimization

Appnote - topic Microsoft Outlook Web Access (OWA) is the web portal of Exchange mail server. This application allows end users to access their exchange account (mail, directory, agenda, …) via web browser. DX utilization on OWA application provides great benefits: • Bandwidth reduction • Server off load • Improved end-user response time • Transparent transition from HTTP to HTTPS access

DX integration with OWA Microsoft OWA uses specific advanced http methods/options that are not enabled by default on DX: • NTLM authentication • Web-based Distributed Authoring and Versioning (WebDAV) HTTP extensions These options require specific DX configuration, but all these settings are automatically configured once OWA is enabled in DX-Cluster.

To configure via WebUI:To configure via WebUI:To configure via WebUI:To configure via WebUI:

Note: Only Administrator can make these configuration changes. • In "Services" – "Clusters" – "Cluster Group", select cluster where you want to set up OWA • Click "enabled" in "Advanced" – "Outlook Web Access" • Reply OK to following question + save your new configuration

Page 2 – Frequently Asked Question --- Configuration Synchronization July 2006

Microsoft OWA DX optimization Appnote

OWA is now used on that cluster and you have automatic following cluster configuration:

Note: In Red, OWA option enabled. In Blue automatic configuration changed with option OWA.

To configure via CLI:To configure via CLI:To configure via CLI:To configure via CLI:

Note: Administrator, Network Admin and Network Operator can do configuration change. • set cluster <name> owa enabled • write

Specific case of AutoSSL on OWASpecific case of AutoSSL on OWASpecific case of AutoSSL on OWASpecific case of AutoSSL on OWA

This section covers specific case where clients talk to DX via https and DX talks to the servers via http: "client � (http) � DX � (http) � servers" Note: In case of end-to-end clear communication "client � (http) � DX � (http) � servers" or end-to-end encrypted communication "client � (https) � DX � (https) � servers", there is no need for extra DX configuration. Usually the goal of such configuration is to add easy extra security to OWA application if that one runs on http only or to fully off load servers of SSL tasks if those already run on SSL. OWA is designed ready to work with Reverse Proxy that terminates and removes SSL. However OWA servers need to told there is an SSL termination device in front of them. This is done inserting a http header "FRONT-END-HTTPS: ON". With DX, this header is inserted with Apprules.

Page 3 – Frequently Asked Question --- Configuration Synchronization July 2006

Microsoft OWA DX optimization Appnote

Via WebUI, • In "Services" – "AppRules", click on "Create RuleSet" • Choice a RuleSet name. For instance "AutoSSL-OWA"

• Select "Request Translator Header" tab and click on "New Rule" • Copy/Paste (replacing owa.foo.com with OWA application hostname)

RTH: request_header "Host" eq "owa.foo.com" then insert_request_header "FRONT-END-HTTPS" "ON"

• Click OK and Save • In "Services" – "Clusters" – "Cluster Group", select cluster where you want to set up OWA • Select "AppRules" and select "Enable RuleSet" and select "AutoSSL-OWA" RulesSet to Run

• Click "Save Settings" Note: Of course this cluster must listen on port 443 with "SSL – Listen Side" enabled and "SSL – Target Side" disabled

Technical NoteTechnical NoteTechnical NoteTechnical Note on all configuration changes done with OWA enabled on all configuration changes done with OWA enabled on all configuration changes done with OWA enabled on all configuration changes done with OWA enabled::::

This OWA option enabled in CLI or WebUI transparently changes the following DX settings: • For NTLM authentication:

o set cluster <name> connbind enabled o set cluster <name> factory c uar enabled

Page 4 – Frequently Asked Question --- Configuration Synchronization July 2006

Microsoft OWA DX optimization Appnote

• For advanced http methods (WebDAV and extended) o set cluster <name> httpmethod webdav enabled o set cluster <name> httpmethod extended enabled

• To optimize compression (text/xml and text/x-component compression) o set cluster <name> compression text_xml enabled o set cluster <name> compression text/x_component enabled

And from 5.1.7 and 5.3 releases: • To optimize session persistency

o set cluster N factory h tc3 disabled o set cluster <name> factory h w disabled o set cluster <name> factory h v disabled

Important Note on misconfiguration: If you next manually disable "connbind" or "httpmethod webdav enabled " or "httpmethod extended enabled ", "Outlook Web Access" will remain enabled in configuration, but OWA application won't work . Other options (related to compression) may be disabled, but there is no benefit to do so: client response time will be degraded (data downloaded by client will be bigger).