Outlook Anywhere Client Access to Exchange 2003 over the ... Load balancing and front-ends Front-ends

  • View
    1

  • Download
    0

Embed Size (px)

Text of Outlook Anywhere Client Access to Exchange 2003 over the ... Load balancing and front-ends...

  • Outlook Anywhere Client Outlook Anywhere Client Access to Exchange 2003 Access to Exchange 2003 over the Internetover the Internet

    Kristian AndakerKristian Andaker Lead Program ManagerLead Program Manager Microsoft CorporationMicrosoft Corporation

    MSG304

  • Exchange 2003:Exchange 2003: Mobility In the BoxMobility In the Box

    AgendaAgenda

    Exchange Internet access technologiesExchange Internet access technologies DesktopsDesktops

    Outlook Web Access (OWA)Outlook Web Access (OWA) Outlook: RPC/HTTPOutlook: RPC/HTTP IMAP4 and POP3IMAP4 and POP3

    Mobile devicesMobile devices Exchange ActiveSyncExchange ActiveSync Outlook mobile accessOutlook mobile access

    Deployment and topologiesDeployment and topologies FrontFront--End/BackEnd/Back--end? Firewalls?end? Firewalls?

    Security, security, securitySecurity, security, security AdministrationAdministration

  • Scenarios and RisksScenarios and Risks

    Internet access to Microsoft ExchangeInternet access to Microsoft Exchange ExtranetExtranet TelecommutersTelecommuters From home and Internet kiosksFrom home and Internet kiosks CoCo--workerworker’’s offices office

    Understand risksUnderstand risks Deployment/Configuration mistakesDeployment/Configuration mistakes EE--mail contentmail content

    Sent from Internet and opened InsideSent from Internet and opened Inside Sent from Inside and opened from InternetSent from Inside and opened from Internet

    EndEnd--user erroruser error

    H1

  • Slide 3

    H1 I'm not getting why Inside is cap'd. Heather, 27/05/2005

  • MailboxMailbox (a.k.a. Back(a.k.a. Back--End)End)

    Firewall/DMZFirewall/DMZ

    RPC/HTTP andRPC/HTTP and Outlook Web AccessOutlook Web Access POP3, IMAPPOP3, IMAP

    ExchangeExchange ActiveSyncActiveSync

    Outlook Mobile AccessOutlook Mobile Access

    ActiveSyncActiveSync ClientsClients (e.g., PPC, SP)(e.g., PPC, SP)

    Phone & PDAPhone & PDA BrowsersBrowsers

    LaptopsLaptops

    FrontFront--EndEnd

    Exchange 2003 Mobile ComponentsExchange 2003 Mobile Components OverviewOverview

  • Outlook Web Access (OWA)Outlook Web Access (OWA) Exchange 2003 featuresExchange 2003 features

    SpellcheckingSpellchecking RulesRules TasksTasks Everything we love inEverything we love in Microsoft Office Microsoft Office Outlook 2003Outlook 2003

    Quick flagsQuick flags Right preview pane, two line viewRight preview pane, two line view Right click Right click ‘‘mark as read/unreadmark as read/unread’’ Search folders (e.g. for follow up, unread)Search folders (e.g. for follow up, unread)

    Attachment drag & dropAttachment drag & drop Improved performance (>50% vs. Exchange 2000)Improved performance (>50% vs. Exchange 2000) SecuritySecurity

    Forms based authentication, attachment blocking, external contenForms based authentication, attachment blocking, external content t blocking, S/MIME encryption/signingblocking, S/MIME encryption/signing

  • HTML HTML ‘‘formform’’ where user enters credentialswhere user enters credentials User chooses User chooses ‘‘PremiumPremium’’ or or ‘‘BasicBasic’’ OWAOWA User chooses User chooses ‘‘PrivatePrivate’’ or or ‘‘PublicPublic’’ machine machine (short versus long timeout)(short versus long timeout)

    Timed logoff: Server usesTimed logoff: Server uses encrypted cookie for session authenticationencrypted cookie for session authentication

    Logout and timeout invalidates cookieLogout and timeout invalidates cookie User does not need to close browser to be logged outUser does not need to close browser to be logged out

    DoesnDoesn’’t time out while composing mailt time out while composing mail Does time out regardless of new incoming mail or Does time out regardless of new incoming mail or remindersreminders

    Customizable logon pageCustomizable logon page

    Outlook Web AccessOutlook Web Access Forms based authenticationForms based authentication

  • Outlook Web AccessOutlook Web Access FormsForms--Based AuthenticationBased Authentication

    Get your own OWA trial account todayGet your own OWA trial account today Sign Up: Sign Up: http://www.microsoft.com/exchange/evaluahttp://www.microsoft.com/exchange/evalua tion/trial/tion/trial/online.asponline.asp

    Access OWA: Access OWA: https://https://mail.exchangetrial.commail.exchangetrial.com/exchange/exchange

  • * Outlook configuration UI can* Outlook configuration UI can be disabled with registry keybe disabled with registry key

    RPC/HTTPRPC/HTTP Outlook from Internet without VPN/RASOutlook from Internet without VPN/RAS

    RequirementsRequirements Outlook 2003 (Outlook 11)Outlook 2003 (Outlook 11)

    Configure in Exchange proxy settingsConfigure in Exchange proxy settings Microsoft Windows XP SP1 + Microsoft Windows XP SP1 + Q331320Q331320 or SP2or SP2 Following servers need Following servers need Microsoft Windows Server 2003:Microsoft Windows Server 2003:

    Mailbox, front end, global catalog, Mailbox, front end, global catalog, public folderpublic folder

    OWA and Outlook can use same URLOWA and Outlook can use same URL OutlookOutlook’’s RPC (remote procedure call) s RPC (remote procedure call) traffic wrapped in HTTPStraffic wrapped in HTTPS

    Outlook client requests are Outlook client requests are proxiedproxied through Windowsthrough Windows’’ ““RPCProxyRPCProxy”” RPCsRPCs are unwrapped on Exchange are unwrapped on Exchange FrontFront--End server and forwarded to appropriate serversEnd server and forwarded to appropriate servers

    Switches intelligently between RPC/HTTP and RPC/TCPSwitches intelligently between RPC/HTTP and RPC/TCP

  • Exchange ActiveSync (EAS)Exchange ActiveSync (EAS)

    Windows Mobile, Windows Mobile, PalmOnePalmOne, Motorola, , Motorola, Nokia, Nokia, ……

    Protocol being licensed to third partiesProtocol being licensed to third parties EE--mail, calendar and contacts mail, calendar and contacts synchronization (SP2: +tasks)synchronization (SP2: +tasks)

    ‘‘In the boxIn the box’’ with Exchange. No separate with Exchange. No separate sync server.sync server. Scheduled/Manual/UpScheduled/Manual/Up--ToTo--Date syncDate sync Rich filtering and truncation optionsRich filtering and truncation options

    Sync. Attachments? Sync. Attachments? Sync. how much of body? Sync. how much of body? ……

    Smart reply and smart forwardSmart reply and smart forward Delivers attachments and full message without Delivers attachments and full message without downloading to devicedownloading to device

    ‘‘Desktop ActiveSyncDesktop ActiveSync’’ integrationintegration Configure from device or desktopConfigure from device or desktop

    ‘‘UpUp--ToTo--DateDate’’ notificationsnotifications E2003 RTM & SP1: SMTPE2003 RTM & SP1: SMTP-->SMS >SMS notifnotif.. E2003 SP2: IP E2003 SP2: IP notifnotif..

  • Outlook Mobile Access (OMA)Outlook Mobile Access (OMA) OverviewOverview

    OWA for mobile devicesOWA for mobile devices Triage eTriage e--mail (e.g., Accept mail (e.g., Accept MtgMtg)) Find people (Contacts/AB)Find people (Contacts/AB) See your calendar See your calendar (e.g., Create meetings)(e.g., Create meetings)

    ExchangeExchange’’s s ““device reachdevice reach”” solutionsolution Generates WML, HTML, Generates WML, HTML, xHTMLxHTML and and cHTMLcHTML markup for different devicesmarkup for different devices Microsoft .NET Framework Microsoft .NET Framework ‘‘Device UpdatesDevice Updates’’ add add device supportdevice support

    Exchange 2003 RTM contains Exchange 2003 RTM contains ‘‘Device Update 2Device Update 2’’ ‘‘Device Update 4Device Update 4’’ available todayavailable today

  • 1.1. Firewall lets through SSL Firewall lets through SSL (port 443) only(port 443) only

    Add ports for POP3/IMAP with Add ports for POP3/IMAP with or without TLSor without TLS

    2.2. IIS on FE authenticates userIIS on FE authenticates user 3.3. FE looks up which BE serves userFE looks up which BE serves user 4.4. FE handles data or proxies to BEFE handles data or proxies to BE 5.5. BE returns data to FE, FE returns BE returns data to FE, FE returns

    data to userdata to user

    RPC/HTTP, OWA,RPC/HTTP, OWA, OMA, EAS,OMA, EAS,

    POP3, IMAPPOP3, IMAP FrontFront--EndEnd

    MailboxMailbox (a.k.a. Back(a.k.a. Back--End)End)

    ServersServers

    FirewallFirewall

    Global CatalogGlobal Catalog (Active Directory)(Active Directory)

    Deployment BasicsDeployment Basics Topology exampleTopology example

  • Select Select ‘‘This is a FrontThis is a Front--End serverEnd server’’ checkboxcheckbox Exchange System Manager Exchange System Manager Servers Servers RightRight-- click menu click menu Properties Properties ‘‘GeneralGeneral’’ tabtab

    Why use a FrontWhy use a Front--End (FE) server?End (FE) server? Offload work from Mailbox serverOffload work from Mailbox server

    SSL, OWA compression, OWA SSL, OWA compression, OWA spellcheckspellcheck Single namespace (same URL) for all client Single namespace (same URL) for all client accessaccess

    E.g., E.g., mail.microsoft.commail.microsoft.com for all OWA, RPC/HTTP, EAS for all OWA, RPC/HTTP, EAS and OMA Microsoft usersand OMA Microsoft users

    More secure and reliableMore secure and reliable No user data on FENo user data on FE No unauthenticated requests to Mailbox serverNo unauthenticated req