Embed Size (px)
Citation preview
Module 4
Managing Client Access
Module Overview
• Configuring the Client Access Server Role
• Configuring Client Access Services for Outlook Clients
• Configuring Outlook Web App
• Configuring Mobile Messaging
Lesson 1: Configuring the Client Access Server Role
• How Client Access Works
• How Client Access Works with Multiple Sites
• Deployment Options for a Client Access Server
• Demonstration: How to Configure a Client Access Server
• Securing a Client Access Server
• Considerations for Deploying a Client Access Server
• Configuring Certificates for Client Access Servers
• Options for Configuring POP3 and IMAP4 Client Access
• Configuring the Client Access Server for Internet Access
How Client Access Works
RPC/MAPIRPC/MAPI
HTTPSIMAP4POP3
HTTPSIMAP4POP3
MailboxServer
MailboxServer
DomainControllerDomain
Controller
Client AccessServer
Client AccessServer
RPC/MAPIRPC/MAPI
11
33
22
44
How Client Access Works with Multiple Sites
Multiple InternetAccess Points
Multiple InternetAccess Points
Single InternetAccess Point
Single InternetAccess Point
Client request is redirected
Client request is redirected
Client requestis proxied
Client requestis proxied
Proxying is used for Outlook Web App, Exchange ActiveSync, and Exchange Web Services
Redirection is used only for Outlook Web App
Deployment Options for a Client Access Server
Client Access servers:
Must be deployed in each Active Directory site that has Mailbox servers
Must have a fast connection to Mailbox servers and domain controllers
Need to be accessible from the Internet using the client protocol in Internet-facing sites
You can deploy Client Access servers:
On a single server with other Exchange Server roles
On a dedicated server to provide scalability
On multiple dedicated servers in an array
Demonstration: How to Configure a Client Access Server
In this demonstration, you will review:
• The Client Access settings for an organization
• The Client Access server settings
Securing a Client Access Server
To secure a Client Access server:
Install server certificates, and ensure that SSL is required
Configure authentication settings:
• Integrated Windows authentication
• Digest authentication
• Basic authentication
• Forms-based authentication
Protect the server with an application layer firewall
Considerations for Implementing Client Access Server Certificates
When implementing Client Access certificates, consider:
Whether to use an internal or public CA
The client access protocols in use
The server names used by messaging clients
Demonstration: How to Configure Certificates for Client Access Servers
In this demonstration, you will review:
• The New Exchange Certificate Wizard
• How to approve a certificate request
• The Subject Alternative Names in the certificate
Options for Configuring POP3 and IMAP4 Client Access
Option Description
Bindings Configure local server addresses
Authentication Configure authentication options
Connection settings Configure server connection settings
Retrieval settings Configure message formats and calendar retrieval settings
User access Configure whether a user can use the protocol
Configuring the Client Access Server for Internet Access
To enable Internet access to Client Access services:
Configure external URLs
Configure the external DNS names
Configure access to Client Access virtual directories
Implement SSL certificates with multiple subject alternative names
Plan for Client Access server access with multiple sites
Lesson 2: Configuring Client Access Services for Outlook Clients
• Services Provided by a Client Access Server for Outlook Clients
• What Is RPC Client Access Services?
• What Is Autodiscover?
• Configuring Autodiscover
• What Is the Availability Service?
• What Are MailTips?
• Demonstration: How to Configure MailTips
• What Is Outlook Anywhere?
• Demonstration: How to Configure Outlook Anywhere
• Troubleshooting Outlook Client Connectivity
Services Provided by a Client Access Server for Outlook Clients
Service Description
RPC Client Access Service
Enables MAPI connectivity to user mailboxes
Autodiscover Enables automatic configuration for Outlook and mobile clients
Availability Provides free or busy information
MailTips Provides notifications regarding issues with sending a message
Offline Address Book download
Provides offline address book download for Outlook clients
Exchange Control Panel
Provides an administrative interface for accessing mailbox and recipient information
Exchange Web Services
Provides a developer interface for accessing all Exchange server content and settings
Service Outlook Anywhere
Enables RPC over HTTPS access to user mailboxes
What Is RPC Client Access Services?
MailboxServer Role
MailboxServer Role
Client AccessServer Role
Client AccessServer Role
MAPIMAPIMAPIMAPI
Autodiscover provides information that you can use to configure Outlook 2007 client profilesAutodiscover provides information that you can use to configure Outlook 2007 client profiles
What Is Autodiscover?
Outlook 2007 Autodiscover Process:
The client locates the Autodiscover service
The Autodiscover service on the client sends each Client Access server an HTTP Post command
The appropriate Client Access server responds by returning an XML file
Outlook downloads the required configuration information from the Autodiscover service
11
22
33
44
Configuring Autodiscover
To configure Autodiscover:
Use the Exchange Management Shell
Configure site affinity for Exchange Servers in multiple sites
Configure DNS records for external clients
Use Outlook's Test E-mail AutoConfiguration feature to test
What Is the Availability Service?
Availability service makes free/busy information available for Outlook 2007 and Outlook Web App clientsAvailability service makes free/busy information available for Outlook 2007 and Outlook Web App clients
ExchangeServer 2010Exchange
Server 2010
ExchangeServer 2010Exchange
Server 2010
ExchangeServer 2003Exchange
Server 2003
11
22
44
55
33
What Are MailTips?
Exchange Server 2010 provides:
• Default MailTips
• Custom MailTips
MailTips provide information about a message delivery before the message is sent MailTips provide information about a message delivery before the message is sent
The Client Access server provides the MailTips to the clientThe Client Access server provides the MailTips to the client
Demonstration: How to Configure MailTips
In this demonstration, you will see how to:
• Review and configure the default MailTips for an Exchange organization
• Configure custom MailTips
• Verify that the MailTips work as expected
Outlook Anywhere enables RPC connections over HTTPS to an Exchange Server 2010 serverOutlook Anywhere enables RPC connections over HTTPS to an Exchange Server 2010 server
What Is Outlook Anywhere?
MailboxServer
Client AccessServer
Outlook 2003 or Outlook 2007
Client
Global CatalogServers
RPCRPC
HTTPSHTTPS
LDAPLDAP
Demonstration: How to Configure Outlook Anywhere
In this demonstration, you will see how to:
• Configure Autodiscover settings
• Configure an Client Access server for Outlook Anywhere
• Configure an Outlook 2007 profile for Outlook Anywhere
• Verify Outlook Anywhere connectivity
Troubleshooting Outlook Client Connectivity
To troubleshoot Outlook Client connectivity:
Verify network connectivity
Verify DNS name resolution
Verify Exchange Server availability
Test the client autoconfiguration process
Verify Client Access server certificates
Verify client configuration
Lab A: Configuring Client Access Servers for Outlook Anywhere Access
• Exercise 1: Configuring Client Access Servers
• Exercise 2: Configuring Outlook Anywhere
Logon information
Estimated time: 60 minutes
Virtual machine 10135A-VAN-DC1, 10135A-VAN-EX1, 10135A-VAN-EX2, 10135A-VAN-CL1
User name Administrator
Password Pa$$w0rd
Lab Scenario
You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to deploy Client Access Servers so that the servers are accessible from the Internet for a variety of messaging clients. To ensure that the deployment is as secure as possible, you must secure the Client Access server, and configure a certificate on the server that will support the messaging client connections. You also need to configure the server to support Outlook Anywhere connections.
Lab Review
• In this lab, you configured the Client Access server to use a certificate from an internal CA. How would the steps change if you used a public CA?
• How would the steps in the lab change if you had two company locations, and you had to configure Client Access server access to both locations?
Lesson 3: Configuring Outlook Web App
• What Is Outlook Web App?
• Configuration Options for Outlook Web App
• What Is File and Data Access for Outlook Web App?
• Demonstration: How to Configure Outlook Web App
• Demonstration: How to Configure Outlook Web App Policies
• Demonstration: How to Configure User Options by Using the ECP
What Is Outlook Web App?
Outlook Web App provides:
Web-based access to all Exchange mailbox components
Secure HTTPS access from the Internet
An alternative to deploying a messaging client
Access to Exchange Server 2010 features that are not available in Outlook 2007
Configuration Options for Outlook Web App
Configuration Option
Description
Server certificates
Required to enable SSL
SSL settings Enables secure access to Outlook Web App
Authentication Determines which clients can connect
Segmentation settings
Determines the available features in Outlook Web App
Gzip compression Enables compression of messages and attachments
Web beacon settings
Manages Web beacon access
What Is File and Data Access for Outlook Web App?
With file and data access, you can configure:
File and data access for Outlook Web App enables users to access attachments and files stored on other servers File and data access for Outlook Web App enables users to access attachments and files stored on other servers
• WebReady document viewing• Direct file access• Different settings when users connect from public or
private computers• Access to files stored on Windows SharePoint Services
servers and Windows file shares • Restrict access to files based on file types or internal
servers
Demonstration: How to Configure Outlook Web App
In this demonstration, you will see how to configure:
• A server to require SSL
• Outlook Web App virtual directories
• Authentication options for Outlook Web App virtual directories
• Gzip compression settings
• Segmentation settings
• Web beacon settings
Demonstration: How to Configure Outlook Web App Policies
In this demonstration, you will see how to:
• Configure an Outlook Web App policy
• Assign an Outlook Web App policy to a user account
Demonstration: How to Configure User Options Using the ECP
In this demonstration, you will see how to:
• Configure the Exchange Control Panel virtual directory
• Configure user mailbox settings through the Exchange Control Panel
Lesson 4: Configuring Mobile Messaging
• What Is Exchange ActiveSync?
• Demonstration: How to Configure Exchange ActiveSync
• Options for Securing Exchange ActiveSync
• Demonstration: How to Configure Exchange ActiveSync Policies
• Demonstration: How to Manage Mobile Devices
What Is Exchange ActiveSync?
MailboxServer
Client AccessServer
Exchange ActiveSync
Client
MailboxServer
Client AccessServer
11
33
22
Demonstration: How to Configure Exchange ActiveSync
In this demonstration, you will see how to:
•Configure the Exchange Server settings for Exchange ActiveSync
•Configure a mobile device for Exchange ActiveSync
Options for Securing Exchange ActiveSync
To secure Exchange ActiveSync:
Configure Exchange ActiveSync policies for security
Wipe lost or stolen devices
Enable self-service mobile device management
Ensure that SSL is required for the Exchange ActiveSync virtual directory
Install CA root certificates on client devices
Demonstration: How to Configure Exchange ActiveSync Policies
In this demonstration, you will see how to:
• Configure Exchange ActiveSync mailbox policies
• Configure user accounts for Exchange ActiveSync
Demonstration: How to Manage Mobile Devices
In this demonstration, you will see how to:
• Manage mobile devices as an administrator
• Perform self-service mobile device management using the Exchange Control Panel
Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync
Exercise 1: Configuring Outlook Web App
Exercise 2: Configuring Exchange ActiveSync
Logon information
Estimated time: 50 minutes
Virtual machine 10135A-VAN-DC1, 10135A-VAN-EX1, 10135A-VAN-EX2, 10135A-VAN-CL1
User name Administrator
Password Pa$$w0rd
Lab Scenario
To enable client access to the server, your organization has decided to enable both Outlook Web App and Exchange ActiveSync for its users. However, the security officer at A. Datum Corporation has defined security requirements for the Outlook Web App and Exchange ActiveSync deployment. Therefore, you need to enable the security features for both Outlook Web App and Exchange ActiveSync.
Lab Review
• What additional steps can you take to enhance the security for the Outlook Web App and Exchange ActiveSync connections in your organization?
• How would you modify the procedures in this lab if you needed to ensure that users cannot download attachments using Outlook Web App?
Module Review and Takeaways
• Review Questions
• Common Issues and Troubleshooting Tips
• Real-World Issues and Scenarios
• Best Practices
• Tools
