Deploying and Managing Outlook Web Access

1
Deploying And Managing Outlook Web Access For
Exchange 5.5 Mike GahrnsProgram
ManagerExchange Product UnitMicrosoft
Corporation
2
(No Transcript)
3
Agenda

• Why use Outlook Web Access
• Architecture
• Features
• Planning Considerations
• Authentication Schemes
• Network Security
• Capacity Planning
• Load Balancing
• Transition to Exchange 2000

4
Why Use OWA?

• Browser access becoming ubiquitous
• Benefits of no application installation
• One less application to support
• Eases maintenance/upgrade issues
• Allows for many interesting usage scenarios

5
Usage Scenarios

• Roving users
• Colleagues office
• Dial up, home use
• Any Internet Access Point
• Internet Café, Airport, Suppliers office, etc.
• Kiosks
• Factory floor
• Meeting Room
• 100 OWA

6
Features

• Easy to use subset of the most common tasks done
  in Outlook
• Basic Mail - Send/Receive messages and
  attachments, basic views, etc.
• Basic Calendar and Group Scheduling View and
  create one time and recurring appointments,
  accept and send meeting requests, etc.
• Basic Contacts create and view

7
Managing Users Expectations

• Functionality differences
• No sending of Rich Text
• No embedded messages
• No Public Folder Calendar/ Contacts
• No advanced Outlook features
• E.g., Tasks, Journaling, Voting buttons,
  Categories, etc.

8
Managing Users Expectations

• Browser behavior
• UI repainting somewhat slower
• Mouse and keyboard semantics differ
• Drag and drop, clicking, accelerators
• Back button can cause unexpected results
• Refresh for new mail
• No reminders

9
Demo
10
Architecture
Client/Browser
Internet Information Server
Exchange Server
Active Server Pages
Directory
OWA Scripts
CDO/MAPI
Store
11
Basic Authentication

• Pro
• Supported by all browsers
• Works with OWA Front End servers
• Con
• Relatively insecure
• User needs to enter credentials in authentication
  popup

12
Basic Authentication Diagram
Clients
ExchangeServers
Internet Information Servers
Internet Information Server and Exchange,
Single Server
Clients
13
NTLM Authentication

• Pro
• No authentication popup uses users credentials
  from Windows logon
• Relatively secure
• Con
• Not supported by all browsers
• Does not work with a front-end OWA server

14
NTLM Authentication Diagram
Internet Information Server and Exchange,
Single Server
Clients
15
Basic Authentication With SSL

• Pro
• Supported by most browsers
• Very secure message encrypted as well
• Con
• Performance penalty encrypting the session
• Authentication popup

16
Anonymous Access

• Special use of OWA, best applied to public-folder
  and/or directory content
• Pro
• Supported by all browsers
• Con
• No security identity. Users may access only
  unsecured resources

17
Anonymous Access

• Anonymous users without a mailbox can see
  Anonymous PFs by clicking on Public Access on
  the OWA Logon Page
• Check Allow anonymous users to access the
  anonymous public folders
• Make folders visible to Anonymous OWA users by
  selecting them on the Folder Shortcuts tab in
  Admin
• The selected folder, and any subfolders that have
  anonymous permissions, will appear
• Published folders must have at least Read
  permission granted to the Anonymous account

18
Demo
19
Firewall In Front Of IIS
Client
Domain controller
Internet Information Server
Firewalls placed here need to pass HTTP
Exchange Server
20
Load Balancing

• Manual server assignments possible, but recommend
  WLBS or hardware solution
• WLBS part of Enterprise Windows NT
• Need client affinity set for OWA to work
• Round Robin DNS will not work

21
Load Balancing
All OWA Front End Machines appear as a single
machine to the client

• IIS/OWA

Exchange Server
TCP/IP
WLBS DRV
Client
NIC DRV
NIC DRV
NIC
NIC
Exchange Server

• IIS/OWA

TCP/IP
WLBS DRV
NIC DRV
NIC DRV
NIC
NIC
22
Performance User Profiles

• Most important is to understand the load your
  clients will put on the server
• Many distinct usage scenarios, each company will
  have a unique mix of these
• Start with a trial deployment
• Monitor performance
• Understand your OWA profile
• Logons per day
• Number of Messages Read
• Session Time
• Many of these exposed in Performance Monitor

23
Performance User Profiles

• MCS can assist customers with large deployments
  OWA Capacity tool
• Bottleneck will be IIS ASP sessions
• Add OWA servers to scale deployment
• Encourage users to logout from OWA

24
Performance Monitoring

• Besides General system health (CPU and Disk),
  Active Server Pages Object most important counter
• Requests/Sec
• 10-15 ASPs tends to be the max
• Requests Queued
• After 5 10 queued sharp perf drop

25
Installation

• Recommend latest IIS and Exchange SP
• First install IIS from NT Option pack
• Install NT 4 SP5 (or latest)
• Install OWA
• No prompts if same machine
• Name of Exchange server if acting as FE
• Install Exchange 5.5 SP3 (or latest)

26
Transition To Exchange 2000

• Goal is to allow OWA 5.5 FE to work against an
  Exchange 2000 BE
• Allows transition path for any OWA customizations
  you may have done
• Allows you to keep existing HTTP url for web
  client access during a mix of Exchange 2000 and
  5.5 Servers

27
Transition To Exchange 2000

• When all servers upgraded to Exchange 2000,
  update DNS to point to Exchange 2000 FEs, and
  users will then make use of the Exchange 2000 OWA
• Alternative is to use a new URL for those users
  upgraded to PT

28
(No Transcript)