 0845
838 5505
 email
ETL
 Enquiry
form
|
|
| |
 |
 |
|
|
|
Outlook
Web Access is one of the most useful and most requested
features of Exchange server. It enables a user
to access their mailbox wherever they are through
a web browser
OWA
provides a user experience very similar to
using the full Outlook client. Secure remote access
to an Exchange server over the Internet is often
required when implementing Exchange. Using
network load balancing and front-end (FE) back-end
(BE) architecture, we can design and implement a scalable,
secure, high performance OWA platform for you.
So
if you need to implement Outlook Web Access, talk
to us on 0845 838 5505. Or Email
ETL to
ask how we can set-up secure load-balanced OWA for you.
Thinking about deploying Exchange 2007? Talk to us now.
New! See the on-line demo of Exchange 2007 Outlook Web Access!
|
Outlook
Web Access is a tightly integrated component
of Exchange Server. The architecture of Outlook
Web Access has been completely overhauled
since its introduction in Microsoft Exchange
Server version 5.5. Furthermore, enhancements
to the Exchange Server 2003 architecture
dramatically affect the way Outlook Web Access
functions and help to secure corporate messaging
information. Outlook Web Access offers improved
performance and functionality. This new functionality
features a redesigned user interface very
similar to Outlook 2003, spell checking,
creation and modification of server-side
rules, and web beacon blocking. Support for
tasks, auto signature support, and address
book enhancements simplify the task of managing
information. Using a Web browser, Outlook
Web Access extends the messaging capabilities
of Exchange Server through the Internet to
the World Wide Web.
Features
in Outlook Web Access 2003
-
Usability
improvements in the user interface
-
Outlook
Web Access, using Windows Internet Explorer
5.01 and later, has a new user interface,
called the Premium Client, which is close
in features and functionality to the UI
of the full Outlook 2003 product. The Outlook
Web Access UI now includes these added
features:
-
New
logon page simplifies the choice of which
OWA client version should be used, Premium
or Basic.
-
New
Outlook Web Access UI offering two-line
view; context menus view; ability to forward
meeting requests; notifications on navigation
pane; add to contacts functionality; ability
to set number of items to view per page,
bidirectional layout support for Arabic
and Hebrew (IE6 required for bidirectional
layout); richer support for icons in mail
view; options to control when messages
are marked as read messages in preview
pane; public folders now display in their
own browser window.
-
Server
side spelling checker in English, French,
German, Italian, Korean and Spanish.
-
Access
to Global Address Lists properties sheets
within an e-mail message or meeting request;
message sensitivity settings on the information
bar; forward/reply to meeting requests,
ability to launch the calendar in its own
window from a meeting request offering
the ability to evaluate and schedule meeting
request at the same time.
-
Management
UI for server-side rules; Quick Flags;
personal tasks; message signatures.
-
Enhanced
security
-
S/MIME
support (IE6 and Microsoft Windows 2000
or higher is required)
-
“Web
beacon” blocking to make it more
difficult for senders of spam to confirm
e-mail addresses. When a user clicks a
hyperlink in the body of an e-mail message,
Outlook Web Access helps protect private
information from being revealed to the
visited web site.
-
Session
inactivity timeout using Forms Based logon
page allows support for timed logoff after
a period of inactivity, as well as secure
logoff, even if the browser is left open
with a current session to the server.
-
Attachment
blocking helps keep users from receiving
specific file types in email. Customers
can selectively disable attachments being
viewed outside the Firewall.
-
Enhanced
Features
-
Added
deferred search for new messages after
delete.
-
New
logon page adds ability to choose between
Basic (Netscape and versions of Internet
Explorer prior to Internet Explorer 5.01)
and Premium (IE 5.01 or higher) client
versions of Outlook Web Access. Basic clients
may perform faster in low-bandwidth scenarios.
Once enabled by the Exchange administrator,
GZip compression can provide substantial
performance improvements for Outlook Web
Access users connecting via dial-up, or
other low bandwidth networks.
Secure
Implementation
OWA
is automatically installed and enabled on
every Exchange 2000 server. Access to private
and public stores is possible through the
default Exchange virtual directories (/exchange
and /public). It is easy to access an Exchange
server via Outlook Web Access, typing http://server_name/exchange
will bring up the Outlook Web Access logon
screen. Making this connection externally
from the Internet obviously requires a bit
more care and configuration, particularly
with regard to security.
Exchange
2000 onwards supports front-end servers.
Scalability and availability are further
improved thanks to the (optional) Front-End/Back-End
(FE/BE) server topology of Exchange 2000.
The FE/BE server topology provides a true
multi-tier Internet application architecture
with dedicated Web and information database
servers. The Exchange 2000 FE/BE server topology
can be scaled horizontally by adding front-end
OWA servers as needed to increase application
performance or client-load capacity. Freed
from the responsibility of managing a messaging
database, a front-end OWA server performs
HTTP protocol handling and proxy functions
at high speed.
For
any OWA deployment it is recommended that
a separate host name or URL be defined for
client access. A DNS name on the Internet
should be set-up which will point the user
to a front-end end server, for example mail.company.com.
Internet-connected
OWA solutions require increased security
measures and the application of corporate
security policies. Servers need to be exposed
to the Internet, which usually involves placing
the front-end server behind a firewall.
Protecting
user login and session data requires the
use of secure sockets layer (SSL) between
the OWA client and the Exchange server (front-end
server only in an FE/BE server topology).
To deploy this you must plan for the acquisition
and installation of Web server certificates,
which are required to enable SSL sessions.
Server certificates, which enable the use
of SSL through public or private key exchange,
can be issued and installed by either an
internal or external Certificate Authority
(CA). Microsoft Windows 2000 Certificate
Services can be installed in an organization
to automatically issue server certificates
through a private key exchange. If OWA is
provided to only users internal to your organization,
this is usually sufficient, provided that
you are able to manage the security settings
of the browser
In
situations in which external users (for example,
suppliers or customers) are accessing your
Exchange server through OWA, it may be preferable
to use an external CA. In this case server
certificates can be purchased from an external
CA that issues public keys. We recommend
buying a certificate from Versign or Thawte.
Internet
Connection
The
FE/BE server topology provides enhanced
security and design flexibility when integrated
into an Internet-connected environment.
Because front-end servers do not host the
Web Storage System or Active Directory
database, this diminishes their value as
targets for "hackers." Front-end
servers can be configured to extend messaging
services over a minimum set of Internet
ports, which makes them ideal for placement
behind a firewall or in a perimeter network
(sometimes called a Demilitarized Zone
[DMZ]).
Because
front-end server placement is flexible,
there are two front-end deployment options
that should be considered when extending
Exchange services to clients that will
be using OWA over the Internet—front
end behind the firewall and front end in
a perimeter network. The choice of these
options depends on an organization's security
requirements.
This
option may be appropriate for smaller organizations
without a dedicated perimeter network or
for organizations whose security policies
permit external client access to internal
servers.
In
this option, the front-end server is on
a perimeter network. The "outer" firewall
protects the perimeter network from the
Internet, and the "inner" firewall
protects the private network from the perimeter
network. The illustration below shows this
firewall option.
This
option is suited for larger organizations
because it can provide increased security.
The added security is provided because
the back-end (and GC) servers are protected
by two firewalls. Note, however, that a
significant number of ports must be opened
on the inner firewall to enable the front-end
servers to communicate with the back-end
server and other network services. A list
of common Exchange server TCP port numbers,
including OWA ports, is below.
| Function |
TCP/IP
Port Number |
| Link
State Protocol within a Routing Group
TCP port |
691 |
| Link
State Protocol between Routing Groups |
25 |
| SMTP
traffic |
25 |
| RVP
for Instant Messenger |
80 |
| LDAP
Domain Controller lookups |
389 |
| LDAP
Global Catalog lookups |
3268 |
| NetBIOS
TCP |
135,
139, 1024+ |
| DNS
lookups TCP and UDP |
53 |
| Remote
Procedure Calls |
111,
135, 1024+ |
| Netlogon
UDP port |
445 |
| Kerberos
TCP and UDP port |
88 |
| Outlook
Web Access (OWA) |
TCP
port 80 for HTTP, TCP port 443 for
HTTPS |
| IMAP4 |
TCP
port 143, TCP port 993 if using with
SSL |
| POP3 |
TCP
port 110, TCP port 995 if using with
SSL |
| |
|
Screenshot
of OWA for Exchange 2003 - very similar
to Outlook!
|
 .gif)
|
|
|
 |
|
 |
 |
|
|
| |
home | services
| about us | e-mail
|
|
|
Thinking of deploying Exchange 2003?
Are you backups as safe as you think? Our data verification
service tests
your backups to see if they will be reliable in a disaster
Small Business Server 2003 is ideally suited for businesses of up to
about 75 people
|
