Transcript Client Access servers

Module 4
Managing Client Access
Module Overview
• Configuring the Client Access Server Role
• Configuring Client Access Services for Outlook Clients
• Configuring Outlook Web App
• Configuring Mobile Messaging
Lesson 1: Configuring the Client Access Server Role
• How Client Access Works
• How Client Access Works with Multiple Sites
• Deployment Options for a Client Access Server
• Demonstration: How to Configure a Client Access Server
• Securing a Client Access Server
• Considerations for Implementing Client Access Server
Certificates
• Demonstration: How to Configure Certificates for Client
Access Servers
• Options for Configuring POP3 and IMAP4 Client Access
• Configuring Throttling Policies
• Configuring the Client Access Server for Internet Access
How Client Access Works
Domain
Controller
Client Access
Server
3
Mailbox
Server
4
1
2
RPC/MAPI
HTTPS
IMAP4
POP3
RPC/MAPI
How Client Access Works with Multiple Sites
Multiple Internet
Access Points
Single Internet
Access Point
Client request
is redirected
Client request
is proxied
A proxy is used for Outlook Web App,
Exchange ActiveSync, and Exchange Web Services
Redirection is used only for Outlook Web App
Deployment Options for a Client Access Server
Client Access servers:
•
Must be deployed in each AD Ds site that has
Mailbox servers
•
Must have a fast connection to Mailbox servers and
domain controllers
•
Need to be accessible from the Internet using the client
protocol in Internet-facing sites
You can deploy Client Access servers:
•
On a single server with other Exchange Server roles
•
On a dedicated server to provide scalability
•
On multiple dedicated servers in an array
Demonstration: How to Configure a Client
Access Server
In this demonstration, you will review:
• The Client Access settings for an organization
• The Client Access server settings
Securing a Client Access Server
To secure a Client Access server:

Install server certificates, and ensure that SSL is required

Configure authentication settings:
• Integrated Windows authentication
• Digest authentication
• Basic authentication
• Forms-based authentication

Protect the server with an application layer firewall
Considerations for Implementing Client Access
Server Certificates
When implementing Client Access certificates, consider:
•
Whether to use an internal or public CA
•
The client access protocols in use
•
The server names used by messaging clients
Demonstration: How to Configure Certificates for
Client Access Servers
In this demonstration, you will review:
• The New Exchange Certificate Wizard
• How to approve a certificate request
• The Subject Alternative Names in the certificate
Options for Configuring POP3 and IMAP4 Client Access
Option
Description
Bindings
Configure local server addresses
Authentication
Configure authentication options
Connection settings
Configure server connection settings
Retrieval settings
Configure message formats and calendar
retrieval settings
User access
Configure whether a user can use the protocol
Configuring Throttling Policies
Use client throttling policies to manage the performance of
your Exchange organization
When configuring throttling policies:
• Throttling Policies limit the number of RPC requests from
clients
• Default throttling policy is automatically created
• Additional policies can be created
• Consider using Delivery Class Throttling
Configuring the Client Access Server for
Internet Access
To enable Internet access to Client Access services:

Configure external URLs

Configure the external DNS names
 Configure access to Client Access virtual directories
Implement SSL certificates with multiple subject
 alternative
names

Plan for Client Access server access with multiple sites
Lesson 2: Configuring Client Access Services for
Outlook Clients
• Services Provided by a Client Access Server for Outlook
Clients
• What Is RPC Client Access Services?
• What Is Autodiscover?
• Configuring Autodiscover
• What Is the Availability Service?
• What Are MailTips?
• Demonstration: How to Configure MailTips
• What Is Outlook Anywhere?
• Demonstration: How to Configure Outlook Anywhere
• Troubleshooting Outlook Client Connectivity
Services Provided by a Client Access Server for
Outlook Clients
Service
Description
RPC Client Access
Service
Enables MAPI connectivity to user mailboxes
Autodiscover
Enables automatic configuration for Outlook
and mobile clients
Provides free or busy information
Availability
Offline Address Book
download
Provides notifications regarding issues with
sending a message
Provides offline address book download for
Outlook clients
Exchange Control
Panel
Provides an administrative interface for
accessing mailbox and recipient information
Exchange Web
Services
Provides a developer interface for accessing all
Exchange server content and settings
Outlook Anywhere
Enables RPC over HTTPS access to user
mailboxes
MailTips
What Is RPC Client Access Services?
RPC Client Access Services provides MAPI clients with ability to
connect to Client Access Server instead to Mailbox server
Mailbox
Server Role
MAPI
MAPI
Client Access
Server Role
What Is Autodiscover?
Autodiscover provides information that you can use to
configure Outlook 2007 and 2010 client profiles
Outlook 2007/2010 Autodiscover Process:
1 The client locates the Autodiscover service
The Autodiscover service on the client sends each Client
2 Access server an HTTP Post command
The appropriate Client Access server responds by returning
3 an XML file
Outlook downloads the required configuration information
4 from the Autodiscover service
Configuring Autodiscover
To configure Autodiscover:

Use the Exchange Management Shell

Configure site affinity for Exchange Servers in multiple
sites

Configure DNS records for external clients

Use Outlook's Test E-mail AutoConfiguration feature to
test

Use TestExchangeConnectivity website
What Is the Availability Service?
Availability service makes free/busy information available for
Outlook 2007, 2010 and Outlook Web App clients
Exchange
Server 2010
Exchange
Server 2003
Exchange
Server 2010
2
3
4
5
1
What Are MailTips?
MailTips provide information about a message delivery
before the message is sent
Exchange Server 2010 provides:
• Default MailTips
• Custom MailTips
The Client Access server provides the MailTips to the client
Demonstration: How to Configure MailTips
In this demonstration, you will see how to:
• Review and configure the default MailTips for an Exchange
organization
• Configure custom MailTips
• Verify that the MailTips work as expected
What Is Outlook Anywhere?
Outlook Anywhere enables RPC connections over HTTPS to an
Exchange Server 2010 server
Outlook
2003,2007 or
Outlook 2010
Client
Global Catalog
Servers
LDAP
HTTPS
Mailbox
Server
RPC
Client Access
Server
Demonstration: How to Configure Outlook Anywhere
In this demonstration, you will see how to:
• Configure Autodiscover settings
• Configure an Client Access server for Outlook Anywhere
• Configure an Outlook 2010 profile for Outlook Anywhere
• Verify Outlook Anywhere connectivity
Troubleshooting Outlook Client Connectivity
To troubleshoot Outlook Client connectivity:


Verify network connectivity

Verify DNS name resolution

Verify Exchange Server availability

Verify Client Access server certificates

Test the client autoconfiguration process
Verify client configuration
Lab A: Configuring Client Access Servers for
Outlook Anywhere Access
• Exercise 1: Configuring Client Access Servers
• Exercise 2: Configuring Outlook Anywhere
Logon information
Virtual machine
10135B-VAN-DC1
10135B-VAN-EX1
10135B-VAN-EX2
10135B-VAN-CL1
User name
Administrator
Password
Pa$$w0rd
Estimated time: 60 minutes
Lab Scenario
You are working as a messaging administrator in A. Datum
Corporation. Your organization has decided to deploy Client
Access Servers so that the servers are accessible from the
Internet for a variety of messaging clients. To ensure that the
deployment is as secure as possible, you must secure the Client
Access server, and configure a certificate on the server that will
support the messaging client connections. You also need to
configure the server to support Outlook Anywhere connections.
Lab Review
• In this lab, you configured the Client Access server to use
a certificate from an internal CA. How would the steps
change if you used a public CA?
• How would the steps in the lab change if you had two
company locations, and you had to configure Client Access
server access to both locations?
Lesson 3: Configuring Outlook Web App
• What Is Outlook Web App?
• Configuration Options for Outlook Web App
• What Is File and Data Access for Outlook Web App?
• Demonstration: How to Configure Outlook Web App
• Demonstration: How to Configure Outlook Web App
Policies
• Demonstration: How to Configure User Options by
Using the ECP
What Is Outlook Web App?
Outlook Web App allows users to access their mailboxes
through a Web browser
Outlook Web App provides:
•
Web-based access to all Exchange mailbox components
•
Secure HTTPS access from the Internet
•
An alternative to deploying a messaging client
•
Access to Exchange Server 2010 features that are not
available in Outlook 2007
Configuration Options for Outlook Web App
Configuration
Option
Description
Server
certificates
Required to enable SSL
SSL settings
Enables secure access to Outlook Web App
Authentication
Determines which clients can connect
Segmentation
settings
Determines the available features in Outlook
Web App
GZIP
compression
Enables compression of messages and
attachments
Web beacon
settings
Manages Web beacon access
Cross site silent
redirection
Redirects clients to appropriate OWA URL
What Is File and Data Access for Outlook Web App?
File and data access for Outlook Web App enables users to
access attachments on messages
With file and data access, you can configure:
•
WebReady document viewing
•
Direct file access
•
Different settings when users connect from public or
private computers
•
Restrict access to files based on file types
Demonstration: How to Configure Outlook Web App
In this demonstration, you will see how to configure:
• A server to require SSL
• Outlook Web App virtual directories
• Authentication options for Outlook Web App virtual
directories
• Gzip compression settings
• Segmentation settings
• Web beacon settings
Demonstration: How to Configure Outlook
Web App Policies
In this demonstration, you will see how to:
• Configure an Outlook Web App policy
• Assign an Outlook Web App policy to a user account
Demonstration: How to Configure User Options
Using the ECP
In this demonstration, you will see how to:
• Configure the Exchange Control Panel virtual directory
• Configure user mailbox settings through the Exchange
Control Panel
Lesson 4: Configuring Mobile Messaging
• What Is Exchange ActiveSync?
• Demonstration: How to Configure Exchange ActiveSync
• Options for Securing Exchange ActiveSync
• Mobile Device Quarantine in Exchange Server 2010
• Demonstration: How to Configure Exchange ActiveSync
Policies
What Is Exchange ActiveSync?
Exchange Active Sync is a protocol that enables mobile devices
to access Exchange Server data
1
Exchange
ActiveSync
Client
Client Access
Server
2
Mailbox
Server
3
Client Access
Server
Mailbox
Server
Demonstration: How to Configure Exchange
ActiveSync
In this demonstration, you will see how to:
• Configure the Exchange Server settings for Exchange
ActiveSync
Options for Securing Exchange ActiveSync
To secure Exchange ActiveSync:
 Configure Exchange ActiveSync policies for security

Wipe lost or stolen devices
 Enable self-service mobile device management

Ensure that SSL is required for the Exchange ActiveSync
virtual directory

Install CA root certificates on client devices
Mobile Device Quarantine in Exchange Server 2010
Exchange Server 2010 SP2 allows you to manage mobile
devices based on model or family
Each mobile device can be in one of three states:
•
Allowed
•
Blocked
•
Quarantined
You can use ECP or EMS to manage Device Access Rules
Demonstration: How to Configure Exchange
ActiveSync Policies
In this demonstration, you will see how to:
• Configure Exchange ActiveSync mailbox policies
• Configure user accounts for Exchange ActiveSync
Lab B: Configuring Client Access Servers for
Outlook Web App and Exchange ActiveSync
Exercise 1: Configuring Outlook Web App
Exercise 2: Configuring Exchange ActiveSync
Logon information
Virtual machine
10135B-VAN-DC1
10135B-VAN-EX1
10135B-VAN-EX2
10135B-VAN-CL1
User name
Administrator
Password
Pa$$w0rd
Estimated time: 50 minutes
Lab Scenario
To enable client access to the server, your organization
has decided to enable both Outlook Web App and Exchange
ActiveSync for its users. However, the security officer at
A. Datum Corporation has defined security requirements for
the Outlook Web App and Exchange ActiveSync deployment.
Therefore, you need to enable the security features for both
Outlook Web App and Exchange ActiveSync.
Lab Review
• What additional steps can you take to enhance the
security for the Outlook Web App and Exchange
ActiveSync connections in your organization?
• How would you modify the procedures in this lab if you
needed to ensure that users cannot download attachments
using Outlook Web App?
Module Review and Takeaways
• Review Questions
• Common Issues and Troubleshooting Tips
• Real-World Issues and Scenarios
• Best Practices
• Tools