When you install the Client Access server role on an Exchange server,
Outlook Web App and Exchange ActiveSync are automatically configured
for use. This makes them fairly easy to manage, but there are some
essential concepts you need to know to manage these implementations more
effectively. This section explains these concepts.
1. Using Outlook Web App and Exchange ActiveSync with IIS
IIS handles incoming requests to a Web site within the context of a
Web application. A Web application is a software program that delivers
content to users over HTTP or HTTPS. Each Web site has a default Web
application and one or more additional Web applications associated with
it. The default Web application handles incoming requests that you
haven't assigned to other Web applications. Additional Web applications
handle incoming requests that specifically reference the application.
When you install a Client Access server, virtual directories and Web
applications are installed to support various Exchange services. Each
Web application must have a root virtual directory associated with it.
The root virtual directory sets the application's name and maps the
application to the physical directory that contains the application's
content. Typically, the default Web application is associated with the
root virtual directory of the Web site and any additional virtual
directories you've created but haven't mapped to other applications.
In the default configuration, the default application handles an
incoming request for the / directory of a Web site as well as other
named virtual directories. IIS maps references to / and other virtual
directories to the physical directory that contains the related content.
For the / directory of the default Web site, the default physical
directory is %SystemRoot%/inetpub/wwwroot.
In most cases, you only need to open port 443 on your organization's
firewall to allow users to access Exchange data hosted by IIS. Then you
simply tell users the Uniform Resource Locator (URL) that they need to
type in their browser's Address field or in their smart phone's browser.
Users can then access Outlook Web App or Exchange ActiveSync when
they're off-site. The URLs for Outlook Web App and Exchange ActiveSync
are different. The Outlook Web App URL is https://yourserver.yourdomain.com/owa, and the Exchange ActiveSync URL is https://yourserver.yourdomain.com/Microsoft-Server-ActiveSync. Generally, however, the address users enter for both matches the OWA address.
You can configure Outlook Web App and Exchange ActiveSync for
single-server and multi-server environments. In a single-server
environment, you use one Client Access server for all your Web and
mobile access needs. In a multiple server environment, you could
instruct users to access different URLs to access different Client
Access servers, or you could use a technique such as Round Robin Domain
Name System (DNS) to load-balance between multiple servers
automatically while giving all users the same access URLs. However, for
optimal scalability and availability, you should configure a Client
Access server (CAS) array and then use a software or hardware load
balancer.
You can use Outlook Web App and Exchange
ActiveSync with firewalls. You configure your network to use a
perimeter network with firewalls in front of the designated Client Access servers and then open port 443 to your Client Access servers or to the URL for the CAS array.
2. Working with Virtual Directories and Web Applications
When you install a Client Access server, Exchange Setup installs and configures virtual directories and Web applications for use. The virtual directories and Web
applications allow authenticated users to access their messaging data
from the Web. In the Exchange Management Shell, you can use the Get-OWAVirtualDirectory cmdlet to view information about OWA virtual directories, the New-OWAVirtualDirectory cmdlet to create an OWA directory if one does not exist, the Remove-OWAVirtualDirectory cmdlet to remove an OWA directory, and the Test-OWAConnectivity
cmdlet to test OWA connectivity. There are similar sets of commands for
ActiveSync, Autodiscover, ECP, OAB, Windows PowerShell, and Web
services. If you examine the virtual directory structure for the default Web site, you'll find several important virtual directories and Web applications, including
-
Autodiscover
Autodiscover is used to provide the Autodiscover service for all
clients. By default, this directory is configured for anonymous
authentication and integrated Windows authentication. -
ECP The Exchange
Control Panel (ECP) is used for Web-based administration of Exchange and
end-user self-service. By default, this directory is configured for
anonymous authentication and basic authentication. -
EWS
Exchange
Web Services (EWS) is used to enable applications to interact with
Exchange mailboxes and messaging items using HTTPS. By default, this
directory is configured for anonymous authentication and basic
authentication. -
Microsoft-Server-ActiveSync
Microsoft-Server-ActiveSync is the directory to which Exchange
ActiveSync users connect to access their Exchange data. By default, this
virtual directory is configured for Basic authentication. -
OAB OAB is the
directory that provides the offline address book (OAB) to clients. By
default, this directory is configured for integrated Windows
authentication. -
OWA OWA is the
directory to which users connect with their Web browsers to start an
Outlook Web App session. By default, this directory is configured for
basic authentication. -
PowerShell
PowerShell is the directory to which the Exchange Management tools
connect for remote administration. By default, this directory is
configured for anonymous authentication. -
Public
Public is the
directory to which users connect to access the default Public Folders
tree. By default, this directory is configured for both basic and
integrated Windows authentication, with the default domain set to the
pre–Windows 2000 domain name, such as ADATUM.
This section examines key tasks that you use to manage IIS, virtual directories, and Web applications.
3. Enabling and Disabling Outlook Web App Features
Microsoft uses the term segmentation to refer to your ability to enable and disable the various features within Outlook Web App. Segmentation
settings applied to the OWA virtual directory on Client Access servers
control the features available to users. If a server has multiple OWA virtual directories or you have multiple Client Access servers, you must configure each directory and server separately. Table 1 provides a summary of the segmentation features that are enabled by default for use with Outlook Web App.
Table 1. An Overview of Segmentation Features
FEATURE |
WHEN THIS FEATURE IS ENABLED, USERS CAN |
---|
All Address Lists |
View all the available address lists. When this feature is disabled, users can view only the default global address list. |
Calendar |
Access their calendars in Outlook Web App. |
Change Password |
Change their passwords in Outlook Web App. |
Contacts |
Access their contacts in Outlook Web App. |
E-Mail Signature |
Customize their signatures and include a signature in outgoing messages. |
Exchange ActiveSync Integration |
Remove mobile devices, initiate mobile wipe, view their device passwords, and review their mobile access logs. |
Instant Messaging |
Access Instant Messaging in Outlook Web App. |
Journal |
Access their journals in Outlook Web App. |
Junk E-Mail Filtering |
Filter junk e-mail using Outlook Web App. |
Notes |
Access their notes in Outlook Web App. |
Premium Client |
Use Premium features if users have a Premium access license. Otherwise, a client can use only OWA light. |
Public Folders |
Browse and read items in public folders using Outlook Web App. |
Recover Deleted Items |
View items that have been deleted from Deleted Items and choose whether to recover them. |
Reminders And Notifications |
Receive new e-mail notifications, task reminders, calendar reminders, and automatic folder updates. |
Rules |
Customize rules in Outlook Web App. |
S/MIME |
Download the S/MIME control and use it to read and compose signed and encrypted messages (Internet Explorer only). |
Search Folders |
Access their Search folders in Outlook Web App. |
Spelling Checker |
Access the spelling checker in Outlook Web App. |
Tasks |
Access their tasks in Outlook Web App. |
Text Messaging |
Send and receive text messages in Outlook Web App. |
Theme Selection |
Change the color scheme in Outlook Web App. |
Unified Messaging Integration |
Access their voice mail and faxes in Outlook Web App. They can also configure voice mail options. |
You can enable or disable segmentation features by completing the following steps:
-
In the Exchange Management Console, expand the Server Configuration node, and then select the Client Access node. -
In the upper portion of the details pane, you'll see a list of your
organization's Client Access servers. Select the server you want to
configure, as shown in Figure 1.
-
In the lower portion of the details pane, you'll see a list of option
tabs for the selected server. On the Outlook Web App tab, right-click
the virtual directory for which you want to implement segmentation, and then select Properties. Typically, you'll want to configure the OWA virtual directory on the Default Web Site, as this directory is used by default for Outlook Web App. -
On the Segmentation
tab, select a feature you want to enable or disable. Click Enable to
enable the feature. Click Disable to disable the feature. Click OK.
In the Exchange Management Shell, you can enable or disable segmentation features using the Set-OWAVirtualDirectory cmdlet. To enable or disable these features for individual users, use the Set-CASMailbox cmdlet.
4. Configuring Ports, IP Addresses, and Host Names Used by Web Sites
Each Web site hosted by IIS has one or more bindings.
A binding is a unique combination of ports, IP addresses, and host
names that identifies a Web site. For unsecure connections, the default
port is TCP port 80. For secure connections, the default port is TCP
port 443. The default IP address setting is to use any available IP
address. The default host name is the Client Access server's DNS name.
Normally, you won't want to multihome a Client Access server. However, when the server is multihomed,
or when you use it to provide Outlook Web App or Exchange ActiveSync
services for multiple domains, the default configuration isn't ideal. On
a multihomed server, you'll usually want messaging protocols to respond
only on a specific IP address. To do this, you need to change the
default settings. On a server that provides Outlook Web App and Exchange
ActiveSync services for multiple domains, you'll usually want to
specify an additional host name for each domain.
When you are working with IIS 7.0 or IIS 7.5, you can change the identity of a Web site by completing the following steps:
-
If you want the Web site to use a new IP address, you must configure the IP address before trying to specify it on the Web site. -
Start IIS Manager. Click Start, point to Programs or All Programs as
appropriate, point to Administrative Tools, and select Internet
Information Services (IIS) Manager.
Note
By default, IIS Manager connects to the services running on the local
computer. If you want to connect to a different server, select the
Start Page node in the left pane and then click the Connect to a Server
link. This starts the Connect To Server Wizard. Follow the prompts to
connect to the remote server.
-
In IIS Manager, double-click the entry for the server with which you want to work, and then double-click Sites. -
In the left pane, select the Web site that you want to manage, and then select Bindings on the Actions pane. -
As Figure 2 shows, you can now use the Site Bindings dialog box to configure multiple bindings for the Web site.
-
Use the Site Bindings dialog box to manage the site's bindings by using the following settings:
-
Add Adds a new
identity. To add a new identity, click Add. In the Add Site Binding
dialog box, select the binding type, IP address, and TCP port to use.
Optionally, type a host header name or select an Secure Sockets Layer (SSL) certificate as appropriate for the binding type. Click OK when you have finished. -
Edit Allows you to
edit the currently selected identity. To edit an identity, click the
identity, and then click Edit. In the Edit Site Binding dialog box,
select an IP address and TCP port to use. Optionally, type a host header
name or select an SSL certificate as appropriate for the binding type.
Click OK when you have finished. -
Remove Allows you
to remove the currently selected identity. To remove an identity, click
the identity, and then click Remove. When prompted to confirm, click
Yes. -
Browse Allows you
to test an identity. To test an identity, click the identity, and then
click Browse. IIS Manager then opens a browser window and connects to
the selected binding.
-
Click OK twice.
|