Module 4
Download
1 / 44

Module 4 Managing Client Access - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Module 4 Managing Client Access. Module Overview. Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring Outlook Web App Configuring Mobile Messaging. Lesson 1: Configuring the Client Access Server Role. How Client Access Works

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Module 4 Managing Client Access' - prue


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Module 4

Managing Client Access


Module overview
Module Overview

Configuring the Client Access Server Role

Configuring Client Access Services for Outlook Clients

Configuring Outlook Web App

Configuring Mobile Messaging


Lesson 1 configuring the client access server role
Lesson 1: Configuring the Client Access Server Role

  • How Client Access Works

  • How Client Access Works with Multiple Sites

  • Deployment Options for a Client Access Server

  • Demonstration: How to Configure a Client Access Server

  • Securing a Client Access Server

  • Considerations for Implementing Client Access Server Certificates

  • Demonstration: How to Configure Certificates for Client Access Servers

  • Options for Configuring POP3 and IMAP4 Client Access

  • Configuring Throttling Policies

  • Configuring the Client Access Server for Internet Access


How client access works
How Client Access Works

Domain

Controller

3

Client Access

Server

Mailbox

Server

4

RPC/MAPI

2

1

RPC/MAPI

HTTPS

IMAP4

POP3


How client access works with multiple sites
How Client Access Works with Multiple Sites

Multiple Internet

Access Points

Single Internet

Access Point

Client request

is redirected

Client request

is proxied

  • A proxy is used for Outlook Web App, Exchange ActiveSync, and Exchange WebServices

  • Redirection is used only for Outlook Web App


Deployment options for a client access server
Deployment Options for a Client Access Server

Client Access servers:

  • Must be deployed in each AD Ds site that has Mailbox servers

  • Must have a fast connection to Mailbox servers and domain controllers

  • Need to be accessible from the Internet using the client protocol in Internet-facing sites

You can deploy Client Access servers:

  • On a single server with other Exchange Server roles

  • On a dedicated server to provide scalability

  • On multiple dedicated servers in an array


Demonstration how to configure a client access server
Demonstration: How to Configure a Client Access Server

  • In this demonstration, you will review:

  • The Client Access settings for an organization

  • The Client Access server settings


Securing a client access server
Securing a Client Access Server

To secure a Client Access server:

Install server certificates, and ensure that SSL is required

ü

  • Configure authentication settings:

    • Integrated Windows authentication

    • Digest authentication

    • Basic authentication

    • Forms-based authentication

ü

Protect the server with an application layer firewall

ü


Considerations for implementing client access server certificates
Considerations for Implementing Client Access Server Certificates

When implementing Client Access certificates, consider:

  • Whether to use an internal or public CA

  • The client access protocols in use

  • The server names used by messaging clients


Demonstration how to configure certificates for client access servers
Demonstration: How to Configure Certificates for Client Access Servers

  • In this demonstration, you will review:

  • The New Exchange Certificate Wizard

  • How to approve a certificate request

  • The Subject Alternative Names in the certificate



Configuring throttling policies
Configuring Throttling Policies Access Servers

Use client throttling policies to manage the performance of your Exchange organization

When configuring throttling policies:

  • Throttling Policies limit the number of RPC requests from clients

  • Default throttling policy is automatically created

  • Additional policies can be created

  • Consider using Delivery Class Throttling


Configuring the client access server for internet access
Configuring the Client Access Server for Internet Access Access Servers

To enable Internet access to Client Access services:

Configure external URLs

ü

Configure the external DNS names

ü

Configure access to Client Access virtual directories

ü

Implement SSL certificates with multiple subject alternative names

ü

Plan for Client Access server access with multiple sites

ü


Lesson 2 configuring client access services for outlook clients
Lesson 2: Configuring Client Access Services for Outlook Clients

Services Provided by a Client Access Server for Outlook Clients

What Is RPC Client Access Services?

What Is Autodiscover?

Configuring Autodiscover

What Is the Availability Service?

What Are MailTips?

Demonstration: How to Configure MailTips

What Is Outlook Anywhere?

Demonstration: How to Configure Outlook Anywhere

Troubleshooting Outlook Client Connectivity



What is rpc client access services
What Is RPC Client Access Services? Clients

RPC Client Access Services provides MAPI clients with ability to connect to Client Access Server instead to Mailbox server

Mailbox

Server Role

MAPI

MAPI

Client Access

Server Role


What is autodiscover
What Is Autodiscover? Clients

Autodiscover provides information that you can use to configure Outlook 2007 and 2010 client profiles

Outlook 2007/2010 Autodiscover Process:

The client locates the Autodiscover service

The Autodiscover service on the client sends each Client Access server an HTTP Post command

The appropriate Client Access server responds by returning an XML file

Outlook downloads the required configuration information from the Autodiscover service

1

2

3

4


Configuring autodiscover
Configuring Autodiscover Clients

To configure Autodiscover:

Use the Exchange Management Shell

ü

Configure site affinity for Exchange Servers in multiple sites

ü

Configure DNS records for external clients

ü

Use Outlook's Test E-mail AutoConfiguration feature to test

ü

Use TestExchangeConnectivity website

ü


What is the availability service
What Is the Availability Service? Clients

Availability service makes free/busy information available for Outlook 2007,2010 and Outlook Web App clients

Exchange

Server 2010

Exchange

Server 2003

Exchange

Server 2010

2

3

4

5

1


What are mailtips
What Are MailTips? Clients

MailTips provide information about a message delivery before the message is sent

Exchange Server 2010 provides:

  • Default MailTips

  • Custom MailTips

The Client Access server provides the MailTips to the client


Demonstration how to configure mailtips
Demonstration: How to Configure MailTips Clients

In this demonstration, you will see how to:

Review and configure the default MailTips for an Exchange organization

Configure custom MailTips

Verify that the MailTips work as expected


What is outlook anywhere
What Is Outlook Anywhere? Clients

Outlook Anywhere enables RPC connections over HTTPS to an Exchange Server 2010 server

Outlook 2003,2007 or Outlook 2010 Client

LDAP

Global Catalog

Servers

HTTPS

RPC

Mailbox

Server

Client Access

Server


Demonstration how to configure outlook anywhere
Demonstration: How to Configure Outlook Anywhere Clients

In this demonstration, you will see how to:

Configure Autodiscover settings

Configure an Client Access server for Outlook Anywhere

Configure an Outlook 2010 profile for Outlook Anywhere

Verify Outlook Anywhere connectivity


Troubleshooting outlook client connectivity
Troubleshooting Outlook Client Connectivity Clients

To troubleshoot Outlook Client connectivity:

Verify network connectivity

ü

Verify client configuration

ü

Verify DNS name resolution

ü

Verify Exchange Server availability

ü

Verify Client Access server certificates

ü

Test the client autoconfiguration process

ü


Lab a configuring client access servers for outlook anywhere access
Lab A: Configuring Client Access Servers for Outlook Anywhere Access

  • Exercise 1: Configuring Client Access Servers

  • Exercise 2: Configuring Outlook Anywhere

Logon information

Estimated time: 60 minutes


Lab scenario
Lab Scenario Anywhere Access

You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to deploy Client Access Servers so that the servers are accessible from the Internet for a variety of messaging clients. To ensure that the deployment is as secure as possible, you must secure the Client Access server, and configure a certificate on the server that will support the messaging client connections. You also need to configure the server to support Outlook Anywhere connections.


Lab review
Lab Review Anywhere Access

  • In this lab, you configured the Client Access server to use a certificate from an internal CA. How would the steps change if you used a public CA?

  • How would the steps in the lab change if you had two company locations, and you had to configure Client Access server access to both locations?


Lesson 3 configuring outlook web app
Lesson 3: Configuring Outlook Web App Anywhere Access

What Is Outlook Web App?

Configuration Options for Outlook Web App

What Is File and Data Access for Outlook Web App?

Demonstration: How to Configure Outlook Web App

Demonstration: How to Configure Outlook Web App Policies

Demonstration: How to Configure User Options by Using the ECP


What is outlook web app
What Is Outlook Web App? Anywhere Access

Outlook Web App allows users to access their mailboxes through a Web browser

Outlook Web App provides:

  • Web-based access to all Exchange mailbox components

  • Secure HTTPS access from the Internet

  • An alternative to deploying a messaging client

  • Access to Exchange Server 2010 features that are not available in Outlook 2007



What is file and data access for outlook web app
What Is File and Data Access for Outlook Web App? Anywhere Access

File and data access for Outlook Web App enables users to access attachments on messages

With file and data access, you can configure:

  • WebReady document viewing

  • Direct file access

  • Different settings when users connect from public or private computers

  • Restrict access to files based on file types


Demonstration how to configure outlook web app
Demonstration: How to Configure Outlook Web App Anywhere Access

  • In this demonstration, you will see how to configure:

  • A server to require SSL

  • Outlook Web App virtual directories

  • Authentication options for Outlook Web App virtual directories

  • Gzip compression settings

  • Segmentation settings

  • Web beacon settings


Demonstration how to configure outlook web app policies
Demonstration: How to Configure Outlook Web App Policies Anywhere Access

  • In this demonstration, you will see how to:

  • Configure an Outlook Web App policy

  • Assign an Outlook Web App policy to a user account


Demonstration how to configure user options using the ecp
Demonstration: How to Configure User Options Using the ECP Anywhere Access

  • In this demonstration, you will see how to:

  • Configure the Exchange Control Panel virtual directory

  • Configure user mailbox settings through the Exchange Control Panel


Lesson 4 configuring mobile messaging
Lesson 4: Configuring Mobile Messaging Anywhere Access

What Is Exchange ActiveSync?

Demonstration: How to Configure Exchange ActiveSync

Options for Securing Exchange ActiveSync

Mobile Device Quarantine in Exchange Server 2010

Demonstration: How to Configure Exchange ActiveSync Policies


What is exchange activesync
What Is Exchange ActiveSync? Anywhere Access

Exchange Active Sync is a protocol that enables mobile devices to access Exchange Server data

1

Exchange ActiveSync

Client

2

Client Access

Server

Mailbox

Server

3

Client Access

Server

Mailbox

Server


Demonstration how to configure exchange activesync
Demonstration: How to Configure Exchange ActiveSync Anywhere Access

In this demonstration, you will see how to:

Configure the Exchange Server settings for Exchange ActiveSync


Options for securing exchange activesync
Options for Securing Exchange ActiveSync Anywhere Access

To secure Exchange ActiveSync:

Configure Exchange ActiveSync policies for security

ü

Wipe lost or stolen devices

ü

Enable self-service mobile device management

ü

Ensure that SSL is required for the Exchange ActiveSync virtual directory

ü

ü

Install CA root certificates on client devices


Mobile device quarantine in exchange server 2010
Mobile Device Quarantine in Exchange Server 2010 Anywhere Access

Exchange Server 2010 SP2 allows you to manage mobile devices based on model or family

Each mobile device can be in one of three states:

  • Allowed

  • Blocked

  • Quarantined

You can use ECP or EMS to manage Device Access Rules


Demonstration how to configure exchange activesync policies
Demonstration: How to Configure Exchange ActiveSync Policies Anywhere Access

  • In this demonstration, you will see how to:

  • Configure Exchange ActiveSync mailbox policies

  • Configure user accounts for Exchange ActiveSync


Lab b configuring client access servers for outlook web app and exchange activesync
Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync

Exercise 1: Configuring Outlook Web App

Exercise 2: Configuring Exchange ActiveSync

Logon information

Estimated time: 50 minutes


Lab scenario1
Lab Scenario and Exchange ActiveSync

To enable client access to the server, your organization has decided to enable both Outlook Web App and Exchange ActiveSync for its users. However, the security officer at A. Datum Corporation has defined security requirements for the Outlook Web App and Exchange ActiveSync deployment. Therefore, you need to enable the security features for both Outlook Web App and Exchange ActiveSync.


Lab review1
Lab Review and Exchange ActiveSync

What additional steps can you take to enhance the security for the Outlook Web App and Exchange ActiveSync connections in your organization?

How would you modify the procedures in this lab if you needed to ensure that users cannot download attachments using Outlook Web App?


Module review and takeaways
Module Review and Takeaways and Exchange ActiveSync

  • Review Questions

  • Common Issues and Troubleshooting Tips

  • Real-World Issues and Scenarios

  • Best Practices

  • Tools


ad