Microsoft® Office Communicator Web Access (2007 release) is a server that provides access through a browser-based client to Microsoft Office Communications Server 2007.
This reference architecture includes instructions for installing a single Communicator Web Access Server; however, other topologies are available which provide high availability features and increased capacity. Review the Microsoft Office Communicator Web Access (2007 release) Planning and Deployment Guide before you begin your deployment to determine which architecture is right for your planned offering.
Tasks
- Planning for Certificates
- Install Prerequisites for Office Communicator Web Access
Server
- Request and install the MTLS Certificate
- Request and Install the SSL Certificate
- Disable the Default Website on OCSCOMWEB01
- Install the Communicator Web Access Server
- Activate the Communicator Web Access Server
- Create Virtual Server
- Publish the Communicator Web Access Server to the Web for
Remote User Access
- Create an external DNS host record for the Communicator Web
Access Web site
- Validate and Test Communicator Web Access Server
Configuration
Planning for Certificates
Communicator Web Access uses digital certificates to authenticate servers and users. Before you install Communicator Web Access, you must configure the computer with trusted certificates for MTLS (mutual Transport Layer Security) and Secure Sockets Layer (SSL):
- MTLS certificate. An MTLS certificate is required on all
Communicator Web Access servers and on any load balancer that is
associated with an array of Communicator Web Access servers. The
MTLS certificate is used to authenticate connections between
Communicator Web Access and Office Communications Server 2007.
All MTLS certificates must be issued by the same trusted
certification authority that issued the MTLS certificates on Office
Communications Server 2007.
- SSL certificate. An SSL certificate is required on all
Communicator Web Access servers and on any load balancer that is
associated with an array of Communicator Web Access servers. The
SSL (Secure Sockets Layer) certificate is used by clients that are
connecting to the Communicator Web Access server. Each virtual
server that is configured with HTTPS (HTTP with SSL) must have an
SSL certificate. The CA that issues the SSL certificate for
Communicator Web Access does not have to be the same one that
issues the Office Communications Server 2007 MTLS
certificates.
Install Prerequisites for Office Communicator Web Access Server
Procedure W03-DWHO.46: To install prerequisites for Office Communicator Web Access server
-
Install the 32-bit version of Windows Server 2003 R2 Standard Edition with SP2 on OCSCOMWEB01.
-
Install IIS and ASP.NET.
-
Install the Microsoft .NET Framework 2.0 with SP1.
-
Install the Windows Server 2003 Support Tools.
-
Join the Fabrikam domain.
Request and install the MTLS Certificate
Procedure W03-DWHO.47: To request and install the MTLS certificate
-
Log on to OCSCOMWEB01 as Fabrikam\Administrator. Start Microsoft Internet Explorer and browse to http://pkiroot/certsrv.
-
Select Request a Certificate.
-
Select Advanced certificate request.
-
Select Create and submit a request to this CA.
-
In the Certificate Template list, select Web Server.
-
Under Identifying Information for Offline Template, in the Name text box, type the FQDN of the Communicator Web Access server (for example, ocscomweb01.fabrikam.com).
-
In the Key Options area, select the Store certificate in the local computer certificate store check box, and then click Submit. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes (required to continue).
-
On the Certificate Issued page, click Install this certificate. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes (required to continue).
Request and Install the SSL Certificate
Procedure W03-DWHO.48: To request and install the SSL certificate
-
Follow the steps in Microsoft Knowledge Base article KB 298805 How to enable SSL for all customers who interact with your Web site in Internet Information Services in order to request and install an SSL certificate that will be used for Communicator Web Access Web site. For the purposes of this reference architecture, the common name for this certificate should be ocsweb.consolidatedmessenger.com
Note: |
---|
Do not bind this SSL certificate to the default Web site on OCSCOMWEB01. Instead, simply install it into the local certificate store. Later, you will specify this certificate when running the Communicator Web Access activation wizard. |
Disable the Default Website on OCSCOMWEB01
The Communicator Web Access activation wizard will create a new Web site that listens on ports 80 and 443. In order to avoid port conflicts, you should disable the default Web site.
Procedure W03-DWHO.49: To disable the default Website on OCSCOMWEB01
-
Log on to OCSCOMWEB01 as Fabrikam\Administrator, and start the Internet Information Server (IIS) Manager.
-
Expand OCSCOMWEB01, and then expand Web Sites.
-
Right-click Default Web Site and click Stop.
Install the Communicator Web Access Server
Procedure W03-DWHO.50: To install the Communicator Web Access server
-
Log on to OCSCOMWEB01 as Fabrikam\Administrator.
-
Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard.
Note: If you are prompted to install a C++ Redistributable component, do so. -
Select Deploy Other Server Roles, and then select Deploy Communicator Web Access to open the Deploy Communicator Web Access page.
-
Next to Step 1: Install Communicator Web Access, click Run.
-
Follow the steps in the installation wizard to install the Communicator Web Access Server role.
Activate the Communicator Web Access Server
Procedure W03-DWHO.51: To activate the Communicator Web Access server
-
On OCSCOMWEB01, from the Office Communications Server 2007 deployment wizard, on the Deploy Communicator Web Access page, next to Step 2:Activate Communicator Web Access, click Run.
-
At the Select domain service account screen, select Create an account, and accept the default account name of CWAService. Enter a password that meets your password complexity requirements.
-
At the Select a Server Certificate screen, click Select Certificate and select the certificate that matches the FQDN of the server (for example, ocscomweb01.fabrikam.com).
-
When the wizard is complete, click View log check to verify a successful Communicator Web Access activation.
Create Virtual Server
Procedure W03-DWHO.52: To create virtual server
-
On OCSCOMWEB01, from the Office Communications Server 2007 deployment wizard, on the Deploy Communicator Web Access page, next to Step 3:Create Virtual Server, click Run.
-
At the Select Virtual Server Type screen, select External.
-
At the Select Authentication Type screen, select Use built-in authentication.
-
At the Select Browser Connection Type screen, select HTTPS (recommended) and click Select Certificate.
-
Select the certificate that matches the FQDN that external clients will use to connect to Communicator Web Access (for example, ocsweb.consolidatedmessenger.com).
-
At the Select IP address and port setting screen, select (All Unassigned). Accept the default port of 443.
-
At the Name the Virtual Server page, specify the name as: Communicator Web Access (external).
-
At the Automatically Start Virtual Server page, select Start this virtual server after the Create Virtual Server Wizard finishes.
-
When the wizard is complete, click View log check to verify a successful virtual server creation.
Publish the Communicator Web Access Server to the Web for Remote User Access
Remote users sign in to Communicator Web Access by using a virtual server that has been configured for external users, as described in the previous procedures. If you do not intend to use single sign-on (SSO), any reverse proxy server can be used to Web publish a Communicator Web Access virtual server.
Procedure W03-DWHO.53: To publish the Communicator Web Access Server to the Web for remote user access
-
Follow the steps under Publishing a Virtual Server to the Web for Remote User Access in the document Microsoft Office Communicator Web Access (2007 release) Planning and Deployment Guide in order to create a web server publishing rule (also known as a reverse proxy rule) to publish the Communicator Web Access server to the Internet.
Create an external DNS host record for the Communicator Web Access Web site
Procedure W03-DWHO.54: To create an external DNS host record for the Communicator Web Access Web site
-
Open the DNS MMC on DNS01.
-
Create the following host (A) record in the consolidatedmessenger.com DNS Zone according to the following table:
Host Record
IP Address
Description
ocsweb.consolidatedmessenger.com
(IP Address of Reverse Proxy web publishing rule on firewall)
Reverse Proxy for Communicator Web Access Web site
Validate and Test Communicator Web Access Server Configuration
Procedure W03-DWHO.55: To log on to Communicator Web Access
-
Log on to a computer which uses DNS01 for name resolution.
-
Start Microsoft Internet Explorer and browse to https://ocsweb.consolidatedmessenger.com/
-
On the Sign In page, enter administrator@fabrikam.com for the user ID, and then enter the password for this account. Click Sign In.