Deploy the Office Communicator Web Access Server

Microsoft® Office Communicator Web Access (2007 release) is a server that provides access through a browser-based client to Microsoft Office Communications Server 2007.

This reference architecture includes instructions for installing a single Communicator Web Access Server; however, other topologies are available which provide high availability features and increased capacity. Review the Microsoft Office Communicator Web Access (2007 release) Planning and Deployment Guide before you begin your deployment to determine which architecture is right for your planned offering.

Tasks

Planning for Certificates
Install Prerequisites for Office Communicator Web Access Server
Request and install the MTLS Certificate
Request and Install the SSL Certificate
Disable the Default Website on OCSCOMWEB01
Install the Communicator Web Access Server
Activate the Communicator Web Access Server
Create Virtual Server
Publish the Communicator Web Access Server to the Web for Remote User Access
Create an external DNS host record for the Communicator Web Access Web site
Validate and Test Communicator Web Access Server Configuration

Planning for Certificates

Communicator Web Access uses digital certificates to authenticate servers and users. Before you install Communicator Web Access, you must configure the computer with trusted certificates for MTLS (mutual Transport Layer Security) and Secure Sockets Layer (SSL):

MTLS certificate. An MTLS certificate is required on all Communicator Web Access servers and on any load balancer that is associated with an array of Communicator Web Access servers. The MTLS certificate is used to authenticate connections between Communicator Web Access and Office Communications Server 2007. All MTLS certificates must be issued by the same trusted certification authority that issued the MTLS certificates on Office Communications Server 2007.
SSL certificate. An SSL certificate is required on all Communicator Web Access servers and on any load balancer that is associated with an array of Communicator Web Access servers. The SSL (Secure Sockets Layer) certificate is used by clients that are connecting to the Communicator Web Access server. Each virtual server that is configured with HTTPS (HTTP with SSL) must have an SSL certificate. The CA that issues the SSL certificate for Communicator Web Access does not have to be the same one that issues the Office Communications Server 2007 MTLS certificates.

Install Prerequisites for Office Communicator Web Access Server

Procedure W03-DWHO.46: To install prerequisites for Office Communicator Web Access server

Install the 32-bit version of Windows Server 2003 R2 Standard Edition with SP2 on OCSCOMWEB01.
Install IIS and ASP.NET.
Install the Microsoft .NET Framework 2.0 with SP1.
Install the Windows Server 2003 Support Tools.
Join the Fabrikam domain.

Request and install the MTLS Certificate

Procedure W03-DWHO.47: To request and install the MTLS certificate

Log on to OCSCOMWEB01 as Fabrikam\Administrator. Start Microsoft Internet Explorer and browse to http://pkiroot/certsrv.
Select Request a Certificate.
Select Advanced certificate request.
Select Create and submit a request to this CA.
In the Certificate Template list, select Web Server.
Under Identifying Information for Offline Template, in the Name text box, type the FQDN of the Communicator Web Access server (for example, ocscomweb01.fabrikam.com).
In the Key Options area, select the Store certificate in the local computer certificate store check box, and then click Submit. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes (required to continue).
On the Certificate Issued page, click Install this certificate. If a potential scripting violation warning appears, and you understand and accept the implications, click Yes (required to continue).

Request and Install the SSL Certificate

Procedure W03-DWHO.48: To request and install the SSL certificate

Follow the steps in Microsoft Knowledge Base article KB 298805 How to enable SSL for all customers who interact with your Web site in Internet Information Services in order to request and install an SSL certificate that will be used for Communicator Web Access Web site. For the purposes of this reference architecture, the common name for this certificate should be ocsweb.consolidatedmessenger.com

Note:
Do not bind this SSL certificate to the default Web site on OCSCOMWEB01. Instead, simply install it into the local certificate store. Later, you will specify this certificate when running the Communicator Web Access activation wizard.

Disable the Default Website on OCSCOMWEB01

The Communicator Web Access activation wizard will create a new Web site that listens on ports 80 and 443. In order to avoid port conflicts, you should disable the default Web site.

Procedure W03-DWHO.49: To disable the default Website on OCSCOMWEB01

Log on to OCSCOMWEB01 as Fabrikam\Administrator, and start the Internet Information Server (IIS) Manager.
Expand OCSCOMWEB01, and then expand Web Sites.
Right-click Default Web Site and click Stop.

Install the Communicator Web Access Server

Procedure W03-DWHO.50: To install the Communicator Web Access server

Log on to OCSCOMWEB01 as Fabrikam\Administrator.
Run Setup.exe from the Office Communications Server 2007 Enterprise Edition media to start the Office Communications Server 2007 deployment wizard.

Note:

If you are prompted to install a C++ Redistributable component, do so.
Select Deploy Other Server Roles, and then select Deploy Communicator Web Access to open the Deploy Communicator Web Access page.
Next to Step 1: Install Communicator Web Access, click Run.
Follow the steps in the installation wizard to install the Communicator Web Access Server role.

Note:
If you are prompted to install a C++ Redistributable component, do so.

Activate the Communicator Web Access Server

Procedure W03-DWHO.51: To activate the Communicator Web Access server

On OCSCOMWEB01, from the Office Communications Server 2007 deployment wizard, on the Deploy Communicator Web Access page, next to Step 2:Activate Communicator Web Access, click Run.
At the Select domain service account screen, select Create an account, and accept the default account name of CWAService. Enter a password that meets your password complexity requirements.
At the Select a Server Certificate screen, click Select Certificate and select the certificate that matches the FQDN of the server (for example, ocscomweb01.fabrikam.com).
When the wizard is complete, click View log check to verify a successful Communicator Web Access activation.

Create Virtual Server

Procedure W03-DWHO.52: To create virtual server

On OCSCOMWEB01, from the Office Communications Server 2007 deployment wizard, on the Deploy Communicator Web Access page, next to Step 3:Create Virtual Server, click Run.
At the Select Virtual Server Type screen, select External.
At the Select Authentication Type screen, select Use built-in authentication.
At the Select Browser Connection Type screen, select HTTPS (recommended) and click Select Certificate.
Select the certificate that matches the FQDN that external clients will use to connect to Communicator Web Access (for example, ocsweb.consolidatedmessenger.com).
At the Select IP address and port setting screen, select (All Unassigned). Accept the default port of 443.
At the Name the Virtual Server page, specify the name as: Communicator Web Access (external).
At the Automatically Start Virtual Server page, select Start this virtual server after the Create Virtual Server Wizard finishes.
When the wizard is complete, click View log check to verify a successful virtual server creation.

Publish the Communicator Web Access Server to the Web for Remote User Access

Remote users sign in to Communicator Web Access by using a virtual server that has been configured for external users, as described in the previous procedures. If you do not intend to use single sign-on (SSO), any reverse proxy server can be used to Web publish a Communicator Web Access virtual server.

Procedure W03-DWHO.53: To publish the Communicator Web Access Server to the Web for remote user access

Follow the steps under Publishing a Virtual Server to the Web for Remote User Access in the document Microsoft Office Communicator Web Access (2007 release) Planning and Deployment Guide in order to create a web server publishing rule (also known as a reverse proxy rule) to publish the Communicator Web Access server to the Internet.

Create an external DNS host record for the Communicator Web Access Web site

Procedure W03-DWHO.54: To create an external DNS host record for the Communicator Web Access Web site

Open the DNS MMC on DNS01.

Create the following host (A) record in the consolidatedmessenger.com DNS Zone according to the following table:

Host Record	IP Address	Description
ocsweb.consolidatedmessenger.com	(IP Address of Reverse Proxy web publishing rule on firewall)	Reverse Proxy for Communicator Web Access Web site

Validate and Test Communicator Web Access Server Configuration

Procedure W03-DWHO.55: To log on to Communicator Web Access

Log on to a computer which uses DNS01 for name resolution.
Start Microsoft Internet Explorer and browse to https://ocsweb.consolidatedmessenger.com/
On the Sign In page, enter administrator@fabrikam.com for the user ID, and then enter the password for this account. Click Sign In.