Chapter 9
Upcoming SlideShare
Loading in...5
×
 

Chapter 9

on

  • 705 views

 

Statistics

Views

Total Views
705
Views on SlideShare
705
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Briefly describe the topics covered in the chapter. Refer to the objective list at the beginning of Chapter 7. Microsoft Exchange Server 2003 runs as a virtual server in a clustering environment, because any node in a cluster can assume control of a virtual server. Exchange Server 2003 Internet protocol virtual servers include Simple Mail Transfer Protocol (SMTP) virtual servers, Hypertext Transfer Protocol (HTTP) virtual servers, Internet Message Access Protocol version 4 (IMAP4) virtual servers, Post Office Protocol version 3 (POP3) virtual servers, and Network News Transfer Protocol (NNTP) virtual servers.
  • These topics are discussed in later slides.
  • The default HTTP virtual server is called the Exchange virtual server. It is created by Internet Information Services (IIS), is configured using IIS Manager, and is used to administer the default Web site and (by default) to support Microsoft Outlook Web Access (OWA) clients. The NNTP, IMAP4, and POP3 virtual servers are disabled by default because the relevant services are stopped. Demonstrate how to enable the three services and set their startup type to Automatic.
  • Windows clustering is typically used on back-end Exchange Server 2003 servers, whereas network load balancing is typically used on front-end Exchange Server 2003 servers. This was discussed in Chapter 4.
  • The System Attendant resource installs the other Exchange resources that are required. Refer students to Table 7-1 in the textbook. Emphasize that there can be only one message transfer agent (MTA) per cluster.
  • This slide summarizes information given in the textbook. The SMTP virtual server does not have a Secure Sockets Layer (SSL) port assigned because it uses Transport Layer Security (TLS) for encryption. Demonstrate using Exchange System Manager to assign the Local Area Connection IP address to the POP3, IMAP4, NNTP, and SMTP default virtual servers. Demonstrate using IIS Manager to assign the Local Area Connection IP address to the default Web site, and explain that you are configuring the Exchange (default HTTP) virtual server when you do this. Point out the port configurations but do not change them.
  • Demonstrate virtual server configuration later. Explain that POP3 servers on front-end Exchange servers use basic authentication, and this cannot be changed. Refer students to the note titled “Microsoft Windows Server 2003 POP3 Service” in the textbook. Before a POP3 client can connect to a server, a mailbox-enabled user must be created in Active Directory for the client.
  • SMTP is used to send e-mail messages. POP3 and IMAP4 allow users to access their incoming mail. Refer students to the note titled “IMAP4 Versus POP3” in the textbook.
  • Students can also specify the users who are permitted to administer a virtual server by specifying the accounts that are authorized to modify server settings. Integrated Windows Authentication is available for an NNTP virtual server but it is not a practical option in many newsgroup scenarios.
  • You will demonstrate virtual server configuration later.
  • The next slide lists the facilities provided by HTTP and Web Distributed Authoring and Versioning (WebDAV).
  • Refer students to Table 7-2 in the textbook. Demonstrate using a Web browser to access a public folder and a user mailbox.
  • SMTP works closely with Domain Name System (DNS), particularly with Mail Exchanger (MX) records. Domain administration is not typically performed on the SMTP virtual server. Students can manage local domains through recipient policies and implement most of the configuration they require for sending e-mail to remote domains at the SMTP Connector. This is discussed in Chapter 8. If students’ Exchange organizations support POP3 and IMAP4 clients, they need to permit open relaying for these clients. They do not want to permit open relaying for an entire Exchange organization because this permits the propagation of junk mail. This is discussed further in Chapter 8.
  • The Exchange virtual server is configured using IIS Manager to configure the default Web site. Show the configuration settings. On the Web Site tab, in the IP Address drop-down list, select the Local Area Connection IP address. Do not change any other settings. Do not configure authentication. You will be discussing authentication later in the lecture.
  • Refer students to Table 7-3 in the textbook. Create an additional virtual server called HTTP_server1. If possible give it the IP address of Local Area Connection 2. Click Advanced and assign a host name of Virtual. If you cannot differentiate the virtual server by IP address then you can instead assign a TCP port (for example, 8080). If you have a public folder, provide an access path to it on the Access tab. Demonstrate but do not alter the SMTP mailbox domain. Emphasize that it is not good practice to differentiate a virtual server by host name only.
  • Demonstrate how Exchange System Manager is used to configure an additional HTTP virtual server. Emphasize that it is necessary first to pause the virtual server. Configure the number of concurrent connections and the number of seconds that must elapse before an unsuccessful connection times out. On the Access tab, explain Read, Write, Script source access, and Directory browsing permissions and show students how they can allow users to view script code, restrict users from executing scripts, allow users to execute scripts but not executables, and allow users to execute both scripts and executables. On the Settings tab, enable Forms-Based Authentication for OWA and select a compression level. You will be discussing other authentication settings later.
  • The procedures for creating additional POP3, IMAP4, and SMTP virtual servers are almost identical. You will therefore create an additional POP3 virtual server, but not additional IMAP4 and SMTP virtual servers. Instead, demonstrate the configuration options on the default IMAP4 and SMTP virtual servers Explain that, apart from HTTP protocol servers, the procedures for configuring additional virtual servers are the same as those for configuring default virtual servers. Create an additional POP3 virtual server. If possible, assign the IP address of Local Area Connection 2.
  • Configure the additional POP3 virtual server. Point out that a newly created additional POP3 virtual server is disabled. If, however, students wanted to reconfigure a running virtual server, they would first need to pause it. Quickly demonstrate the configuration options that are the same for the additional HTTP virtual server. Demonstrate the settings that allow only a specified computer, group of computers, or domain to access the virtual server. Show the Format tab. Point out that POP3 servers can support Macintosh clients. Explain that if students specify the format incorrectly, they might get blank or incorrect characters in a message. If, however, they specify Rich-Text Format (RTF) and client computers do not support it, e-mail messages will have a Winmail.dat attachment. Point out that there is a note to this effect in the textbook. Show the Calendaring tab, and explain that the server that POP3 clients connect to for OWA is, by default, a back-end server.
  • Remind students that you have not created an additional IMAP4 virtual server and are instead configuring the default IMAP4 virtual server. The virtual server must therefore be paused (if started) before configuration. Show that most of the configuration is the same as for POP3 virtual servers. On the General tab, indicate the controls that specify fast message retrieval and whether to include all public folders when a folder list is requested. On the Message Format tab, point out that IMAP4 does not support the uuencode message format, and therefore does not support binhex for Macintosh.
  • You will be discussing SMTP configuration in more detail in Chapter 8. Show the General tab and the Advanced dialog box. Point out that students can configure filtering in the Advanced dialog box. On the Access tab, click Connection. Point out that the configuration options available here are similar to those for IMAP4 and POP3 virtual servers. Do not click Authentication. You will be discussing authentication later. Click the Messages tab. Briefly describe the controls (which are mostly self-explanatory). Click the Delivery tab and describe the configuration settings. Do not click Outbound Security, Outbound Connections, or Advanced. You will be discussing SMTP configuration in detail in Chapter 8.
  • Students might want to use two NNTP virtual servers—one for public company information to be placed on the Internet and another for private company information available only to employees. Explain that creating an additional NNTP virtual server is similar to creating an additional POP3 virtual server, but you also need to enter paths to internal server files and news content. Students can create folders for these purposes beforehand, but if they do not, the wizard creates the folders for them. Create an additional NNTP public server named NNTP_server1. If possible, configure it with the IP address of Local Area Connection 2 and TCP port 119. Specify C:NNTP_filesFilegroup as the path to internal server files. If this folder does not exist, allow the wizard to create it. Specify C:NNTP_filesNewsgroup as the path to store the news content. If this folder does not exist, allow the wizard to create it. Point out that an additional NTTP server is enabled on creation and students need to pause it to configure it.
  • Demonstrate the General and Access tabs. The settings are similar to those for POP3 virtual servers. On the Settings tab, demonstrate that students can limit the size of articles that a user can post and the total size of articles that a user can post in a single connection. Point out that if the Allow Feed Posting check box is selected, similar limits can be set for articles posted to a newsfeed. Also point out the Allow Servers To Pull Articles From This Server check box and discuss when this might be selected—for example, if a pull newsfeed is configured. Mention that the SMTP server for moderated groups can be specified on the Settings tab.
  • Front-end and back-end servers were discussed in Chapter 4. Refer students to the textbook for more details. Normally encryption is implemented on front-end servers. Authentication methods can vary depending on whether a virtual server is installed on a front-end or a back-end Exchange Server 2003 server.
  • Refer students to Table 7-5 in the textbook. Basic authentication sends name and password details across a network in clear text, and is typically used on front-end servers where the entire communication is encrypted.
  • Ensure that students know the difference between encryption and authentication. Typically communication with the outside world through the Internet is encrypted, whereas communication between front-end and back-end servers through an intranet firewall is not. If possible, demonstrate obtaining and installing a digital certificate.
  • Although students need to be aware of IPSec, SSL and TLS are specifically used by virtual servers and are discussed in this course.
  • The available authentication options vary depending on the type of protocol virtual server and whether it is installed on a front-end or a back-end Exchange server. Additional HTTP virtual servers are configured using Exchange System Manager whereas the default HTTP virtual server, or Exchange virtual server, is configured using IIS Manager and has a different set of authentication options. Point out that digest authentication is an option on HTTP virtual servers.
  • Integrated Windows Authentication is not available on an additional HTTP virtual server on a front-end Exchange server.
  • Authentication methods are identical on IMAP4 and POP3 virtual servers, and do not vary depending on whether the virtual server is the default or an additional virtual server. The only variation is between virtual servers on back-end and front-end Exchange servers. Anonymous authentication is not available on IMAP4 and POP3 virtual servers.
  • Basic authentication is the only method used on IMAP4 and POP3 virtual servers on a front-end Exchange server. SSL encryption can be specified provided a certificate has been obtained and installed.
  • Authentication methods on NNTP virtual servers do not vary depending on whether the virtual server is the default or an additional virtual server, or whether it is installed on a back-end or a front-end Exchange server. Although SSL is mainly used for encryption, an NNTP virtual server can also use X.509 certificates and SSL to improve security in client authentication and access, and can associate client certificates to specific user accounts. Point out that the textbook advises students about how to obtain further information on this if desired.
  • In the same way as for NNTP virtual servers, authentication methods on SMTP virtual servers do not vary depending on whether the virtual server is the default or an additional virtual server, or whether it is installed on a back-end or a front-end Exchange server. Point out that, like SSL encryption, TLS encryption requires basic authentication.
  • Authentication methods on the Exchange virtual server do not vary depending on whether the virtual server is installed on a back-end or a front-end Exchange server. Point out that .NET Password authentication is available only on an Exchange virtual server, and that Integrated Windows Authentication is available on Exchange virtual servers installed on both back-end and front-end Exchange servers, whereas for additional HTTP virtual servers it is available only if the virtual server is installed on a back-end Exchange server.
  • This demonstration is most convincing if you currently have a number of users connected to a virtual server—for example, to the default SMTP virtual server. However it can be done, for example, on an IMAP4 or POP3 virtual server with no users attached. The Terminate and Terminate All controls will be unavailable, but will still be visible.
  • Diagnostic logging is discussed in more detail in Chapter 11.
  • Demonstrate this by setting a diagnostic level of Medium for the General category of the IMAP4Svc service. Refer students to Table 7-7 in the textbook.
  • Demonstrate this by pausing and restarting the default IMAP4 virtual server to generate log entries. Open the application log in Event Viewer and locate the relevant entries.
  • Briefly summarize Chapter 7. Remind students that the default HTTP virtual server is called the Exchange virtual server.

Chapter 9 Chapter 9 Presentation Transcript

  • VIRTUAL SERVERS Chapter 7
  • OVERVIEW
    • Exchange Server 2003 virtual servers
    • Virtual servers in a clustering environment
    • Creating additional virtual servers
    • Configuring virtual servers
    • Front-end and back-end configuration
    • Authentication
    • Encryption
    • Diagnostic logging
  • EXCHANGE SERVER 2003 VIRTUAL SERVERS HTTP Yes No Default Virtual Server Enabled SMTP NNTP POP3 IMAP4 Yes No No
  • VIRTUAL SERVERS IN A CLUSTERING ENVIRONMENT
    • Microsoft Windows Cluster service:
      • Exchange Server 2003 installs as a virtual server
      • Failover to other node
    • Network load balancing:
      • Create identical redundant virtual servers on all nodes
      • Configuration of every server in the cluster must be the same
  • VIRTUAL SERVER REQUIREMENTS
    • Static IP address
    • Network name
    • One or more dedicated physical disks
    • Exchange 2003 Server System Attendant
  • DEFAULT VIRTUAL SERVER CONFIGURATIONS (All Unassigned) Virtual Server TCP Port IP Address SSL Port POP3 110 119 IMAP4 NNTP HTTP SMTP 143 80 25 (All Unassigned) (All Unassigned) (All Unassigned) (All Unassigned) 995 563 993 443 N/A
  • POP3 VIRTUAL SERVERS
    • Retrieve a specific user’s mail from the server
    • Access only server inboxes
    • Do not send e-mail
    • Can configure the following:
      • Access to specific computers, groups of computers, or domains
      • Authentication (back-end only)
      • Encryption
      • Number of inbound connections
      • Messaging format
  • IMAP4 VIRTUAL SERVERS
    • Very similar to POP3
    • Do not support uuencode or binhex for Macintosh
    • Can be configured to do the following:
      • List public folders
      • Disable complete public folder listings
      • Enable fast message retrieval
  • NNTP VIRTUAL SERVERS
    • Access newsgroups
    • Enable Microsoft Outlook users to participate in online discussions
    • Let you assign a moderator to a newsgroup
  • NNTP VIRTUAL SERVERS (CONT.)
    • Can be configured to do the following:
    Define expiration policies Allow control messages Limit inbound connections Include or exclude single computers, subnets, and entire domains Limit the length of time idle connections remain logged on to the server Limit the total size of articles that a user can post during a single connection Limit the size of individual articles that a user can post Encrypt the connection Authenticate users
  • HTTP VIRTUAL SERVERS
    • Exchange virtual server configured using IIS Manager
    • Additional HTTP virtual servers configured using Exchange System Manager
    • Virtual directories provide additional content
    • HTTP virtual servers support OWA
  • HTTP AND WEBDAV
    • HTTP and Web Distributed Authoring and Versioning (WebDAV) provide access to the following:
      • Documents
      • E-mail
      • Applications
  • SMTP VIRTUAL SERVERS
    • Internet standard for transporting and delivering electronic messages
    • Default SMTP virtual server installed and enabled
    • Can configure the following:
      • Security options
      • Message delivery options
      • Mail relay
      • Message filtering
      • TLS encryption
  • DEMONSTRATION: CONFIGURING THE EXCHANGE VIRTUAL SERVER
  • DEMONSTRATION: CREATING AN ADDITIONAL HTTP VIRTUAL SERVER
  • DEMONSTRATION: CONFIGURING AN ADDITIONAL HTTP VIRTUAL SERVER
  • DEMONSTRATION: CREATING ADDITIONAL POP3, IMAP4, AND SMTP VIRTUAL SERVERS
  • DEMONSTRATION: CONFIGURING THE ADDITIONAL POP3 VIRTUAL SERVER
  • DEMONSTRATION: CONFIGURING THE DEFAULT IMAP4 VIRTUAL SERVER
  • DEMONSTRATION: CONFIGURING THE DEFAULT SMTP VIRTUAL SERVER
  • DEMONSTRATION: CREATING AN ADDITIONAL NNTP VIRTUAL SERVER
  • DEMONSTRATION: CONFIGURING THE ADDITIONAL NNTP VIRTUAL SERVER
  • FRONT-END AND BACK-END CONFIGURATION
    • Provides a unified namespace
    • Reduces SSL overhead
    • Front-end virtual servers handle incoming client connections
    • Back-end virtual servers run the databases
    • Create a virtual HTTP server on every back-end server for each front-end server
    • Authentication and connection timeout settings vary between server roles
  • AUTHENTICATION
    • Anonymous
    • Basic
    • Integrated Windows
    • Simple Authentication and Security Layer (SASL)
    • Digest
    • .NET Password
  • ENCRYPTION
    • Requires a certificate
    • Resource intensive (especially processor)
    • SSL and TLS encryption require basic authentication
    • Encryption jumbles message so that third parties cannot read it
    • Authentication ensures users are who they claim to be
    • Digital signature proves that a specific person is the message sender
  • ENCRYPTION METHODS Encrypts all traffic between source and destination Invisible to user Not specific to e-mail SSL Typically implemented on IMAP4, POP3, and HTTP virtual servers on front-end Exchange servers Implemented on SMTP virtual servers Both sender and receiver need to implement TLS Typically used for communication between partner organizations Not used for general Internet e-mail TLS IPSec
  • AUTHENTICATION OPTIONS: ADDITIONAL HTTP VIRTUAL SERVER ON A BACK-END SERVER
  • AUTHENTICATION OPTIONS: ADDITIONAL HTTP VIRTUAL SERVER ON A FRONT-END SERVER
  • AUTHENTICATION OPTIONS: POP3 AND IMAP4 VIRTUAL SERVERS ON A BACK-END SERVER
  • AUTHENTICATION OPTIONS: POP3 AND IMAP4 VIRTUAL SERVERS ON A FRONT-END SERVER
  • AUTHENTICATION OPTIONS: NNTP VIRTUAL SERVER
  • AUTHENTICATION OPTIONS: SMTP VIRTUAL SERVER
  • AUTHENTICATION OPTIONS: EXCHANGE VIRTUAL SERVER
  • DEMONSTRATION: DISCONNECTING USERS
  • DIAGNOSTIC LOGGING
    • Records authentication, connection, and client action events
    • Set the level of logging on the host server
    • Set the logging level and category for a specific service
    • Events logged in server application log
  • SETTING A DIAGNOSTIC LEVEL
  • VIEWING A DIAGNOSTIC LOGGING ENTRY
  • SUMMARY
    • Exchange virtual server in a clustered environment
    • Protocol virtual servers: SMTP, NNTP, POP3, IMAP4, HTTP
    • Front-end and back-end configuration
    • Authentication
    • Encryption