This section provides basic information about how to enable Office Communicator Web Access 2007 R2. An introduction to the basic topology requirements is provided along with some overview information.
Office Communicator Web Access is a Web-based version of the Office Communicator client and provides a great way to enable alternate operating systems and nondomain workstations without an installation process. Communicator Web Access provides internal and remote access to the Office Communications Server infrastructure by enabling IM, presence, ad hoc application sharing capabilities, and more. However, file transfer, A/V conferencing, and whiteboard sessions are not available with Communicator Web Access. The Web browsers that are supported by Office Communicator Web Access are shown in Table 7-1.
Table 7-1. Supported Browsers for Office Communicator Web Access 2007 R2
BROWSER | AUTHENTICATION MECHANISM | |
|---|---|---|
Windows 2000 Service Pack4 (SP4) | Microsoft Internet Explorer 6 SP1 | NTLM Kerberos Forms-based Custom |
Windows XP SP2 | Internet Explorer 6 SP2 Windows Internet Explorer 7 | NTLM Kerberos Forms-based Custom |
Mozilla Firefox 2.0 and later | Forms-based Custom | |
Windows Vista | Internet Explorer 7 | NTLM Kerberos Forms-based Custom |
Mozilla Firefox 2.0.0.3 and later | Forms-based Custom | |
Mac OS × 10.4.9 | Apple Safari 2.0.4 Mozilla Firefox 2.0 and later | Forms-based Custom |
Communicator Web Access 2007 R2 has several new enhancements that are not present in Communicator Web Access 2007, including the following:
Automatic discovery of local servers in the Microsoft Management Console (MMC)
Richer Communicator Web Access user interface
Custom authentication, such as single sign-on and two-factor authentication support
Incoming Voice over Internet Protocol (VoIP) call routing and management
Web conference attendance
Ad hoc application sharing
Distribution group access
A Communicator Web Access topology can provide support for Web-based access internally and remotely by using load-balanced Web servers to host Communicator Web Access, as shown in Figure 7-9. Communicator Web Access can be deployed in several different topologies, including the following:
A single Communicator Web Access server for both internal and external users
Load-balanced Communications Web Access servers for both internal and external users
Separate Communicator Web Access servers for internal and external users
Separate Communicator Web Access server arrays for internal and external users
The following topologies are not supported for deploying Communicator Web Access:
Communicator Web Access should not be deployed in the perimeter network.
Communicator Web Access should not be installed on a domain controller.
Remote access logons that use Communicator Web Access go through the following process when logging on to the topology, as shown in Figure 7-9:
The remote user on the public Internet uses her Web browser to connect to the Office Communicator Web Access URL (for example, https://im.litwareinc.com). This request securely connects through the reverse proxy in the edge network, which routes the connection to the load balancer for the external Communicator Web Access Web farm.
The Web browser verifies that the server certificate on the external interface of the reverse proxy comes from a trusted CA, and it validates that the Subject Name (SN) or Subject Alternate Name (SAN) field is represented in the certificate (for example, im.litwareinc.com).
Communicator Web Access authenticates the user, validates the SIP URI, and ensures the user is allowed to log on using remote access. Communicator Web Access can use integrated Windows authentication or forms-based authentication to authenticate the user. Internal users can use Kerberos or NTLM. External users and browsers that do not support Integrated Windows can use NTLM.
The mutual transport layer security (MTLS) server certificate configured for Communicator Web Access is used to authenticate and encrypt connections between the Communicator Web Access server and the Office Communications Server 2007 R2 server. This connection will be used to transport the user’s SIP-based communications to and from the rest of the Office Communications Server infrastructure.