Creating a Communicator Web Access Virtual Server

  • Article

[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

After you have installed and activated the Communicator Web Access files, you must create at least one Communicator Web Access virtual server. The virtual server is the Web site that users will access to use the Communicator Web Access client. If you enable remote access to Communicator Web Access server, you must create two virtual servers, one for internal users and another for external users.
Although you can make the external virtual server directly accessible to remote users, we strongly recommend that you use a reverse proxy to publish the virtual server to the Web. For more information about using a reverse proxy to publish a Communicator Web Access virtual server, see Using a Reverse Proxy to Enable Remote User Access.

You can use the Office Communications Server Deployment Wizard to create the first virtual server. You can also use the command line method, as described in Create a Virtual Server by Using the Command Line.

Create a Virtual Server Using the Deployment Wizard

There must be one virtual server for internal users and another virtual server for external users. We recommend that you create these virtual servers on physically separate computers. If, however, you are hosting both virtual servers on a single Communicator Web Access server, you will create the second virtual server by using the Communicator Web Access administrative snap-in as described in later Create Another Virtual Server by Using the Communicator Web Access Administrative Snap-in in this topic.
These procedures assume that you continued directly from Installing and Activating Communicator Web Access.

To create the first virtual server

  1. At Step 3: Create Virtual Server, click Run.

  2. On the Welcome page, click Next.

  3. On the Select Virtual Server Type page, click Internal or External, as appropriate, and then click Next.

  4. On the Select Authentication Type page, do one of the following:

    • If you want this Communicator Web Access virtual server to support the built-in authentication mechanisms that the operating system uses, click Use built-in authentication.
    • If you want this Communicator Web Access virtual server to support authentication mechanisms from other vendors, including two-factor authentication and single sign on (SSO) solutions, click Use custom authentication. Optionally, click Sign-Out URL (Optional), and then type the URL of the Web page that users will see after they sign out of Communicator Web Access. If your custom authentication is SSO, you can run scripts on this page to sign the user out of all other SSO-supported services.

    When you are finished, click Next.

  5. Do one of the following:

    • If, in the previous step, you selected Use built-in authentication, do one or more of the following:

      • To enable Internet browsers that do not support NTLM or Kerberos authentication protocols to connect to the Communicator Web Access server, on the Select Authentication Type page, select the Forms-based password authentication check box.
      • To enable Internet browsers that support NTLM or Kerberos authentication protocols and can connect directly to the server to connect to the Communicator Web Access server, select the Integrated (NTLM/Kerberos) password authentication check box.
        If you configured this virtual server as an external server in order to support users outside the organization’s network, you cannot select the Integrated (NTLM/Kerberos) authentication check box.

    • If, in the previous step, you selected Use custom authentication, skip to the next step.

    When you are finished, click Next.

  6. On the Select Browser Connection Type page, do one of the following:

    • To support secured HTTP connections to Communicator Web Access, click HTTPS (Recommended). For security reasons, we strongly recommend that you use HTTPS even if your deployment does not require it.
    • To support unsecured HTTP connections to Communicator Web Access, click HTTP.

  7. Do one of the following:

    • If, in the previous step, you clicked HTTPS (Recommended), click Select Certificate, click the certificate with the FQDN of the load balancer, if one is present, or that of the Communicator Web Access server, and then click OK.
    • If, in the previous step, you clicked HTTP, in the Warning dialog box, click Yes to confirm that you want to enable unsecured HTTP connections to Communicator Web Access.

    When you are finished, click Next.

  8. On the Select IP address and port setting page, in the IP address list, click the IP address that you want to use for this virtual server. Then, click Port, and then type the port number that you want to use with the selected IP address. (The default port is 443 for HTTPS connections and 80 for HTTP connections.)
    Ensure that the IP address and port combination that you configure for this virtual server is not already in use.

  9. On the Name the Virtual Server page, click Name, and then type a descriptive name for this virtual server that will appear in the Communicator Web Access administrative snap-in, and then click Next.

  10. On the Select listening port page, click Communications Server listening port, type the port that you want to use to listen for SIP messages, and then click Next.

  11. On the Select a Pool page, in the server list, click the server that you want to use as the next hop Office Communications Server to use when a user without an Active Directory identity joins a Communicator Web Access conference. (For an authenticated conference participant, Communicator Web Access proxies messages to the user’s home server.)

    Note

    If the next hop server that you choose is not available, anonymous users will not be able to join Communicator Web Access conferences.

    • If you have deployed multiple Enterprise pools, click the Director behind the load balancer.
    • If you have deployed a load balancer, click the load balancer.
    • If you not deployed a load balancer, click the Front End Server.

  12. Click Port, and then type the port on the next hop server that is configured to accept messages from Communicator Web Access, and then click Next.

  13. On the Automatically Start Virtual Server page, if you want this Communicator Web Access virtual server to start immediately, select the Start this virtual server after the Create Virtual Server Wizard finishes check box, and then click Next.

    Note

    The virtual server must be started before you can begin using it. You can also start the virtual server later by using the Communicator Web Access administrative snap-in.

  14. On the Review virtual server settings page, review the settings that you specified. If you are satisfied with them, click Next to create the new virtual server.

  15. On the Create Virtual Server Complete page, click Close to close the wizard.

Completion of this procedure implements setting changes in Internet Information Services (IIS). For a complete list of IIS settings for Communicator Web Access, see IIS Settings for Communicator Web Access (2007 R2 Release).

If you want to support external users, you are ready to create another virtual server. For procedures, see Create Another Virtual Server by Using the Communicator Web Access Administrative Snap-in. If you do not want to support external users and therefore do not need to create another virtual server or publish a virtual server for external users, you are ready to publish the virtual server URL to Active Directory Domain Services. For procedures, see Publishing Communicator Web Access URLs. After you publish the virtual server URL, you are ready to enable and configure users for Office Communications Server 2007 R2 if you have not done so already. For procedures, see Step 6: Create and Enable Users in the Office Communications Server 2007 R2 deployment documentation. If users in your organization have already been enabled for Office Communications Server, you are ready to test the Communicator Web Access Web site. For procedures, see Testing the Web Site.

Create a Virtual Server by Using the Command Line

You can create a Communicator Web Access virtual server by running the CWACreateVirtualServer.msi Microsoft Installer file at a command prompt. Doing so opens the Create Virtual Server wizard so that you can create virtual directories in IIS, specify an SSL certificate, and create the Communicator Web Access virtual server.

To create a virtual server at a command prompt

  1. Open a command prompt window: Click Start, and then click Run.

  2. In the Open box, type cmd, and then click OK.

  3. At the command prompt, type the following, and then press ENTER:

    cd <path to installation files>\setup\amd64\setup\cwa

  4. To install the program files, type one of the following at the command prompt, and then press ENTER. If you want to create a log file, include the optional /lv switch.

    • Msiexec.exe /i CWACreateVirtualServer.msi [/lv<log_file_name>.txt]
    • Runas.exe /user:<domain\adminaccount> Msiexec.exe /I CWACreateVirtualServer.msi

Create Another Virtual Server by Using the Communicator Web Access Administrative Snap-in
If you are using these procedures to create a virtual server on a computer that does not already have the Communicator Web Access files installed and activated, you must first install the administrative tools as described in Installing Communicator Web Access Snap-in.

If you are supporting both internal users and external users on the same Communicator Web Access server, you must add a second virtual server to the computer. Although a single-server topology is supported, for security and availability reasons we recommend that you use physically separate servers for internal and external traffic if at all possible.

If you choose to deploy more than one virtual server on the same physical server, use the following procedures to create an additional virtual server. In order to avoid conflicts, you must use different ports when the IP addresses are identical.

To create another Communicator Web Access virtual server

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Communicator Web Access Snap-in.

  2. In the scope pane, right-click the FQDN of the Communicator Web Access server, and then click Create Virtual Web Server.

  3. On the Welcome page, click Next.

  4. On the Select Virtual Server Type page, click Internal or External, as appropriate, and then click Next.

  5. On the Select Authentication Type page, do one of the following:

    • If you want this Communicator Web Access virtual server to support the built-in authentication mechanisms that the operating system uses, click Use built-in authentication.
    • If you want this Communicator Web Access virtual server to support authentication mechanisms from other vendors, including two-factor authentication and single sign on (SSO) solutions, click Use custom authentication. Optionally, click Sign-Out URL (Optional), and then type the URL of the Web page that users will see after they sign out of Communicator Web Access. If your custom authentication is SSO, you can run scripts on this page to sign the user out of all other SSO-supported services.

    When you are finished, click Next.

  6. On the Select Authentication Method page, do one of the following:

    • If, in the previous step, you selected Use built-in authentication, do one or more of the following:
      • To enable Internet browsers that do not support NTLM or Kerberos authentication protocols to connect to the Communicator Web Access server, select the Forms-based authentication check box.
      • To enable Internet browsers that support NTLM or Kerberos authentication protocols and can connect directly to the server to connect to the Communicator Web Access server, select the Integrated (NTLM/Kerberos) authentication check box.
    • If, in the previous step, you selected Use custom authentication, skip to the next step.
    If you configured this virtual server as an external server in order to support users outside the organization’s network, you cannot select the Integrated (NTLM/Kerberos) authentication check box.

    When you are finished, click Next.

  7. On the Select Connection Type page, do one of the following:

    • To support unsecured HTTP connections to Communicator Web Access, click HTTP (May be used with SSL accelerators).
    • To support secured HTTP connections to Communicator Web Access, click HTTPS (Recommended). For security reasons, we strongly recommend that you use HTTPS even if your deployment does not require it.

  8. Do one of the following:

    • If, in the previous step, you clicked HTTP (May be used with SSL accelerators), in the Warning dialog box, click Yes to confirm that you want to enable unsecured HTTP connections to Communicator Web Access.
    • If, in the previous step, you clicked HTTPS (Recommended), click Select Certificate, click the certificate with the FQDN of the load balancer, if one is present, or that of the Communicator Web Access server, and then click OK.

    When you are finished, click Next.

  9. On the Select IP Address and Port Settings page, in the IP address list, click the IP address that you want to use for this virtual server. Then, click Port, type the port number that you want to use with the selected IP address, and then click Next.

    Note

    Ensure that you choose an IP address and port combination that does not conflict with the first virtual server or with another program that is running on the same computer.

  10. On the Server Description page, click Description, and then type a descriptive name for this virtual server that will appear in the Communicator Web Access administrative snap-in, and then click Next.

  11. On the Specify a listening port page, click Listening port, type the port that you want to use to listen for SIP messages, and then click Next.

  12. On the Select a pool page, in the Next hop pool list, click the server that you want to use as the next hop Office Communications Server to use when a user without an Active Directory identity joins a Communicator Web Access conference. (For an authenticated conference participant, Communicator Web Access proxies messages to the user’s home server.)

    Note

    If the next hop server that you choose is not available, anonymous users will not be able to join Communicator Web Access conferences.

    • If you have deployed multiple Enterprise pools, click the Director behind the load balancer.
    • If you have deployed a load balancer, click the load balancer.
    • If you not deployed a load balancer, click the Front End Server.

  13. Click Port, type the port on the next hop server that is configured to accept messages from Communicator Web Access, and then click Next.

  14. On the Start Server Option page, if you want this Communicator Web Access virtual server to start immediately, select the Start this virtual server after the Create Virtual Server Wizard finishes check box, and then click Next.
    The virtual server must be started before you can begin using it. You can start the virtual server later by using the Communicator Web Access administrative snap-in.

  15. On the Review Settings before Virtual Server Creation page, review the settings that you specified. If you are satisfied with them, click Next to create the new virtual server.

  16. When the wizard has completed, click Finish to close the wizard.

After you create the external virtual server, you are ready to publish the virtual server URL to Active Directory Domain Services. For procedures, see Publishing Communicator Web Access URLs. After you publish the virtual server URL, we strongly recommend that you use a reverse proxy to publish the virtual server to the Web. For more information about using a reverse proxy to publish a Communicator Web Access virtual server, see Using a Reverse Proxy to Enable Remote User Access.