Step 2. Determine the Components Required for Communicator Web Access
[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]
This section describes what components are required to support Communicator Web Access in an Office Communications Server deployment. This section also includes topics that describe what additional components are required to provide high availability and to scale support for Communicator Web Access.
Reference Architecture
Communicator Web Access is an extension of your existing Office Communications Server deployment. After you deploy Office Communications Server, you can add one or more Communicator Web Access servers to the environment. You then provide client access to each Communicator Web Access server by creating a virtual server, which is published as a Web site that is configured for either internal or external access. A separate virtual server for each type of access is required, because the requirements for external connections are different from those for internal connections. For example, external users cannot be authenticated by using integrated Windows authentication, and the external virtual server enforces a timeout after an administrator-specified period of inactivity.
Figure 1 shows the components in a Communicator Web Access deployment and the relationship between components.
Figure 1: Communicator Web Access Topology
.jpg)
As shown in Figure 1, you install Communicator Web Access software on servers inside your corporate network and then configure them for internal user access or remote user access, or both. Communicator Web Access servers can be deployed as an array of servers behind a load balancer; however, the server array can be replaced with a single server for more modest deployments. A firewall routes traffic from external users to the appropriate Communicator Web Access server or array of servers. The Communicator Web Access server performs authentication and authorization before it forwards the traffic to Office Communications Server to provide presence and instant messaging. For details about supported Communicator Web Access topologies, see Supported Office Communications Server Topologies and Configurations.
In the reference topology, separate Communicator Web Access servers are deployed for internal users and for remote users. We recommend this approach in order to enhance the security and availability of the system. If there is a security issue with the server that processes external traffic, the server can be quickly shut down without hindering internal users.
Both internal and external users connect to Communicator Web Access by entering a Uniform Resource Identifier (URI) in their Web browser, for example https://extusers.contoso.com. External users can sign in to Communicator Web Access through an SSL-based external URI, which is published to the Web by a reverse proxy server.
Communicator Web Access Components
In addition to Communicator Web Access, the reference architecture consists of the components described in this section.
Office Communications Server 2007 R2
Office Communications Server 2007 R2 manages client connections, presence, and other real-time communication features such as instant messaging. For details about planning your Office Communications Server 2007 R2 deployment, see Planning Overview [Office Communications Server 2007 R2].
A/V Conferencing Server
An Office Communications Server 2007 R2, A/V Conferencing Server must be deployed if you want users to be able to start a conference call using Communicator Web Access. If you want to support audio conferencing for users outside your organization’s network, an Office Communications Server 2007 R2, A/V Edge Server must also be deployed. The A/V Conferencing Server provides the multiparty IP audio and video mixing and relaying required by audio/video conferences. The A/V Edge Server enables media traversal of firewalls.
Mediation Server
In addition to an A/V Conferencing Server, an Office Communications Server 2007 R2, Mediation Server must also be deployed if you want users to be able to start a conference call using Communicator Web Access. The Mediation Server mediates both signaling and media between the public switched telephone network (PSTN) or a PBX and the Office Communications Server Enterprise Voice infrastructure.
Application Sharing Conferencing Server
Office Communications Server 2007 R2, Application Sharing Conferencing Server is responsible for managing and streaming data for conferences that require application sharing. In multiparty conferences, the Communicator Web Access client, in the role of desktop sharing host, dials the conferencing server directly (or, in the case of external users, by way of an Audio/Video Edge Server). The Communicator Web Access server connects to the conferencing server to receive desktop sharing data on behalf of the Web clients hosted on the Communicator Web Access server.
Active Directory
The Communicator Web Access and the Office Communications Server 2007 R2 environment are both dependent on Active Directory® Domain Services (AD DS). Active Directory is used for authenticating, authorizing, provisioning, and configuring users of Office Communications Server. In Communicator Web Access, Active Directory supplies the enterprise address list in order to facilitate search-based lookups.
Firewall
Firewalls can help protect your network against attackers when your computers are connected to the Internet. By using a firewall application such as Microsoft Internet Security and Acceleration (ISA) Server, you can more securely publish your Communicator Web Access servers to remote users. Because the firewall is directly connected to the Internet, it is the first computer that Internet intruders try to attack. For this reason, the firewall computer itself should be configured as securely as possible, and it should perform only duties that are directly related to preventing and detecting intrusion. Only one of the many firewall configurations that Communicator Web Access supports is shown in Figure 1.
Communicator Web Access supports any firewall or reverse proxy configuration for creating a perimeter network, including ISA Server. If SSO is enabled for a Communicator Web Access virtual server, however, the only supported reverse proxy is ISA Server 2006 with SSO enabled on the Web listener. For details about ISA Server, visit the ISA Server Web site at https://r.office.microsoft.com/r/rlidOCS?clid=1033\&p1=ISA2006.
For details about supported firewalls and reverse proxies, see Supported Office Communications Server Topologies and Configurations.
Reverse Proxy
Although you can make the external virtual server directly accessible to remote users, we strongly recommend that a reverse proxy be used to publish the virtual server to the Web.
A reverse proxy can also be required by custom authentication solutions such as single sign-on or third-party authentication. The reverse proxy or other authentication server must be deployed in the perimeter network and can be a reverse proxy that you have already deployed in your environment to support other services. A reverse proxy can support a custom authentication solution by clearing a user’s authentication cookie from the client computer or by automatically authenticating a user to multiple services without prompting the user for credentials again.
Load Balancer
If you are deploying a Communicator Web Access server array, you must deploy a hardware load balancer. Network load balancing is not supported. A hardware load balancer is required to distribute user traffic among the servers in the array. For details about load balancing, see [need new link -- Configuring Load Balancing Topologies].
Internet Information Services
Internet Information Services (IIS) is the Web server that hosts Communicator Web Access. Both IIS 6.0 and IIS 7.0 (running in IIS 6.0 compatibility mode) are supported for the 2007 R2 version of Communicator Web Access. IIS 6.0 is available in all editions of the Windows Server® 2003 operating system. IIS 7.0 is available in all editions of the Windows Server 2008 operating system.
While IIS 6.0 does not require any additional configuration to host Communicator Web Access, certain IIS 7.0 features are required by Communicator Web Access. For a full list of IIS 7.0 features that must be enabled for Communicator Web Access, see [need link to BKMK_CWAServerRequiredSoftware].
.NET Framework 3.5
Communicator Web Access deployment requires the Microsoft .NET Framework 3.5.
Communicator Web Access Snap-in
In the 2007 R2 version of Communicator Web Access, installation of the Communicator Web Access management console, Communicator Web Access Snap-in, has been integrated with the installation of the Office Communications Server administrative tools Microsoft Management Console (MMC) snap-in.
You can use Communicator Web Access Snap-in with either Microsoft Management Console (MMC) 2.0 or MMC 3.0.
ASP.NET 2.0
Communicator Web Access is built upon Microsoft ASP.NET 2.0. Together with IIS 6.0 and the .NET Framework 3.5, ASP.NET 2.0 makes it easier to deploy, configure, and maintain Web sites and applications. The new administrative Web site that is included with ASP.NET 2.0 also makes it easier and more secure for you to administer and configure Communicator Web Access for scalability and performance.