&RQWHQWV##
2YHUYLHZ#4#
,QWURGXFWLRQ#WR#2XWORRN#:HE#$FFHVV## 5#
2XWORRN#:HE#$FFHVV#$UFKLWHFWXUH#9#
2XWORRN#:HE#$FFHVV#'HSOR\PHQW# 4:#
([WHQGLQJ#2XWORRN#:HE#$FFHVV# 57#
/DE#$=#8VLQJ#([FKDQJH#5333##
2XWORRN#:HE#$FFHVV# 58#
/DE#%=#&UHDWLQJ#DQG#0DQDJLQJ##
)URQW0(QG#6HUYHUV# 69#
5HYLHZ# 75#
#
Module 12: Deploying
Exchange 2000 Outlook
Web Access


Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any

written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.


2000 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, MS, Windows, Windows NT, Active Directory directory service, ActiveX,
BackOffice, FrontPage, Hotmail, MSN, Outlook, PowerPoint, SQL Server, Visual Studios, and
Win32, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A.
and/or other countries.

The names of companies, products, people, characters, and/or data mentioned herein are fictitious
and are in no way intended to represent any real individual, company, product, or event, unless
otherwise noted.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

Project Lead:
David Phillips
Instructional Designers:
Lance Morrison (Wasser), Janet Sheperdigian, Steve Thues
Lead Program Manager:
Mark Adcock
Program Manager:
Lyle Curry, Scott Hay, Janice Howd, Steve Schwartz (Implement.Com),
Bill Wade (Wadeware LLC)

Graphic Artist:
Kimberly Jackson, Andrea Heuston (Artitudes Layout and Design)

Editing Manager:
Lynette Skinner
Editor:
Elizabeth Reese (Write Stuff)
Copy Editor:
Ed Casper (S&T Consulting), Carolyn Emory (S&T Consulting), Patricia Neff
(S&T Consulting), Noelle Robertson (S&T Consulting)
Online Program Manager:
Debbi Conger
Online Publications Manager:
Arlo Emerson (Aquent Partners)
Online Support:
Eric Brandt
Multimedia Developer
: Kelly Renner (Entex)
Compact Disc Testing:
Data Dimensions, Inc.
Production Support:
Ed Casper (S&T Consulting)
Manufacturing Manager:
Bo Galford
Manufacturing Support:
Rick Terek
Lead Product Manager, Development Services:

Lead Product Manager:
David Bramble
Group Product Manager:
Robert Stewart


# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##LLL#


,QVWUXFWRU#1RWHV#
This module provides students with students with a description of Microsoft
®

Outlook
®
Web Access features that are new to Microsoft

Exchange 2000.
Students will examine the components of Outlook Web Access and learn how
they work together to process client requests. They will plan an Outlook Web
Access deployment and explore the considerations for configuring virtual
servers and directories. Finally, the module will explain how to use custom
Web applications to extend Outlook Web Access. At the end of this module,
students will be able to deploy Outlook Web Access.
0DWHULDOV#DQG#3UHSDUDWLRQ#
This section provides you with the required materials and preparation tasks that
are needed to teach this module.
5HTXLUHG#0DWHULDOV#
To teach this module, you need the following materials:
•
Microsoft PowerPoint
®
file 1569A_12.ppt

3UHSDUDWLRQ#7DVNV#
To prepare for this module, you should:

„#
Read all the materials for this module.
„#
Complete the lab.

3UHVHQWDWLRQ=##
93#0LQXWHV#
#
/DE=#
63#0LQXWHV#
LY##0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


0RGXOH#6WUDWHJ\#
Use the following strategy to present this module:
„#
Introduction to Microsoft Outlook Web Access
This section focuses on the primary features and limitations of Outlook Web
Access, and outlines the clients that Outlook Web Access supports.
„#
Outlook Web Access Architecture
Begin by introducing the Web-DAV technology and then explain how
Outlook Web Access uses HTTP and Web-DAV to communicate between
clients and the server. Next, use the graphic in the slide to describe the
Outlook Web Access Server components. Use the next slide to explain what
happens when a user logs on to their mailbox, and then explain how
Outlook Web Access opens and displays an e-mail message. Conclude this
section by discussing client authentication methods and front-end/back-end
server authentication methods.
„#

Outlook Web Access Deployment
After explaining how to enable Web access for a user, compare the two
typical locations for firewalls when securing Outlook Web Access, and then
discuss Kiosk Operation and POP3/IMAP4 integration issues. Conclude this
section by describing how to use System Monitor and how to increase
system capacity by scaling front-end servers and planning back-end server
capacity.
„#
Extending Outlook Web Access
Conclude this module by discussing how to extend Outlook Web Access
functionality.

# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##4#


2YHUYLHZ#
„
,QWURGXFWLRQ#WR#0LFURVRIW#2XWORRN :HE#$FFHVV
„
2XWORRN#:HE#$FFHVV#$UFKLWHFWXUH
„
2XWORRN#:HE#$FFHVV#'HSOR\PHQW
„
([WHQGLQJ#2XWORRN#:HE#$FFHVV


Microsoft Exchange 2000 uses Outlook Web Access to enable users to gain
access to their mailboxes by using an Internet browser. Successfully deploying
Outlook Web Access will enable you to provide users with remote access to
data in public folders, network shares, and on company intranets.

2EMHFWLYHV#
At the end of this module, you will be able to:
„#
Describe the features of Microsoft Outlook
®
Web Access that are new to
Microsoft Exchange 2000.
„#
List Outlook Web Access components and describe how they process client
requests.
„#
Plan an Outlook Web Access deployment.
„#
Extend Outlook Web Access in a custom Web application.

6OLGH#2EMHFWLYH#
7R#SURYLGH#DQ#RYHUYLHZ#RI#
WKH#PRGXOH#WRSLFV#DQG#
REMHFWLYHV1#
/HDG0LQ#
,Q#WKLV#PRGXOH/#\RX#ZLOO#OHDUQ#
DERXW#WKH#IHDWXUHV#DQG#
DUFKLWHFWXUDO#FRPSRQHQWV#RI#
2XWORRN#:HE#$FFHVV1#<RX#
ZLOO#DOVR#OHDUQ#KRZ#WR#SODQ#WR#
GHSOR\#2XWORRN#:HE#
$FFHVV/#FRQILJXUH#D#VHUYHU/#
DQG#H[WHQG#2XWORRN#:HE#
$FFHVV1#
5# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#



‹‹
#
,QWURGXFWLRQ#WR#2XWORRN#:HE#$FFHVV
#
#
„
2XWORRN#:HE#$FFHVV#)HDWXUHV#DQG#/LPLWDWLRQV
„
2XWORRN#:HE#$FFHVV#&OLHQWV


Outlook Web Access provides a secure environment for users to access
Exchange 2000 data using an Internet browser, such as Microsoft Internet
Explorer. From a UNIX, Macintosh
®
, or Microsoft Windows
®
-based computer
connected to the server, a user with the correct permissions can view and work
with any public folder, mailbox, global address list (GAL), or calendar.

For UNIX users connecting to a computer running Exchange 2000,
Outlook Web Access is the primary Outlook solution for e-mail, calendar, and
collaboration functionality.

6OLGH#2EMHFWLYH#
7R#RXWOLQH#2XWORRN#:HE#
$FFHVV#WRSLFV1#

/HDG0LQ#
2XWORRN#:HE#$FFHVV#
SURYLGHV#D#VHFXUH#
HQYLURQPHQW#IRU#XVHUV#WR#
DFFHVV#D#FRPSXWHU#UXQQLQJ#
([FKDQJH#5333#E\#XVLQJ#DQ#
,QWHUQHW#EURZVHU/#VXFK#DV#
0LFURVRIW#,QWHUQHW#([SORUHU1#
1RWH#
# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##6#


2XWORRN#:HE#$FFHVV#)HDWXUHV#DQG#/LPLWDWLRQV#
„
6XSSRUWV#0HVVDJHV#7KDW#&RQWDLQ#(PEHGGHG#,WHPV#DQG#
0LFURVRIW##$FWLYH;#2EMHFWV
„
6XSSRUWV#3XEOLF#)ROGHUV#7KDW#&RQWDLQ#&RQWDFW#DQG#
&DOHQGDU#,WHPV
„
6XSSRUW#IRU#0XOWLPHGLD#0HVVDJHV
„
&DQ#8VH#1DPHG#85/V#WR#5HIHUHQFH#,WHPV
„
(QKDQFHG#,QWHUQHW#([SORUHU#8#6XSSRUW
„
/LPLWDWLRQV


Microsoft Exchange 2000 contains a new version of Outlook Web Access

designed for increased performance and scalability. Outlook Web Access
provides increased client performance and functionality by:
„#
Supporting messages that contain embedded items (messages, appointments,
contacts, and so on) and Microsoft ActiveX
®
objects. Outlook Web Access
renders and displays an ActiveX object, such as an image control, when a
message containing the object is opened.
„#
Supporting public folders that contain contact and calendar items.
„#
Supporting multimedia messages. Outlook Web Access enables you to
easily add audio and video clips directly into a message and send it with the
clips.
„#
Using named URLs to reference items. While previous versions of Outlook
Web Access used globally unique identifiers (GUIDs) to reference items in
the information store, items (messages, folders, and so on) are now accessed
using a plain text address, such as http://server/exchange/mailbox/inbox.
„#
Supporting Microsoft Internet Explorer 5. Internet Explorer 5 users benefit
from an interface that is similar to Outlook. Outlook Web Access is also
more efficient for Internet Explorer 5 users because it does not require that
every mouse click in the interface communicate to the Outlook Web Access
server, as it does with other clients.
6OLGH#2EMHFWLYH#
7R#VXPPDUL]H#WKH#IHDWXUHV#
DQG#OLPLWDWLRQV#RI#2XWORRN#
:HE#$FFHVV#LQ#

([FKDQJH#53331#
/HDG0LQ#
7KH#([FKDQJH#5333#2XWORRN#
:HE#$FFHVV#FRPSRQHQW#
SURYLGHV#EHWWHU#SHUIRUPDQFH#
DQG#DGGLWLRQDO#IHDWXUHV1#
7# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


/LPLWDWLRQV#
Outlook Web Access is not designed to satisfy advanced e-mail and
collaboration requirements that the other products in the Outlook client family
addressed. Outlook Web Access is not intended to replace the full-featured
Outlook messaging client for the 16-bit Windows operating system or
Macintosh. Outlook Web Access does not include advanced features for:
„#
Offline use. Offline access is not supported. A user must connect to an
Exchange server to view information.
„#
E-mail. Outlook Web Access does not support Exchange Server digital
encryption, signature support, and S/MIME support. Outlook Web Access
also does not include replied and forwarded flags in list view, message flags
and inbox rules, three-pane view, search for messages, and WordMail and
Microsoft Office integration.
„#
Calendar and group scheduling. Outlook Web Access does not support
displays of discontinuous days side by side, appointment list views, view
details with free and busy, track acceptance of meeting attendees, all-day or
multiple-day events, task lists and task management, and export to devices
such as DataLink watches.

„#
Collaboration applications. Outlook Web Access does not support Outlook
97 forms and Microsoft Exchange Server digital encryption and signatures.
Outlook Web Access does not synchronize local offline folders with server
folders.

# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##8#


2XWORRN#:HE#$FFHVV#&OLHQWV#
„
,QWHUQHW#([SORUHU#8#DQG#/DWHU
z
/RRNV#DQG#IXQFWLRQV#PRUH#OLNH#2XWORRN
z
8VHV#G\QDPLF#+70/
„
2WKHU#%URZVHUV
z
,QWHUQHW#([SORUHU#61[#DQG#71[
z
1HWVFDSH#1DYLJDWRU#61[#DQG#ODWHU


Outlook Web Access supports the following client categories.
,QWHUQHW#([SORUHU#8#DQG#/DWHU#%URZVHUV#
Outlook Web Access uses Dynamic HTML and Extensible Markup Language
(XML) to provide a rich set of functions for collaboration applications in these
browsers. This client provides a user interface that is similar to the full version
of Outlook. Internet Explorer 5 users can drag and drop messages between

folders and use a folder tree to open and create new folders. When creating a
message, Internet Explorer 5 users can use rich-text editing features to add
formatting to the text.
2WKHU#%URZVHUV#
You can also use Outlook Web Access with browsers that minimally support
HTML 3.2 and European Computer Manufacturer Association (ECMA)
compliant JavaScript. Outlook Web Access functions by minimizing the client
side use of script with the objective of obtaining as broad a reach as possible
with maximum performance. The specific browsers that Outlook Web Access
supports include Internet Explorer 3.x and 4.x, and Netscape Navigator 3.x and
later running on operating systems such as Apple Macintosh, Microsoft
Windows 3.x, Microsoft Windows

95, Microsoft Windows 98, Microsoft
Windows NT
®
, and UNIX.
6OLGH#2EMHFWLYH#
7R#OLVW#WKH#FDWHJRULHV#RI#
2XWORRN#:HE#$FFHVV#FOLHQWV1#
/HDG0LQ#
2XWORRN#:HE#$FFHVV#LV#
RSWLPL]HG#IRU#,QWHUQHW#
([SORUHU#8/#EXW#DOVR#
VXSSRUWV#RWKHU#EURZVHUV#DQG#
HDUOLHU#YHUVLRQV#RI#,QWHUQHW#
([SORUHU1#
9# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#



‹‹
#
2XWORRN#:HE#$FFHVV#$UFKLWHFWXUH#
„
:HE0'$9
„
2XWORRN#:HE#$FFHVV#$UFKLWHFWXUH#
„
6HUYHU#&RPSRQHQWV#
„
/RJRQ#DQG#0DLOER[#'LVSOD\
„
2SHQLQJ#DQ#,WHP
„
&OLHQW#$XWKHQWLFDWLRQ
„
)URQW0(QG2%DFN0(QG#6HUYHU#$XWKHQWLFDWLRQ


Understanding Outlook Web Access architecture will enable you to effectively
implement a remote access strategy for your users.
6OLGH#2EMHFWLYH#
7R#RXWOLQH#2XWORRN#:HE#
$FFHVV#DUFKLWHFWXUH#WRSLFV1#
/HDG0LQ#
7KHUH#DUH#VHYHUDO#
DUFKLWHFWXUDO#LVVXHV#DQG#
FRPSRQHQWV#WR#FRQVLGHU#
ZKHQ#GHSOR\LQJ#2XWORRN#
:HE#$FFHVV1#

# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##:#


:HE0'$9#
„
:HE0'$9#+5)&#584;,#,V#D#6HW#RI#+773#([WHQVLRQV#IRU#
$XWKRULQJ
„
3ULPDU\#)HDWXUHV#,QFOXGH#2YHUZULWH#3URWHFWLRQ/#
1DPHVSDFH#0DQDJHPHQW/#DQG#3URSHUW\#$FFHVV
„
:HE0'$9#6HUYHU#²,,6#813#DQG#([FKDQJH#5333
„
:HE0'$9#&OLHQWV#² ,QWHUQHW#([SORUHU#8/#2IILFH#5333/#:HE#
)ROGHUV#+%XLOW#LQ#WR#:LQGRZV#5333#RU#,QVWDOOHG#E\#
,QWHUQHW#([SORUHU#8,
„
,QWHUQHW#([SORUHU#8#XVHV#:HE0'$9#ZLWK#2XWORRN#:HE#
$FFHVV


Web-DAV is a set of extensions to Hypertext Transfer Protocol (HTTP), the
standard protocol that enables Web browsers to talk to Web servers. Web-DAV
can accommodate all types of content, which means users can use Web-DAV to
work collaboratively on a word processing document, a spreadsheet, or an
image file. Anything you can store in a file can potentially be authored using
Web-DAV.
Internet Explorer 5 clients use an extended version of HTTP known as
Web-DAV. Web-DAV makes the Web a collaborative, write-able medium.
Prior to Web-DAV, users mainly downloaded data to review on their local

computer.
)HDWXUHV#
Web-DAV provides the following features:
„#
Overwrite protection (file locking). Web-DAV makes it possible for Web
users to write, edit, and save shared documents without overwriting another
person’s work, regardless of which software program or Internet service
they are using. Overwrite prevention is the key to the collaboration support
in Web-DAV.
„#
Namespace management. Namespace management capabilities enable users
to conveniently manage Internet files and directories, including the ability to
move and copy files. The process is similar to the way word-processing files
and directories are managed on a regular computer.
„#
Property (metadata) access. The properties feature in Web-DAV is an
efficient means of storing and retrieving what is known as “metadata”


information about a Web document, such as the author's name, copyright,
publication date, and keywords. Internet search engines use metadata to find
and retrieve relevant documents.

More information on Web-DAV can be found at .
Web-DAV is defined in Request for Comments (RFC) 2518.
6OLGH#2EMHFWLYH#
7R#LQWURGXFH#WKH#:HE0'$9#
SURWRFRO/#:HE0'$9#
IHDWXUHV/#DQG#:HE#)ROGHUV1#
/HDG0LQ#

,QWHUQHW#([SORUHU#8#FOLHQWV#
XVH#DQ#H[WHQGHG#YHUVLRQ#RI#
WKH#+773#SURWRFRO#NQRZQ#DV#
:HE0'$91#
;# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


:HE#)ROGHUV#
Web Folders provide another way to use Web-DAV to access data in Exchange.
Web Folders are designed to enable you to access a Web server in the same way
you access a file server, and Exchange 2000 also allows you to access
directories and items in the information store just like a file server. You can use
applications like Windows Explorer or Office 2000 to manage the data in the
Web Folder.
Web Folders are built into Windows 2000 and are added to Windows NT
version 4.0 and Windows 98 systems when a full installation of Internet
Explorer 5 is performed or Office 2000 is installed. You can configure a Web
Folder by adding a network place in My Network Places in Windows 2000 or
in the My Computer – Web Folders section on Windows NT 4.0 and
Windows 98.
Client requests to a Web Folder are handled in a similar manner as Web-DAV
requests from an Internet Explorer 5 client. The primary difference is that
Exchange 2000 returns Web pages to browser clients while other clients must
render the data returned from Web-DAV themselves.
# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV##<#


2XWORRN#:HE#$FFHVV#$UFKLWHFWXUH#
Internet or
Intranet

Internet or
Intranet
Internet Explorer 5
/ Other Browsers
Internet Explorer 5
/ Other Browsers
HTTP / WebDAV
Outlook Web
Access Server
Outlook Web
Access Server
http://server/exchange
Store
Store


Outlook Web Access uses the HTTP and Web-DAV to communicate between
client browsers and the Outlook Web Access server. In large sites, user
mailboxes can be placed on multiple back-end servers that are referenced by
one or more front-end servers. Multiple server architecture provides additional
scalability and a single namespace for the back-end servers.
$FFHVVLQJ#D#6HUYHU#
When using a typical client, such as Outlook, the user interacts directly with the
Exchange server. However, with Outlook Web Access
,
the user interacts with
IIS (Internet Information Services) Web service from their browser. The
browser communicates with the server using HTTP and Web-DAV.
When IIS receives a client request for an item in a virtual directory mapped to
the Exchange Server information store, IIS transfers the request to an Exchange

Internet Services Application Programming Interface (ISAPI) application that
communicates with the Exchange Server information store. The information
store returns the requested data and the ISAPI application renders it into the
appropriate HTML for the client’s browser.
In addition to HTML, Outlook Web Access sends additional data to Internet
Explorer 5 clients by using XML. Using XML enables the client to increase
processing performance while sending fewer requests to the server.
In a scaled or distributed environment, one or more front-end servers process a
client’s requests and route them to the back-end server that contains the client
user’s mailbox.
6OLGH#2EMHFWLYH#
7R#LQWURGXFH#WKH#
DUFKLWHFWXUH#RI#2XWORRN#:HE#
$FFHVV1#
/HDG0LQ#
7KH#2XWORRN#:HE#$FFHVV#
VHUYHU#SHUIRUPV#IXQFWLRQV#
LGHQWLFDO#WR#WKRVH#RI#D#0$3,#
FOLHQW1#
43# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


6HUYHU#&RPSRQHQWV#
Windows 2000 Network
Windows 2000 Network
Windows 2000 Network
IIS
NTFS
NTFS
HTTP Request

Exchange
Virtual
Directory
Exchange ISAPI
Exchange ISAPI
Exchange
EXIFS
EXIFS
ExOLEDB
ExOLEDB
Store
Store
IIS Request
IIS Request
Processing
Processing
IIS Virtual
Directory


The Outlook Web Access server functions as a proxy for all message traffic by
using Web browsers to access data on a computer running Exchange. Client
requests are received by the IIS 5.0 Web service and passed to the Outlook Web
Access ISAPI application for processing. If the server contains the
Exchange 2000 database, Outlook Web Access uses a high-speed channel to
access the store. If the server is a front-end server, Outlook Web Access proxies
the request to a back-end server that is using HTTP.

Unlike Exchange Server 5.5, IIS is a required component of
Exchange 2000 and is automatically installed on every computer running

Exchange 2000.

If the client is using Internet Explorer 5, Outlook Web Access uses the DHTML
feature of Internet Explorer to perform more of the rendering on the client,
which improves server performance. By using DHTML behaviors, Outlook
Web Access can encapsulate commonly used HTML and script and download it
only once to the client. For all other clients, such as Internet Explorer 4.x and
Netscape Navigator, most of the rendering is performed on the server with a
small amount of JavaScript being sent to the client.
6OLGH#2EMHFWLYH#
7R#H[SODLQ#WKH#2XWORRN#:HE#
$FFHVV#VHUYHU#FRPSRQHQWV1#
/HDG0LQ#
6HYHUDO#VRIWZDUH#
FRPSRQHQWV#ZRUN#WRJHWKHU#
WR#SURYLGH#2XWORRN#:HE#
$FFHVV#IXQFWLRQDOLW\1#
1RWH#
# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV# # 44#


/RJRQ#DQG#0DLOER[#'LVSOD\#
Active Directory-based
Domain Controller
Active Directory-based
Domain Controller
Outlook Web
Access Server
Outlook Web
Access Server

Web
Browser
Web
Browser
http://
Outlook Web Access servername
/exchange
User Is Authenticated
Mailbox Location
Is Queried
Default Page Returned
for Mailbox
1
1
1
2
2
2
4
4
4
3
3
3


Outlook Web Access uses logon credentials to automatically open a mailbox.
The Outlook Web Access server can also use the URL to specify the mailbox to
open (http://Outlook Web Access Servername
2

exchange/mailbox name).
The following steps describe the flow of information when a user logs on to
their mailbox and views the Inbox:
1. The user requests the Exchange 2000 mailbox by specifying the following
URL in their browser:
http://Outlook Web Access Servername/exchange/mailbox
2. The user is authenticated by the IIS Web server, which determines a user’s
Windows 2000 account.
3. The mailbox location for the user is queried from Active Directory
™

directory service.
If the mailbox is on another server, the browser is redirected to that server
and user authentication occurs again.
4. Outlook Web Access returns a default page for the mailbox that contains a
navigation bar in the left-hand frame and a view of the mailbox contents
(\exchange\mailbox name) in the right-hand frame.


In Exchange Server 5.5, Outlook Web Access used a separate logon page
for users, which asked the user for the name of the mailbox to which they
wanted to connect.

6OLGH#2EMHFWLYH#
7R#VKRZ#WKH#IORZ#RI#
LQIRUPDWLRQ#ZKHQ#D#XVHU#
ORJV#RQ#WR#WKHLU#PDLOER[1#
/HDG0LQ#
([FKDQJH#5333#XVHV#ORJRQ#
FUHGHQWLDOV#WR#DXWRPDWLFDOO\#

RSHQ#D#PDLOER[1#
1RWH#
45# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


2SHQLQJ#DQ#,WHP#
Web
Browser
Exchange
IIS
Exchange ISAPI
Exchange ISAPI
(
(
DavEx
DavEx
)
)
High Speed IIS-
Exchange
Interface
Forms
Registry
Default
Templates
HTTP / WebDAV
ExOleDB
ExOleDB
Component
Component

Outlook Web
Access
Server-Side
Component
Active
Directory
Active
Directory
Store
Store
DSACCES
DSACCES
Request
Renderer


The following process describes how Outlook Web Access opens and displays
an e-mail message. This process also applies to other Outlook Web Access
operations, such as opening and displaying a folder.
41#%URZVHU=#5HTXHVW#)RU#(0PDLO#0HVVDJH#6HQW#
You can access a message from the browser by:
„#
Clicking on the message in a folder contents view.
„#
Typing the URL to the message into the Address field of the browser and
pressing ENTER.
„#
Choosing a browser favorite item that points to a message.

For all of these methods, the browser issues a GET request for a URL that looks

like this:
KWWS=22VHUYHU2YURRW2XVHU2IROGHU2PHVVDJH1HPO#
#
Because this URL does not have any query strings, the server will return a
rendering of this resource based on its Message-Class and the default action
configured for this class.
6OLGH#2EMHFWLYH#
7R#SURYLGH#D#VWHS0E\0VWHS#
GHVFULSWLRQ#RI#WKH#SURFHVV#RI#
DFFHVVLQJ#([FKDQJH#GDWD#
WKURXJK#D#:HE#EURZVHU1#
/HDG0LQ#
<RX#FDQ#JDLQ#DFFHVV#WR#
([FKDQJH#GDWD#IURP#D#:HE#
EURZVHU1#
# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV# # 46#


51#,,6#:HE#6HUYHU=#([FKDQJH#,6$3,#+DQGOHV#WKH#5HTXHVW#
When IIS receives the request, IIS passes the request to the Exchange ISAPI
component DavEx.dll. This component parses the request for the following
information and then sends the request to the Exchange store.
Parsed Item Used to

HTTP User-Agent Field header Determine the browser type, version,
operating system, and how the content
should be rendered.
HTTP Accept-Language header Determine the language for the rendered
content.
HTTP Translate header Determine if the content should be

rendered for a browser or returned without
rendering to a Web-DAV application such
as Word 2000.
Query String Determine a specific action to perform.

61#,QIRUPDWLRQ#6WRUH=#,WHP#7\SH#'HWHUPLQHG#
The server verifies that the user has access to the item in the information store,
determines the type of object, and returns the type of item and its state (read,
unread, and so on) to the Exchange ISAPI application.
71#,,6#:HE#6HUYHU=#([FKDQJH#,6$3,#6HOHFWV#WKH#)RUP#
The Exchange ISAPI application takes these object attributes and looks for a
form definition in the Forms Registry that matches the object’s type. If the
Exchange ISAPI application cannot find a matching form definition, it uses a
default form stored in Wmtemplates.dll. If the browser language is not English,
language specific strings are loaded from other template libraries in the
\Exchsrvr\Res\ directory.
81#,QIRUPDWLRQ#6WRUH=#,QIRUPDWLRQ#6WRUH#5HWULHYHV#'DWD#IRU#7KH#)RUP#
After a form definition is found, the Exchange ISAPI application parses the
form, and notifies the information store to retrieve the data it references.
91#,,6#:HE#6HUYHU=#([FKDQJH#,6$3,#5HQGHUV#WKH#)RUP#
When the data is returned from the information store, the Exchange ISAPI
application renders the form into the appropriate HTML and XML and sends it
to the client.
The HTML information is not browser or platform dependent. Outlook Web
Access renders the HTML based on a variety of factors, including the browser
version. Non-Internet Explorer browsers will receive HTML code that
conforms to the HTML 3.2 standard. Internet Explorer 5 and later browsers will
receive dynamic HTML, which means different elements will respond to user
clicks and not require communication with the server.
Outlook Web Access uses a frameset consisting of two frames, the navigation

bar or Outlook Bar and the contents, or viewer frame. When a message is
opened, it opens in the viewer frame. The client now has a rendering of the
message in the viewer frame.
47# # 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV#


&OLHQW#$XWKHQWLFDWLRQ#
'RPDLQ
Domain
Controller
IIS
Server
Client
Verification of
Client Credentials
Request


Before the IIS Web server enables Outlook Web Access users to access
resources on the server, the IIS Web server verifies the user’s credentials by
passing the user information to a domain controller for authentication.
The following table describes the authentication methods that IIS 5.0 uses to
verify client credentials.
Authentication
Method
Benefits Disadvantages

Anonymous Supported by all clients, this method is
an easy way to allow access to
unsecured content in public folders.

Does not provide security on an individual basis.
All anonymous authenticated users can access
any content the Anonymous user account
(IUSER_Computername) has access to.
Basic Supported by most clients, this method
works through proxies and firewalls.
Password is sent as clear text, unless the Secure
Sockets Layer (SSL) protocol is used to encrypt.
Digest The password is sent as a hashed value,
which works through proxies and
firewalls. This method works with all
HTTP 1.1 compliant browsers.
Password is unencrypted in the Windows 2000
domain controller (must protect the server
carefully).
Does not work through front-end server.
Certificate Very secure and supported by a broad
range of clients.
Requires creating, obtaining, and managing
certificates, and then deploying them to the
clients.
Integrated Windows The password is sent as an encrypted
value for highest security.
Only supported by Internet Explorer 2.0 and
greater clients.
Does not work through HTTP proxies.
Only works through a front-end server when
using Internet Explorer 5 on Windows 2000.



6OLGH#2EMHFWLYH#
7R#H[SODLQ#KRZ#DQ#2XWORRN#
:HE#$FFHVV#VHUYHU#REWDLQV#
DXWKHQWLFDWLRQ#FUHGHQWLDOV#
IURP#D#GRPDLQ#FRQWUROOHU1#
/HDG0LQ#
2XWORRN#:HE#$FFHVV#VHUYHU#
FRPSXWHUV#PXVW#ILUVW#REWDLQ#
DXWKHQWLFDWLRQ#FUHGHQWLDOV#
EHIRUH#ORJJLQJ#RQ#WR#DQ#
([FKDQJH#VHUYHU1#
# 0RGXOH#45=#'HSOR\LQJ#([FKDQJH#5333#2XWORRN#:HE#$FFHVV# # 48#


You can also use SSL to encrypt all of the communication between the client
and server, regardless of the authentication method selected.
You can enable or disable these authentication methods by using the Internet
Services Manager program and modifying the properties of the virtual
directory.

Previous versions of Exchange Server supported authentication methods
included with Microsoft Site Server and Microsoft Commercial Internet
Services. These methods, Distribute Password Authentication and Membership
Basic, are not available with Exchange 2000.

1RWH#