How it Works
Novell
Loading...
A
B
C
D
E
F
G
I
L
O
P
Q
S
V
Loading...
Loading...
GROUPWISE 7
CROSS-PLATFORM CLIENT USER GUIDE
130 pgs2.35 Mb0
INSTALLATION AND ADMINISTRATION guide
4 pgs140.45 Kb0
User Manual
34 pgs562.69 Kb0
Post Offices
47 pgs1.01 Mb0
GATEWAY guide
144 pgs2.37 Mb0
TROUBLESHOOTING
175 pgs3.24 Mb0
Installation Guide
328 pgs4.73 Mb0
Security Policies
11 pgs247.67 Kb0
WebAccess
110 pgs2.07 Mb0
Resources
14 pgs381.2 Kb0
WEBACCESS CLIENT USER GUIDE
100 pgs1.63 Mb0
QUICK START
10 pgs207.98 Kb0
Distribution Lists
29 pgs572.88 Kb0
Internet Agent
152 pgs2.66 Mb0
Security Administration
49 pgs744.92 Kb0
FAQ
40 pgs527.57 Kb0
Databases
89 pgs1.64 Mb0
System
73 pgs1.32 Mb0
WINDOWS CLIENT USER GUIDE
389 pgs10.06 Mb0
Post Office Agent
142 pgs2.56 Mb0
Users
46 pgs1.03 Mb0
Libraries and Documents
80 pgs1.5 Mb0
Monitor
70 pgs1.49 Mb0
ADMINISTRATION GUIDE
1192 pgs18.85 Mb0
Interoperability Guide
485 pgs5.99 Mb0
TROUBLESHOOTING
284 pgs3.12 Mb0
TROUBLESHOOTING
107 pgs1.23 Mb0
Message Transfer Agent
97 pgs1.74 Mb0
MULTI-SYSTEM ADMINISTRATION GUIDE
75 pgs932.32 Kb0
Domains
43 pgs1.08 Mb0
Client
77 pgs1.71 Mb0
GATEWAY guide
108 pgs1.75 Mb0
GATEWAY guide
3 pgs181.85 Kb0
GATEWAY guide
5 pgs186.77 Kb0
INSTALLATION AND ADMINISTRATION guide
140 pgs2.12 Mb0
Table of contents
Loading...

Novell GROUPWISE 7 WebAccess

XII
WebAccess
Chapter 53, “Scaling Your WebAccess Installation,” on page 855
Chapter 54, “Configuring WebAccess Components,” on page 869
Chapter 56, “Monitoring WebAccess Operations,” on page 925
Chapter 57, “Using WebAccess Startup Switches,” on page 945
novdocx (en) 11 December 2007
XII
WebAccess
853
novdocx (en) 11 December 2007
854 GroupWise 7 Administration Guide
53
Scaling Your WebAccess
novdocx (en) 11 December 2007
Installation
If your GroupWise® system is relatively small (one domain and a few post offices) and all post offices reside in the same location, a basic installation of GroupWise WebAccess might very well meet your needs. However, if your GroupWise system is large, spans multiple locations, or requires failover support, you might need to scale your GroupWise WebAccess installation to better meet the reliability, performance, and availability needs of your users.
The following sections provide information about the various configurations you can implement and instructions to help you create the configuration you choose:
Section 53.1, “WebAccess Configurations,” on page 855
Section 53.2, “Installing Additional WebAccess Components,” on page 858
Section 53.3, “Configuring Redirection and Failover Support,” on page 860
For information about creating a basic GroupWise WebAccess installation, see “Installing
GroupWise WebAccess” in the GroupWise 7 Installation Guide.

53.1 WebAccess Configurations

A basic installation of GroupWise WebAccess requires the WebAccess Agent and the WebAccess Application, as shown in the following diagram. The WebPublisher Application is also required if you plan to use GroupWise WebPublisher.
53
Figure 53-1 A Basic Installation of GroupWise WebAccess
Web Server with
WebAccess and
WebPublisher Applications
Depending on your needs, it might be necessary for you to add additional WebAccess Agents or to have multiple Web servers running the WebAccess Application and WebPublisher Application.
Section 53.1.1, “Multiple WebAccess Agents,” on page 855
Section 53.1.2, “Multiple WebAccess and WebPublisher Applications,” on page 856
WebAccess
Agent
Post Office
Post Office
Domain

53.1.1 Multiple WebAccess Agents

GroupWise WebAccess is designed to allow one installation of the WebAccess Application and WebPublisher Application to support multiple WebAccess Agents, as shown in the following diagram.

Scaling Your WebAccess Installation

855
Figure 53-2 Multiple WebAccess Agents
novdocx (en) 11 December 2007
Web Server with
WebAccess and
WebPublisher Applications
WebAccess
Agent
WebAccess
Agent
WebAccess
Agent
Post Office
Domain
Post Office
Domain
Post Office
Domain
Post Office
Post Office
Post Office
There are various reasons why you might want to add additional WebAccess Agents, including:
Improving reliability: One WebAccess Agent might provide sufficient access and
performance, but you want to protect against downtime that would occur if the WebAccess Agent became unavailable because of server failure or some other reason. Installing more than one WebAccess Agent enables you to set up failover support to make your system more reliable.
Improving performance: The WebAccess Agent is designed to be close to the GroupWise
databases. It requires direct access to a domain database and either direct access to post office databases or TCP/IP access to the Post Office Agents. For best performance, you should ensure that the WebAccess Agent is on the same local area network as the domain and post offices it needs access to. For example, in most cases you would not want a WebAccess Agent in Los Angeles accessing a post office in London.
Improving availability: The WebAccess Agent has 12 threads assigned to process user
requests, which means that it can process only 12 requests at one time regardless of the number of users logged in. If necessary, you can increase the number of threads allocated to the WebAccess Agent, but each thread requires additional server memory. If you reach a point where WebAccess is unavailable to users because thread utilization is at a peak and all server memory is being used, you might need to have several WebAccess Agents, installed on different network servers, servicing your post offices. For information about changing the number of allocated threads, see Section 54.1, “Configuring the WebAccess Agent,” on
page 870.

53.1.2 Multiple WebAccess and WebPublisher Applications

As with the WebAccess Agent, you can also install the WebAccess Application and WebPublisher Application to multiple Web servers, as shown in the following diagram.
856 GroupWise 7 Administration Guide
Figure 53-3 The WebAccess Application and WebPublisher Application Installed to Multiple Web Servers
pp
Web Server with
WebAccess and
WebPublisher Applications
novdocx (en) 11 December 2007
Web Server with
WebAccess and
WebPublisher A
lications
WebAccess
Agent
Post Office
Domain
Post Office
Some reasons for wanting to use this type of configuration include:
Enabling WebAccess users on an intranet to access GroupWise through an internal Web server
and WebAccess users on the Internet to access GroupWise through an exposed Web server.
Increasing Web server performance by balancing the workload among several Web servers,
especially if you are using the Web server for other purposes in addition to GroupWise WebAccess.
Hosting WebAccess (the WebAccess Application) on one Web server for your GroupWise
users and WebPublisher (the WebPublisher Application) on another Web server for public Internet use.
If necessary, you can use multiple WebAccess Agents in this configuration, as shown below.
Figure 53-4 The WebAccess Application on One Web Server, and the WebPublisher Application on Another
Web Server with
WebAccess and
WebPublisher Applications
Web Server with
WebAccess and
WebPublisher Applications
WebAccess
Agent
WebAccess
Agent
WebAccess
Agent
Post Office
Post Office
Domain
Post Office
Post Office
Domain
Post Office
Post Office
Domain
Scaling Your WebAccess Installation 857

53.2 Installing Additional WebAccess Components

The following sections assume that you have installed at least one WebAccess Agent and one WebAccess Application (or WebPublisher Application) and now need to install additional agents or applications.
Section 53.2.1, “Installing Additional Components on NetWare or Windows,” on page 858
Section 53.2.2, “Installing Additional Components on Linux,” on page 859

53.2.1 Installing Additional Components on NetWare or Windows

“Installing a NetWare or Windows WebAccess Agent” on page 858
“Installing a NetWare or Windows WebAccess or WebPublisher Application” on page 858
For more information, see “NetWare and Windows: Setting Up GroupWise WebAccess” in the
GroupWise 7 Installation Guide.
novdocx (en) 11 December 2007
Installing a NetWare or Windows WebAccess Agent
1 Insert the GroupWise 7 Administrator for NetWare/Windows CD into the CD drive to start the
Installation program, click Install Products, click GroupWise WebAccess, then click Install GroupWise WebAccess. If the Installation program does not start automatically, run
setup.exe from the root of the CD.
or
If you’ve already copied the GroupWise WebAccess software to a software distribution directory, run setup.exe from the internet\webacces directory.
2 Click Ye s to accept the license agreement and display the Select Components dialog box.
3 Deselect all components except the GroupWise WebAccess Agent, then click Next.
4 Follow the prompts to create the WebAccess Agent’s gateway directory, install the WebAccess
Agent software, and create the WebAccess Agent’s object in Novell
If you are installing to a domain where another WebAccess Agent already exists, you must use a different directory and object name than the one used for the existing WebAccess Agent.
5 When installation is complete, you need to configure your system so that the WebAccess and
WebPublisher Applications know about the WebAccess Agent and can direct the appropriate user requests to it. For information, see Section 53.3, “Configuring Redirection and Failover
Support,” on page 860.
Installing a NetWare or Windows WebAccess or WebPublisher Application
®
eDirectoryTM.
To install a WebAccess Application or a WebPublisher Application to a Web server:
1 Insert the GroupWise 7 Administrator for NetWare/Windows CD into the CD drive to start the
installation program, click Install Products, click Groupwise WebAccess, then click Install GroupWise WebAccess. If the installation program does not start automatically, run setup.exe from the root of the CD.
858 GroupWise 7 Administration Guide
or
If you’ve already copied the Groupwise WebAccess software to a software distribution directory, run setup.exe from the internet/webacces directory.
2 Click Yes to accept the license agreement and display the Select Components dialog box.
3 Deselect all components except the GroupWise WebAccess application and/or the Groupwise
WebPublisher Application, then click Next.
The WebAccess Application and WebPublisher Application must be associated with a WebAccess Agent. For information on configuring a WebAccess or WebPublisher Application to connect to other WebAccess Agents, see Section 53.3, “Configuring Redirection and
Failover Support,” on page 860.
4 Specify the path for the WebAccess Agent’s gateway directory.
5 Follow the prompts to install the files to the Web server. Restart the Web server.

53.2.2 Installing Additional Components on Linux

“Installing a Linux WebAccess Agent” on page 859
“Installing a Linux WebAccess and WebPublisher Application” on page 860
novdocx (en) 11 December 2007
For more information, see “Linux: Setting Up GroupWise WebAccess” in the GroupWise 7
Installation Guide.
Installing a Linux WebAccess Agent
1 Make sure that LDAP is running on your eDirectory server and that it is configured to accept
login from the WebAccess Agent Installation program.
2 In a terminal window, become root by entering sux and the root password.
The sux command enables the X Window System, which is required for running the GUI GroupWise Installation program, Installation Advisor, and the Setup Advisor. If you do not want to use the X Window System, you can install GroupWise components individually, as described in “Installing the GroupWise Agents Using the Text-Based Installation Program” in Installing GroupWise Agents” in the GroupWise 7 Installation Guide.
3 Change to the root of the GroupWise 7 Administrator for Linux CD.
4 Enter ./install.
5 Select the language in which you want to run the Installation program and install the
WebAccess software, then click Next.
6 In the Installation program, click Install Products > GroupWise WebAccess > Install
WebAccess Agent.
7 When the installation is complete, click OK.
8 Click Configure WebAccess Agent.
9 Follow the prompts to configure the Linux WebAccess Agent.
10 When installation and configuration is complete, you need to configure your GroupWise
system so that the WebAccess and WebPublisher Applications know about this instance of the WebAccess Agent and can direct the appropriate user requests to it. For instructions, see
Section 53.3, “Configuring Redirection and Failover Support,” on page 860.
Scaling Your WebAccess Installation 859
Installing a Linux WebAccess and WebPublisher Application
To install a WebAccess Application and a WebPublisher Application to a Web server:
1 After installing and configuring the WebAccess Agent, if you want to use an existing Apache
and Tomcat installations, click Install GroupWise WebAccess Application.
or
Click Install GroupWise WebAccess Application with Apache and Tomcat.
This installs a version of Apache and Tomcat specifically for use with GroupWise. Apache files are installed under /var/opt/novell/http and /etc/opt/novell/http. Tomcat files are installed under /var/opt/novell/tomcat4 and /etc/opt/novell/
tomcat4.
In addition, a self-signed certificate is generated, enabling users to use WebAccess and WebPublisher using an SSL connection.
NOTE: The option to install Apache and Tomcat along with the WebAccess Application is not available if you are installing to Novell Open Enterprise Server Linux because Apache and Tomcat are already installed and configured correctly in that environment.
novdocx (en) 11 December 2007
2 When the installation is complete, click OK.
3 Click Configure WebAccess Application.
4 Follow the prompts to configure the Linux WebAccess Application.
5 When the installation and configuration is complete, start or restart the Web server.

53.3 Configuring Redirection and Failover Support

Redirection enables the WebAccess Application to direct user requests to specific WebAccess Agents. For example, you might want WebAccess Agent 1 to process all requests from users on Post Office 1 and WebAccess Agent 2 to process all requests from users on Post Office 2.
Failover support enables the WebAccess Application to contact a second WebAccess Agent if the first WebAccess Agent is unavailable. For example, if the WebAccess Application receives a user request that should be processed by WebAccess Agent 1 but it is unavailable, the WebAccess Application can route the user request to WebAccess Agent 2 instead.
The following sections provide information to help you successfully configure redirection and failover support:
Section 53.3.1, “How the WebAccess Application Knows Which WebAccess Agents to Use,”
on page 861
Section 53.3.2, “Synchronizing the Encryption Key,” on page 863
Section 53.3.3, “Specifying a WebAccess Agent in the WebAccess URL,” on page 864
Section 53.3.4, “Assigning a Default WebAccess Agent to a Post Office,” on page 865
Section 53.3.5, “Assigning a Default WebAccess Agent to a Domain,” on page 866
Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s List,” on
page 867
860 GroupWise 7 Administration Guide

53.3.1 How the WebAccess Application Knows Which WebAccess Agents to Use

To redirect user requests or to fail over to a second WebAccess Agent, the WebAccess Application needs to know which WebAccess Agents you want it to use. This might be all of the WebAccess Agents in your system, or only specific WebAccess Agents.
Each time a user logs in, the WebAccess Application compiles a list, referred to as a redirection/ failover list, of the WebAccess Agents defined in the locations listed below.
The WebAccess URL. The standard URL does not contain a WebAccess Agent, but you can
modify the URL to point to a specific agent.
The user’s Post Office object. You can assign a default WebAccess Agent to the post office to
handle requests from the post office’s users.
The user’s Domain object. You can assign a default WebAccess Agent to the domain to
handle requests from the domain’s users.
The GroupWiseProvider object. This is the service provider used by the WebAccess
Application to connect to WebAccess Agents.
novdocx (en) 11 December 2007
The commgr.cfg file. This file located in the WebAccess Application’s home directory, which
varies by platform.
NetWare and Windows:
Linux: /opt/novell/groupwise/webaccess/users
novell\webaccess\users on the Web server
By default, only the GroupWise Provider object and the commgr.cfg file include a WebAccess Agent definition, as shown in the following table:
Table 53-1 WebAccess Agent Default Locations
Location WebAccess Agent
WebAccess URL No agent defined
Post office No agent defined
Domain No agent defined
GroupWise service provider Agent 1
Commgr.cfg Agent 1
If no other WebAccess Agents are defined (as is the case by default), the WebAccess Application directs all user requests to the WebAccess Agent (Agent 1) listed in the commgr.cfg file. This file is located in the WebAccess Application’s home directory on the Web server. The commgr.cfg file contains the IP address and encryption key for the WebAccess Agent that was associated with the WebAccess Application during the application’s installation.
If Agent 1 is not available, the user receives an error message and cannot log in.
Scaling Your WebAccess Installation 861
Redirection/Failover List: Example 1
Assume that the WebAccess Agents are defined as follows:
Location WebAccess Agent
WebAccess URL No agent defined
Post office Agent 1
Domain Agent 4
GroupWise service provider Agent 2
Agent 3
Commgr.cfg Agent 4
Using this information, the WebAccess Application would create the following redirection/failover list:
List Entry Taken From
novdocx (en) 11 December 2007
Agent 1 Post office
Agent 4 Domain
Agent 2 GroupWise service provider
Agent 3 GroupWise service provider
Because there is no WebAccess Agent defined in the WebAccess URL, the WebAccess Application redirects the user’s request to the default WebAccess Agent (Agent 1) assigned to the user’s post office. If Agent 1 is unavailable, the WebAccess Application fails over to the domain’s default WebAccess Agent (Agent 4). If Agent 4 is unavailable, the WebAccess Application fails over to Agent 2 and then Agent 3, both of which are defined in the GroupWise service provider’s list.
Redirection/Failover List: Example 2
Assume that the WebAccess Agents are defined as follows:
Location WebAccess Agent
WebAccess URL No agent defined
Post office No agent defined
Domain No agent defined
GroupWise service provider Agent 1
Commgr.cfg Agent 2
Using this information, the WebAccess Application would create the following redirection/failover list:
862 GroupWise 7 Administration Guide
Agent 2 Agent 3
List Entry Taken From
Agent 1 GroupWise service provider
Agent 2 GroupWise service provider
Agent 3 GroupWise service provider
Because there is no WebAccess Agent defined in the WebAccess URL, user’s post office, or user’s domain, the WebAccess Application redirects the user’s request to the first WebAccess Agent (Agent 1) in the GroupWise service provider’s list. If Agent 1 is unavailable, the WebAccess Application fails over to Agent 2 and then Agent 3.

53.3.2 Synchronizing the Encryption Key

Every WebAccess Agent has an encryption key. In order to communicate with a WebAccess Agent, the WebAccess Application must know the agent’s encryption key. The encryption key is randomly generated when the WebAccess Agent object is created in eDirectory, which means that every WebAccess Agent has a unique encryption key.
novdocx (en) 11 December 2007
If a WebAccess Application communicates with more than one WebAccess Agent, all the WebAccess Agents must use the same encryption key.
To modify a WebAccess Agents encryption key:
®
1 In ConsoleOne
, right-click the WebAccess Agent object, then click Properties.
2 Click WebAccess to display the WebAccess Settings page.
3 Make the encryption key the same as the key for any other WebAccess Agents with which the
WebAccess Application communicates.
4 Click OK to save the changes.
Scaling Your WebAccess Installation 863

53.3.3 Specifying a WebAccess Agent in the WebAccess URL

To have the WebAccess Application connect to a WebAccess Agent other than the one specified in the commgr.cfg file, you can add the WebAccess Agent’s IP address and port number to the URL that calls the WebAccess Application. For example, the default WebAccess Application URL is:
http://web_server_ip_address/gw/webacc
This URL causes the WebAccess Application to use the IP address and port number that is listed in the commgr.cfg file. To redirect the WebAccess Application to another WebAccess Agent, you would use the following URLs:
http://web_server_ip_address/gw/webacc
?GWAP.ip=agent_ip_address&GWAP.port=port_number
For example:
http://172.16.5.18/gw/webacc
?GWAP.ip=172.16.6.10&GWAP.port=7204
In this example, the WebAccess Application redirects its requests to the WebAccess Agent at IP address 172.16.6.10 and port number 7204. If the WebAccess Agent is using the same port number that is listed in the commgr.cfg file, you do not need to include the GWAP.port parameter. Or, if the WebAccess Agent is using the same IP address that is listed in the commgr.cfg file, you do not need to include the GWAP.ip parameter.
novdocx (en) 11 December 2007
If you want, you can use the WebAccess Agent’s DNS hostname in the URL rather than its IP address.
You can also specify the user interface language by adding the &User.lang option. This allows you to bypass the initial WebAccess language page. For example:
http://172.16.5.18/gw/webpub
?GWAP.ip=172.16.6.10&GWAP.port=7204&User.lang=en
You can use the language codes listed below with the &User.lang parameter in the WebAccess URL.
Table 53-2 Language Codes
Language Code Language Code
Arabic ar Hebrew iw
Brazilian Portuguese pt Hungarian hu
Chinese Simplified cs Italian it
Chinese Traditional ct Japanese jp
Czechoslovakian cz Korean kr
Danish da Norwegian no
Dutch nl Polish pl
English us Russian ru
Finnish su Spanish es
French fr Swedish sv
864 GroupWise 7 Administration Guide
Language Code Language Code
German de
You can add the URL to any Web page. For example, if you are using the Web Services page as your initial WebAccess page, you could add the URL to that page. You should add one URL for each WebAccess Agent.
For example, suppose you had offices in three different locations and installed a WebAccess Agent at each location to service the post offices at those locations. To enable the WebAccess Application to redirect requests to the WebAccess Agent at the appropriate location, you could modify the Web Services page to display a list of the locations. The modified page would include the following HTML code (if WebAccess is running on NetWare or Windows):
<UL>
<LI><A HREF="http://172.16.5.18/gw/ webacc?GWAP.ip=172.16.6.10&GWAP.port=7204>San Francisco </A></LI>
novdocx (en) 11 December 2007
<LI><A HREF="http://172.16.5.18/gw/webacc?GWAP.ip=172.16.6.12>New York </A></LI>
<LI><A HREF="http://172.16.5.18/gw/ webacc?GWAP.ip=172.16.6.33&GWAP.port=7203>London </A></LI>
</UL>
The displayed HTML page would contain the following list of locations:
San Francisco
New York
London
When a user selects a location, the WebAccess Application routes all requests to the WebAccess Agent at the selected location.

53.3.4 Assigning a Default WebAccess Agent to a Post Office

The WebAccess Application uses the post office’s default WebAccess Agent if no WebAccess Agent has been specified in the WebAccess URL (see Section 53.3.3, “Specifying a WebAccess Agent in
the WebAccess URL,” on page 864) or if that WebAccess Agent is unavailable. This applies only if
you have multiple WebAccess Agents installed in your GroupWise system. If you have only one WebAccess Agent, it services all post offices.
To assign a default WebAccess Agent to a post office:
1 In ConsoleOne, right-click the Post Office object, then click Properties.
2 Click GroupWise > Default WebAccess to display the Default WebAccess page.
Scaling Your WebAccess Installation 865
3 Select the Override box to turn on the option.
4 In the Default WebAccess Gateway box, browse for and select the WebAccess Agent that you
want to assign as the default agent.
When you have multiple WebAccess Agents and a user logs in to GroupWise WebAccess, the GroupWise Application running on the Web server checks to see if a default WebAccess Agent has been assigned to the user’s post office. If so, the WebAccess Application connects to the assigned WebAccess Agent. If not, it connects to the default WebAccess Agent assigned to the post office’s domain, as described in Section 53.3.5, “Assigning a Default WebAccess Agent to
a Domain,” on page 866 or to one of the WebAccess Agents in its service provider list, as
described in Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s
List,” on page 867. If possible, select a WebAccess Agent that has good access to the post
office to ensure the best performance.
5 Click OK to save the changes.
novdocx (en) 11 December 2007

53.3.5 Assigning a Default WebAccess Agent to a Domain

The WebAccess Application uses the domain’s default WebAccess Agent if 1) no WebAccess Agent has been specified in the WebAccess URL (see Section 53.3.3, “Specifying a WebAccess Agent in
the WebAccess URL,” on page 864), 2) no default WebAccess Agent has been defined for the user’s
post office, or 3) neither of those WebAccess Agents are available. This applies only if you have multiple WebAccess Agents installed in your GroupWise system. If you have only one WebAccess Agent, it services users in all domains.
To assign a default WebAccess Agent to a domain:
1 In ConsoleOne, right-click the Domain object, then click Properties.
2 Click GroupWise > Default WebAccess to display the Default WebAccess page.
866 GroupWise 7 Administration Guide
3 Select the Override box to turn on the option.
4 In the Default WebAccess Gateway box, browse for and select the WebAccess Agent that you
want to assign as the default agent.
When you have multiple WebAccess Agents and a user logs in to GroupWise WebAccess, the GroupWise Application running on the Web server checks to see if a default WebAccess Agent has been assigned to the user’s post office, as described in Section 53.3.4, “Assigning a Default
WebAccess Agent to a Post Office,” on page 865. If so, the WebAccess Application connects to
the assigned WebAccess Agent. If not, it connects to the default WebAccess Agent assigned to the post office’s domain or to one of the WebAccess Agents in its service provider list, as described in Section 53.3.6, “Adding WebAccess Agents to the GroupWise Service Provider’s
List,” on page 867. If possible, you should select a WebAccess Agent that has good access to
the domain’s post offices to ensure the best performance. Each post office uses the domain’s default WebAccess Agent unless you override the default at the post office level.
5 Click OK to save the changes.
novdocx (en) 11 December 2007

53.3.6 Adding WebAccess Agents to the GroupWise Service Provider’s List

1 In ConsoleOne, right-click the GroupWise service provider object (GroupWiseProvider), then
click Properties.
2 Click Provider to display the Environment page.
Scaling Your WebAccess Installation 867
The GroupWise WebAccess Agents list displays the WebAccess Agents the GroupWise service provider can communicate with when attempting to complete a request. By default, the list includes the WebAccess Agent that is defined in the commgr.cfg file (listed in the Configuration File field). If the first WebAccess Agent is unavailable, the GroupWise service provider attempts to use the second, third, fourth, and so on until it is successful.
novdocx (en) 11 December 2007
3 Click Add, select the WebAccess Agent you want to add to the list, then click OK.
4 Repeat Step 3 for each WebAccess Agent you want to add to the list, then click OK to save the
changes.
868 GroupWise 7 Administration Guide
54
Configuring WebAccess
novdocx (en) 11 December 2007
Components
GroupWise® WebAccess consists of a number of components. The GroupWise 7 Installation Guide presented a simple overview of those components:
Figure 54-1 WebAccess Components: Simplified
WebAccess
Web
Browser
Web
Server
Application
WebPublisher
Application
WebAccess
Agent
Viewer
Agent
This section of the GroupWise 7 Administration Guide provides additional details about those and additional components:
Figure 54-2 WebAccess Components: Complete
Speller
Application
LDAP
Server
Post Office
Library
54
LDAP Provider
GroupWise Provider
Document Service Provider
WebAccess
Agent
Viewer
Agent
Post Office
Library
Web
Browser
WebAccess
Application
Web
Server
WebPublisher
Application
Each component can be configured to meet the specific needs of your GroupWise system:
Section 54.1, “Configuring the WebAccess Agent,” on page 870
Section 54.2, “Configuring the WebAccess Application,” on page 879
Section 54.3, “Configuring the Novell Speller Application,” on page 892
Section 54.4, “Configuring the WebPublisher Application,” on page 894
Section 54.5, “Configuring the GroupWise Service Provider,” on page 903
Section 54.6, “Configuring the LDAP Service Provider,” on page 905
Section 54.7, “Configuring the GroupWise Document Service Provider,” on page 907
Section 54.8, “Configuring the Document Viewer Agent,” on page 909
Section 54.9, “Enabling Web Server Data Compression,” on page 913

Configuring WebAccess Components

869

54.1 Configuring the WebAccess Agent

The WebAccess Agent receives user requests from the WebAccess Application and WebPublisher Application, accesses post offices and libraries to process the requests, and then passes information back to the applications.
Figure 54-3 WebAccess Agent
novdocx (en) 11 December 2007
LDAP
Server
LDAP Provider
GroupWise Provider
Document Service Provider
WebAccess
Agent
Viewer
Agent
Post Office
Library
Web
Browser
Speller
Application
WebAccess
Application
Web
Server
WebPublisher
Application
During installation, the GroupWise® WebAccess Agent is set up with a default configuration. However, you can use the information in the following sections to optimize the WebAccess Agent for your environment:
Section 54.1.1, “Modifying WebAccess Settings,” on page 870
Section 54.1.2, “Modifying WebPublisher Settings,” on page 871
Section 54.1.3, “Managing Access to Post Offices,” on page 873
Section 54.1.4, “Securing WebAccess Agent Connections with SSL,” on page 875
Section 54.1.5, “Changing the WebAccess Agent’s Network Address or Port Numbers,” on
page 877
Section 54.1.6, “Binding the WebAccess Agent to a Specific IP Address,” on page 878

54.1.1 Modifying WebAccess Settings

Using ConsoleOne®, you can configure the following GroupWise WebAccess settings for the WebAccess Agent:
The maximum number of threads the agent uses to process WebAccess messages
The key used to encrypt information sent between the agent and the WebAccess Application
To modify the configuration information:
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
2 Click WebAccess > Settings to display the WebAccess Settings page.
870 GroupWise 7 Administration Guide
3 Modify any of the following fields:
Maximum Threads: This is the maximum number of threads the agent uses at one time to process requests. The default (12) enables the agent to process 12 requests at one time, which is usually sufficient. If the agent regularly receives more requests than it has threads, you might want to increase the maximum number of threads. Increasing the threads increases the amount of server memory used by the agent.
To determine the maximum number of threads that have been in use at one time (for example, 8
®
of the 12 threads), you can view the WebAccess Agent server console on NetWare
or you can view the status information displayed through the WebAccess Agent Web console on any platform. See Section 56.1, “Monitoring the WebAccess Agent,” on page 925.
Encryption Key: The encryption key is used to encrypt and decrypt the information sent between the WebAccess Agent and the WebAccess Application. If you do not want to use the default encryption key, you can type your own key. The encryption key must be identical to the encryption keys of any other WebAccess Agents that the WebAccess Application communicates with. For more information, see Section 53.3, “Configuring Redirection and
Failover Support,” on page 860.
4 Click OK to save the changes.
novdocx (en) 11 December 2007

54.1.2 Modifying WebPublisher Settings

Using ConsoleOne, you can configure the following WebPublisher settings for the WebAccess Agent:
The GroupWise account used by the WebAccess Agent to retrieve documents for WebPublisher
users
The GroupWise libraries where the WebAccess Agent looks for documents that have been
shared with GroupWise WebPublisher users
Whether the WebPublisher user has General User Access to documents
To modify the configuration information:
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
Configuring WebAccess Components 871
2 Click WebPublisher > Settings to display the WebPublisher Settings page.
novdocx (en) 11 December 2007
3 Modify any of the following fields:
GroupWise Mailbox ID: The WebPublisher proxy user serves two purposes: 1) GroupWise users make documents available to GroupWise WebPublisher users by sharing the documents with the WebPublisher proxy user and 2) the WebAccess Agent logs in to GroupWise through the WebPublisher proxy user. This enables the WebAccess Agent to search for and retrieve documents that have been shared with the WebPublisher proxy user. Specify the ID for the GroupWise mailbox you want to use.
Password: Click Set Password to specify the mailbox password.
Allow Access to These Libraries: This list displays the libraries that the WebAccess Agent
has access to. If a library is not in the list, WebPublisher users cannot see the library’s documents. If a library is listed, WebPublisher users can view any of the library’s documents that have been shared (by the document owner) with the WebPublisher proxy user.
To add a library to the list, click Add, then browse for and select the library.
To change the display name or description for the library, select the library, then click
®
Properties. By default, the library’s Novell
eDirectoryTM object name is used for the display
name.
To remove a library from the list, select the library, then click Remove.
Assign General User Access to WebPublisher Users: When sharing documents with GroupWise users, a document’s owner can assign individual access rights and general access rights (through the General User Access option). The General User Access rights determine the access for all GroupWise users who do not receive individual access rights. For example, if a document’s owner sets the General User Access to View, all GroupWise users with access to that library can view the document.
This option lets you determine whether or not you, as the GroupWise system administrator, want to give General User Access rights to WebPublisher users. For example, with this option enabled, WebPublisher users can view any documents that have General User Access set to Vie w.
4 Click OK to save the changes.
872 GroupWise 7 Administration Guide
IMPORTANT: When you first set up WebPublisher, library documents are not visible to WebPublisher users until they have been indexed by the POA. You can wait until documents are indexed as part of the POA’s next indexing cycle or you can start the indexing process manually.
5 If WebPublisher documents have not yet been indexed, run QuickFinder indexing, as described
in “Updating QuickFinder Indexes” on page 527.

54.1.3 Managing Access to Post Offices

The WebAccess Agent requires access to all post offices where WebAccess users’ mailboxes or GroupWise libraries reside. The agent can access a post office using client/server mode, direct mode, or both. By default, it uses whichever mode is defined on the Post Office object’s Post Office Settings page of the Post Office object.
“Modifying Links to Post Offices” on page 873 explains how to set the access mode to client/
server, direct, or both.
“Automating Reattachment to NetWare Servers” on page 874 explains how to configure the
agent to automatically reconnect to post offices on NetWare servers.
novdocx (en) 11 December 2007
Modifying Links to Post Offices
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
2 Click Post Office Links > Settings.
3 In the Post Offices list, select the post office whose link information you want to change, then
click Edit Link to display the Edit Post Office Link dialog box.
Configuring WebAccess Components 873
4 Define the following properties:
Access Mode: The access mode determines whether the WebAccess Agent uses client/server access, direct access, or both client/server and direct access to connect to the post office. With client/server and direct, the WebAccess Agent first tries client/server access; if client/server access fails, it then tries direct access. You can also choose to use the same access mode currently defined for the post office (on the Post Office object’s Post Office Settings page). The current access mode is displayed in the Current Post Office Access field.
Direct Access: When connecting to the post office in direct mode, the WebAccess Agent can use the post office’s UNC path (as defined on the Post Office object’s Identification page) or a mapped path that you specify.
Client/Server Access: When connecting to the post office in client/server mode, the WebAccess Agent must know the hostname (or IP address) and port number of the Post Office Agent running against the post office.
5 Click OK.
6 Repeat Step 3 through Step 5 for each post office whose link you want to change.
novdocx (en) 11 December 2007
Automating Reattachment to NetWare Servers
You can specify the reattach information for the Windows WebAccess Agent in ConsoleOne. Whenever the Windows WebAccess Agent loses its connection to a post office that is on a NetWare server, it reads the reattach information from the domain database and attempts to reattach to the NetWare server.
The NetWare WebAccess Agent does not use this information. To reattach to NetWare servers where users’ post offices reside, the NetWare WebAccess Agent uses the user ID and password specified during installation. This user ID and password are specified in the strtweb.ncf file
To specify the reattachment information for the NetWare WebAccess Agent:
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
2 Click Reattach > Settings.
874 GroupWise 7 Administration Guide
3 Define the following properties:
Tre e: Specify the eDirectory tree that the WebAccess Agent logs in to. If the WebAccess Agent does not use an eDirectory user account, leave this field blank.
Context: Specify the eDirectory context of the WebAccess Agent’s user account. If the WebAccess Agent does not use an eDirectory user account, leave this field blank.
novdocx (en) 11 December 2007
User ID: Specify the name of the user account.
Password: Specify the password for the user account.
4 Click OK.

54.1.4 Securing WebAccess Agent Connections with SSL

The GroupWise WebAccess Agent can use the SSL (Secure Socket Layer) protocol to enable secure connections to Post Office Agents (POAs) and the WebAccess Agent Web console. For it to do so, you must ensure that the WebAccess Agent has access to a server certificate file and that you specified the connection types that you want secured through SSL. The following sections provide instructions:
“Defining the Certificate File” on page 875
“Enabling SSL” on page 876
Defining the Certificate File
To use SSL, the WebAccess Agent requires access to a server certificate file and key file. The WebAccess Agent can use any Base64/PEM or PFX formatted certificate file located on its server. If the WebAccess Agent’s server does not have a server certificate file, you can use the GroupWise Generate CSR utility to help you obtain one. For information, see Section 5.17.6, “GroupWise
Generate CSR Utility (GWCSRGEN),” on page 83.
To define the certificate file and key file for the WebAccess Agent to use:
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
Configuring WebAccess Components 875
2 Click GroupWise > SSL Settings to display the SSL Settings page.
novdocx (en) 11 December 2007
3 Fill in the Certificate File, SSL Key File, and Set Password fields:
Certificate File: Select the server certificate file for the WebAccess Agent to use. The certificate file must be in Base64/PEM or PFX format. If you type the filename rather than using the Browse button to select it, use the full path if the file is not in the same directory as the WebAccess Agent program.
SSL Key File: Select the key file associated with the certificate. If the private key is included in the certificate file rather than in a separate key file, leave this field blank. If you type the filename rather than using the Browse button to select it, use the full path if the file is not in the same directory as the WebAccess Agent program.
Set Password: Click Set Password to specify the password for the key. If the key does not require a password, do not use this option.
4 If you want to define which connections will use SSL, click Apply to save your changes, then
continue with the next section, Enabling SSL.
or
Click OK to save your changes.
Enabling SSL
After you’ve defined the WebAccess Agent’s certificate and key file (see “Defining the Certificate
File” on page 875), you can configure which connections you want to use SSL.
1 In ConsoleOne, if the WebAccess Agent object’s property pages are not already displayed,
right-click the WebAccess Agent object, then click Properties.
2 Click GroupWise > Network Address to display the Network Address page.
876 GroupWise 7 Administration Guide
3 Configure the SSL settings for the following connections:
HTTP: Select Enabled to enable the WebAccess Agent to use a secure connection when passing information to the WebAccess Agent Web console. The Web browser must also be enabled to use SSL; if it is not, a non-secure connection is used.
Client/Server: Select from the following options to configure the WebAccess Agent’s use of secure connections to POAs:
Disabled: The WebAccess Agent does not support SSL connections. All connections are
non-SSL.
novdocx (en) 11 December 2007
Enabled: The POA determines whether an SSL connection or non-SSL connection is used.

54.1.5 Changing the WebAccess Agent’s Network Address or Port Numbers

If you change the network address (IP address or DNS hostname) of the WebAccess Agent’s server or move the WebAccess Agent to a new server, you need to change the network address in ConsoleOne. You can also change the port numbers used by the WebAccess Agent.
1 In ConsoleOne, right-click the WebAccess Agent object, then click Properties.
2 Click GroupWise > Network Address to display the Network Address page.
Configuring WebAccess Components 877
3 To change the WebAccess Agent’s IP address, click the Edit button next to the TCP/IP Address
field to display the Edit Network Address dialog box.
novdocx (en) 11 December 2007
4 Change the IP address or DNS hostname as necessary, then click OK to return to the Network
Address page.
5 To change the port numbers used by the WebAccess Agent, type the new port number in the
appropriate field.
HTTP Port: This is the port used to listen for requests from its Web console. The default port number is 7211.
TCP Port: This is the port used to listen for requests from the WebAccess Application and WebPublisher Application. The default port is 7205.
6 Click OK to save the changes.

54.1.6 Binding the WebAccess Agent to a Specific IP Address

You can now cause the WebAccess Agent to bind to a specified IP address when the server where it runs uses multiple IP addresses. The specified IP address is associated with all ports used by the agent. Without an exclusive bind, the WebAccess Agent binds to all IP addresses available on the server. Use the /ip startup switch in the WebAccess Agent startup file (webac70.waa) to specify the IP address that you want the WebAccess Agent to bind to.
878 GroupWise 7 Administration Guide

54.2 Configuring the WebAccess Application

The WebAccess Application, which resides on the Web server, provides the WebAccess user interface. As users perform actions in the WebAccess client, the WebAccess Application passes information between the Web browser and the WebAccess Agent.
Figure 54-4 WebAccess Application
novdocx (en) 11 December 2007
LDAP
Server
LDAP Provider
GroupWise Provider
Document Service Provider
WebAccess
Agent
Viewer
Agent
Post Office
Library
Web
Browser
Speller
Application
WebAccess
Application
Web
Server
WebPublisher
Application
During installation, the WebAccess Application is set up with a default configuration. However, you can use the information in the following sections to optimize the WebAccess Application configuration:
Section 54.2.1, “Modifying the WebAccess Application Environment Settings,” on page 879
Section 54.2.2, “Adding or Removing Service Providers,” on page 881
Section 54.2.3, “Modifying WebAccess Application Template Settings,” on page 882
Section 54.2.4, “Securing WebAccess Application Sessions,” on page 888
Section 54.2.5, “Controlling Availability of WebAccess Features,” on page 890

54.2.1 Modifying the WebAccess Application Environment Settings

Using ConsoleOne, you can modify the WebAccess Application’s environment settings. The environment settings determine such things as the location where ConsoleOne stores the WebAccess Application’s configuration file and how long the WebAccess Application maintains an open session with an inactive user.
To modify the environment settings:
1 In ConsoleOne, right-click the WebAccess Application object (GroupWiseWebAccess), then
click Properties.
NOTE: The WebAccess Application object is not available in the GroupWise View. To locate the WebAccess Application object, you must use the Console View.
2 Click Applications > Environment to display the Environment page.
Configuring WebAccess Components 879
3 Modify any of the following fields:
Configuration File: The WebAccess Application does not have access to Novell eDirectory or the GroupWise domain database. Therefore, ConsoleOne writes the application’s configuration information to the file specified in this field. By default, this is the webacc.cfg file located in the WebAccess Application’s home directory, which varies by platform.
novdocx (en) 11 December 2007
NetWare and Windows:
Linux: /opt/novell/groupwise/webaccess/users
novell\webaccess\users on the Web server
In general, you should avoid changing the location of the file. If you do, you need to make sure to modify the webacc.cfg path in the Java servlet engine’s property file or (for example, web.xml for Tomcat). If you do not, the WebAccess Application continues to look for its configuration information in the old location.
File Upload Path: When a user attaches a file to an item, the file is uploaded to the directory displayed in this field. By uploading the file before the item is sent, less time is required to send the item when the user clicks the Send button. After the user sends the item (or cancels it), the WebAccess Application deletes the file from the directory.
Specify the upload directory you want to use. The default path is to the temp directory, located in the WebAccess Application’s home directory, which varies by platform.
NetWare and Windows:
Linux: /opt/novell/groupwise/webaccess/users
novell\webaccess\users on the Web server
Logout URL: By default, users who log out of GroupWise WebAccess are returned to the login page. If desired, you can enter the URL for a different page.
880 GroupWise 7 Administration Guide
The logout URL can be defined in this location and two additional locations. These locations are listed below, in the order that the WebAccess Application checks them.
Trusted server logout URL (configured on the Security page)
Template-specific logout URL (configured on the Templates page)
General logout URL (configured on the Environment page)
For example, you define a general logout URL (WebAccess Application object > Environment) and a Standard HTML template logout URL (WebAccess Application object > Tem pl at es ). You are not using trusted servers, so you do not set any trusted server logout URLs. When a Standard HTML template user logs out of WebAccess, the Standard HTML template logout URL is used. However, when a Basic HTML template user logs out, the general logout URL is used.
If none of these locations include a logout URL, the WebAccess Application defaults to the standard login page.
4 Click OK to save the changes.

54.2.2 Adding or Removing Service Providers

novdocx (en) 11 December 2007
The WebAccess Application receives requests from users and then passes the requests to the appropriate service provider. The service provider fills the requests and returns the required information to the WebAccess Application. The WebAccess Application merges the information into the appropriate template and displays it to the user.
To function properly, the WebAccess Application must know which service providers are available. WebAccess includes three service providers:
GroupWise service provider (GroupWiseProvider object): Communicates with the
WebAccess Agent to fill GroupWise requests.
Document service provider (GroupWiseDocumentProvider object): Communicates with
the WebAccess Agent to fill WebPublisher requests.
LDAP service provider (LDAPProvider object): Communicates with LDAP servers to fill
LDAP requests, such as LDAP directory searches initiated through the GroupWise Address Book.
The service providers are installed and configured at the same time as the WebAccess Application. You can disable a service by removing the corresponding provider.
If you create new service providers to expose additional services through GroupWise WebAccess, you must define those service providers so that the WebAccess Application knows about them.
To define service providers:
1 In ConsoleOne, right-click the WebAccess Application object, then click Properties.
2 Click Application > Services to display the Services page.
The Provider List displays all service providers that the WebAccess Application is configured to use.
Configuring WebAccess Components 881
3 Choose from the following options:
Add: To add a service provider to the list, click Add, browse for and select the service provider’s object, then click OK.
Edit: To edit a service provider’s information, select the provider in the list, then click Edit. For information about the modifications you can make, see Section 54.5, “Configuring the
GroupWise Service Provider,” on page 903 and Section 54.6, “Configuring the LDAP Service Provider,” on page 905.
Delete: To remove a service provider from the list, select the provider, then click Delete.
novdocx (en) 11 December 2007
4 Click OK to save the changes.

54.2.3 Modifying WebAccess Application Template Settings

When the WebAccess Application receives information from a service provider, it merges the information into the appropriate WebAccess template before displaying the information to the user. Using ConsoleOne, you can modify the WebAccess Application’s template settings. The template settings determine such things as the location of the templates, the maximum amount of server memory to use for caching the templates, and the default template language.
1 In ConsoleOne, right-click the WebAccess Application object, then click Properties.
2 Click Application > Templates to display the Templates page.
882 GroupWise 7 Administration Guide
Loading...
+ 80 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use