And minimize the security risks of Internet email access
I recently embarked on an unusual weight-loss program: I stopped taking my laptop on short business trips. With Microsoft Exchange 2000 Server's Outlook Web Access (OWA) 2000, I can use most of Outlook's features from wherever I can access a reasonably recent Web browser. Following a few configuration tips and access strategies can help you realize the same benefits.
Be Informed
The first step toward maximizing OWA 2000's advantages is knowing what the software can and can't do. OWA 2000 offers most of Outlook's major features, but it doesn't support Outlook's Tasks or Journal. Nor does OWA 2000 include a spell checker (although Messageware and CompuBridge sell solutions that work pretty well). Keep in mind that OWA 2000 doesn't replace Outlook; it provides client services to users who can't, don't, or won't use Outlook on Windows or Macintosh.
To access OWA 2000, you need a browser that supports HTML frames and JavaScript. OWA 2000 on Microsoft Internet Explorer (IE) 5.0 and later gives you the most Outlook-like experience. However, I've used OWA 2000 on IE 4.0 and later, Netscape Navigator 4.08 and later, Opera Software's Opera for Windows and Opera for Macintosh, and Alexander Clauss & iCab's iCab browser (for Macs only). When you enable basic (i.e., text-only) authentication, OWA 2000 also works with Pocket PC's Pocket Internet Explorer (PIE). You can also use OWA 2000 with a variety of Internet appliances.
Downloading the Exchange multimedia ActiveX control lets you compose rich-text messages. Open OWA 2000, then click the Options icon in OWA 2000's left pane. In the Options window's E-mail section, click Download. (Because the control is an ActiveX control, IE security restrictions on some machines might not let you download it.)
Be Secure
Speaking of security, if your platform supports Secure Sockets Layer (SSL), I recommend that you enable SSL on your Microsoft Internet Information Services (IIS) 5.0 server (which serves OWA 2000 pages). SSL encrypts all traffic to and from the Web server. Thus, data can't be read or modified in transit—essential protection when users are passing their usernames, passwords, and sensitive information to your server. TCP port 80 typically carries plain HTTP traffic, but SSL traffic (identified by the https prefix in a URL) uses port 443. You should configure the server to permit OWA 2000 use only through the secure port.
The risk of intercepted credentials might not seem large until you consider how and where a user is likely to use OWA 2000. Say I'm flying to New York: I'll be at three airports, a hotel, and several client sites. Instead of dragging out my laptop to check my email, I—like thousands of other travelers—will use a public access point. Because these easily accessible Internet access points are in high demand and a large volume of valuable information passes through them, intruders are more likely to sniff these service points than your home or office LAN connections.
To enable SSL on your IIS machine, use IIS's Web Server Certificate Wizard to generate a certificate request. You access the wizard from the Microsoft Management Console (MMC) Internet Information Services snap-in. Open the Properties page for the Web site that serves OWA 2000 pages, then click Server Certificate on the Directory Security tab and follow the wizard's prompts to create a certificate request. Send the certificate request to the Certificate Authority (CA) of your choice. To install the certificate that the CA issues, run the Web Server Certificate Wizard again.
You enable SSL from the Internet Information Services snap-in. Open the Default Web Site Properties page, then click the Web Site tab. In the Web Site Identification control group, click Advanced, then verify that the dialog box's Multiple SSL identities for this Web Site field shows the site's IP address on port 443. (You might need to enable this port on your firewall.) Finally, check that you can connect to https://yourservername.
Previous
)
F September 16, 2003