Publishing OWA 2007 through IAG 2007 – Part 1 of 3
1. Introduction
As I mentioned on my post Get Used to IAG 2007 , this is a powerful tool that allows internal resources to be available to Internet users in a secure manner. IAG 2007 provides SSL-based application access and protection with endpoint security management, granular access control and deep content inspection. Here the classical picture that shows the core idea of the IAG:
Figure 1 – IAG allowing access from anywhere to internal resources.
On this post I’m going to show you the step by step to create a Portal and add the OWA 2007 application to this portal.
2. Creating the Application Portal
You can publish OWA 2007 through IAG 2007 via the Application Portal or individually, just like ISA Server does. For this step by step we are going to use the Application Portal. Let’s start the configuration:
1) Launch the IAG Configuration Console (Start / Programs / Whale Communication IAG / Configuration).
2) Enter your password to open the console and click OK.
3) Right click on the HTTPS Connections and click on the option New Trunk.
4) Select the option Portal Trunk (remember that we are going to publish the Application Portal and then the OWA within the portal) and click Next.
5) On the Step 2 window, the options will be filled like this and then click in Next:
Figure 2 – Step 2 of Creating the Portal Trunk Wizard.
Note: The IP address that I’m using on this example is not an Internet valid IP. Usually when you have the IAG on the edge of your network you will use an IP address that is valid.
6) On the Authentication window we are going to select which server will be used to authenticate the user. Click in add and select the option AD, click Select and you window should appear like this:
Figure 3 – Configuring the Authentication Servers.
7) Click in Next on this window.
8) On the certificate screen you should select which certificate you are going to use for the portal. In this case I’m using a wildcard certificate as showed on the screen below:
Figure 4 – Selecting the certificate that will be used to the Portal.
Note: It is important to emphasize that in this example we already have the certificate created and installed on the local computer. If you don’t have the certificate installed on the local computer you will not see the certificates listed there.
9) Click in Next on this window to continue and then you will have the Endpoint Policies selection as show below:
Figure 5 – Endpoint Policy Selection.
This window allows you to choose two types of endpoint policies:
· Session Access Policy: Allow you to configure compliance permissions to access this site.
· Privileged Endpoint Policy: Allow you to control the conditions for the session (ex.: session timeout).
9) Leave the default options and click in Finish on this window.
Now we have the portal created and the console will appears like this:
Figure 6 – Application Portal and the options that were configured during the Wizard.
After that you need to activate your configuration, to do that select the option Activate on the File menu. Click on the Activate button and then click OK.
On the client workstation I added the iag.contoso.com on the HOST file mapping to the external IP of my IAG 2007 Server (192.168.0.1). After typing the URL https://iag.contoso.com the following screen will appear:
Figure 7 – Portal logon screen.
Since there is no application published through this Portal the screen that will appears after the user logon will be similar to this one:
Figure 8 – First page after logon.
As you can see there are a lot of things to explore and even if you don’t do too much, the default configuration already take care of a lot of things related to security. For example, if the session stays inactive for 300 seconds the window below will appear when the last 60 seconds are counting:
Figure 9 – Session Timeout warning pop up window.
On the next two sessions I will cover the following topics:
· Adding OWA 2007 into the Application Portal
· Redirecting HTTP to HTTPS traffic