GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess

Similar documents
novdocx (en) 11 December 2007 XII XIIWebAccess

GroupWise 18 Administrator Quick Start

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

GroupWise 2012 Quick Start

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

vfire Officer App Server Installation Guide Version 1.3

Novell Data Synchronizer 1.2

Deploying. Novell. ifolderª. servers. on Novell NetWare. Networking Services. DEPLOYMENT GUIDE

DEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway

WASP 2.0. Installation and Admin Guide

Novell. NetWare 6. NETWARE WEBACCESS OVERVIEW AND INSTALLATION

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Contains the Linux Identity Server, the Linux Administration Console, the ESP-enabled SSL VPN Server, and the Traditional SSL VPN Server.

GroupWise 8. 1 Overview. November 17, 2008

BI Office. Web Authentication Model Guide Version 6

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Novell Access Manager

Novell GroupWise Version Comparison

Exam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo

SecureAware Technical Whitepaper

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

Open XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -

Server Installation and Administration Guide

3 NetWare/Windows: Support Pack Installation

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo

ArcGIS Server Web Server Web Applications WWW. Applications. ArcGIS Server Manager. GIS Server. Data. Desktop GIS. ArcGIS Desktop (content author) SOM

Introduction to ArcGIS Server Architecture and Services. Amr Wahba

Oracle Application Express: Administration 1-2

SERV-U MANAGED FILE TRANSFER SERVER FTP SERVER SOFTWARE FOR SECURE FILE TRANSFER & FILE SHARING

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS for Server: Administration and Security. Amr Wahba

How to Configure GroupWise Message-Level Backups

BIG-IP Access Policy Manager : Portal Access. Version 12.1

TTerm Connect Installation Guide

NGFW Security Management Center

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Brocade Virtual Traffic Manager and Parallels Remote Application Server

Mediaocean Aura Technical Overview

NGFW Security Management Center

NGFW Security Management Center

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

CA Single Sign-On and LDAP/AD integration

Configuration Guide. Installation and. BlackBerry Enterprise Server for Novell GroupWise. Version: 5.0 Service Pack: 4

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Enterprise Information System Services Enterprise System Disaster Recovery Scheme. System Requirement Overview

IBM Security Access Manager Version December Release information

Migrating Novell ZENworks 7 to Novell ZENworks 10 Configuration Management SP3

Microsoft OWA 2013 IIS Integration

Cherwell Service Management

Webthority can provide single sign-on to web applications using one of the following authentication methods:

III. Chapter 11, Creating a New Post Office, on page 155 Chapter 12, Managing Post Offices, on page 175. novdocx (en) 11 December 2007.

SAP Security in a Hybrid World. Kiran Kola

GroupWise 6.5 for Linux Support Pack 2 June 15, 2004

VMware AirWatch Content Gateway Guide for Windows

VMware AirWatch Content Gateway Guide for Windows

VMware AirWatch Content Gateway Guide For Linux

Securing ArcGIS Services

BlackBerry Enterprise Server Express for Microsoft Exchange

Sophos Mobile Control SaaS startup guide. Product version: 6.1

VMware AirWatch Content Gateway Guide for Windows

The specifications and information in this document are subject to change without notice. Companies, names, and data used

VMware AirWatch Content Gateway Guide for Windows

NGFW Security Management Center

Frequently Asked Questions About Performance Monitor

Cisco NAC Appliance Agents

ArcGIS Enterprise Administration

VMware Horizon 7 Administration Training

This Readme describes the NetIQ Access Manager 3.1 SP5 release.


Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

ShareFile Technical Presentation

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

Novell. Mobility Solutions. Joe Marton Sales Engineer Novell North America

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

VMware AirWatch Content Gateway Guide for Linux For Linux

Vendor: Citrix. Exam Code: 1Y Exam Name: Managing Citrix XenDesktop 7 Solutions Exam. Version: Demo

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

HySecure Quick Start Guide. HySecure 5.0

Privileged Identity App Launcher and Session Recording

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

BIG-IP Access Policy Manager : Portal Access. Version 13.0

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

NGFW Security Management Center

Server Installation Guide

Sophos Mobile as a Service

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Eucalyptus User Console Guide

BMC FootPrints 12 Integration with Remote Support

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

Okta Integration Guide for Web Access Management with F5 BIG-IP

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Transcription:

GroupWise Architecture and Best Practices WebAccess Kiran Palagiri Team Lead GroupWise WebAccess kpalagiri@novell.com Ed Hanley Senior Architect ed.hanley@novell.com

Agenda Kiran Palagiri Architectural Changes in GroupWise 2012/2014 Performance and Scalability Ed Hanley Design and Deployment Details Q and A (short) Kiran Palagiri Security WebAccess Demo Q and A 2

Goals for GroupWise 2012 and 2014 Simplify the Architecture Simplify the Install Simplify the Administration Lay down the framework that would make it easy to add new features Easy to troubleshoot Create a scalable system 3

Revamped Architecture Bye Bye WebAccess Agent (a.k.a GWINTER) Built on GroupWise No more objects in Novell Web Services (SOAP) API edirectory No more objects in GroupWise Domain Database Simplified Install Created a stand alone Document Viewer Agent (DVA) The WebAccess Application talks HTTP to this Agent to convert a document Multiple DVAs supported for one Application 4

Revamped Architecture Provided a cleaner interface for third parties to integrate Easier to deploy No more objects to configure Cloud friendly Run multiple instances of the WebAccess Application depending on the load 5

Performance and Scalability How does WebAccess perform and/or scale in this new architecture? It does great There have been numerous improvements made to the Post Office Agent to speed up things WebAccess uses a more optimized and tailored code path for efficient data retrieval and transfer Built on highly scalable Java technology We performed a simulation test, so let s see how it went 6

Performance and Scalability (cont.) How many users can I have on one WebAccess server? We had 1400 active sessions on one WebAccess server AND one Post Office Agent 15000+ requests processed in one hour 1200+ logins 5000+ messages read 2200+ messages sent 2000+ checked calendar 660+ logouts 7

Performance and Scalability (cont.) What are some typical response times? Login: 350ms Logout: 25ms Read an Item: 75ms Send an Item: 80ms Check Calendar: 75ms Read Message List: 350ms webacc.cfg Performance.Dump.enabled=true /var/opt/novell/groupwise/webaccess/logs/performance.txt (do not keep enabled all the time) exceptions.txt - might also be present 8

Performance and Scalability (cont.) How much memory do we recommend? Java heap limits configured as: -Xms2048m Xmx4096m We had 8 GB on the server Rule of thumb: WebAccess needs 4 MB per session How many processors do we recommend? We used a single processor with four cores Is WebAccess disk intensive? Not really. It uses the disk only for storing attachments and temporary files 9

Optimizations Built-in Compress the HTTP Responses for faster downloads A 384 KB JavaScript compressed to 35 KB (by 90%) Leverage the HTTP Caching headers for static content Leverage the HTTP Expires headers for static content IIS Administrators need to add these manually Use Image Sprites for fewer image/icon downloads Minify the CSS files along with JavaScript files Use Web 2.0 techniques for fewer page loads 10

Optimizations Manual Java Memory Settings You most likely need to tweak these settings to suit your environment Follow the instructions provided in the documentation WebAccess does not create worker threads Requests are processed under Tomcat threads Modify the Tomcat threads to handle higher loads A good understanding of the Tomcat optimization techniques is necessary The default number of worker threads (maxthreads) is 200, which is pretty good for most deployments 11

How to Deploy? In the past, a typical deployment had the WebAccess Agent inside the firewall, and the WebAccess Application outside the firewall (in a DMZ) With the new architecture, we recommend putting the WebAccess Application inside the firewall and use any of the following options to expose it outside the firewall An L4 switch A reverse proxy server (like Novell Access Manager) Or a simple Apache server running as a reverse proxy server Checkout the documentation and/or cool solutions article for details on how to set this up 12

How to Deploy WebAccess? Laptop POA PC ipad Android WebAccess Application POA POA DVA DVA 13

How to Deploy WebAccess? (cont.) Laptop POA PC POA ipad L4 Switch Firewall POA Android WebAccess Application DVA DVA 14

Installing WebAccess Things are really nice and easy with a new install No objects to worry about There are a few things to take care of, however, with an upgrade Install will not remove objects from Novell edirectory or GroupWise Domain Database If you have any secondary domains that serve just a WebAccess Agent, then it might be time to consolidate that If those objects are not used by any GroupWise 8 system, then delete these objects using Novell ConsoleOne Trust me, it s easy 15

What About the Order of Installation? Well, starting with 2012, WebAccess will follow other GroupWise Clients paradigm It needs a POA that s on the same version or newer So, do I have to wait for all the POAs to be upgraded to 2012/2014 before I upgrade WebAccess? Not needed, you can run a GroupWise for users on GroupWise 8 Post Offices 8 WebAccess 16

What About the Order of Installation? Upgrade your main WebAccess server to 2014, and add the URL to your GroupWise 8 WebAccess to it s configuration file (setting name: Redirect.url) 2012 WebAccess will happily process requests for Windermere users (2014) And it will redirect GroupWise GroupWise 8 WebAccess 8 users to the You don t have to give two URLs to your users 17

Q and A

WebAccess New Features in 2012/14 Polling (a.k.a Auto-refresh in 2014, IP Port 8500) New Look and Feel Follows the Novell Branding Guidelines Busy Search HTML Signature Recurrence Two timeouts Public or Shared Computer will timeout sooner Private computer will keep the session active for longer Create Tasks easily in the Tasklist folder 19

WebAccess New Features Column Sorting Add Pictures to Contacts Create Groups easily All Day Events Download All Attachments in one shot Auto logout when the browser window is closed 20

Security Level No Security Required (such as an Intranet) Install WebAccess Application on any Web server that Provides access for your users Meets basic installation requirements Security Required Firewall in place to provide security Install WebAccess Application inside firewall and use a proxy server or Install WebAccess Application on a Web server outside your firewall with POA and DVA inside the firewall 21

Security Design Options Configuration with Proxy Service 22

Security Design Options Configuration without Proxy Service 23

WebAccess Configuration webacc.cfg file Webacc.cfg file purpose Set with default configuration settings during installation Can be configured to meet WebAccess user and administrative needs Webacc.cfg file location OES Linux: /var/opt/novell/groupwise/webaccess SLES: /var/opt/novell/groupwise/webaccess Windows: c:\novell\groupwise\webaccess (on the Web server) 24

WebAccess tweaks (webacc.cfg) Multiple POA s Provider.SOAP.1.ip=10.20.30.131 Multiple DVA s Provider.DVA.1.ip=10.20.30.201 Configure a helpdesk URL ( Can t log in? ) Helpdesk.url=http://<server>/support/ Enable Admin WebConsole Admin.WebConsole.enable=true Admin.RestService.host=10.20.30.125 Easy customization /var/opt/novell/groupwise/webaccess/customization.cfg 25

WebAccess Security Direct Access Works but Better Via Proxy Via L4 load balance appliance 26

WebAccess frontend Use a load balancer (like pound part of OpenSUSE) Also does SSL Offloading ListenHTTPS Address <IPAddress> Port 443 Cert "/etc/ssl/servercert_with_key.pem" Service BackEnd Address <IPAddress> Port 80 End BackEnd Address <IPAddress> Port 80 End Session Type IP TTL 28800 End End End 27

Configure Session Security Timeout Interval Overview Users are logged out of WebAccess after 20 minutes (default) with no requests Interval controlled by WebAccess application (through webacc.cfg file) Benefits Provides security for users who forget to log out Enhances Web server performance User s session saved for 24 hours Saved in Web server directory User can log in again and start from last action 28

Configure Session Security Timeout Interval webacc.cfg Setting Timeout Interval (in minutes) 29

Configure Session Security Change Password Overview Users are allow to change their GroupWise (default) Setting controlled by WebAccess application (through webacc.cfg file) Can be disabled If you are using a LDAP directory for authentication Some other system for authentication password 30

Configure Session Security Change Password webacc.cfg Setting (Disable) Change from To 31

Configure Session Security IP Address Checking Overview Checks Web browser IP address of user to confirm communication with same user Works well on desktop workstations Highest form of security Laptops and mobile devices IP address checking can cause interruptions in user sessions Other WebAccess Application security features (such as cookies) can provide excellent security without IP address checking enabled 32

Configure Session Security IP Address Checking webacc.cfg Setting (Disable) Change from To 33

Configure Session Security WebAccess Usage Overview All Groupwise users can use WebAccess (default) Access control configured with gwac.xml OES Linux: /var/opt/novell/groupwise/webaccess SLES: /var/opt/novell/groupwise/webaccess Windows (Web server): c:\novell\groupwise\webaccess Control access based on Domain Post office User groups (distribution lists) Individuals 34

Configure Session Security WebAccess Usage gwac.xml Settings 35

Configure DVA Security Overview Configure DVA by editing startup file (gwdva.dva) Linux: /opt/novell/groupwise/agents/share Windows: c:\program Files\Novell\GroupWise Server\Agents Updating DVA software creates a new gwdva.dva file Existing gwdva.dva retained as gwdva.nnn (where nnn increments for each update) Working directory (gwdva.dir) and four working subdirectories (log, quarantine, temp, and template) If gwdva.dir grows too large, you can move it to another location, and edit gwdva.dva to reflect new location 36

Configure DVA Security Enable SSL for DVA 1. Open the gwdva.dva file in a text editor 2. Search to find the following switch: httpssl 3. Remove the semicolon (;) to activate the setting 4. For subsequent switches: Specify the full pathname to the SSL public certificate file (must be in PEM format) Specify the full pathname to the SSL private key file Specify the password for the private key file 5. Save the gwdva.dva file 6. Enable the configuration changes 37

WebAccess Demo

Q and A

Remember Fill out session survey Visit our table in IT Central Enjoy the Conference!!!

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Novell, Inc. may make improvements in or changes to the software described in this document at any time. Copyright 2014 Novell, Inc. All rights reserved. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States. All third-party trademarks are the property of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback