Communicator Web Access for Office Communications Server 2007 is a Web service that allows users to sign in to Office Communications Server without needing to install Microsoft Office Communicator. This server role makes it possible to connect to Office Communications Server with simply a Web browser. This browser-based, zero-download client for Office Communications Server 2007 makes it possible for users using non-Windows systems, users using locked-down Windows systems, and home users without Office Communicator installed to have a similar experience as users using Office Communicator. Communicator Web Access browser experience has a striking fidelity to Office Communicator. Users will feel comfortable with the familiar UI. Table 2-6 lists the platform and browser matrix that is supported by Communicator Web Access.
This server role is located in the Other Servers section of the Setup menu. Communicator Web Access (CWA) provides its own management console (MMC), which is why CWA servers cannot be managed from the same MMC as servers running Office Communications Server. This server role must be installed on a computer joined to your Active Directory forest, because it needs Active Directory connectivity to authenticate and authorize user access. CWA can be deployed for internal usage (that is, for users within the organization's network) or for external usage (that is, for users outside the organization's network).
When a user connects to CWA, the Web service authenticates the user. CWA supports forms-based authentication, or integrated Windows authentication (IWA), or custom authentication. Integrated Windows authentication refers to the native authentication protocols Kerberos and NTLM that are supported by Active Directory. Custom authentication allows administrators to use a third-party authentication system to enable single sign-on or two-factor authentication for a more robust authentication solution. Integrated Windows authentication is supported only for internal usage, whereas forms-based or custom authentication must be used for external usage. Custom authentication can be used for both internal and external users. After the user is properly authenticated, CWA determines the user's home server and registers the user. Note that the user is not authenticated by the user's home server again. Because the user's home server trusts the CWA server, no further user authentication is performed by the home server. At this point, CWA proxies all traffic to and from the user's home server, as shown in Figure 2-13.
Communicator Web Access can be installed on a separate computer, or it can be installed on the same computer running a Standard Edition Server or front-end server or a standalone Web Components server. When Communicator Web Access is collocated on the same physical computer as another supported server role, be aware that the overall performance of your server will be diminished.
CWA performs a similar role as the Director, except it always proxies client connections instead of redirecting them for internal users. This makes CWA a prime candidate to be deployed on the same physical server as a Director for smaller deployments. This is what most customers have done to avoid the cost and management of yet another physical server. If you have deployed Office Communicator to all your users, the usage of CWA is likely to be light enough that a Director could easily handle it, because Office Communicator will be their primary client.
When making Communicator Web Access accessible from outside your organization's firewall, you should take precautions to protect your CWA server. To properly secure your CWA server, it is strongly recommended that you use a reverse proxy such as Microsoft Internet Security and Acceleration (ISA) Server 2006 behind the firewalls in your network perimeter. When configuring CWA for external access, you should use port 443. This topology is illustrated in Figure 2-14.
In addition to providing a Web-based, zero-download client for Office Communications Server 2007, CWA provides a server-scale set of application programming interfaces (APIs)—called UC AJAX APIs—for developers who want to build server-side mashups and custom IM and presence clients. UC AJAX APIs consist of 27 simple APIs that eliminate the need for deep SIP expertise to build custom clients.
Table 2-7 lists the system requirements for Communicator Web Access, including the various browsers that are supported.
To get the most up-to-date information about Communicator Web Access, refer to http://www.microsoft.com/technet/prodtechnol/office/communicationsserver/evaluate /sysreqs/cwa.mspx.
Table 2-7. Hardware and Software Requirements for CWA
Component | Requirement |
---|---|
Computer and processor | Dual Intel Xeon 3.06-GHz, 1-MB cache, 533-MHz FSB (front-side bus) |
Memory | 2-GB DDR (double data rate), 266-MHz RAM |
Hard disk | 18 GB of available hard disk space |
Network adapter | 100-Mb or higher network adapter |
Operating system | Microsoft Windows Server 2003 Service Pack 1 (SP1) |
Supported browsers | Internet Explorer 6.0 (SP1 recommended), Firefox 1.0, Safari 1.2.4, Netscape 7.2 |
Other | Office Communications Server 2007, .NET Framework 2.0, ASP.NET 2.0, Public Key Certificates for Transport Layer Security (TLS), and HTTPS |
13.58.201.75