36.2 Configuring User Access to the Post Office

As described in Section 35.4, Post Office Access Mode, the GroupWise client defaults to client/server access mode. The following topics help you configure the POA to customize the types of client/server access provided to the post office:

36.2.1 Using Client/Server Access to the Post Office

The POA defaults to Client/Server mode, which enables you to:

  • Set up TCP/IP for client/server communication between this POA and the GroupWise client

  • Set up TCP/IP communication between this POA and the MTA for the domain

  • Configure the POA so network management and monitoring programs can use TCP/IP to send SNMP requests to this POA

  • Set up an external server with Internet access for the POA

  • Configure the POA to provide a Web console for use with GroupWise Monitor

  • Configure the POA to communicate with IMAP (Internet Message Application Protocol) clients

  • Configure the POA to communicate with SOAP (Simple Object Access Protocol) clients

  • Configure the POA for calendar publishing so that users' calendars can be viewed on the Internet

To make sure the GroupWise client has proper client/server access to the post office:

  1. Make sure TCP/IP is properly set up on the server where the POA is running.

  2. In ConsoleOne, browse to and right-click the POA object, then click Properties.

  3. Click GroupWise > Agent Settings to display the Agent Settings page.

    Agent Settings property page
  4. Make sure that Enable Client/Server is selected.

    The default numbers of physical connections and application connections are appropriate for a post office with as many as 500 users. If you are configuring the POA to service more than 500 users, see Section 38.1.2, Adjusting the Number of Connections for Client/Server Processing for more detailed recommendations. Configuring the POA with insufficient connections can result in error conditions.

  5. Click GroupWise > Network Address.

    POA Network Address property page
  6. On the Network Address page, click the pencil icon for the TCP/IP Address field to display the Edit Network Address dialog box.

    Edit Network Address dialog box
  7. Select IP Address, then specify the IP address, in dotted decimal format, of the server where the POA is running.

    or

    Select DNS Host Name, then provide the DNS hostname of the server where the POA is running.

    IMPORTANT:The POA must run on a server that has a static IP address. DHCP cannot be used to dynamically assign an IP address for it.

    Specifying the DNS hostname rather than the IP address makes it easier to move the POA from one server to another, if the need arises at a later time. You can assign a new IP address to the hostname in DNS, without needing to change the POA configuration information in ConsoleOne.

  8. Click OK.

  9. To use a TCP port number other than the default port of 1677, type the port number in the Internal Client/Server Port field.

    If multiple POAs will run on the same server, each POA must have a unique TCP port number.

  10. For optimum security, select Required in the SSL drop-down list for local intranet client/server connections, Internet client/server connections, or both. For more information, see Section 36.3.3, Securing the Post Office with SSL Connections to the POA.

  11. Click OK to save the network address and port information and return to the main ConsoleOne window.

    ConsoleOne then notifies the POA to restart with client/server processing enabled.

For a sample message flow for this configuration, see Message Delivery in the Local Post Office in GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure.

Corresponding Startup Switches: You can also use the ‑‑port switch in the POA startup file to provide the client/server port number. On a server with multiple IP addresses, you can use the ‑‑ip switch to bind the POA to a specific address.

POA Web Console: You can view the TCP/IP address and port information for the POA on the Configuration page under the Client/Server Settings heading.

36.2.2 Simplifying Client/Server Access with a GroupWise Name Server

If GroupWise users are set up correctly in eDirectory, the GroupWise client can determine which post office to access for each user based on the information stored in eDirectory. This lets the GroupWise client start automatically in client/server mode without users needing to know and provide any IP address information. However, some GroupWise users might be on platforms where eDirectory is not in use. To fill the same function for non-eDirectory users, you can set up a GroupWise name server.

A GroupWise name server redirects each GroupWise client user to the IP address and port number of the POA that services the user’s post office. By setting up a GroupWise name server, non-eDirectory GroupWise client users do not need to know and provide any IP address information when they start the GroupWise client in client/server mode. The GroupWise name server takes care of this for them.

Required Hostnames

The primary GroupWise name server must be designated using the hostname ngwnameserver. You can also designate a backup GroupWise name server using the hostname ngwnameserver2.

Required Port Number

Each server designated as a GroupWise name server must have a POA running on it that uses the default port number of 1677. Other agents can run on the same server, but one POA must use the default port number of 1677 in order for the GroupWise name server to function. For setup instructions, see Section 36.2.1, Using Client/Server Access to the Post Office.

How a GroupWise Name Server Helps the GroupWise Client Start

After a server has been designated as ngwnameserver, and a POA using the default port number of 1677 is running on that server, the GroupWise client can connect to the POA of the appropriate post office by contacting the POA located on ngwnameserver. If ngwnameserver is not available, the client next attempts to contact the backup name server, ngwnameserver2. If no GroupWise name server is available, the user must provide the IP address and port number of the appropriate POA in order to start the GroupWise client in client/server mode.

Setting Up a GroupWise Name Server

  1. Make sure that TCP/IP is set up and functioning on your network.

  2. Know the IP address of the server you want to set up as a GroupWise name server.

  3. Make sure the POA on that server uses the default TCP port of 1677.

  4. If you want a backup GroupWise name server, identify the IP address of a second server where the POA uses the default TCP port of 1677.

  5. Use your tool of choice for modifying DNS.

    Linux:

    You can use the YaST Control Center.

    Windows:

    You can use DNS Manager.

  6. Create an entry for the IP address of the first POA and give it the hostname ngwnameserver.

  7. If you want a backup name server, create an entry for the IP address of the second POA and give it the hostname ngwnameserver2.

    You must use the hostnames ngwnameserver and ngwnameserver2. Any other hostnames are not recognized as GroupWise name servers.

  8. Save your changes.

As soon as the hostname information replicates throughout your system, GroupWise client users can start the GroupWise client in client/server mode without specifying a TCP/IP address and port number.

36.2.3 Supporting IMAP Clients

Internet Messaging Application Protocol (IMAP) is used by email clients such as Microsoft Outlook and Evolution. You can configure the POA to communicate with IMAP-enabled email clients much like the GroupWise client does.

NOTE:IMAP clients connecting to your GroupWise system from outside your firewall must connect through the Internet Agent (GWIA), as described in Section 53.2, Configuring POP3/IMAP4 Services, rather than through the POA. Connecting directly through the POA provides faster access for internal IMAP clients.

  1. In ConsoleOne, browse to and right-click the POA object, then click Properties.

  2. Click GroupWise > Agent Settings to display the Agent Settings page.

    Agent Settings property page
  3. Fill in the following fields:

    Enable IMAP: Select Enable IMAP to turn on IMAP processing.

    Max IMAP Threads: Specify the maximum number of IMAP threads you want to the POA to start.

    The default maximum number of IMAP threads is 40. This is adequate for most post offices, because each IMAP thread can service multiple IMAP clients. By default, the POA creates 2 IMAP threads and automatically creates additional threads as needed to service clients until the maximum number is reached. You cannot set the maximum higher than 40.

    You might want to lower the maximum number of IMAP threads if IMAP processing is monopolizing system resources that you prefer to have available for other processes. However, insufficient IMAP threads can cause slow response for IMAP client users.

  4. Click Apply to save the IMAP thread settings.

  5. To secure IMAP connections to the post office or to change the IMAP port:

    1. Click GroupWise > Network Address.

      POA Network Address page
    2. Select Required in the IMAP SSL drop-down list.

      For additional instructions about using SSL connections, see Section 83.2, Server Certificates and SSL Encryption.

    3. Change the IMAP port as needed.

  6. Click OK to save the IMAP settings and return to the main ConsoleOne window.

    ConsoleOne then notifies the POA to restart with IMAP enabled.

Corresponding Startup Switches: You can also use the ‑‑imap, ‑‑imapmaxthreads, ‑‑imapport, ‑‑imapssl, and ‑‑imapsslport startup switches in the POA startup file to configure the POA to support IMAP clients. In addition, you can use the ‑‑imapreadlimit and ‑‑imapreadnew startup switches to configure how the POA downloads messages to IMAP clients.

POA Web Console: You can see whether IMAP is enabled on the Configuration page under the General Settings heading.

36.2.4 Supporting SOAP Clients

Simple Object Access Protocol (SOAP) is used by email clients such as Evolution and other clients such as the Novell Data Synchronizer Connector for GroupWise to access mailboxes. You can configure the POA to communicate with SOAP-enabled email clients much like the GroupWise Windows client does.

IMPORTANT:Starting in GroupWise 2012, GroupWise WebAccess is also a SOAP client.

  1. In ConsoleOne, browse to and select the POA object to configure, then click Properties.

  2. Click GroupWise > Agent Settings.

    Agent Settings property page
  3. Fill in the following fields:

    Enable SOAP: Select Enable SOAP to turn on SOAP processing.

    Max SOAP Threads: Specify the maximum number of SOAP threads you want the POA to start.

    The default maximum number of SOAP threads is 40. This is adequate for most post offices, because each SOAP thread can service multiple SOAP clients. By default, the POA creates 4 SOAP threads and automatically creates additional threads as needed to service clients until the maximum number is reached. You cannot set the maximum higher than 40.

    You might want to lower the maximum number of SOAP threads if SOAP processing is monopolizing system resources that you prefer to have available for other processes. However, insufficient SOAP threads can cause slow response for SOAP client users.

  4. Click Apply to save the SOAP thread settings.

  5. To secure SOAP connections to the post office or to change the SOAP port:

    1. Click GroupWise > Network Address.

      POA Network Address page
    2. Select Required in the Internal SOAP SSL drop-down list.

      The same SSL setting applies to both the internal SOAP port and the external SOAP port.

      For additional instructions about using SSL connections, see Section 83.2, Server Certificates and SSL Encryption.

    3. Change the SOAP port as needed.

  6. Click OK.

    ConsoleOne then notifies the POA to restart so the new settings can be put into effect.

Users of Evolution 2.0 and later can find instructions for connecting to a GroupWise system in the Evolution online help. For more information about using Evolution to access a GroupWise mailbox, see Evolution in Non-GroupWise Email Clients in the GroupWise 2012 Interoperability Guide.

Corresponding Startup Switches: You can also use the ‑‑soap, ‑‑soapmaxthreads, ‑‑soapport, ‑‑soapssl, and ‑‑soapthreads startup switches in the POA startup file to configure the POA to support SOAP clients. In addition, you can use the ‑‑evocontrol startup switch to configure the POA to allow only specified versions of Evolution to connect to the post office.

POA Web Console: You can see whether SOAP is enabled on the Configuration page under the General Settings heading.

36.2.5 Checking What GroupWise Clients Are in Use

You can configure the POA to identify GroupWise client users who are running GroupWise clients that do not correspond to a specified release version and/or date. You can also force them to update to the specified version.

  1. In ConsoleOne, browse to and right-click the Post Office object, then click Properties.

  2. Click GroupWise > Client Access Settings to display the Client Access Settings page.

    Client Access Settings property page
  3. Specify the approved GroupWise release version, if any.

    Only 6.x and later versions of the client are supported for lockout.

  4. Specify the approved GroupWise release date, if any

    You can specify the minimum version, the minimum date, or both. If you specify both minimums, any user for which both minimums are not true is identified as running an older GroupWise client.

  5. Select Lock Out Older GroupWise Clients for the version and/or date if you want to force users to update in order to access their GroupWise mailboxes.

    If you lock out older clients, client users receive an error message and are unable to access their mailboxes until they upgrade their GroupWise client software to the minimum required version and/or date.

  6. Click OK to save the GroupWise version and/or date settings.

    ConsoleOne then notifies the POA to restart so the new settings can be put into effect.

Corresponding Startup Switches: You can also use the ‑‑gwclientreleaseversion, ‑‑gwclientreleasedate, and ‑‑enforceclientversion startup switches in the POA startup file to configure the POA to check client version and/or date information.

POA Web Console: On the Status page of the POA Web console, click C/S Users to display the Current Users page, which lists all GroupWise users who are currently accessing the post office. Users who are running GroupWise clients older than the approved version and/or date are highlighted in red in the list. Users who are running newer versions are shown in blue.

If the POA Web console is password protected as described in Section 37.2.1, Setting Up the POA Web Console, you can change the expected release dates for the current POA session. Under Client/Server Settings, click Enforce Lockout on Older GroupWise Clients.

Historical Note: The capability of identifying client version and date information was first introduced in GroupWise 5.5 Enhancement Pack Support Pack 1. Any clients with versions and dates earlier than GroupWise 5.5 Enhancement Pack Support Pack 1 do not appear at all on the Current Users page of the POA Web console.

36.2.6 Supporting Forced Mailbox Caching

GroupWise client users have the option to download their GroupWise mailboxes to their workstations so they can work without being continuously connected to the network. This is called Caching mode. For more information, see Section 75.1.2, Caching Mode.

When client users change to Caching mode, the contents of their mailboxes must be copied to their hard drives. This process is called “priming” the mailbox. If users individually decide to use Caching mode, the POA easily handles the process.

If you force all users in the post office to start using Caching mode, as described in Allowing or Forcing Use of Caching Mode, multiple users might attempt to prime their mailboxes at the same time. This creates a load on the POA that can cause unacceptable response time for other users.

To configure the POA to handle multiple requests to prime mailboxes:

  1. In ConsoleOne, browse to and right-click the POA object, then click Properties.

  2. Click GroupWise > Agent Settings to display the Agent Settings page.

    Agent Settings property page
  3. Set Max Thread Usage for Priming and Moves as needed.

    By default, the POA allocates 30% of its client/server handler threads for priming mailboxes for users who are using Caching mode for the first time. By default, the POA starts 10 client/server handler threads, so in a default configuration, three threads are available for priming. You might want to specify 60 or 80 so that 60% to 80% of POA threads are used for priming mailboxes. You might also want to increase the number of client/server handler threads the POA can start in order to handle the temporarily heavy load while users are priming their mailboxes. See Section 38.1.2, Adjusting the Number of Connections for Client/Server Processing.

  4. Click OK to save the new setting.

    ConsoleOne then notifies the POA to restart so the new setting can be put into effect.

Corresponding Startup Switches: You can also use the ‑‑primingmax switch in the POA startup file to configure the POA to handle multiple requests to prime mailboxes.

POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, Setting Up the POA Web Console, you can change the POA’s ability to respond to caching requests for the current POA session on the Configuration page. Under the Client/Server Settings heading, click Max Thread Usage for Priming and Live Moves. To increase the number of client/server threads, click Client/Server Processing Threads under the Performance Settings heading.

36.2.7 Restricting Message Size between Post Offices

You can configure the POA to restrict the size of messages that users are permitted to send outside the post office.

  1. In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration.

    Link Configuration tool window
  2. In the drop-down list, select the domain where the post office resides, then click Post Office Links.

    Link Configuration tool with post office links displayed
  3. Double-click the post office where you want to restrict message size.

    Edit Post Office Link dialog box
  4. In the Maximum Send Message Size field, specify in megabytes the size of the largest message you want users to be able to send outside the post office, then click OK.

    A setting of 0 (zero) indicates that no size limitations have been set.

  5. To exit the Link Configuration tool and save your changes, click File > Exit > Yes.

    ConsoleOne then notifies the POA to restart using the new maximum message size limit.

If a user’s message is not sent out of the post office because of this restriction, the user receives an email notification message with a subject line of:

Delivery disallowed

The notification message also includes the subject of the original message. This message provides information to the user about why and where the message was disallowed. However, the message is still delivered to recipients in the sender’s own post office.

There are additional ways to restrict the size of messages that users can send, as described in Section 12.3.5, Restricting the Size of Messages That Users Can Send.

Corresponding Startup Switches: You can also use the ‑‑mtpsendmax startup switch in the POA startup file to restrict message size.

POA Web Console: You can view the maximum message size on the Configuration page. If the POA Web console is password protected as described in Section 37.2.1, Setting Up the POA Web Console, you can change the maximum message size for the current POA session using the Message Transfer Protocol link on the Configuration page.

36.2.8 Supporting Calendar Publishing

See Configuring a POA for Calendar Publishing in Installing the GroupWise Calendar Publishing Host in the GroupWise 2012 Installation Guide.