4.12 Trusted Applications

Trusted applications are third-party programs that can log into Post Office Agents (POAs) and Internet Agents in order to access GroupWise mailboxes without needing personal user passwords. Trusted applications might perform such services as message retention or synchronization with mobile devices. The Trusted Application feature allows you to edit and delete trusted applications that are available in your GroupWise system.

For information about creating and installing trusted applications, search for GroupWise Trusted Application API at the Novell Developer Kit Web site. For security guidelines for managing trusted applications, see Section 85.6, Protecting Trusted Applications

4.12.1 Creating a Trusted Application and Key

A trusted application key allows a third-party program to authenticate to the POA or the Internet Agent and obtain GroupWise information that would otherwise be available only by logging in to GroupWise mailboxes.

Before GroupWise 8 Support Pack 1, trusted application keys needed to be created by the third-party program developer, using the GroupWise Trusted Application API at the Novell Developer Kit Web site.

Starting with GroupWise 8 Support Pack 1, you can create a trusted application and its associated key in ConsoleOne for use with both Linux and Windows trusted applications.

  1. Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted Applications dialog box.

    Configure Trusted Applications
  2. Click Create.

    Create Trusted Application dialog box
  3. Fill in the following fields as needed for your trusted application:

    Name: Specify the name of the trusted application as you want it to be listed in ConsoleOne.

    Description: Specify a description for the trusted application.

    TCP/IP Address: If you want to restrict the location from which the trusted application can run, specify the IP address of the server from which the application can run. To do so, click the Edit (pencil) button, then specify the IP address or DNS hostname of the trusted application’s server.

    If you want to allow the trusted application to be run from any server, do not specify an IP address or DNS hostname.

    IMPORTANT:If you are creating the trusted application for use with the Data Synchronizer Connector for GroupWise, as described in GroupWise Trusted Application in Mobility Pack Installation in the Novell Data Synchronizer Mobility Pack Installation Guide, do not specify an IP address or DNS hostname.

    Requires SSL: Select this option to require a secure (SSL) connection between the trusted application and POAs and Internet Agents.

    Provides Message Retention Service: Select this option if the purpose of the trusted application is to retain GroupWise user messages by copying them from GroupWise mailboxes into another storage medium.

    Turning on this option defines the trusted application as a Message Retention Service application. However, in order for GroupWise mailboxes to support message retention, you must also turn on the Enable Message Retention Service option in GroupWise Client Options (Tools > GroupWise Utilities > Client Options > Environment > Retention). You can enable individual mailboxes, all mailboxes in a post office, or all mailboxes in a domain by selecting the appropriate object (User, Post Office, or Domain) before selecting Client Options. For more information, see Section 69.0, Setting Defaults for the GroupWise Client Options.

    For information about the complete process required to use a trusted application for message retention, see Section 33.0, Retaining User Messages.

    Allow Access to Archive Service: Select this option if your message retention service interacts with an archive service. Different archive services provide differing storage alternatives (memory, disk, or tape, for example) and differing alternatives for speed and cost. You can configure multiple archive services for your GroupWise system.

    For more information about configuring GroupWise to work with an archive service, see Section 4.2.7, Archive Service Settings.

    Archive Service Address: If the trusted application for the message retention service uses the GroupWise Stubbing API, specify the IP address or DNS hostname of the server where the archive service is running. This allows the POA to interact directly with the archive service in support of the message retention service. The advantage to this configuration is that the archive service can be behind the firewall along with the POA. If retrieval is required, the POA accesses the archive service and provides the retrieved data to the GroupWise client.

    If the message retention trusted application does not use the GroupWise Stubbing API, do not specify an IP address or DNS hostname. Without the Stubbing API, the trusted application communicates with the POA to create stubs for archived messages. The stubs contain the URLs for the archived messages. When a GroupWise user clicks the stub for an archived message, the GroupWise client accesses the URL to retrieve the archived message.

    Archive Service Requires SSL: Select this option if you want to use a secure connection between the message retention service and the archive service.

    Location for Key File: Browse to and select the directory where you want to create the trusted application key file.

    Name of Key File: Specify the name of the trusted application key file to create. The third-party program must be designed to successfully access the trusted application key file where you create it.

  4. Click OK to save the trusted application configuration information.

For information about how the POA handles trusted application processing of message files, see Section 36.3.6, Configuring Trusted Application Support.

4.12.2 Editing a Trusted Application

You can edit a trusted application’s description, IP address, port, and SSL settings.

  1. Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted Applications dialog box.

    Configure Trusted Applications
  2. In the Trusted Applications list, select the application you want to edit, then click Edit.

    Edit Trusted Application dialog box
  3. Modify the following fields as needed for your trusted application:

    Name: This field displays the trusted application’s name. You cannot change the name.

    Description: Specify a description for the trusted application.

    TCP/IP Address: If you want to restrict the location from which the trusted application can run, specify the IP address of the server from which the application can run. To do so, click the Edit (pencil) button, then specify the IP address or DNS hostname of the trusted application’s server.

    If you want to allow the trusted application to be run from any server, do not specify an IP address or DNS hostname.

    Requires SSL: Select this option to require a secure (SSL) connection between the trusted application and POAs and Internet Agents.

    Provides Message Retention Service: Select this option if the purpose of the trusted application is to retain GroupWise user messages by copying them from GroupWise mailboxes into another storage medium.

    Turning on this option defines the trusted application as a Message Retention Service application. However, in order for GroupWise mailboxes to support message retention, you must also turn on the Enable Message Retention Service option in GroupWise Client Options (Tools > GroupWise Utilities > Client Options > Environment > Retention). You can enable individual mailboxes, all mailboxes in a post office, or all mailboxes in a domain by selecting the appropriate object (User, Post Office, or Domain) before selecting Client Options. For more information, see Section 69.0, Setting Defaults for the GroupWise Client Options.

    For information about the complete process required to use a trusted application for message retention, see Section 33.0, Retaining User Messages.

    Allow Access to Archive Service: Select this option if you have also installed an archive service, as described in Section 4.2.7, Archive Service Settings. Specify the IP address or DNS hostname of the server where the archive service is running. Select Archive Service Requires SSL if you want to use a secure connection between the message retention service and the archive service.

  4. Click OK to save the trusted application configuration information.

For information about how the POA handles trusted application processing of message files, see Section 36.3.6, Configuring Trusted Application Support.

4.12.3 Deleting a Trusted Application

  1. Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted Applications dialog box.

    Configure Trusted Applications
  2. In the Trusted Applications list, select the application you want to delete, click Delete, then click Yes to confirm the deletion.