5.3 Planning GroupWise WebAccess

Before installing GroupWise WebAccess, you should complete the planning tasks listed below. The planning tasks help you gather information you will need as you install and set up GroupWise WebAccess. You can use Section 5.6, GroupWise WebAccess Installation Worksheet to record your installation and setup information.

To help with the above tasks, you can also review the GroupWise Wiki, which includes a Best Practices section.

IMPORTANT:If you plan to install WebAccess in a clustered server environment, refer to the GroupWise 7 Interoperability Guide as you plan your WebAccess installation.

5.3.1 Deciding Where to Install the GroupWise WebAccess Components

After reviewing Section 5.1, GroupWise WebAccess Overview and the system requirements listed in Section 5.2, WebAccess System Requirements, plan where you want to install the WebAccess components in your system.

For best performance, the WebAccess Agent should be installed on the same server where the domain it belongs to is located. If you need to install it on a remote server, you can create a secondary domain on the remote server so that the WebAccess Agent has a local domain and MTA to communicate with.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 2: Server Platform and Installation Directory, specify the platform where you will install the WebAccess Agent, then specify the directory where you want to install the WebAccess Agent files. The default installation directories are:

Under Item 13: Web Server Type and Root Directory, select the type of Web server where you will install the WebAccess Application and WebPublisher Application, then specify the Web server’s root directory.

Under Item 14: Novell Root Directory, specify a directory on the Web server where you want to install the configuration files for the WebAccess Application and WebPublisher Application.

Under Item 15: Java Servlet Engine, mark whether you want to use the Tomcat Servlet Container (recommended) or another servlet engine.

5.3.2 Determining the WebAccess Agent’s Configuration

As you install the WebAccess Agent, you are prompted to supply the configuration information described in the following sections:

Network Address

The WebAccess Agent communicates with the WebAccess Application and WebPublisher Application (on the Web server) through TCP/IP.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 3: Server Address, specify the IP address or DNS hostname of the WebAccess Agent’s server, then specify the port number for the agent to use. The default is 7205.

Gateway Directory Location and Name

The WebAccess Agent requires a GroupWise gateway directory in which to store configuration information and work files. The gateway directory must be located under a GroupWise domain directory. The default directory name is webac70a. If you change the name, use the following platform-specific conventions:

NetWare:

Use a maximum of 8 characters

Linux:

Use only lowercase characters

Windows:

No limitations.

After you specify the domain directory location and a gateway directory name, the WebAccess Installation program creates the gateway directory under the domain\wpgate directory (for example, provo\wpgate\webac70a).

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 5: Gateway Directory, specify the domain name and the full path to the domain directory where you want to create the gateway directory, then give the gateway directory a name.

If you are installing the Linux WebAccess Agent, record the eDirectory™ context of the Domain object (for example, cn=provo3,ou=groupwise,o=corporate).

Gateway Object Name

The WebAccess Agent also requires a GroupWise Gateway object in Novell eDirectory. By default, it is named the same as the gateway directory and is referred to as the WebAccess Agent object. This object stores the WebAccess Agent’s information and enables configuration of the agent through ConsoleOne®.

The WebAccess Agent object is created below the Domain object. If you have multiple domains, the WebAccess Installation program uses the Domain object associated with the domain directory where you are creating the WebAccess Agent gateway directory.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 6: Gateway Object, specify the name you want to give the WebAccess Agent object. The default name is the same as the gateway directory name you chose for Item 5.

Domain and Post Office Access

The WebAccess Agent requires access to the domain. It also requires access to each post office where mailboxes or libraries are located that WebAccess or WebPublisher users will access.

Domain: The WebAccess Agent needs direct access (mapped drive, UNC path, or file system mount) to the domain directory so that it can write to its gateway directory (domain\wpgate\webac70a).

Post Offices: The WebAccess Agent needs direct access (mapped drive, UNC path, or file system mount) to the post office directory so that it can write to the POAs input queue, or it needs client/server access (TCP/IP) to the post office’s POA. By default, the WebAccess Agent uses whatever access mode has been established for the post office on the Post Office Settings property page of the Post Office object in ConsoleOne.

If the WebAccess Agent must access a remote server in order to access a domain or post office, it needs to be able to log in to the remote server.

NetWare:

Ensure that an eDirectory user account exists that provides the required access to the domain and post office directories. For direct access to the domain directory or a post office directory, the WebAccess Agent needs Read, Write, Create, Erase, Modify, and File Scan rights.

Windows:

Ensure that a Windows user account exists on the Windows server for the agent.

If the domain or any post office directories directly accessed by the WebAccess Agent are on remote Windows servers, ensure that the Windows user account provides Full Control access to those directories.

If the domain directory or any post office directories directly accessed by the WebAccess Agent are on remote NetWare servers, ensure that the WebAccess Agent has an eDirectory user account with the same username and password as the agent’s Windows user account. The eDirectory account must provide Read, Write, Create, Erase, Modify, and File Scan rights to the directories.

If the WebAccess Agent does require an eDirectory user account, ensure that the context of the account is defined in the bindery context of all NetWare servers that will be accessed.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 7: eDirectory Authentication, specify the eDirectory username and password you want the WebAccess Agent to use to access the domain directory and post office directories. This applies to the NetWare WebAccess Agent only.

If you are using the Windows WebAccess Agent, ensure that the appropriate Windows and eDirectory user accounts exist.

Web Console

The WebAccess Agent server console enables you to monitor the WebAccess Agent from the server where it is running. If you want, you can enable the WebAccess Agent Web console. The Web console lets you view the WebAccess Agent’s statistical and diagnostic information through a Web browser, which is useful if want to see the WebAccess Agent’s activity without physically visiting the agent’s server.

You access the Web console by entering the WebAccess Agent’s network address and HTTP port number in a Web browser (for example, http://172.16.5.18:7211). If necessary, you can change the WebAccess Agent’s default HTTP port number (7211).

If you want to restrict access to the Web console, you can assign a username and password. This can be any username and password you want. By default, the username and password are passed through an unsecure connection between the Web browser and the WebAccess Agent. Therefore, do not use an existing eDirectory username and password unless you secure this connection using SSL. For information about securing the WebAccess Agent’s connections, see WebAccess in the GroupWise 7 Administration Guide.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 10: Web Console, select Yes if you want to enable the Web console. If you want to restrict access to the Web console, enter a username and password.

WebPublisher

You can choose whether or not you want the WebAccess Agent to support GroupWise WebPublisher. If you enable WebPublisher support, you need to specify a GroupWise account (mailbox ID and password). The GroupWise account serves two purposes:

  • GroupWise users publish documents to WebPublisher users by sharing the documents with this GroupWise account.

  • When Web users access WebPublisher, the WebAccess Agent logs in to this GroupWise account. This lets the WebAccess Agent know which documents have been shared with WebPublisher users. It can then retrieve these documents (and only these documents) for the WebPublisher users.

Create a new GroupWise account specifically for GroupWise WebPublisher. If you’ve already created an eDirectory account for the WebAccess Agent to use when accessing domain or post office directories, as described in Domain and Post Office Access, you might want to create the GroupWise account under that eDirectory user account.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 12: WebPublisher Support, select Yes if you want to enable the WebAccess Agent to support WebPublisher, then enter the Mailbox ID and password for the GroupWise account you want the WebAccess Agent to use.

If you enable GroupWise WebPublisher support, you need to select the libraries that you want to make public. The WebAccess Agent, acting on behalf of WebPublisher users, only accesses documents in public libraries.

Making a library public does not automatically give WebPublisher users access to all documents in the library. For WebPublisher users to have access to a document in a public library, the document’s owner must have shared the document with the WebPublisher user account.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 13: Libraries, list the libraries from which documents can be shared. The WebAccess Installation program lists all libraries in your GroupWise system. If you want, you can wait until then to select libraries.

NOTE:When a WebPublisher user requests a library document in HTML format rather than its native format, the Viewer Agent renders the document from its native format to HTML format. The Viewer Agent can be configured to cache the HTML document to a subdirectory of the WebAccess Agent installation directory. This enables the WebAccess Agent to use the cached document for future requests. For instructions to configure the Viewer Agent, see WebAccess in the GroupWise 7 Administration Guide.

NetWare Installation Option: Novell Cluster Services

Novell Cluster Services is a server clustering system that ensures high availability and manageability of critical network resources including volumes (where GroupWise domains and post offices reside) and applications (such as the GroupWise WebAccess Agent). Novell Cluster Services supports failover, failback, and migration of individually managed cluster resources.

During installation, the NetWare WebAccess Agent can be configured to take advantage of the fault-tolerant environment provided by Novell Cluster Services if the following requirements are met:

  • The domains and post offices to be serviced by the NetWare WebAccess Agent have already been created on shared NSS volumes in the cluster.

  • The NetWare WebAccess Agent is being installed to a server that is part of the same cluster.

When the WebAccess Agent is configured for clustering, its startup file (webac70a.waa) is configured with shared volume names rather than specific server names.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 4: Clustering Support, mark whether or not you want to configure the NetWare WebAccess Agent for clustering. If you do, follow the installation instructions in Implementing WebAccess in a NetWare Cluster in Novell Cluster Services on NetWare in the GroupWise 7 Interoperability Guide, rather than the installation instructions in this guide.

Linux Installation Options: LDAP Information and Clustering

When you install the Linux WebAccess Agent, the following Linux-specific options are available in the Installation program:

LDAP Information

If you are installing the Linux WebAccess Agent and WebAccess Application, the WebAccess Installation program needs to access eDirectory through LDAP. eDirectory access is required in order to create the WebAccess Agent and WebAccess Application objects. To obtain access, the Installation program needs the IP address and port number of an LDAP server, along with an eDirectory username and password to log in with. The user must have sufficient rights to create GroupWise objects in eDirectory. Because the Linux Installation program uses LDAP to access eDirectory, you must provide the username in LDAP format. For example:

cn=admin,ou=users,o=corporate

If you want to secure the connection to eDirectory with SSL, you can specify a certificate file. For background information about SSL, see Encryption and Certificates in Security Administration in the GroupWise 7 Administration Guide.

IMPORTANT:If you do not want to use SSL, the LDAP server must be configured to accept clear text passwords. This is configured on the server’s LDAP Group object in ConsoleOne by deselecting Require TLS for Simple Binds with Password. The LDAP snap-in to ConsoleOne is required in order to change the setting.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 11: LDAP Authentication, specify the IP address and port number of an LDAP server, a username in LDAP format, the password for the username, and if necessary, the full path to your SSL certificate file.

Clustering Alternatives on Linux

On Linux, you can install the WebAccess Agent in three different clustering environments, as described in the GroupWise 7 Interoperability Guide:

If you are using Novell Cluster Services™, the Linux GroupWise Installation program provides a Configure GroupWise for Clustering option that simplifies the process of installing the Linux WebAccess Agent on multiple nodes in the cluster.

GROUPWISE WEBACCESS AGENT INSTALLATION WORKSHEET

Under Item 2: Installation Options, mark whether or not you want to configure the Linux WebAccess Agent for clustering using Novell Cluster Services. If you do, follow the installation instructions in Implementing WebAccess in a Linux Cluster in Novell Cluster Services on Linux in the GroupWise 7 Interoperability Guide, rather than the installation instructions in this guide.

If you are installing the Linux WebAccess Agent on PolyServe Matrix Server, the Linux GroupWise Installation program does not assist you with the setup. See the GroupWise 7 Interoperability Guide for installation instructions.

Windows Installation Options: Service vs. Application and SNMP Traps

The WebAccess Agent can run as a Windows service rather than a standard Windows application. To do so, the WebAccess Agent service requires a user account. The requirements for the Windows service user account are the same as those listed for the Windows WebAccess Agent in Domain and Post Office Access.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 8: Execution Options, select Run WebAccess Agent as a Windows Service.

Under Item 9: Windows Service User, enter the username and password for the service’s user account.

The Windows WebAccess Agent can also be configured to support SNMP. This enables the WebAccess Agent to be monitored and managed through an SNMP management program.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

If you want the WebAccess Agent to support SNMP, under Item 8: Execution Options, select the Install and Configure SNMP for WebAccess Agent option.

NOTE:The NetWare and Linux WebAccess Agents rely on operating system components for SNMP functionality and do not require this installation option.

5.3.3 Determining the WebAccess and WebPublisher Applications’ Configuration

As you install the WebAccess Application and/or the WebPublisher Application to a Web server, you are prompted to supply the configuration information described in the following sections:

NOTE:You should have already selected the Web server where you will install the WebAccess Application and WebPublisher Application. If you have not, see Section 5.3.1, Deciding Where to Install the GroupWise WebAccess Components.

Default Language

The WebAccess Installation program installs all available languages. You need to specify which language should be used when displaying the Novell Web Services page. When users access the Novell Web Services page, they can use the default language for WebAccess or WebPublisher, or they can select another language.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 16: Default Language, specify the language for the Novell Web Services page.

For more information, see Multilingual GroupWise Systems in the GroupWise 7 Administration Guide.

eDirectory Objects and Configuration Files

WebAccess Application and WebPublisher Application configuration information is stored in two places:

  • eDirectory objects

  • The webacc.cfg and webpub.cfg files, located by default in the Web server’s novell directory (worksheet item 14)

The WebAccess Application object and WebPublisher Application object allow you to easily modify configuration information in ConsoleOne. The eDirectory information is the master information; any changes made to the objects in eDirectory are also written to the configuration files.

In some installation scenarios, such as installing to a Web server outside a firewall or installing to a UNIX Web server, you might not have access to eDirectory, which means the WebAccess Installation program cannot create the objects. It can, however, still create the configuration files on the Web server. In this case, to change the application’s configuration, you need to manually modify the webacc.cfg and webpub.cfg files.

You need to select the eDirectory container where you want the objects created. They are all created in the same container. The default container is the Domain object, which means the objects are created beneath the Domain object along with the MTA and Internet Agent objects.

NOTE:Each application also has several providers associated with it. For example, the WebAccess Application has a GroupWise Provider and an LDAP Provider. The GroupWise Provider is the component that actually communicates with the WebAccess Agent to request information for users. The LDAP Provider communicates with LDAP servers to enable users to search LDAP address books. Provider objects are created in the same location as the application objects.

GROUPWISE WEBACCESS INSTALLATION WORKSHEET

Under Item 17: eDirectory Object Configuration, specify the tree where you want the objects created, then specify the context. If you will be installing from a location where you don’t have access to eDirectory, you can skip this item.