Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User


Download 69.95 Kb.
NameHelp Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User
A typeUser
manual-guide.com > manual > User




Aventail Corporation
Technical Integration Guide



Introduction:



This supplement describes how to integrate Microsoft Office Outlook with Aventail’s SSL VPN appliance and how to configure Aventail ASAP Management Console (AMC) in order to provide users secure remote access to their respective Microsoft Exchange Mailboxes.
There are four modes of accessing Microsoft Exchange Mailbox

  1. Microsoft Outlook Web Access using a Web browser

  2. Microsoft Outlook using a thick client

  3. Pocket Outlook on Small Form Factor devices

  4. Outlook Mobile Access on Small Form Factor devices


Aventail supports all four modes. Support and Configuration steps are discussed in this document to ease the process of integration.

Audience:

Administrator:


The administrator is assumed to be aware of Microsoft Outlook Server and Outlook Client installation.
For information on installation and configuration of Microsoft Outlook Server, refer to the installation guide of Microsoft Outlook Server.
An administrator can use this document to:

  1. Configure AMC to provide access Microsoft Exchange Mailbox.

  2. Troubleshoot and resolve end-user-related access problems

Help Desk Technician:


Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems.

End User:


An end user can use this document to learn how:

  1. To get OWA access by logging into WorkPlace portal

  2. To use Outlook client to connect to his mailbox

Outlook Web Access: Configuration

Compatibility and System Requirements to use Outlook Web Access

Support for various Microsoft Office Outlook Web access versions



Aventail Image versions

Outlook Web access Versions


ASAP 7.2 and prior


Outlook Web Access of Exchange Server 2000 (Premium and Basic)



ASAP 8.0 and later versions



Outlook Web Access of Exchange Server 2000 / 2003 (Premium and Basic)

C

Client System Specifications: For Outlook Web Access


Operating system

Web browser


Windows XP Professional with Service Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4



Microsoft Internet Explorer v6.0 with Service Pack 1, or Mozilla Firefox 1.5



Linux (Suse, Fedora2, Fedora4)



Mozilla Firefox 1.5 with Java enabled



Macintosh OS X



Macintosh Safari 1.2 or Mozilla Firefox 1.5 with Java enabled




Support on various Aventail ASAP Appliances


All Aventail appliances provide interoperability support for Microsoft Office Outlook. Support is given on Standalone, on Dual-node cluster, and Multi-node cluster with configuration either of a single home or of a dual home.

AMC Configuration for OWA:


AMC enables users to have secure remote Web access to their respective Microsoft Exchange Mailboxes in just a few easy configuration steps.
Prerequisites:

a) Confirm the Hostname or IP address of your Microsoft Outlook Server

b) Configure network and SSL settings, and import license file in AMC

c) Ensure that you can resolve and ping your Microsoft Outlook Server from the appliance
For more information on network settings, refer to chapter 4 of the Aventail EX-2500 Installation and Administration Guide for details on configuring network details.
The following sections describe the configuration steps.

Configuring the appliance to provide Outlook Web access to a group




Step1) Add a resource, using the Resources tab on left-hand side of the AMC.








  1. Fill in the Resource name (e.g., Outlook Web Access) and Description

  2. Type in the IP address or URL (http://your.outlook-server/exchange , where Exchange is the start page) of Outlook Server of your company.

  3. Check “Create Shortcut on Aventail WorkPlace” (the resource created will be seen as a link when users log in to the WorkPlace portal)

  4. Click Save


Advanced Configuration:


Alias:
If you want to obscure the internal host name for a URL resource, supply an alias name (e.g., Outlook alias) in this box. This is a public alias that will represent the private URL (e.g., user would access http://yourworkplace/outlook instead of http://your.outlook-server/exchange).
Synonyms:
If your Outlook Server has more than one host name (or “synonym”), type those host names (or IP addresses) in this box. Separate multiple synonyms with semicolons.


  1. Click on User Access -> Aventail WorkPlace on the left tab in AMC

  2. Click on Advanced

  3. Type in OWA start page (Exchange) as shown below



h) Click on Save.

Step2) Creating realms and Provisioning Agents



  1. Click the Realms tab on the left-hand side of your AMC screen

  2. Create a new realm





  1. Enter the Name and Description of the realm

  2. Choose an authentication server on which Outlook users will be authenticated (in the example above, Active Directory is used)

  3. Click Next

  4. Click Create New to create a community of users





  1. Click Edit to choose a member group and this group of users will belong to this community.(default is set to Any)




  1. Click Access Methods to choose agents that will be provisioned on logging in to Aventail WorkPlace portal




Refer to chapter 10 (User Access Components and Services) of the Aventail Installation and Administration Guide to understand different access methods.
Best Practices: Use Translated Web access.

Step 3) Create an access rule for created resource.

Access to a particular resource is given through the Access Control List (ACL), a list of rules. In the above example, a group of users authenticating using the AD realm are given the access.
a) Click the Edit tabs to choose required User Group and Resource
To create “User Groups” and “Resources” refer to chapters 5 & 6 of the Aventail Installation and Administration Guide.
Zones, realms, and authentication methods provide granular control on defining ACL.
For more information on accessing WorkPlace portal, refer to chapter 9 of the Aventail Installation and Administration Guide.

Configuring Single Sign-On (SSO) for OWA:
Aventail supports
a) Basic SSO – When your OWA server is setup for Basic authentication

b) SSO with NTLM authentication - When your OWA server is setup for Integrated Authentication

c) Form based authentication - When your OWA server is setup for Form-based Authentication
Configurations for all these methods are discussed below:
a) Single Sign-On configuration (SSO) for OWA without NTLM (Windows NT LAN Manager) authentication forwarding:
SSO is supported on username and password authentication.
Step1) Modify Outlook Web Access resource

  1. Click Resources

  2. Choose Outlook Web Access resource

  3. Choose Web Application Profile as OWA/Single Sign-On.




For users who are authenticated with username/password, same credentials will be used to authenticate against Microsoft Outlook Server.
b) Single Sign-On configuration (SSO) for OWA with NTLM (Windows NT LAN Manager) authentication forwarding:
SSO is supported on username and password authentication.
Step1) Modify Outlook Web Access resource

  1. Click on Resources

  2. Choose Outlook Web Access resource

  3. Choose Web application profile as OWA-SSO



Step2) Modify authentication server configuration to forward NTLM domain


  1. Select the Authentication server on which users will authenticate to get access.

  2. Click Edit and continue on to advance configuration




  1. Type in domain name in which the Microsoft Outlook Server exists

Or

If the authentication server name is same as domain name, choose the second option
The provided domain name or authentication server name will be forwarded along with user credentials.

c) Form Based SSO configuration for OWA:

SSO is supported on username and password authentication.
Step1) Modify Outlook Web Access resource


  1. Click Resources

  2. Choose Outlook Web Access resource. Since the authentication form is an SSL-based resource, the URL is https and not http ( e.g.: https://outlook-server.com)

  3. Choose Web application profile as OWA/Single Sign-On





Step2) Configure Web proxy service


    1. Click on the Services tab under System Configuration

    2. Click on the Configure link under Web Proxy Service

    3. Click on Single Sign-On Profiles.





    1. Replace EXCHANGE_SERVER in ‘Application URL’ with either URL of Exchange Server (outlook-server.com) or IP address of Outlook Server.

    2. Replace EXCHANGE_SERVER in ‘destination element’ with either URL of exchange server (exchange-server.com) or IP address of Outlook Server.

    3. Set other parameters to your requirement. For example:

      1. Username – Whether to pass username itself or domain name

      2. Force down level – Whether premium or basic OWA access is required.



Step 3) If your Outlook Server is running SSL, then Import Outlook Server’s CA Certificate


  1. Click on SSL Settings tab under system configuration

  2. Click on Edit under CA certificates section

  3. Click on New





  1. Import or paste in the contents of the Outlook Server’s CA Certificate

  2. Under Usage tab, choose Web Server Connections


Client End Access:



Users who wish to have Outlook Web access need to:



  1. Log in to WorkPlace portal of your company using a realm on which access control rule is configured.

  2. Click the Outlook Web access resource link, seen on your WorkPlace portal.



The Outlook Web Access resource will be visible as a WorkPlace link.
In our example, users coming in a realm (Outlook Access) using AD authentication were given the access.
c) Click on Outlook Web Access.

d) Type in credentials when prompted for username and password
On authentication, users will be directed to their respective mailboxes.


Client-Server Access: Using Microsoft Outlook Client

Compatibility and System Requirements

Support for various versions of Microsoft Outlook Servers:


Aventail Image versions

Outlook Web access Versions


ASAP 7.2 and prior


Outlook Web Access of Exchange Server 2000



ASAP 8.0 and later versions



Outlook Web Access of Exchange Server 2000 / 2003 )

C

Client system requirements:


Microsoft Outlook Client works on only Microsoft Windows® 2000 with Service Pack 3 (SP3) or later; or Windows XP or later.

Support on various Aventail ASAP Appliances



Aventail EX-750, EX-1500, EX-1600, and EX-2500 appliances have interoperability support with Microsoft Office Outlook. Support is given on Standalone, Dual-node cluster, and Multi-node cluster, with configuration being either of a single home or a dual home.

AMC Configuration for Exchange:


AMC enables users to have secure remote Web access to their respective Microsoft Exchange Mailboxes in just a few easy configuration steps.
Prerequisites:

a) Confirm with Hostname or IP address of your Microsoft Outlook Server

b) Configure network and SSL settings, and import license file in AMC

c) Ensure that you can resolve and ping your Microsoft Outlook Server from the Aventail appliance
For more information on network settings, refer to chapter 4 of the Aventail EX-2500 Installation and Administration Guide for details on configuring network details.
The following sections describe the configuration steps.
Step1) Create a resource for Microsoft Outlook Server


  1. Type in resource name and IP Address or Host name (as illustrated above)



Step2) Creating realms and Provisioning Agents



  1. Click the Realms tab on the left-hand side of your AMC screen

  2. Create a new realm





  1. Enter the Name and Description of the realm

  2. Choose an authentication server on which Outlook users will be authenticated (in the example above, Local authentication is used)

  3. Click Communities to create a community of users





  1. Click Edit to choose a member group and this group of users will belong to this community (default is set to ‘any’)




  1. Click Access Methods to choose the agents that will be provisioned on logging in to Aventail WorkPlace portal




  • Outlook client with Connect /OnDemand Tunnel:

Choose Smart tunnel access (Connect Tunnel or OnDemand tunnel)

Configure AMC to deploy Network Tunnel Service


  • Outlook client with OnDemand proxy:

Choose Web based proxy (Connect Tunnel or OnDemand tunnel)
Refer to chapter 10 (User Access Components and Services) of the Aventail Installation and Administration Guide to understand and configure different access methods.



Step3) Create an access rule (ACL) for created resource.


Access Control List (ACL), a list of rules, controls the access to a particular resource. In the above example, all users, coming from Outlook access realm, can configure their Outlook clients to access their mailboxes.
a) Click the Edit tabs to choose required User Group and Resource.
To create “User Groups” and “Resources” refer to chapters 5 & 6 of the Aventail Installation and Administration Guide.

Zones, realms, and authentication methods provide granular control on defining ACL.
For more information on accessing WorkPlace portal, refer to chapter 9 of the Aventail Installation and Administration Guide.

Client-end Access:

To run Microsoft Outlook Client:


Prerequisites:

  1. To have Outlook client installed on your machine.

  2. To have one of Aventail’s User access Components and Services installed


Or
To log into WorkPlace portal with OD tunnel as an access agent.
For information on Aventail Connect , Connect Tunnel, On Demand(OD) proxy and OD tunnel refer to chapter 10 (User access Components and Services) of the Aventail Installation and Administration Guide.
Steps to start Outlook client:


  1. Launch Connect Tunnel or Aventail Connect and authenticate, or log in to the WorkPlace portal.

  2. Launch the Outlook client

  3. Provide the Outlook Server’s hostname or IP address (e.g., exchangeserver.yourlabdomain.com or 10.20.20.53; contact your administrator for details) while configuring Client

  4. Authenticate with credentials to gain access to your mailbox

Internationalization Support:



Aventail supports internationalization (i18n) versions 8.5.2 and 8.6.1. Support is tested in both Japanese and South Korean languages.

  1. Outlook Web Access: browser supporting local languages can be used

  2. Outlook Mobile Access: Small Form Factor devices that support internationalization can be used.

  3. Microsoft Outlook Client: Localized thick client versions of Outlook can be used


Upgrades:


  1. If your appliance is configured to have Microsoft Outlook access, and if you are planning to upgrade or rollback, then no changes are required in AMC.

  2. Upgrading Microsoft Outlook Server or Client is completely transparent to Aventail appliances and requires no changes in AMC (versions supported are only Microsoft Exchange Server 2000 and Microsoft Exchange Server 2003.


Troubleshooting:


a) Check Access Control Rules to be sure you have access permissions to required users
The AMC logging facility can help you deduce problems (example below).


Use “IP or server name” or URL as search strings to view required logs. Resource definition (URL) could be wrong, as shown above.
b) Check if Microsoft Outlook Server is routable from appliance

c) Check if traffic is reaching the appliance; verify if Firewall is blocking it

d) Check logs on Microsoft Outlook Server
For more information on trouble shooting, refer “Appendix A” of the Aventail Installation and Administration Guide.


Supported Small Form Factor Devices



Pocket Outlook and Outlook Mobile Access (OMA) are supported on following devices:

  • Audiovox

  • Blackberry

  • Danger

  • Dell

  • Ericsson

  • Hewlett-Packard

  • Motorola

  • NEC

  • Nokia

  • Palm

  • Panasonic

  • Samsung

Descriptions of some of the models are listed below:

Audiovox


Smart Phone Advanced

DOCOMO


PPC / PDA

Windows CE


iMode Phone (CHTML)

J-SH51


iMode Phone Vodafone

J-SA51


iMode Phone Vodafone

V601


iMode Phone v601t/v601sh Vodafone

UP Browser


WAP Phone (V 2.0)

I-PHONE


iMode Phone (CHTML)

Blazer


PPC/PDA

Nokia


Smart Phone – Basic


UP link


WAP Phone (v 2.0)

Motorola


WAP Phone (v 2.0)

Blackberry


WAP Phone (v 2.0)

KDDI


Smart Phone

SEC


WAP Phone (v 2.0)


Non-Supported Features:


  1. Firefox and Safari support for OWA is only with Extraweb translated mode.

  2. Microsoft supports only Basic OWA with Firefox browser.






Aventail Europe Ltd

Tel +44 (0) 870.240.4499

emea@aventail.com
Aventail Asia-Pacific

Tel +65 6832.5947

asiapac@aventail.com



Corporate

Headquarters

808 Howell Street

Seattle, WA 98101

Tel 206.215.1111

Fax 206.215.1120

americas@aventail.com

www.aventail.com






©2006 Aventail Corporation. All rights reserved. Aventail, Aventail ASAP,
Aventail Connect, Aventail EX-750, Aventail EX-1500, Aventail EX-1600,
Aventail EX-2500 and Aventail OnDemand, and their respective logos are
trademarks, registered trademarks, or service marks of Aventail Corporation.
Other product and company names mentioned are the trademarks of their
respective owners.


Share in:

Related:

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconAbstract This document explains and is limited to the Service Desk...

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconThis documentation and any related computer software help programs...

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconBooks may be renewed in person at the library circulation desk, or...

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconCisco Virtual Office – End User Instructions for Cisco 891 Router Set Up at Home or Small Office

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User icon1. Working at Circ Desks 1 Working at the Circulation Desk Notes:...

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconUsers with the Administrator role have access to the following options

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconUser Define your hard drives as 1024 cylinders, 16 heads and 63 sectors....

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconPolygon End-User Documentation

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconThe user can then access any and all resources

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconUser-access management

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconOl monitor end-user license agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement

Help Desk Technician: Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems. End User iconProcedure download end user agreement




manual


When copying material provide a link © 2017
contacts
manual-guide.com
search