The 2007 R2 version of Communicator Web Access is not a stand-alone application. Instead, it functions as an extension to your Office Communications Server 2007 R2 deployment: Office Communications Server 2007 R2 must be deployed and running before you can even install Communicator Web Access. As an extension to Office Communications Server, this means that Communicator Web Access must interact with – and rely upon – other components of Office Communications Server in order to carry out its appointed tasks. For example, Communicator Web Access authenticates users when they log on to a virtual server; after users are authenticated, however, Communicator Web Access then relies on Office Communications Server in order to provide presence information and instant messaging (IM) capabilities.

Additional information about integrating Communicator Web Access with Office Communications Server, as well as information about hardware and software requirements and a checklist of deployment steps, can be found in the following sections of this topic.

Supported Topologies

Communicator Web Access supports a number of different deployment scenarios. In a smaller organization you can install Communicator Web Access on one computer and run Office Communications Server 2007 R2 on another. In larger organizations, Communicator Web Access can be deployed as an array of servers located behind a hardware load balancer.

Communicator Web Access supports two types of virtual servers: internal (designed for authenticated users logging on behind the organization firewall) and external (designed for authenticated users logging on from outside the organization firewall). When you deploy Communicator Web Access, you can deploy one or more internal virtual servers or you can deploy one or more external virtual servers. Alternatively, you can deploy both types of virtual server, thus providing a way for users to log on to Communicator Web Access either from the internal network or from the Internet. You can even host both an internal virtual server and an external virtual server on the same computer, although this is not recommended for security reasons.

If you are planning to deploy an external virtual server it is recommended that you also deploy a reverse proxy server. In this scenario, external users initially connect to the reverse proxy server rather than connect directly to your Communicator Web Access server. After the user has been authenticated, the reverse proxy server then directs them to a Communicator Web Access server or server pool.

As a general rule, Communicator Web Access supports any reverse proxy configuration for creating a perimeter network, including Microsoft Internet Security and Acceleration (ISA) Server. However, there is one exception to this general rule. Communicator Web Access supports single sign-on authentication. With single sign-on, a user who needs to access more than one Web-based service can log on once and automatically be granted to each of those Web-based services. For instance, a user can log on and simultaneously be authenticated for both Microsoft Outlook Web Access and Communicator Web Access.

Communicator Web Access supports single sign-on, but only if ISA Server 2006 is used as the authenticating server. No other single sign-on method is currently supported.

If you want to enable audio conferencing and desktop sharing for Communicator Web Access, you will need to deploy both the A/V Conferencing Server and Mediation Server. (You will also need to deploy the A/V Conferencing Edge Server if you want to provide these capabilities to external users.) If you need to keep a record of your IM sessions (a legal requirement in some industries), you must deploy and configure Archiving Server.

Supported Collocation

Communicator Web Access must run on a dedicated computer. Collocating Communicator Web Access with any other Office Communications Server server role is not supported.

Load Balancing

Communicator Web Access supports hardware load balancing; software load balancing is not supported. In theory, it is possible to use a single load balancer to handle both Office Communications Server connectivity and Communicator Web Access connectivity. Although this works, it does not guarantee that connection requests will be shared equally among all the servers in the Communicator Web Access array. Because of that, it is recommended that you dedicate a load balancer solely for use with Communicator Web Access.

Any load balancer that supports client affinity can be used with Communicator Web Access. Client affinity helps ensure that an entire session takes place on a single Communicator Web Access server; Communicator Web Access does not allow a session to begin on one server and then somehow be transferred to another server. If a user is logged on to Server A at the beginning of a session, the user will continue to use Server A for the duration of that session. If Server A fails, the user will have the session terminated. (That user can then sign on again, and the load balancer will route the user to a server that is still running.) Users connected to Server B or Server C will not have their session disrupted in any way if Server A fails.

For optimal performance, load balancers used with Communicator Web Access should also support the following:

  • You should be able to set TCP idle time out to 1,800 seconds. If you are using Microsoft Internet Security and Acceleration (ISA) Server as a reverse proxy or single sign-on server, you should also set the idle time out on the ISA server to 1,800 seconds.

  • If your load balancer is expected to handle more than 65,000 simultaneous connections, you should use source network address translation (SNAT).

    Note:
    Use of destination network address translation (DNAT) is not supported for Communicator Web Access.
  • To help ensure client affinity, your load balancer should support cookie-based load balancing. It is recommended that you use HTTP Cookie Insert when creating the load balancer’s cookie persistence profile.

For details about general load balancer requirements, see Planning Load Balancing.

Required Hardware

No special hardware is required for a Communicator Web Access server. (However, if you are setting up a pool of servers you can use a hardware load balancer to direct clients to a specific server.) For details about the recommended minimum hardware for a Communicator Web Access server, see Internal Office Communications Server Component Requirements.

As a general rule, increasing the speed of the processor, the hard disk, or the network card has a minimal effect on Communicator Web Access performance. If you want to increase the performance (and the capacity) of your Communicator Web Access servers, adding additional memory is the best approach.

Required Software

For details about the operating systems that are supported for the 2007 R2 version of Communicator Web Access, see Internal Office Communications Server Component Requirements.

In addition, the following software must be running before Communicator Web Access can be installed:

  • Microsoft Visual C++ Redistributable

  • Microsoft .NET Framework 3.5 with Service Pack 1

  • Office Communications Server Core Components

  • Microsoft SQL Server Native Client

  • Microsoft Unified Communications Managed API Redistributable

  • Internet Information Services (IIS)

If you are installing Communicator Web Access using the Office Communications Server 2007 R2 Deployment Wizard, the Setup program will verify that each of these applications have been installed; if they have not, the wizard will notify you and offer to install any missing programs for you. If you are installing Communicator Web Access from the command line, you will need to install each of these applications before beginning the Communicator Web Access setup.

These same software requirements apply to any computer where you want to install Communicator Web Access Manager, the primary tool for administering your Communicator Web Access infrastructure. You do not have to install Communicator Web Access Manager on a computer that is running Communicator Web Access itself; this enables you to set up an administrative computer separate and distinct from your Communicator Web Access servers.

Deployment Process

As a planner, you do not need to know the step-by-step procedures for creating a DNS record or for enabling users for remote access. However, it is useful for planners to understand the basic tasks involved in deploying Communicator Web Access in an organization. Because of that, these steps are briefly described in the following table.

Table 1. Communicator Web Access Deployment Process

Phase Steps Permissions Documentation

Verify Communicator Web Access requirements

  1. Verify that your servers meet the hardware and software requirements for running Communicator Web Access.

  2. Verify that your client computers are running an operating system and Web browser supported by Communicator Web Access.

DNS Admins group or Domain Admins group

Verifying Communicator Web Access Server Requirements

Verifying Communicator Web Access Client Requirements

topics in Deploying Communicator Web Access

Prepare DNS records

  1. Create Domain Name System (DNS) records for internal Communicator Web Access servers and load balancer.

  2. Optionally, create DNS records for the external Communicator Web Access servers, the reverse proxy, and the load balancer.

DNS Admins group or Domain Admins group

Domain Name System (DNS) Requirements

Install and configure Internet Information Services (IIS)

  1. If installing on Windows Server 2003, install IIS 6.0.

  2. If installing on Windows Server 2008, install Windows Process Activation Service and then install IIS 7.0. After IIS 7.0 has been installed, configure the Managed Pipeline mode.

Local Administrators group

Installing IIS 7.0 for Communicator Web Accessin the Deploying Communicator Web Access documentation

Prepare and install certificates

  1. Request and install a Web server certificate for both mutual TLS (MTLS) and Secure Sockets Layer (SSL). In some cases, multiple certificates might be required.

  2. If necessary, install the certificate chain for the certification authority (CA) in the Trusted Root Certification Authorities node in the certificate store for the local computer.

Local Administrators group

Preparing Certificates for Communicator Web Accessin the Deploying Communicator Web Access documentation

Deploy Office Communications Server 2007 R2

  1. Install Office Communications Server.

  2. Activate Office Communications Server.

  3. Configure Office Communications Server.

Various

The Deploying Office Communications Server 2007 R2 Enterprise Editiondocumentation (for an Enterprise pool deployment) or the Deploying Office Communications Server 2007 R2 Standard Editiondocumentation (for a Standard Edition server deployment)

Install and activate Communicator Web Access

  1. Install Communicator Web Access.

  2. Activate Communicator Web Access.

  3. Create an internal virtual server.

  4. Create an external virtual server (optional).

Local Administrators group

Domain Admins group

Installing and Activating Communicator Web Access

Creating a Communicator Web Access Virtual Server

topics in the Deploying Communicator Web Access documentation

Publish Communicator Web Access URLs

Publish the Communicator Web Access URLs.

Local Administrators group

Domain Admins group

Publishing Communicator Web Access URLsin the Deploying Communicator Web Access documentation

Install Communicator Web Access Manager

Install Communicator Web Access Manager and the Office Communications Server Administration Tools. These tools do not need to be installed on the same computer where Communicator Web Access is installed.

Local Administrators group

Domain Admins group

Installing the Communicator Web Access Snap-inin the Deploying Communicator Web Access documentation

Install a load balancer and reverse proxy server (optional)

  1. If needed, install a load balancer to help distribute Communicator Web Access connection requests to all your servers.

  2. If needed, install a reverse proxy server to handle logon requests from external users.

Local Administrators group

Domain Admins group

Using a Load Balancer to Increase Capacity and Availability

Using a Reverse Proxy to Enable Remote User Access

topics in the Deploying Communicator Web Access documentation

Configure your Communicator Web Access server for optimum performance

  1. If Communicator Web Access is running on Windows Server 2003, enable SSL to run in kernel mode.

  2. If your server needs to handle more than a few hundred simultaneous connections, increase the ASP.NET request queue limit.

  3. If your server needs to handle more than a few hundred simultaneous connections, increase the queue length setting in IIS.

Local Administrators group

Enabling Kernel SSL on Windows Server 2003

Modifying the ASP.NET Request Queue Limit

Modifying the IIS Queue Length

topics in the Deploying Communicator Web Access documentation

Enable and configure user accounts

In Active Directory Domain Services (AD DS), configure user accounts by enabling them for Office Communications Server 2007 R2.

Domain Admins group

Create and Enable Usersin the Deploying Office Communications Server 2007 R2 Enterprise Editiondocumentation (for an Enterprise pool deployment) or in the Deploying Office Communications Server 2007 R2 Standard Editiondocumentation (for a Standard Edition server deployment)

Enabling Users for Communicator Web Accessin the Deploying Communicator Web Access documentation

Test the Communicator Web Access Web site

Verify connectivity for internal users, external users, and anonymous users.

Domain Admins

Testing the Web Sitein the Deploying Communicator Web Access documentation

Verify load balancing configuration (if applicable)

  • Verify that users can connect to Communicator Web Access through the load balancer, and that connections are being equitably distributed.

  • Verify that users can carry out typical Communicator Web Access activities, such as sending instant messages, managing contacts, and sharing their desktop.

Domain Admins group

Verifying Load Balancing Configurationin the Deploying Communicator Web Access documentation

Configure New Communicator Web Access settings

As needed, modify Communicator Web Access settings for such features as desktop sharing, audio conferencing, and distribution group expansion.

Domain Admins group

Configuring New Communicator Web Access Settingsin the Deploying Communicator Web Access documentation