locked
CWA 2007 R2 Deployment Questions RRS feed

  • Question

  • Hello,

    we already have an OCS 2007 R2 Front End Server (Internal Network) and one OCS 2007 R2 Edge Server (DMZ). For Publishing Adress Book and the other stuff to external Clients we use ISA Server 2006 as Reverse Proxy.

    Now we want to install CWA 2007 R2 in our Topology. We want to use only one Server for internal and external access.

    I have some questions prior to deployment:

    1.) Where to place the CWA Server? Internal Network? DMZ? Since we use internal and external access on one server, how to configure the 2 Network Interfaces? Both Internal Network? One Internal, One DMZ?
    3.) I read a detailed instruction on how to setup internal and external access for cwa  on one server in a blog post, but i lost the address. Does someone know?
    4.) What type of communication will happen between CWA Server and our Edge Server? What ports to open?
    5.) Can i use my SAN Certificate, that i use for Edge Server, also for CWA? I will add the required domains then. Possible or do i need a seperate SAN certificate?



    Sorry for questions, but i am new to CWA.
    Monday, August 10, 2009 7:12 PM

Answers

  • 1.) Where to place the CWA Server? Internal Network? DMZ? Since we use internal and external access on one server, how to configure the 2 Network Interfaces? Both Internal Network? One Internal, One DMZ?

    I would place the CWA server in the LAN, it has to be a member of the domain. Then Proxy the External request through the ISA server to the CWA server.

    3.) I read a detailed instruction on how to setup internal and external access for cwa  on one server in a blog post, but i lost the address. Does someone know?

    Not sure on this one.

    4.) What type of communication will happen between CWA Server and our Edge Server? What ports to open?

    you should not have to change any port configurations if you followed the Edge Deployment Guide it should work just fine.

    5.) Can i use my SAN Certificate, that i use for Edge Server, also for CWA? I will add the required domains then. Possible or do i need a seperate SAN certificate?

    I recommend using a seperate certificate. Is it possible to use the same one as the edge with more SAN's? maybe but I have never tried it and would not recommend it. Trouble shooting can become confusing. And there may be problems with MTLS, (note it is possible to use an internal cert for CWA MTLS, and a public cert for CWA Virtual Directorys) so I guess it could be possible.

    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Monday, August 10, 2009 9:53 PM
  • Hi

    Mitch has given a good reply for your questions. Here are some useful detailed instructions for you to deploy the CWA server for the internal users and the external users.

    1.     You can learn about the CWA deployment processes refer to below link:

    http://technet.microsoft.com/en-us/library/dd425169(office.13).aspx  

    It is useful for planners to understand the basic tasks involved in deploying CWA in an organization.

    2.     About how to deploy the CWA, the detail instructions you can refer to below link:

    http://technet.microsoft.com/en-us/library/dd441267(office.13).aspx

    It contains the all the procedure of deploying the CWA and what you confuse.

    Hope this helpful!

    Regards!

    Monday, August 17, 2009 7:15 AM
    Moderator

All replies

  • 1.) Where to place the CWA Server? Internal Network? DMZ? Since we use internal and external access on one server, how to configure the 2 Network Interfaces? Both Internal Network? One Internal, One DMZ?

    I would place the CWA server in the LAN, it has to be a member of the domain. Then Proxy the External request through the ISA server to the CWA server.

    3.) I read a detailed instruction on how to setup internal and external access for cwa  on one server in a blog post, but i lost the address. Does someone know?

    Not sure on this one.

    4.) What type of communication will happen between CWA Server and our Edge Server? What ports to open?

    you should not have to change any port configurations if you followed the Edge Deployment Guide it should work just fine.

    5.) Can i use my SAN Certificate, that i use for Edge Server, also for CWA? I will add the required domains then. Possible or do i need a seperate SAN certificate?

    I recommend using a seperate certificate. Is it possible to use the same one as the edge with more SAN's? maybe but I have never tried it and would not recommend it. Trouble shooting can become confusing. And there may be problems with MTLS, (note it is possible to use an internal cert for CWA MTLS, and a public cert for CWA Virtual Directorys) so I guess it could be possible.

    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    Monday, August 10, 2009 9:53 PM
  • Hi

    Mitch has given a good reply for your questions. Here are some useful detailed instructions for you to deploy the CWA server for the internal users and the external users.

    1.     You can learn about the CWA deployment processes refer to below link:

    http://technet.microsoft.com/en-us/library/dd425169(office.13).aspx  

    It is useful for planners to understand the basic tasks involved in deploying CWA in an organization.

    2.     About how to deploy the CWA, the detail instructions you can refer to below link:

    http://technet.microsoft.com/en-us/library/dd441267(office.13).aspx

    It contains the all the procedure of deploying the CWA and what you confuse.

    Hope this helpful!

    Regards!

    Monday, August 17, 2009 7:15 AM
    Moderator