Also, the eDirectory objects for the WebAccess Application are no longer used. If you have read our books on manually configuring GroupWise WebAccess on Apache, you will know that these agents were always “optional” and were essentially just a GUI interface for editing the web server and WebAccess configuration files. From here on out, you will need to make configuration changes directly to the webacc.cfg file if you wish to modify your WebAccess Application settings. We will go over some of those settings later in this chapter.
And finally, the GroupWise 2012 WebAccess cannot service users on post offices that have not been upgraded to GroupWise 2012. In other words, if you will not upgrade all of your post offices rapidly (perhaps over a weekend or other “off” time such as a long holiday), you will either need to leave your WebAccess at your current GroupWise version, or have two separate WebAccess installations to provide for both your older post offices and your new GroupWise 2012 post offices.
GroupWise 7 and GroupWise 8 WebAccess installations can access a GroupWise 2012 post office with no major downsides. Of course, your users will not be able to utilize any of the new features of the GroupWise 2012 WebAccess, but the users will be able to log into the upgraded PO through a GroupWise 7 or GroupWise 8 WebAccess installation.
Preparing For The Upgrade To GroupWise 2012 WebAccess
For the Web Server running the WebAccess Application you will need one of the following:
SLES 10/OES 2
Apache 2.2 plus:
- Tomcat 5.0 or later
- JRE 5 or later
- ModProxy Module
SLES 11/OES 11
Apache 2.2 plus:
- Tomcat 6.0 or later (installed via YaST for SLES, or during GroupWise installation for OES11)
- JRE 5 or later
- ModProxy Module
Windows Server 2003/2003 R2
Microsoft Internet Information Server (IIS) 6 or later plus:
- Tomcat 6 or later
- JRE 5 or later
- Jakarta Connector 1.2 or later
Windows Server 2008/2008 R2
Microsoft Internet Information Server (IIS) 7 or later plus:
- Tomcat 6 or later
- JRE 5 or later
- Jakarta Connector 1.2 or later
Shutting Down the WebAccess Agent
The WebAccess Agent will not be available in GroupWise 2012. When you upgrade your WebAccess to GroupWise 2012, you will need to shut down the WebAccess Agent and remove references to the agent in your startup.
Linux
We assume you are running the WebAccess Agent on your Linux server as a daemon. If, however, you are running the WebAccess Agent with its GUI consoles, unload the agents through the GUI console. Finally, to shut down your WebAccess agent, type the following commands at a terminal prompt:
/etc/init.d/grpwise status
Look to find the name of your WebAccess Agent. For example, when we type the above command, we see:
Checking status [webac80a.cnc] running
This indicates that our WebAccess Agent is named webac80a.cnc. So, to shut down this agent we will type
/etc/init.d/grpwise stop webac80a.cnc
We also need to remove the WebAccess Agent from the gwha.conf file on windows to prevent it from attempting to start when GroupWise starts up. Edit the /etc/opt/novell/groupwise/gwha.conf file and remove the section for the WebAccess Agent. It will look like the following:
[webac80b.cnc]
server = /opt/novell/groupwise/agents/bin/gwinter
command = /etc/init.d/grpwise
startup = webac80b.waa
delay = 2
wait = 10
This entire section should be removed in order to avoid having the GWINTER load. (Although loading it wouldn’t really hurt anything. It just would not be useful!)
Windows
For Windows, you should also shut down the WebAccess Agent and disable the service. If you are running the agents as services, go into the services console from the Control Panel, right click on the GroupWise WebAccess Agent and choose stop (see ). Right-click the agent service again, go to properties, and disable the service.
If you are not running the WebAccess Agents as a service, go to the agent console and exit via F7 or from the agent menu. You should then go into the startup folder and delete the shortcut for the WebAccess Agent.
Upgrading WebAccess
Windows WebAccess Installation
Because there is no longer a GWINTER, there is also no requirement that you be connected to a domain directory on your WebAccess server. You can use any web server in your organization that meets the server requirements above to serve as the GroupWise WebAccess Application. Also, the WebPublisher feature has been removed from the GroupWise 2012 WebAccess. If your organization requires WebPublisher functionality, you will need to leave an older WebAccess Installation accessible for this purpose.
In the internet/webacces directory of your Master SDD you will find the setup.exe installation program for WebAccess. If you are upgrading your WebAccess Application on Linux, please see the section below entitled “Linux WebAccess Installation”.
- Run setup.exe in the /INTERNET/WEBACCES directory.
- Proceed past the license screen.
- You will next be prompted to choose the destination web site for WebAccess. Any web sites currently running in IIS will be shown, and you can choose the site for WebAccess. In many cases only one site is shown, so just select the appropriate site and choose Next.
- You will next be instructed to enter the IP address for a post office agent in your system that has SOAP enabled (remember that all POAs with users who need access to WebAccess will need SOAP enabled). While you can only enter one Post Office Agent address during the installation, you can add more to the webacc.cfg file after installation. We will show various webacc.cfg modifications at the end of this chapter.
- Next you will be asked for the location of your Document Viewer Agent. When you configured your Post Office Agent in Chapter 5, the Document Viewer Agent was defined for you. You really weren’t asked about this, and probably didn’t even know it was occurring. Thus, the question about where the DVA is located, and the port it is listening on are a bit of a surprise! That’s okay. Just put in the IP address of the same Post Office Agent you used above, and the default port of 8301 should remain.
- You are now at the summary screen, and choosing Install will install the software.
- If you have not stopped the service for IIS, the installation will offer to stop it for you. Allow the installation to stop the service and continue on.
- If needed, Java will be installed during the installation of your WebAccess. The installion will install and configure all necessary components.
- At the installation summary, you can choose to have the install routine restart your web server.
And that’s it! For long time GroupWise administrators, I’m sure you will be amazed at how quick and easy this really was. You can continue on with “Configuration Options” below.
Linux WebAccess Installation
In all of the other chapters in this guide, we have pointed out that the Linux installation is a bit different, in that you are not allowed to pick and choose what you install when running this installation script. The script will detect what GroupWise components are already installed on this server, and it will insist that they all be updated at the same time. GroupWise 2012 WebAccess, however, has no dependencies on other GroupWise components, and is thus not included in the “all-inclusive” upgrade process. You will be required to run a separate installation for WebAccess, even if it resides on a server that has other GroupWise components already upgraded.
In your Master Linux SDD (in our case /grpwise/gw12soft), run the install script as root. For example:
gwlinux:/grpwise # ./install
You will see the screen in Figure 7-1.
- Choose install products.
- Choose GroupWise WebAccess.
- Here we have two options. We first install WebAccess, and then we configure the WebAccess Application. Clicking on Install WebAccess will simply copy files out to the server, and end very quickly.
Next we will configure the WebAccess Application
- From the Install GroupWise WebAccess window, choose Configure WebAccess
- Click Next at the Information screen.
- Accept the license agreement.
- Next you will enter the IP address of a GroupWise Post Office Agent. While you can only enter one Post Office Agent address during the installation, you can add more to the webacc.cfg file after installation. We will show various webacc.cfg modifications at the end of this chapter.
- Next you will be asked for the location of your Document Viewer Agent. When you configured your Post Office Agent in Chapter 5, the Document Viewer Agent was defined for you. You really weren’t asked about this, and probably didn’t even know it was occurring. Thus, the question about where the DVA is located, and the port it is listening on are a bit of a surprise! That’s okay. Just put in the IP address of the same Post Office Agent you used above, and the default port of 8301 should remain.
- The next window will verify the location of your Apache 2 location and your Tomcat installation. The defaults are /etc/apache2/conf.d and /usr/share/tomcat6/webapps.
- You will see the final screen, and your WebAccess installation is complete.
Loading the GroupWise WebAccess Application
Linux
The commands for loading the Apache web server and Tomcat on OES Linux are as follows:
/etc/init.d/apache2 start
and
/etc/init.d/tomcat5 start (SLES 10/OES2)
or
/etc/init.d/tomcat6 start (SLES 11/OES11)
You can also check status, stop and restart using these scripts. For example:
/etc/init.d/apache2 restart
Microsoft Windows Server
The GroupWise WebAccess Application is designed to start when the Microsoft IIS Service and Web Server is started. The Microsoft IIS Web server is designed to start with the Microsoft Internet Information Server service is started.
The majority of WebAccess optimizations are done through the webacc.cfg file. This file is found in the following locations:
Linux: /var/opt/novell/groupwise/webaccess
Windows: c:\Novell\GroupWise\WebAccess on the Web server
The original webacc.cfg file on a particular server will be very orderly, and broken into distinct sections. As you patch and update your server over time, new settings will be saved to the bottom of the file in a section called “Values added by install to update config file”. If you change information in the file, make sure to look at the end to ensure that you do not have conflicting values, as the final value will win!
There are many interesting options in the webacc.cfg. We encourage you to look through the file to see what might interest you.
Following are some important configurations options pertaining to the upgrade that you should know more about. After any changes, restart Apache and Tomcat (see the section above for “Loading the GroupWise WebAccess Application” for instrustions on restarting these processes.
Configuring Additional Post Office Agents
The GroupWise WebAccess Application talks directly to post office agents in your GroupWise system to gather the information necessary to show in WebAccess. During installation, you can only supply one post office agent address. However, you can supply as many POA designations as you like, and the WebAccess Application will attempt them in order until it finds a POA that responds. If the user does not belong to the POA in question, the redirection table will send the WebAccess Application to the proper location.
In the webacc.cfg, search for Provider.SOAP.1.ip – for example:
Provider.SOAP.1.ip=192.168.110.237
Provider.SOAP.1.port=7191
Copy these two lines and change the “1” to a “2” in each line, and modify the IP address and port.
Provider.SOAP.2.ip=192.168.110.238
Provider.SOAP.2.port=7191
Do this as many times as necessary, making sure to have two lines for each SOAP provider number you add.
Configuring Additional Document Viewer Agents
As with the Post Office Agent, you can only configure one instance during installation. Modify the following information to add additional DVAs to your webacc.cfg:
In the webacc.cfg, search for Provider.DVA.1.ip – for example:
Provider.DVA.1.ip=192.168.110.237
Provider.DVA.1.port=8301
Copy these two lines and change the “1” to a “2” in each line, and modify the IP address and port.
Provider.DVA.2.ip=192.168.110.238
Provider.DVA.2.port=8301
Do this as many times as necessary, making sure to have two lines for each SOAP provider number you add.
Configuring HTTP Monitor for WebAccess
Like the other GroupWise Agents, you can configure a web based monitor for WebAccess administration activity. The webacc.cfg file contains the following lines:
##############################################################
# Application Administration Tool
# Invoked on the URL
# (e.g. http://<server>/gw/webacc?action=Admin.Open)
##############################################################
Admin.WebConsole.enable=true
Admin.WebConsole.username=user
Admin.WebConsole.password=secret
Admin.WebConsole.helpPath=/gw/webaccess/$(Build.date)/help/webconsole/en/
You can turn this on or off. By going to your server at the URL specified, you can log in and view logged in users, configuration and log files.
Setting the GroupWise 2012 WebAccess as Your Default
If your system will have more than one version of WebAccess in order to accommodate older GroupWise post offices, you can choose to have a single entry point for all of your users. For example, you may already have https://mail.yourdomain.com/gw/webacc pointing to your GroupWise 8 WebAccess. Rather than having to direct users to multiple locations, you can continue to have https://mail.yourdomain.com/gw/webacc as the entry point for all users, and redirect users on older post offices to https://gw8.yourdomain.com/gw/webacc. In order to do this, you must make a change in the webacc.cfg file, and of course create an A Record in DNS for your secondary WebAccess server (in our example, gw8.yourdomain.com).
This setting is found in the webacc.cfg file as:
#Redirect.url=http://gw8.novell.com/gw/webacc
simply remove the pound sign and change the URL to match your desired URL. Once the system is restarted, if a user logs into your http://mail.yourdomain.com/gw/webacc location, their POA will indicate it is not a GroupWise 2012 post office and the WebAccess Application will redirect the user to the older GroupWise WebAccess Application.
Security Timeouts
GroupWise 2012 brings a new set of security timeouts to WebAccess. When a user logs into WebAccess, the user has the option on the main login screen to choose whether the computer is public or private. This allows for users who access GroupWise solely via WebAccess, from a private computer at home or at the office to have a longer timeout value set. These values are listed in the webacc.cfg as:
Security.timeout=20
Security.Private.timeout=480
Setting the “Private” timeout to a higher value “in minutes” prevents users in a more secure setting from timing out multiple times a day, no doubt reducing their frustration!
Deleting Unneeded eDirectory Objects
In prior versions of GroupWise, when you installed WebAccess, an object representing the WebAccess Agent (Gateway) was created in eDirectory and the GroupWise view. Also, objects for the WebAccess Application were created (most commonly under the GroupWise domain object itself, but realistically they could be anywhere!). These objects are no longer used, and can be removed from eDirectory to avoid confusion. We recommend that you give your system a few days to settle down before you delete them, but once everything is working as you expect you can delete the following items:
- GroupWise WebAccess Agents no longer in use. Make certain you export any access control settings you might need as outlined above before you delete the objects!
- GroupWiseProvider Objects
- LDAPProvider Objects
- GroupWiseWebAccess Object
- NovellSpeller Objects