HOWTO: Install Zetalink with separate Exchange server and web server within your DMZ
Print
ZTN2050
ID: ZTN2050
This Zetalink technical note applies to:
Summary
This guide is designed to help you install and configure Zetalink when you wish to host the Internet accessible website on a web server within your perimeter network or demilitarised zone (DMZ).
It assumes no SMS (mobile text messaging) and fax support -These are used for Zetalink alerts and summaries.
There are seven basic steps to installing and configuring Zetalink:
- Creating the Zetalink service account
- Selecting the components and installing the software
- Installing the Exchange components
- Installing the External website
- Configuring the firewall
- Enabling your user account
- Checking the installation
Requirements
- The Zetalink Server components can be installed on any non-dedicated Windows 2000 or NT4 workstation that has IIS (Internet Information Server) installed. IIS is required to host the Zetalink user configuration site. This computer must reside on the same LAN as the Exchange server.
- The Zetalink External Website components can be installed on any non-dedicated Windows 2000 or NT4 workstation that has IIS (Internet Information Server) installed and resides within the DMZ. This computer must be accessible from the Internet (HTTP/S traffic) on a fixed public IP address or be behind a firewall that redirects Internet requests to this computer based on URL.
- The internal firewall is configured to allow HTTP/S traffic onto the LAN from the external web server without altering the original URL (sometimes referred to as "forwarding the original host header ").
Creating the Zetalink service account
Use 'Active Directory Users and Computers' snap-in to create a domain user account called Zetalink. This account will be required during the installation and is used by the Zetalink components. Set the password to never expire.
Note: Ensure that this account is only a member of the Domain Users group and NOT a member of the built in Domain Admins group.
Selecting the components and installing the software
Insert the Zetalink CD-ROM and choose 'Install Zetalink' from the menu or launch the Zetalink setup by double-clicking SETUP.EXE.
- Select 'No, I would like to install the Zetalink server on this machine' when the install will asks whether the Zetalink Server has already been installed on another.
- Enter your license number (supplied with the software) and company details.
- Choose the components listed below from the "Choose components". Options that are not selected, or are unavailable on this computer, are marked with a cross. Choose 'Next'.
|
Option |
Sub-option |
Selected (ü) / Deselected (û) |
|
Zetalink Server |
ü |
|
Firewall Support (Internal Components) * |
ü |
|
Microsoft Data Engine (MSDE) |
ü |
|
Exchange Server Components |
û |
|
GoldMine Components |
û |
|
Sage Components |
û |
|
Act! Components |
û |
|
User Configuration Components |
ü |
|
External Web Site |
û |
|
Firewall Support (External Components) |
û |
|
Communications Server Components ** |
û |
* Note: As the external website will be hosted on a web server within the DMZ, you need to select the Zetalink server sub-option 'Firewall Support'. This will enable communication between the Zetalink server and web server 'through' the inner firewall using SOAP.
** Note: No SMS text alerts or summaries will be sent as these require a GSM modem, therefore the 'Communications Server Components' have been de-selected. If you have a GSM modem or fax modem follow the instructions in the Zetalink Implementation guide to configure this component.
- On the 'Zetalink Server IP Address' dialog, enter the IP address or domain name that corresponds to the external IP address of the firewall. This firewall will then later be configured to redirects HTTP/S requests to the Zetalink external website.
- When prompted, enter details for the "Zetalink" user account created earlier.
- No further dialog boxes should be displayed. Click 'Finish' when the installation has completed.
- If you are prompted to restart the server, do so before continuing further.
Now that you have successfully installed the Zetalink Server, you are ready to install the Exchange components.
Installing the Exchange components
The Exchange server components must be installed on a Microsoft Exchange server (version 5.5 or 2000). These components are responsible for retrieving data from mailboxes.
- Run the Zetalink Setup program.
- Click on 'Next'.
- Select 'Yes, I have installed the Zetalink Server on another machine' and click on 'Next'.
- Enter the location of the Zetalink Server - you can browse for this if necessary - and click on 'Next'.
- From the 'Choose components' screen select 'Exchange Components' ONLY and proceed to install.
- When prompted, enter details for the "Zetalink" user account created earlier.
Once installed you can move onto controlling access to the service.
Installing External Website Components
The External Website Components are installed on any non-dedicated Windows 2000 or NT4 workstation that has IIS (Internet Information Server) installed. These components provide WAP pages that are viewed by Mobile Internet devices.
Note: The internal firewall is configured to allow port 80 or 443 traffic onto the LAN from the external web server without altering the original URL (sometimes referred to as "forwarding the original host header ").
Run the Zetalink Setup program.
Click 'Next'.
Select 'Yes, I have installed the Zetalink Server on another machine' and click on 'Next'.
Choose "The Zetalink Server is only accessible via a firewall", and enter the URL to be used for contacting the Zetalink Server. This is generally "http://" followed by the IP address of the outside network card of the inner firewall (i.e. the card connected to this server's network).
For example, if the IP address of the inner firewall is 10.0.0.1, you would enter "http://10.0.0.1" as the URL. After entering the URL, click on 'Next'.
From the 'Choose components' screen select 'External Web Site' and click on 'Next'
You need to specify a user name for the components to use. This account should have local administrator rights on this computer, and have a password that doesn't expire.
Unlike the other servers, servers in a peripheral network will not normally be able to use accounts from the corporate domain. They may not be members of any domain for security reasons, in which case the browse button (which displays a list of domain accounts) will not work.
Instead, enter the user name as "./" followed by the name of a local administrator account (e.g. "./Administrator"). The preceding "./" identifies the account as one belonging to the local computer. Enter the password for that account, and then proceed with the installation.
Now that you have installed the external website, you are ready to control access to this site.
Configuring the firewall
Zetalink users will request real-time corporate data on their Mobile Internet devices by requesting the published web or IP address of the external ADSL modem or network adaptor. In order for this HTTP/S traffic to be redirected to the Zetalink External Website you will need to ensure port 80 or port 443 are open on your outer firewall. If you are using Microsoft Internet Security and Acceleration server 2000 (ISA) to protect your network, follow the instructions in technical note 'ZTN2021-HOWTO Configuring Microsoft ISA Server with Zetalink' to allow access.
In most cases these ports will already be open so all that you will need to confirm is that requests for the Zetalink External Website are succeeding. To test this, follow the instructions below:
Open Internet Explorer and enter the URL 'http://www.mycompany.com/Zetalink/test.htm' (where www.mycompany.com is the name that resolves to the external IP address on the firewall or the network card of the Zetalink External Website computer). Confirm the Zetalink test page is displayed in Internet Explorer.
As this web server resides within the DMZ you also need to confirm this computer is able to communicate with the Zetalink server on the LAN. To do this follow the instructions in technical note 'ZTN2XXX-HOWTO Checking SOAP connectivity between Zetalink core and the External Web server'.
Now that you have successfully controlled access to the Zetalink External Website, we can move onto enabling users to access the service.
Enabling your user account
The system will send an e-mail automatically to each user who is enabled, containing the Zetalink external website address. This must be entered in the software before any users can be enabled.
Note: The Zetalink external website address will consist of the domain name that resolves to the Zetalink external website and the Zetalink virtual directory e.g. http://www.mycompany.com/Zetalink/.
Specify the external website address for Zetalink
- Go to Start | Programs | Zetalink | Zetalink Configuration.
- The Zetalink Configuration program is launched by the MMC.
- Expand the 'Components' node, then highlight 'External Website Components' and display the properties dialog box.
- Enter the external URL which will be needed to access the Zetalink login page (e.g. http://wap.mycompany.com/Zetalink/go.asp).
Enable your network user account to access Zetalink:
- Select the 'Users' node and expand the list.
- Select your domain to list users in the domain, and then locate your user name in the list.
- Right click on your user account, and select 'Enable user'. This will enable your user using its Windows account name as the Zetalink account alias (used when logging on from a Mobile Internet device).
- Click 'Yes' to the dialog asking if you want to send the new user a Welcome message.
- An e-mail message is sent to you giving instructions on how to proceed with Zetalink.
- After confirming the settings, the account will be enabled - its status will change visibly on the display, and the Zetalink alias field will be given a value.
- Right click on your user account, and select 'Reset PIN'. Enter a PIN code for the account (between 4 and 8 digits), then click 'OK' to save the settings.
- Now that you are enabled to access the Zetalink external website, we can move onto testing the service.
Checking the installation
The system is now ready for use. It is good practice to confirm you are able to browse Exchange data prior to enabling multiple users.
Adding a bookmark
You need to enter a bookmark into the Mobile Internet device for your Zetalink site. The format of this URL is typically:
http://registered-domain-name/Zetalink/go.asp?u=username
(Where 'username' is your Windows account name. This is optional, but saves time typing your username each time you logon)
Check that you can log on to Zetalink and view your Exchange Inbox successfully
- Using the mobile device, go to the previously stored bookmark for Zetalink.
- Choose this bookmark and the Logon screen is displayed.
- From the Welcome page, enter your Zetalink PIN number and select the Logon option.
- Once you have successfully logged in, the full list of links will be available to you in the home page.
- Select 'Inbox' to view your mail and familiarise yourself with the 'Menu' options.
- Congratulations, you have successfully installed and configured real-time access to your Exchange data from any Mobile Internet device.
References
Additional information is available in the Zetalink Implementation guide and the following technical notes:
ZTN2021-HOWTO Configuring Microsoft ISA Server with Zetalink
ZTN2020-HOWTO Enabling HTTPS support on an IIS web server
ZTN2019-HOWTO Enabling HTTPS support on an ISA server
Last updated: 14 January 2003 (GC/GW)