En/3.5/OpenChange (Microsoft(R) Exchange native replacement)

From Zentyal Linux Small Business Server
Jump to: navigation, search

Index || < Prev | Next >


Introduction to OpenChange Technology

Zentyal integrates OpenChange the first and only native drop-in replacement for Microsoft® Exchange Server technologies. With OpenChange, Microsoft Outlook® clients continue to work unchanged, without needing any plug-ins, reconfiguration or migration.

OpenChange achieves complete compatibility because it implements the same MAPI (1) protocols as existing mail and groupware clients: the MAPI protocol, and optionally ActiveSync®. This protocols manage, not just the electronic mail, but also contact lists and calendars.

In addition to being a MAPI server, OpenChange is a bridge between MAPI and these Internet-standard protocols (IMAP, SMTP, CalDAV, etc), keeping both sides synchronised. A message in the Microsoft Outlook® inbox is visible in Mozilla Thunderbird's view of the same account via IMAP, and when deleted the message disappears from both sides. Similarly, a calendar entry made in Mozilla Lightning over the CalDAV protocol is visible and modifiable from Microsoft Outlook®.

To get an overview of where is OpenChange located in relation to the other Zentyal Components and the basics of its interactions and protocols you can review the next diagram:

OpenChange integration overview

OpenChange itself is a Samba4 plug­in, using Samba4 for user information, authentication and the Global Address List directory service, which contains the user accounts of the organization. As previously mentioned the Microsoft Outlook® client can communicate natively with this component, there is no need to re-join the client to a domain or to install any external software.

OpenChange features an abstraction layer that makes it possible to communicate with different Storage backends. This backend will be in charge of storing and serving the different databases needed to enable groupware collaboration, using a MySQL database and to bridge the mail system, talking with the standard mail components in their native protocols (typically IMAPS and SMTPS).

Apart from the connections established within the organization's network, your Microsoft Outlook® clients can connect from any point of the Internet thanks to the MAPI Proxy component, able to encapsulate the protocol using HTTP/RPC.

Zentyal offers a Webmail platform integrated with OpenChange (not to be confused with the generic webmail Webmail service). Using this platform, you can offer a HTTP/HTTPS gateway to interact with all the mentioned mail and groupware features.

Configuring a stand-alone OpenChange server

OpenChange depends on the Users, Computers and File Sharing (Samba4) and Electronic Mail Service (SMTP/POP3-IMAP4) components, as derived by the diagram. This means that your Zentyal server already has a Microsoft® Server-compatible domain and a Virtual Mail domain that will be used to provide the OpenChange services.

The virtual mail domain used by OpenChange will be the Samba4 domain configured in your server. If your Samba4 domain is 'zentyal-domain.lan', your users will need a '@zentyal-domain.lan' mail address to authorize against OpenChange/Samba4.

After installing and enabling the module, you need to provision OpenChange. Go to OpenChange ‣ Setup where you can see the following page:

OpenChange provisioning

In the stand-alone scenario this will be the first exchange server, so in the drop down menu you will select New One and choose the Organization Name. This name will become a node in Samba4's Active Directory tree that will contain all the attributes related with the Microsoft®Exchange environment.

Once you click on Setup OpenChange will be provisioned, modifying Samba4 Active Directory schema. This modification makes the new schema compatible with a Microsoft® Windows Server that also features a Microsoft® Exchange Server, making it possible to become its additional controller.

HINT: There are often two mail domains when performing email deployments, internal mail domain and external mail domain; for example, 'example-domain.lan' and 'example-domain.com'. This way, domain resolution ambiguity is avoided. To configure an external domain, we have to set it up as one of our Virtual Mail Domains accessing Mail --> Virtual Mail Domains, then configure it as Outgoing Mail Domain using the OpenChange Interface and, finally, set up an alias for this domain for each user that is going to use the external domain. For example, the user 'john@example-domain.lan' will have an alias 'john@example-domain.com' if we wish him to receive email from the external domain.

As you see in the capture, an OpenChange account can be automatically supplied to all the existing users of this Zentyal Server.

OpenChange accounts are disabled by default for the new users, if you wish to automatically supply an OpenChange account to the new users, you need to modify the User Template from Users and Computers ‣ User Template.

Configuring the OpenChange Server as an additional exchange server

In order to configure our OpenChange module in additional mode, first you need to have Zentyal Server inside the Windows Domain, as specified in the chapter Users, Computers and File Sharing. Your server can act as an additional exchange both if you are the main domain controller or just an additional domain controller.

With your Zentyal Server already joined to the domain, you will access OpenChange configuration and choose the existing organization from the drop down list

Joining as additional exchange server

From our Microsoft® Exchange server, you can check the list of available exchange servers creating a new mailbox

List of available exchange servers

Configuring the Microsoft® Outlook Client

There are basically three different configuration scenarios:

  • The client is inside the organization's network and joined to the domain
  • The client is inside the organization's network but not joined to the domain
  • The client wants to use Microsoft® Outlook from an external network (over the Internet)

The first case is fairly straightforward, since the user's credentials are already loaded at login.

Zentyal OpenChange enables autodiscovery protocol for Microsoft® Outlook and makes it possible to automatically create the account using just the information provided at login.

Microsoft® Outlook auto-configuring user's account

It is possible that you receive a warning related with the server's certificate if you have not signed this certificate with a valid CA. To learn more about certificate validation, please read the Certification authority (CA) chapter. It is safe to continue despite this warning.

Once the configuration wizard is complete, your Microsoft® Outlook client will be ready to use:

Microsoft® Outlook client configured

If the client is located inside the network but not joined to the domain, the only difference will be setting the user credentials.

User credentials

You will have to login again at the end of the process

Initial Login

In the third case, connecting a Microsoft Outlook® client from any point of the Internet, you will have to enable the MAPI Proxy described in the architecture first. You can do this from the Zentyal OpenChange configuration page. The MAPI Proxy interface options will only appear if the external IP addresses are correctly configured in the DNS and associated to the hostname.

Configuring the MAPI Proxy

In order to communicate to this Proxy from the Internet, you will need to enable the access from external interfaces in the firewall to the protocols you configured HTTP and/or HTTPS.

In the client, you will need to import the certificate displayed in the image above, specially if you plan to connect using HTTPS. For the client configuration, you will need to use the FQDN of the server host, not the IP address, so if you don't have this name configured in a public DNS that can be queried from any point of the Internet, you will need to add the equivalent configuration line to the hosts file in the client.

Once you have met all the mentioned requisites, you can launch the client.

You will select Manually configure additional server types

Additional server types

Microsoft® Exchange Account:

Microsoft® Exchange Account

You will configure the server name using FQDN and our user name, before clicking on next, you will click on More Settings...:

Initial server configuration

From the Security tab, you will check the Always prompt for logon credentials:

Security configuration

From the Connection tab, you will enable the HTTPS access (Outlook Anywhere)

Connect using web protocols

You will click on the button named Exchange Proxy Settings. From this screen, you will configure your server's FQDN again:

Web Proxy configuration

After setting up all this parameters, you will apply changes and check the name and credentials of the selected user. If the name appears with an underline, it means that you were able to contact the Proxy and the user credentials are valid.

User credentials check

From this point on, the configuration is identical to the other use cases.

Configuring 'Out Of Office' notifications from the Microsoft Outlook® client

One of the most common mail filters that your users may want to configure is the automatic response in case of not being available at the office for an extended period, so their partners will be aware that their messages will not be replied in the short term.

From your Microsoft Outlook® client, you can use the assistant to configure Out Of Office

Out Of Office assistant

Where you will be able to configure the following options

Out Of Office notifications

From this interface, you can configure the time period and the desired message to be replied. You can even configure different messages whether the message comes from an internal user (internal mail domain) or any other external user. It is important to check the current limitations present in this feature, described at the end of this document.

ActiveSync® support

The ActiveSync® protocol is widely used to synchronize mobile devices and also the most recent versions of Microsoft® Outlook.

There are two different software packages which provide this functionality on top of OpenChange (z-push and sogo-activesync), it is recommended to test both of them in order to analyse which one produces the best results for your deployment.

You will need to have the zentyal-openchange (>=3.4.2) and zentyal-webserver modules. For the sogo-activesync you will need also to have zentyal-sogo (OpenChange Webmail) installed and enabled.

Using the command line:

sudo apt-get install z-push

OR (packages are configured to raise a conflict between them):

sudo apt-get install sogo-activesync

Once you have installed one of the packages, you will be able to enable or disable the ActiveSync option from the OpenChange configuration on the Zentyal interface.

ActiveSync® gateway for OpenChange

Devices will access ActiveSync® through Zentyal's webserver, ports 80 and 443 (SSL enabled) by default.

OpenChange Webmail

Apart from the described functionality using native clients, it could be very useful to deploy a web based clientto access our e-mail, calendars and contacts. It is important to differentiate between the OpenChange Webmail module with the Webmail module, which is based on the standard mail protocols and does not provide any groupware functionality besides electronic mail.

To use this module, you just need to install it and enable it. You will need to have an SSL port configured in the Webserver module in order to use the secure version (HTTPS).

Once you have enabled the module, you can access the web platform accessing the URL [https:/ https:/]/<server_FQDN>/SOGo/ or just clicking on the link shown in the OpenChange configuration:

OpenChange Webmail link

Accessing this URL, you can see the main login screen, where you can also choose the desired language for the user:

Login screen

You will first be shown the email interface

Electronic mail

Using the drop down menu that you have available in the top part of the interface, you can access the calendars:

Shared calendars and events

And also the address book, where you can view the Global Address List (GAL), which contains all the users registered in your domain, the personal address books of the user and custom distribution lists that can be used for mailing,

Address books and distribution lists

Known Limitations

It is important to note that the set of features provided by the Microsoft® Outlook client is large, in this document we are considering the typical set of features that the average user will require to complete his/her daily tasks.

The following features are not available on the common Microsoft® Outlook versions (2003, 2007, 2010):

  • Only the users inside the OU 'Users' can have OpenChange mail accounts
  • Sending a mail with an embedded mail attached
  • Using special characters for the mail user (like áéíóúñÑ)
  • Sending a contact via mail using Outlook format (vCard format is working)
  • Assigning a task to a contact
  • Synchronization problems using shared calendars
  • The 'Out of Office' functionality is only available for Microsoft® Outlook 2007 and 2010
  • If the 'Out of Office' notification is enabled, only the date is applied, time is ignored
  • It is not currently supported to unconfigure OpenChange once it has been configured for and Organization
  • You can not use the characters '.' or '/' for the names of mail directories
  • You cannot use empty spaces ' ' for directory usernames, it will not function with OpenChange.

Index || < Prev | Next >

Personal tools


Zentyal Wiki

Zentyal Doc