Tài liệu Module 10: Configuring Internet Protocols docx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.61 MB, 54 trang )
Contents
Overview 1
IIS Integration with Exchange 2000 2
Examining Client Connectivity and Security 7
Kerberos Authentication 17
Front-end/Back-end Server Configuration
and Security 19
Configuring NNTP Services 31
Troubleshooting Client Connectivity By
Using Telnet 37
Lab A: Creating and Configuring an IMAP4
Virtual Server 38
Review 44
Module 10: Configuring
Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
2000 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, BackOffice, Jscript, NetMeeting, Outlook, Windows, Windows NT
are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other
countries.
Other product and company names mentioned herein may be the trademarks of their respective
owners.
Program Manager: Steve Thues
Product Manager: Megan Camp
Instructional Designers: Bill Higgins (Volt Technical), Jennifer Morrison, Priya Santhanam
(NIIT (USA) Inc), Samantha Smith, Alan Smithee
Instructional Software Design Engineers: Scott Serna
Subject Matter Experts: Krista Anders, Megan Camp, Chris Gould (Global Logic Ltd),
Janice Howd, Elizabeth Molony, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC)
Technical Contributors: Karim Batthish, Paul Bowden, Kevin Kaufman, Barry Steinglass,
Jeff Wilkes
Graphic Artist: Kimberly Jackson (Independent Contractor)
Editing Manager: Lynette Skinner
Editor: Kelly Baker
Production Manager: Miracle Davis
Build Manager: Julie Challenger
Production Support: Marlene Lambert (Online Training Solutions, Inc)
Test Manager: Eric Myers
Courseware Testing: Robertson Lee (Volt)
Creative Director, Media/Sim Services: David Mahlmann
Web Development Lead: Lisa Pease
CD Build Specialist: Julie Challenger
Localization Manager: Rick Terek
Operations Coordinator: John Williams
Manufacturing Support: Laura King; Kathy Hershey
Lead Product Manager, Release Management: Bo Galford
Lead Product Manager, Messaging: Dave Phillips
Group Manager, Courseware Infrastructure: David Bramble
Group Product Manager, Content Development: Dean Murray
General Manager: Robert Stewart
Module 10: Configuring Internet Protocols iii
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Instructor Notes
This module provides students with the knowledge and skills to configure
virtual servers in Exchange 2000 to connect Internet clients. The students will
learn the different security options available for clients when connecting to a
single computer running Exchange 2000 or front-end-back-end servers. The
students will also learn how to create and implement newsgroups and to
troubleshoot client connectivity by using Telnet.
After completing this module, students will be able to:
!
Describe the functionality that is provided by the integration of (Internet
Information Services (IIS) with Exchange 2000.
!
Describe the message transfer process and the security options for Internet
clients using Internet Message Access Protocol version 4 (IMAP4) and Post
Office Protocol version 3 (POP3) In addition, describe how Lightweight
Direct Access Protocol (LDAP) protocols is used in the message transfer
process.
!
Describe the Kerberos authentication process.
!
Explain the authentication process and the different firewall configuration
options when using front-end/back-end servers.
!
Configure a Network News Transfer Protocol (NNTP) virtual server, create
and store newsgroups, and create newsfeeds.
!
Troubleshoot client connectivity using by Telnet.
Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following materials:
!
Microsoft PowerPoint
file 1572a_10.ppt
Preparation Tasks
To prepare for this module, you should:
!
Read all of the materials for this module.
!
Complete the lab.
!
Practice the presentation with the PPT slides, noting any animation slides.
!
Read the white paper, “Exchange 2000 Front-end and Back-end Topology,”
in the Additional Readings folder on the Student Materials compact disc.
Presentation:
60 Minutes
Lab:
30 Minutes
iv Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Module Strategy
Use the following strategy to present this module:
!
IIS and Exchange 2000 IntegrationThis topic provides an overview of the
functionality and protocols provided by the integration of Exchange 2000
with IIS. First, introduce the different protocols that are supported by IIS,
and then the protocols that are supported when you install Exchange 2000.
Stress that the protocols added by Exchange 2000 enable Internet client
connectivity and accessibility to Exchange 2000 data. Next, describe the
function of virtual servers and the different options that you can configure
when creating a virtual server. Also, discuss the different reasons why you
would configure more than one virtual server for a protocol. Also, stress that
the students use Exchange System Manager to configure virtual servers.
!
Examining Client Connectivity and Security
This topic focuses on IMAP4 and POP3 client connectivity and security and
LDAP client queries. First, discuss the capabilities of each client, and then
review the message transfer process for each protocol. By understanding the
process, the students can distinguish between the two protocols functionality
and troubleshoot connectivity issues. Next, explain the authentication
methods and SSL encryption used a to secure POP3 and IMAP4 client
connections. Define LDAP and its uses, and then provide an overview of the
LDAP query process when accessing Active Directory.
!
Examining Kerberos Authentication
The topic focuses on the Kerberos authentication process. The previous
discussion on LDAP leads into the discussion of Kerberos authentication,
because LDAP uses Kerberos. First, explain which components use
Kerberos authentication. Next, step through the Kerboros authentication
process. This discussion also applies to next topic of authentication when
using front-end/back-end servers.
!
Configuring Front-end/Back-end Servers
This topic provides an overview of the features and function of front-
end/back-end servers. First, introduce the front-end/back-end servers and
describe the benefits that they provide, including scalability and load
balancing. Next, describe the authentication process when using front-end
servers. Next, define the term perimeter network, and then explain the ports
that must be opened when the front-end server sits within the perimeter
network. Also, outline the Transmission Control Protocol (TCP) ports that
must be open to facilitate message transfer, encryption, and authentication.
Next, discuss the other firewall options and the ports that must be open
when using front-end/back-end servers. Lastly, discuss the options to
opening ports and why you would use these alternative methods.
Module 10: Configuring Internet Protocols v
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
!
Configuring NNTP Services
This topic focuses on the implementation and configuration of NNTP
services. First, you will discuss the configuration of an NNTP virtual server
and creating and storing newsgroups. The key point is that you can store
newsgroups on a local or remote file system or a public folder. Also, stress
that you should store public folder newsgroups on a different public folder
tree than the default tree for security purposes. Next, explain the function of
a newsfeed and discuss the process of creating newsfeeds when using
subordinate and master servers.
!
Troubleshooting Internet Client Connectivity by Using Telnet
Discuss the use of Telnet, and then open a Telnet session while you explain
the different commands that Telnet supports.
vi Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
The lab in this module is also dependent on the classroom
configuration that is specified in the Customization Information section at the
end of the Classroom Setup Guide for course 1572A, Implementing and
Managing Microsoft Exchange 2000.
Lab Setup
The following list describes the setup requirements for the lab in this module.
Setup Requirement 1
The lab in this module requires Exchange 2000 and a custom MMC. To prepare
student computers to meet this requirement, perform one of the following
actions:
!
Complete the labs for Module 2, “Installing Microsoft Exchange 2000,” in
course 1572A, Implementing and Managing Microsoft Exchange 2000.
!
Install Exchange 2000 at D:\Program Files\Exchsrvr on each server into an
organization named Northwind Traders. Components installed are Microsoft
Exchange Messaging and Collaboration Services, Microsoft Exchange
System Management Tools, and Microsoft Exchange Instant Messaging
Service. Have the students create a custom MMC in the C:\Documents and
Settings\All Users\Desktop that is saved as your_firstname Console. The
MMC contains the Active Directory Users and Computers snap-in and the
Exchange System snap-in.
Setup Requirement 2
The lab in this module requires a custom OU, a user account for each student, a
mailbox for each student, an Outlook profile, and for the Domain Admins group
to be delegated full control of the organization. To prepare student computers to
meet this requirement, perform one of the following actions:
!
Complete the labs for Module 3, “Administering Microsoft Exchange
2000,” in course 1572A, Implementing and Managing Microsoft Exchange
2000.
!
Create an organizational unit in Active Directory that is named
your_servernameOU for each server in the classroom. Create a user account
in each server’s OU for each student. The account is a member of the
Domain Admins group and has a mailbox on the student’s Exchange server.
Create an Outlook profile for each student on their own server that opens
their mailbox. Delegate the full administrator role on the Northwind Traders
organization.
Importan
t
Module 10: Configuring Internet Protocols vii
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Lab Results
Performing the lab in this module introduces the following configuration
changes.
!
A new IMAP4 virtual server is created on each student machine. The virtual
server is named your_servername IMAP4 Virtual Server and uses TCP port
149 and SSL port 999.
!
A certificate is created for the IMAP4 virtual server.
!
Outlook Express is configured to connect to the new IMAP4 virtual server.
Module 10: Configuring Internet Protocols 1
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Overview
!
IIS Integration with Exchange 2000
!
Examining Client Connectivity and Security
!
Kerberos Authentication
!
Front-end/Back-end Server Configuration and Security
!
Configuring NNTP Services
!
Troubleshooting Client Connectivity Using Telnet
As more users connect to the Internet to send and receive e-mail messages,
Internet client connectivity becomes an increasingly large administration issue.
With the integration of Internet Information Services (IIS) with Microsoft
Exchange 2000, you can provide an efficient and secure environment for users
running Internet clients to access Exchange 2000 data locally and remotely.
After completing this module, you will be able to:
!
Describe the functionality that is provided by the integration of IIS with
Exchange 2000.
!
Describe the message transfer process and the security options for Internet
clients using Internet Message Access Protocol version 4 (IMAP4) and Post
Office Protocol version 3 (POP3) In addition, describe how Lightweight
Direct Access Protocol (LDAP) protocols is used in the message transfer
process.
!
Describe the Kerberos authentication process.
!
Explain the authentication process and the different firewall configuration
options when using front-end/back-end servers.
!
Configure a Network News Transfer Protocol (NNTP) virtual server, create
and store newsgroups, and create newsfeeds.
!
Troubleshoot client connectivity using by Telnet.
Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
how to implement Internet
protocols and connect
Internet clients by using
Exchange 2000 and IIS.
2 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
#
##
#
IIS Integration with Exchange 2000
!
Default Protocols Supported by IIS
!
Protocols Supported by IIS with Exchange 2000
!
Virtual Server Functionality in Exchange 2000
The integration of IIS with Exchange 200 provides the Internet protocols that
enable Internet clients to gain access mailbox data in Exchange 2000. This
integration also provides Exchange 2000 the ability to configure virtual servers
to provide added functionality and scalability.
Topic Objective
To provide an overview how
IIS is integrated with
Exchange 2000.
Lead-in
By integrating IIS with
Exchange 2000, Internet
messaging clients can gain
access to Exchange 2000
data.
Module 10: Configuring Internet Protocols 3
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Default Protocols Supported by IIS
IIS
IIS
NNTP
NNTP
HTTP
HTTP
SMTP
SMTP
Windows 2000
Windows 2000
IIS automatically installs when you install Microsoft Windows 2000. IIS
supports the following protocols that enable clients to communicate with the
Internet, Exchange 2000, and local or Internet newsgroups.
HTTP
Hypertext Transfer Protocol (HTTP) is the underlying protocol used by the
World Wide Web. Exchange 2000 supports HTTP to provide Outlook Web
Access clients access to Exchange 2000 data, such as public folders, mailbox
information, and directory searches.
For more information on HTTP, see Request for Comments (RFCs) 1945
and 2068.
SMTP
Simple Mail Transfer Protocol (SMTP) sends messages between hosts and is
the default protocol used by Exchange 2000 to transfer messages within an
organization and the Internet.
For more information on SMTP, see RFC’s 821 and 822.
NNTP
NNTP replicates a large number of messages to host computers. Exchange 2000
uses NNTP to gain access to private or public newsgroups. In addition,
Exchange 2000 uses NNTP is to send and receive newsgroup messages
between any RFC-complaint NNTP client and server.
For more information on NNTP, see RFC 977.
Topic Objective
To describe the default
Internet protocols that IIS
supports
Lead-in
IIS, by default, supports
NNTP, HTTP, and SMTP.
Note
Note
Note
4 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Protocols Supported by IIS with Exchange 2000
IIS
IIS
NNTP
NNTP
HTTP
HTTP
POP3
POP3
IMAP4
IMAP4
Exchange 2000
Exchange 2000
SMTP
SMTP
In addition to the three default protocols supported by IIS, there are two
additional protocols supported when using Exchange 2000. Internet messaging
clients that use these protocols can communicate to a server running Exchange
2000.
POP3
Internet messaging clients, such as Outlook Express, use Post Office Protocol
version 3 (POP3) to retrieve messages from a server. With POP3, messages are
stored on the server until a client requests them. POP3 is a retrieve-only
protocol; POP3 clients use STMP to send messages.
For more information on POP3, see RFCs 1939 and 1743.
IMAP4
In contrast to POP3’s simplicity, Internet Message Access Protocol version 4
(IMAP4) is a more advanced protocol that enables users to access multiple
folders, search through a mailbox, and store flags on a message to indicate that
the message was read. As with POP3, IMAP4 is a retrieve-only protocol and
uses STMP to send messages.
IMAP4 is described in several RFC’s, specifically 2060.
Topic Objective
To describe the additional
protocols (IMAP4 and
POP3) supported by IIS
when Exchange is installed.
Lead-in
When you install Exchange
2000, IIS supports two
additional protocols.
Delivery Tip
Ask students to differentiate
between POP3 and SMTP.
Note
Note
Module 10: Configuring Internet Protocols 5
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Virtual Server Functionality in Exchange 2000
Exchange 2000
Server
Exchange 2000
Server
IMAP4
Virtual
Server
IMAP4
Virtual
Server
POP3
Virtual
Server
POP3
Virtual
Server
IMAP4 Client
POP3 Client
A virtual server enables you to host different protocols on the same physical
server. During installation, Exchange 2000 creates a default virtual server for
each protocol (SMTP, NNTP, HTTP, LDAP, IMAP4, and POP3). Each virtual
server has a unique network name and IP address.
After installation, you can configure virtual server parameters such as
authentication methods, message formats, and data transfer limits. From a client
perspective, there is no difference between connecting to a physical server than
to a virtual server.
Virtual Server Configuration Management
You manage the virtual servers by using Exchange System Manager. It is
important to manage the virtual servers using Exchange System Manager
because the System Attendant automatically saves virtual server configuration
information to the Active Directory. Active Directory then applies the
configuration information to the IIS metabase, which is a database that contains
IIS configuration information.
If you modify configuration settings virtual servers by using the Internet
Services Manager, your changes are also saved directly to the metabase.
However, when Active Directory updates the configuration information, the
changes you made by using Internet Services Manager are overwritten.
Multiple Virtual Servers for a Single Protocol
If you require different configurations for the same protocol on a single server
running Exchange 2000, you can configure multiple virtual servers for a
specific protocol. Consider creating multiple virtual servers for a protocol:
!
To supply different encryption methods for local and remote clients
For example, remote users sending messages over the Internet may want all
messages encrypted for additional security, while users on the internal
intranet do not require encryption.
Topic Objective
To describe the function of
virtual servers, and the
scenarios for creating,
multiple virtual servers.
Lead-in
During installation,
Exchange 2000 creates
default virtual servers for
every supported protocol.
It is important that students
understand that a virtual
server acts the same as a
physical server.
Ask students to identify
situations where multiple
virtual servers might be
appropriate.
6 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
!
To segregate traffic for the same protocol over different ports
For example, you have a custom application that uses POP3 to access data
in Exchange 2000. This application can use a unique TCP (Transmission
Control Protocol) port associated with the POP3 through an Exchange 2000
POP3 virtual server. This port can then be granted special access or priority
over your intranet network.
To create multiple virtual servers for a specific protocol, you will need to
uniquely identify each virtual server. To do this, you must specify a unique
Internet Protocol (IP) port and address combination for each.
Module 10: Configuring Internet Protocols 7
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
#
##
#
Examining Client Connectivity and Security
!
IMAP4 and POP3 Client Capabilities
!
POP3 Message Transfer
!
IMAP4 Message Transfer
!
POP3 and IMAP4 Authentication and Encryption
!
LDAP Functionality
Exchange 2000 integrated with IIS provides client connectivity and security for
users accessing their mailboxes using a POP3 or IMAP4 client. While POP3
provides a simple message transfer process; IMAP4 provides more
functionality to the user; as a result, the transfer process is more advanced. It is
important to understand the message transfer process so that you can
troubleshoot client connectivity issues.
LDAP provides server and client connectivity to Active Directory, which
enables user authentication and directory lookups. Most Internet mail clients,
such as Outlook Express, include an LDAP client.
Topic Objective
To provide an overview of
IMAP4, POP3, and LDAP
client connectivity and
security.
Lead-in
IMAP4 and POP3 provide
client connectivity to
Exchange 2000. LDAP
provides client connectivity
to Active Directory.
8 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
IMAP4 and POP3 Client Capabilities
Exchange 2000
Server
Exchange 2000
Server
Virtual
Server
NNTP
Virtual
Server
NNTP
Virtual
Server
POP3
Virtual
Server
POP3
Virtual
Server
IMAP4
Virtual
Server
IMAP4
POP3 and IMAP4 protocols enable Internet messaging clients, such as Outlook
Express, to communicate with servers running Exchange 2000. POP3 and
IMAP4 clients are a retrieve-only protocol; but they differ in their capabilities.
POP3 Capabilities
The POP3 protocol is simple protocol with a limited command set. With POP3,
you can list, download, and delete messages. All other processing of messages,
for example, organizing your messages into folders, is done on the client by the
client application.
IMAP4 Capabilities
The IMAP4 is a more complex protocol with a more advanced command set.
IMAP4 enables you to store and manage your messages on the server, as
opposed to downloading and managing them on the client.
IMAP4 enables you to list, preview, download, flag and organize your
messages on the server. You can also download an entire message, or a selected
portion of a message, such as an attachment. IMAP4 supports commands to
create, delete, and rename folders on the server. You can also move messages
from folder to folder and preview the contents of messages prior to
downloading.
Because the IMAP4 protocol enables you to manage your messages without
removing them from the server, it is superior to POP3 in situations where the
same e-mail account may be accessed from different computers, or in situations
where more than one user shares the management of an e-mail account.
Topic Objective
To describe the functionality
of POP3 and IMAP4 clients.
Lead-in
IMAP4 and POP3 clients
can connect to virtual
servers and front end/back-
end servers running
Exchange 2000.
Module 10: Configuring Internet Protocols 9
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
POP3 Message Transfer
POP3
Client
Server
Established Connection (110)
Greeting
Greeting
Quit
Response(s)
Response(s)
Command(s)
Listening
Port 110
Listening
Port 110
Signing Off
Signing Off
Internet messaging clients, such as Outlook Express, use the POP3 protocol to
retrieve messages from a server running Exchange 2000. POP3 communicates
with a server by using TCP port 110 and sends simple text commands.
POP3 Client Session
The following steps outline a typical POP3 session:
1. The POP3 client opens a connection to the POP3 server over TCP port 110.
2. The POP3 server sends a greeting.
The session enters the authorization state. In this state, the client must
identify itself to the POP3 server.
3. The client authenticates with the server by sending the USER and PASS
commands.
The server reserves resources to service the connection, and then the session
enters the transaction state. In this state, the client requests actions on the
part of the server. The server sends the information requested to the client.
For example, the client requests the message using the RETR message
number command and deletes using the DELE message number command.
4. When the client has completed the transaction, it issues the Quit command.
The session enters the update state. In this state, the server releases any
resources acquired during the transaction state.
5. The server sends a closing statement.
The TCP connection closes.
Topic Objective
To describe a POP3
message transfer session.
Lead-in
POP3 uses TCP port 110
and simple text commands
to transfer messages.
10 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
POP3 Client Commands
POP3 commands are simple text commands. These commands include:
Command Response from the server
USER username Responds with +OK.
PASS password Responds with a notice of a successful log on. If the password is
incorrect, the server rejects the session and the user needs to
resend the USER username command.
DELE message
number
Deletes the specified message.
STAT Responds with the number and size of messages.
LIST Responds with a list of the message numbers and sizes.
RETR message
number
Retrieves and transmits the specified message number in the
format the message is stored.
QUIT Responds with acknowledgment of the request to close the
connection.
POP3 Client Identification
If you have more than one domain, users running POP3 clients may need to
type in their domain name, Windows 2000 user account alias, and their
Exchange 2000 alias to gain access their mailbox to logon on to Exchange 2000
(in the following format):
domainname/Windows2000AccountAlias/ExchangeAlias
If they do not specify this information, the server will look for a matching user
account name in the first Windows 2000 domain that it finds, which may or
may not be the user’s domain.
Module 10: Configuring Internet Protocols 11
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
IMAP4 Message Transfer
IMAP4
Client
Server
Established Connection (143)
Greeting
Greeting
Logout
Response(s)
Response(s)
Command(s)
Listening
Port 143
Listening
Port 143
Signing Off
Signing Off
IMAP4 is a more advanced protocol than POP3. IMAP4 supports functions that
are not included in POP3, such as the manipulation of multiple server-based
folders and folder hierarchies and the capability for an offline client to
synchronize with the server. IMAP4 provides superior online and offline
operation, but has not yet been as widely adopted as POP3.
IMAP4 Client Session
The following steps outline an IMAP4 session:
1. The IMAP4 client opens a connection to the IMAP4 server over TCP port
143.
2. The server responds with a greeting that includes the version number of
IMAP and the server’s fully qualified domain name (FQDN).
3. IMAP4 client sends the LOGIN command to establish the authenticated
state.
4. The host authenticates the client.
5. Client sends SELECT command.
6. IMAP4 initiates the SELECT state with the completion of a successful
SELECT command. While in the SELECT state, a client can request
message data and content.
7. The IMAP4 client issues the LOGOUT command.
8. The server closes the TCP/IP connection.
Topic Objective
To explain the IMAP4
message transfer process.
Lead-in
IMAP4 transfers messages
on TCP port 143 and uses
more complex commands
than POP3.
12 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
IMAP4 Client Commands
IMAP4 commands are more complex than POP3 and include flags, or switches.
These commands include:
Command Purpose
LOGIN name password Identifies the client to the server and transmits the
password to the server.
SELECT folder Selects a folder so those messages in the folder can be
accessed.
FETCH message number Retrieves the entire message.
CLOSE Returns the client to a state where you can select again and
removes messages that have the deleted flag set.
EXPUNGE Removes the messages that have the deleted flag set.
STORE message Alters the data associated with a message.
LIST Provides a list of folders stored in the mailbox.
SUB folder name Returns a list of all folders stored within the specified
folder.
LOGOUT Indicates that the client is closing the connection to the
server.
Module 10: Configuring Internet Protocols 13
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
POP3 and IMAP4 Authentication and Encryption
POP3 or
IMAP4 Server
POP3 or
IMAP4 Server
TCP/IP
PORT
TCP/IP
PORT
POP3
POP3
POP3
POP3
-
-
SSL
SSL
110
993
110
993
IMAP4
IMAP4
IMAP4
IMAP4
-
-
SSL
SSL
143
995
143
995
Basic or Windows Integrated Authentication
Basic or Windows Integrated Authentication
Basic or Windows Integrated Authentication
Basic or Windows Integrated Authentication using SSL
Basic or Windows Integrated Authentication using SSL
Basic or Windows Integrated Authentication using SSL
Protocol security is comprised of two distinct components, authentication and
encryption. Authentication is the process of identifying the user who is making
the request. Encryption is a method of providing a secure encrypted channel for
transmitting data.
User Authentication Methods
POP3 and IMAP4 support the following types of user authentication. The
authentication method that you use will depend on the client.
!
Basic authentication uses clear text to perform a simple challenge and
response authentication. Basic authentication requires users to enter their
user name, domain, and password to gain access to mailbox data. It is
recommended that you implement basic authentication in conjunction with
Secure Sockets Layer (SSL) to encrypt the user name and password.
!
Integrated Windows Authentication sends the username and password as an
encrypted value for highest security. Integrated Windows Authentication
uses the Windows NT LAN Manager (NTLM) protocol for non-Windows
2000 networking clients and Kerberos security for Windows 2000 clients.
Integrated Windows Authentication supports SSL for encryption.
SSL Encryption
SSL uses public/private key encryption technology to ensure privacy through an
encrypted channel. Both basic and Integrated Windows Authentication can use
SSL. SSL is not a type of authentication; instead, it provides a secure
connection between client and server over which all session traffic, including
authentication, occurs. SSL provides the encrypted channel to perform the
process.
Topic Objective
To explain how POP3 and
IMAP4 clients authenticate
and the encryption method
that is used.
Lead-in
POP3 and IMAP clients
support basic and NTLM
authentication and SSL
encryption.
It is important that students
understand that SSL is not a
type of authentication.
14 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
POP3 and IMAP4 TCP Ports
IMAP4 and POP3 have designated TCP port numbers. When using SSL to
create an encrypted channel, messages transfer takes place on different ports
than when not using SSL. The following table describes the port numbers:
Protocol Authentication type Port used
POP3 Basic and Integrated Windows Authentication 110
Basic and Integrated Windows Authentication
using SSL
993
IMAP4 Basic and Integrated Windows Authentication 143
Basic and Integrated Windows Authentication
using SSL
995
Module 10: Configuring Internet Protocols 15
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
LDAP Functionality
DSACCESS
DSACCESS
Exchange 2000
Recipient Update
Service
System
Attendant
Windows 2000
Global Catalog
Server
Windows 2000
L
D
A
P
3
8
9
L
D
A
P
3
8
9
L
D
A
P
3
8
9
L
D
A
P
3
2
6
8
L
D
A
P
3
2
6
8
L
D
A
P
3
2
6
8
L
D
A
P
3
2
6
8
L
D
A
P
3
2
6
8
L
D
A
P
3
2
6
8
Domain
Controller
Exchange 2000 uses Lightweight Directory Access Protocol (LDAP) version 3
to query and modify Active Directory. LDAP is a message-based protocol and
provides access to directory services for Exchange 2000 and some Exchange
2000 clients.
LDAP is based on the X.500 directory standard and is supported by
TCP/IP. For more information on LDAP, see RFC 1777, 1823, and 2151.
Components That Use LDAP
The following components use LDAP to communicate:
!
The Exchange 2000 component, DSAccess, accesses Active Directory by
using LDAP for quick and reliable access.
!
The Recipient Update Service also uses LDAP to build address lists.
!
Exchange System Manager uses LDAP to view Active Directory objects.
Topic Objective
To explain the function of
LDAP.
Lead-in
LDAP is used to query and
modify directory information
in Active Directory.
Note
16 Module 10: Configuring Internet Protocols
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
LDAP Session
A LDAP session starts with the global catalog server using Kerberos to
authenticate the server issuing the LDAP query. Next, the server builds a
directory services request in the form of a query message, which is then sent to
the global catalog server. The global catalog server receives the message,
attempts to resolve the query, and returns a result or a series of results. The
server builds the LDAP query using the directory structure to identify where the
information is located. This process makes LDAP a very efficient query
protocol.
The default LDAP port is 389. Exchange 2000 uses this port to access
Active Directory domain controllers. LDAP queries to the global catalog use
TCP port 3268.
Note
Module 10: Configuring Internet Protocols 17
BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY
Kerberos Authentication
Windows 2000 DC
Key Distribution Center
Kerberos
Client
Application Server
Send session ticket to Application Server
(Optional) Send
confirmation of
identity to client
Authentication
Service
Authentication
Service
Ticket-Granting
Service
Ticket
Ticket
-
-
Granting
Granting
Service
Service
1
1
1
2
2
2
3
3
3
5
5
5
6
6
6
Request a ticket for TGS
Return Ticket-Granting Ticket to client
Send Ticket-Granting Ticket and
request for ticket to Application Server
Return ticket for the Application Server
4
4
4
Kerberos is an authentication mechanism that uses secret key technology. It
enables a client to prove its identity to a server, and the server to a client,
through the use of an electronic ticket.
Exchange 2000 uses Kerberos version 5.
Kerberos Authentication Uses
Exchange 2000 uses Kerberos in the following ways:
!
Used to authenticate between Exchange 2000 SMTP servers in the same
Exchange 2000 organization.
!
Used by a global catalog server to authenticate an Exchange 2000 server
during an LDAP query.
!
Used by Outlook Web Access users running Internet Explorer version 5
when accessing mailbox data (without a front-end server).
!
Used by the Routing Group Master when authenticating a server running
Exchange 2000 relaying Link State information.
Kerberos Authentication Session
When a server running Windows 2000 and Kerberos needs to authenticate a
client, the Authentication Service issues a Kerberos ticket that contains a
session key for both the client and the server. The basic Kerberos
communication sequence consists of a series of messages:
1. Kerberos Authentication Service Request
When the client logs on to a domain, the client contacts the Key Distribution
Center's Authentication Service for a short-lived ticket that is a message
containing the client's identity and Security Identifier (SID). This is called a
ticket-granting ticket.
Topic Objective
To describe the Kerberos
authentication process.
Lead-in
Kerberos uses secret key
technology that provides
electronic tickets to servers
and clients so that they can
prove their identity to each
other.
Note
Use the slide to explain the
steps.
