Steven Jones

WebExpress Electronic Mail User Interface

Locating WebExpress

The WebExpress software is run by directing a Web Browser to https://webmail.washington.edu. For Student access https://webmail.students.washington.edu is used, for Alumni https://webmail.alumni.washington.edu is used. These URLs access IIS 4.0 Web servers running over NT4 SP6a, using Load based DNS to select a server.

WebExpress server Configuration

There are currently four servers, wes01 and wes02 at 4545 and wes03 and wes04 at 3737. Each server has IIS configured to use a Thawte Certificate for https, and each Certificate is associated with an IP address on the front-door network. IIS has a web site configured for each front-door interface address. Each site is configured to use the same root directory and a different scripts virtual directory. The scripts virtual directory contains the WebExpress WebExpress.cat catalog file, customized for each site. Many of the files in the site root directory have been customized from the original ISOCOR distribution.

Argus monitoring of WebExpress

Operations is performing XHM monitoring of the wes servers, and the loadm Argus report provides information from the wes loadr daemons. Additional monitoring will be setup to test WebExpress.

Reporting problems with WebExpress

Critical problems with the WebExpress service should be reported to Steve Jones, or to Tom Remmers if Steve cannot be reached. A critical problem would be one where a server must be taken out of service, or the entire service shutdown. Non-critical problems can be reported to help@cac.washington.edu.

Administrative Access to Wes servers

Access to the servers is via the console switches in the machine rooms. Each box has it's console port number and name labeled on the front. Use the switches on the Raritan console box to select which CPU box to control. The wes servers do not have 3rd party remote administration tools installed, nor are they participating in an NT domain. They will be put in the cac.washington.edu domain when that becomes production available.

Taking a server out of service

To take a server out of service, stop the loadr service. Stopping the loadr service will remove the server from DNS, causing future connections to be directed to other servers. If it is also necessary to have existing sessions terminated, The IIS and WebExpress services may also be stopped. If a reboot is desired to correct a problem with the server, if possible the loadr service should be set to disabled in order to prevent the server from being automatically replaced into service after the reboot.

Closing down the WebExpress service

Because of concern that the WebExpress software may fail completely or interfere with imap service, a contingency has been made to quickly close down the WebExpress service. This is done by replacing the login pages on each of the IIS servers. A server side ASP page has been put on each of the servers to allow the closing of the service. That page must be accessed from melville.u.washington.edu, and has a relative URL of /closed/closed.asp. A page to re-open the service has a relative URL of /open/open.asp.

Server processes

The wes servers run all the production service software as NT services. The NT services can be controlled via the commands NET STOP and NET START. More typically, they are controlled via the Services GUI from the menus Start, Settings, Control Panel. Services which have been added are: timeserv, loadr, webexpress, iis. The service name used for the net stop/start commands may not be identical to that seen in the services GUI. In order for WebExpress to access the /we01 network file share from hugo2, it runs under the sambash account instead of the default local SYSTEM account.

The TIMESERV service

The TIMESERV service keeps the clock on the wes server syncronized with our network time service. This service should always be running and is needed for expiring browser cookies. The TIMESERV service is obtained from and documented in the NT resource kit.

The LOADR service

The LOADR service is a port of our unix based loadr daemon software to NT. The load value provided is not based on any measure of system load, but rather a random number. This makes the loadr daemon useful only for putting an individual server into and out of production. More work is needed to make this daemon more useful. The NT daemon has a configuration file C:\loadr.ip used to specify the IP addresses to/from which load requests will be made.

The /WE01 network file share

The Wes servers are dependent upon a network file share mounted from HUGO2. Hugo2 runs a Samba daemon to serve network shares. The share /WE01 is made available to the Wes servers, and also via NFS to the mead computers for access by UCS Consultants. The Samba log files in /usr/local/samba/var are automatically cycled by the samba daemon. The Samba startup file is in the /sbin/init.d directory. The WebExpress software stores User Preferences files on the /WE01 share, and will fail if the share is not available. Access to the share is dependent upon the existance of the sambash account on hugo2 and in the password server (bono,egg) used by the hugo2 samba configuration.

WebExpress Customization

  1. C:\Program Files\ISOCOR\WebExpress\.prefs
    The .prefs file contains default User Preferences, which are overridden by settings saved by the user.
  2. C:\Program Files\ISOCOR\WebExpress\WebExpress.conf
    The WebExpress.conf file contains the critical configuration for the WebExpress service daemon. This configuration is very sensitive to change.
  3. C:\InetPub\scripts[n]\WebExpress.cat
    The WebExpress.cat catalog file contains the configuration of text strings, URLs and GIF files used in constructing the HTML pages provided to the user. Most interface changes will be done thru the catalog. The catalog file is generated from source using the program C:\Program Files\ISOCOR\WebExpress\customization\gencat.exe. Each IIS site will have its virtual scripts directory pointing to a different Inetpub\scripts[n] directory to obtain its customized interface settings.
  4. C:\InetPub\wwwroot\default.asp
    There are a half-dozen or so files in the wwwroot directory used to facilitate a simple login to WebExpress. The default.htm page is the default page for the IIS sites. When webexpress logs out, it will direct the user to the default.htm page. That may be changed in the future.

WebExpress Test Platform

We currently have a test Platform for WebExpress. The NT server piltdown.u.washington.edu is located in Row I in the 4545 machine room. Access to the IIS server on piltdown is done with http, it does not use https, nor does it have any Certificates. The piltdown server is running WebExpress V2.2, which is a higher version than currently running on the wes servers. Bugs which are reported for the WebExpress service should be duplicated on the piltdown server before being reported to ISOCOR's technical support. Configuration changes to WebExpress should be tested first on piltdown. Piltdown does not use the /WE01 network file share, and so user preferences files saved on piltdown will not interfere with those on the production servers.

Projected changes

The WebExpress service requires a user & password login to an IMAP server. Because we have other services that are providing access via the Pubcookie authentication server weblogin.washington.edu, it is desirable to have WebExpress also use Pubcookie. That would allow users who have authenticated with Pubcookie to get to their email without being prompted for a second login to WebExpress. To achieve this single-login, a modified pubcookie filter is being developed for IIS, also a proxy imapd server to run on NT, and a change will be needed for the imapd daemons on our imap servers.

With some luck, another product which provides a similar service with fewer bugs may also become available.

Perhaps that will be web pine.