Can OWA Replace the Outlook Client and the VPN?

IPAQ2000 writes "This past week, I attended a panel discussion sponsored by Microsoft and other major players in the space. One of the ideas brought up by one of the expert panel attendees from a company called Seaside Software claimed that large organizations should rely mainly on Outlook Web Access (OWA) for Exchange 2K access for remote users. He claimed that OWA access with SSL makes it perfect for secure access and saves the hassle of the VPN client support. I can see how avoiding the VPN client and the Outlook client together on desktops around large organizations (like mine) could be a good thing (by saving money), and how moving to OWA for remote users makes sense. In fact, it looks like MS themselves are putting much more emphasis on the browser in Exchange 2003 (OWA and Outlook are almost identical) so that users can run whatever version is appropriate for their needs, according to connectivity speeds, location, etc. There was a discussion regarding mobility and remote solutions in the enterprise. I thought that this might be a good subject for a Slashdot discussion, especially as it relates to Exchange. What do you think about OWA as main way of accessing Exchange, especially as OWA keeps getting richer with each version of Exchange?"

Not as great as it looks

[DetrimentalFiend]

I just used this today at work (we have the latest version of exchange) and it's really a pain compared to outlook. I'm sure as they add features and functionality it'll be nicer (and it's sure nicer from a management standpoint), but I'm still not thrilled with the interface. Currently we have everyone in the office running normal outlook with a few people (including us IT staff) trying out the web version of exchange when needed.

Re:Not as great as it looks

[Jeremiah+Cornelius]

Here are some of the problems with OWA:

* IIS must be secured against cross-site and Unicode attacks. In reality, this means URLScan and IISLockdown. URLScan often makes undeliverable, messages which can be accessed via the Outlook 'fat' client. Example: the message with a subject-line 'This is the Visio...' will be acceptable to Outlook. OWA will turn this subject-line into the document name at the end of a URL. URLScan sees 'https://(fq.servername)/exchange/This is the Visio....msg', and parses the sequence of four 'dots' as a possible directory traversal. Access is denied! User sees a 404, big PITA. Expect lots of tech support calls on issues similar to this one.

* All the groovy advanced features are supported only under IE. Other browsers get a functional, if unexceptional subset. There is no activeX plugin or anything - MS just uses nifty, DHTML and VBScript for drag-n-drop, etc. in OWA. The server-side ASP on OWA effectively generates a different, alternate interface for non-IE clients.

Weigh your options, and see if it isn't better to publish Exchange access through an SSL-style VPN appliance like Neoteris or Aventail.

UT arlington

[Hadlock]

I use OWA every day at UT Arlington, it works flawless for me on 98, 2000, XP and OS X. This is, of course, when I'm not at my personal computer downloading emails to mail.app. For some blasted reason you can only send email through the university servers when you're physically connected to the univ network via STMP or whatever. I can't use mail.app to send email from my offcampus apartment. fuck. so i have to log in and turn off pop up window protection in chimera/navigator/camino to send mail via the web interface.

i hate having to delete all my sent/recieved email with attachements. could they make deleting email any less intutitve?

all in all it works for me and the rest of campus of 22-23 thousand people + faculty. what was the question again?

OWA isn't that great

[Bishop]

Ofcourse MS is pushing OWA over SSL. MS does not have a good VPN product.

I have used both Outlook and OWA. I did not like OWA. I found that OWA was slow. Meeting reminders did not work. Autosave was tempremental. I lost a few emails when OWA lost its connection to the server (the fault of my ISP). In short useing real Outlook was better.

There are also security risks with OWA. Unless you outfit every user's browser with a SSL cert then a user can use any web browser to read their email. Before you know it you have your users checking their coporate email from Internet cafes and other insecure places. Furthure an attacker would like nothing better to do then start guessing at passwords and reading coporate email.

If you are going to manage SSL certs you might as well go whole hog and run a VPN. A VPN provides both security and an additional ammount of control to system administrators.

As others have written accessing the intranet is more then just access to email. VPNs also allow users to access file servers, and company internal webservers.

VPNs work and provide your users with more then just email. OWA over SSL is a hack.

Really not there yet.

[mpechner]

I have access to both outlook via vpn and OWA. For the normal user, OWA is fine. But if you have custom views, OWA is not an option. My task list is grouped by a numeric priority and by project. You can't do this with OWA. Maybe owa.net will have the functionality. Ever notice that nets are use to capture things? I think .NET is Microsoft being honest.

OWA is close, but not quite.

[euggie]

OWA is actually quite nice IMHO, especially if you are using IE under Windows. In my experience, it works reasonably well with Netscape/Mozilla, as well as Apple's KTHML-based Safari. However, before you switch to an all-webmail system, you ought to consider the following:

* Offline Access: If your organization, like ours, has a lot of travelling users, they will not be able to catch up on email while they are, for example, catching a flight. This can be mitigated with Mobile Information Server. (ActiveSync your PDA over the 'net before you get on the plane.)
* Convenience: Checking email over the web is generally considered not as easy as checking it w/ a dedicated client. That's why many folks, like Yahoo!, no longer offer free POP3 services unless you pay up--because many people are willing to spend money for the convenience. Further, many users navigate to sites by typing in the URL in the "Start | Run" dialog box, which will cause them to inadverdently navigate out of their OWA client and thus stop new mail notification.
* Security: Since you mentioned SSL... Many firewalls, for obvious reasons, cannot inspect traffic encapsulated in a SSL tunnel. So any application-level protocol protection provided by the firewall will be rendered useless. Example of this would be the Cisco PIX 515's "fixup" commands.
* More security: Having OWA generally means that users can access your email system with non-company issued systems. You can secure your servers all day long, but a simple key logger on a non-company system can bring you down to your knees. Especially since many Windows shop does unified login user/pass w/ Active Directory.

That said though, I use OWA to check work email every night on my Mac when I make it home. It works fine. When implemented properly it's a great compliment to Outlook, but IMHO it's probably not suitable as a replacement of Outlook

Offline synchronization

[beaner]

I use OWA with work on a pretty regular basis, but my main problem with using it as a primary means to access email is its lack of offline synchronization. I'm a consultant, and as such I tend to travel a lot, which means I am often without connectivity. I'm sure the same thing goes for travelling sales people, executives, etc.

Internet connectivity is still not ubiquitous, but as long as you've synched your laptop, you at least have your old email, and can compose new emails, queueing them up until you have a chance to synchronize again. Given that email tends to be one of the primary means of communication when working in large, geographically disperse teams, having offline access to old emails can be a lifesaver at times (say, when you're onsite with no Net access and need to make an emergency phone call, but the contact info happens to be in an email somewhere).

Other than that, OWA is usable, but not great.. In my experience, I've had formatting issues, and the occaisional IE crash. Of course, Outlook crashes too, so there's not really much difference there..

- Sean