What good is Outlook Web Access without attachment support? Many organizations are faced with just that but what is their alternative. Leaving attachment support turned on opens the organization to serious risk that important documents are being left behind in public kiosks and non-trusted systems?  Ouch! What a dilemma.

Typical Problem Scenario
When using Outlook Web Access and users open attachments a download of the attachment actually takes place to the remote workstation. The operating system then calls the associated editor and displays the document on that workstation.

Even if the user realizes this and deletes it after use the document is still easily retrievable from the systems trash folder and from the browsers cache. More often these documents are simply left behind in a temp directory forever. Sensitive documents fall into the wrong hands

Attachment support is required for productivity
Email today is less about sending messages and more about sending files and documents as attachments.  Deploying OWA with attachment support turned off is really limiting one of the main benefits Outlook Web Access. When users are away from the office access to attachments is more important then ever. 

Product Features

SecureView for OWA Enterprise 3.0 closes Outlook Web Access vulnerabilities. Users can View & access OWA attachments securely, never leaving any trace of the documents behind on non trusted systems.

• View Never Cached - Documents never get cached on remote non trusted systems so there is nothing to clean up afterwards. Some technology are based on Java and Active X cache cleaners while great in theory they fail to work on many public systems leaving the user with out email.
• View-only Admin Controls Settings - View-Only security controls, shut attachment downloads off on non-trusted or non-asset systems. SecureView can check for asset tags and electronic keys on remote systems to determine if trusted or not. Additionally trusted I address zones can to set up
• Easy Integration and Setup - Integrates to Exchange front-end server for easy deployment to any size enterprise. Weather you have 1 or 100 Exchange Front-end servers SecureView Enterprise can easily integrate into any complex environment. The simplicity of SecureView’s architecture is that its does not interface directly with the backend Exchange systems. Even if there are multiple Front-end servers only one SecureView Server is needed. More can be deployed for performance.
• Proven Product - Deployed and proven in the largest global enterprise customers, please contact us for reference.
• Super Fast Viewing with SmartCache Technology - Ultra Fast Viewing of over 375 document types. Users will load attachment views faster then any other technology due to our SmartCache view engine. The list of supported document types is impressive and includes all common MS, Corel, database, development and graphics formats.
• Works securely on all browser types - SecureView for OWA maintains all original file formatting and graphics when using standard view. Or view using Text-only which is maintains basic formatting and is perfect for slower web connections. It also supports all browser types including Explorer, FireFox, etc. There is no need for ActiveX or Java client.
• Viewing is better - Add user Productivity. SecureView for OWA is a great for user productivity and offers much more then security. Many times a view is faster then downloading a document and evoking the appropriate editor if available.
• Works with Other Security Technology
  SSL VPN integration, including MS ISA 2004. Many customers and SSL VPN manufactures have worked with to interoperate behind their VPN technology. Supports all Versions of Outlook Web Access
  Full for supports OWA 5.5, 2000 and 2003, and combinations in same enterprise. Many of customers have legacy Exchange systems deployed and need to support a mix of systems on mixed legacy server OS platforms.
• Right-click user Menus - Users can right-click on mouse to select type of conversion Rich text, text or graphics.
• Support for Multi-language - Documents in all OWA languages are supported and convertible.
• Server-side Conversion and transformation - 100% client-less no ActiveX or Java applets are used are required with the browser, as attachment file transformation is performed at the SecureView server.
• Fully Searchable HTML View - Users may search text within any SecureView file View.
• Automatic Table of Contents Created - A table of contents is automatically created and hyperlinked so users can quickly navigate through the document.
• Viewing performance enhancer (option) - Attachments sent to multiple users from the same sender will be converted once to improve the performance of viewing of these attachments to all the users who view them.
• IP Based Access Control - Access to attachments can be restricted based on the clients IP address.
• Fail-safe & multiple redundancy back-ends - Multiple SecureView back-end servers can be shared from different front-ends and thus operation will not be interrupted should one or several of these back-end servers be down or taken off line for maintenance.

Product Architecture

SecureView 3.0 Architecture Overview
 

1. General Architecture

SecureView for OWA 3.0 will integrate in to the existing Enterprise. The following diagram illustrates one possible scenario.

The existing network architecture remains in-tact, with the addition of a Transform Engine preferably running on a separate server.

SecureView for OWA v3.0 software is installed on each Exchange Front-End where the viewing technology will be made available to the end users. No additional modifications are required.

2. Process Overview

Document conversion through the end-users OWA takes place by the processes outline below in figure 2.0. The conversion process does not begin until after a user has logged in to OWA and clicked on a “Secure View” link next to an email attachment.

3. Component Overview

SecureView for OWA v3.0 consists of three components. These are:

Front-End User Interface Conversion Request Component Transformation Engine The following diagram, figure 3, illustrates the respective locations of each of these components.   Communication between the Front and Back-End Exchange servers is performed by the Front-End User Interface. All traffic between the Front-End and Back-End exchange servers takes place over the same channels it did before SecureView for OWA was installed. Communication between the Front-End Exchange Server and the Transformation interface is executed by the Conversion Request component.

Figure 3. Component Overview

4. Front-End to Transformation Engine Connectivity

Communication between the OWA Front-End and the Transformation Engine is done exclusively through the Conversion Request Component.

The Conversion Request Component and the Transformation Engine use the SOAP protocol to communicate over a user-definable port number.

5. Load Balancing and Scalability

The bulk of the processing is done by the Transformation Engine. There are a variety of systems in place to allow load balancing and scalability.

1. Transformation Management
   The Transformation Engine runs a manager which spawns agent processes to execute the actual transformation. The number of agents and time restrictions for each agent are configurable on the Transformation Engine.
2. Document Caching
   Recently converted documents are stored in a cache on a per user basis so that the same document will not be converted twice if viewed multiple times.
3. Multiple Transformation Engines
   Where the user base is very active multiple Transformation Engines can be used transparently by the end user. Conversion requests will be sent seamlessly to different transformation engines to split up the load.

6. Flexible Modular Design

• Conversion Request Component - The modular nature of the components in the document conversion process will allow transformation requests to come from various sources.  By tying in various interfaces from across the enterprise is will be possible to use the Conversion Request Component, in various environments, for future projects.
• Transformation Engine - Everywhere Networks can make additional interfaces available to the Transformation Engine. Existing infrastructure can remain intact while new services continue to be offered.

7. Requirements

The following software requirements are necessary for SecureView 3.0

• Front-End
  • Windows 2000 Server or Windows 2003 Server
  • Microsoft Exchange 2000 or 2003
  • Microsoft .NET 1.1
• Back-End
  • Windows 2000 Server, Windows 2003 Server
  • Microsoft Exchange 2000 or 2003
• Transformation Engine
  • Microsoft Windows 2000 or 2003
  • Microsoft .NET 1.1

8. Server Upgrade Considerations

When upgrading from Exchange 2000 to 2003 on the Front-End the User Interface component of SecureView 3.0 will need to re-installed, and the installer will automatically make the appropriate changes.

No modification is required to an Exchange Back-End to make SecureView work, so Back-End upgrades should not pose any concern.