Richard H. Karl Senior Technology Consultant. Solution Overview The fourth version of Windows-based...
-
Upload
derrick-lester -
Category
Documents
-
view
216 -
download
0
Transcript of Richard H. Karl Senior Technology Consultant. Solution Overview The fourth version of Windows-based...
Richard H. KarlSenior Technology Consultant
Solution Overview Solution Overview The fourth version of Windows-based Hosting launching
September 2004.
A Dedicated Sales and Solutions (Product) team at Microsoft that delivers Microsoft technology and programs in a hosted infrastructure, including:
Technical training. Extensive testing and scenario simulation of Windows-based
technologies. Marketing programs. Dedicated premier support staff and outside consulting
companies for Windows-based Hosting delivery and solution testing and training.
Community groups. Joint selling programs. Service Provider Licensing Agreement (SPLA).
Windows-based HostingWindows-based Hosting
WebServices
SharePoint hosting
Hosted Exchange
Data hostingASP.NET
Delivery Platform
• Purposing • Provisioning • Monitoring • Security • • Centralized Management • Platform Design •
Hosted Applications
Foundation for ServicesFoundation for Services
How Windows-based Hosting version 3.0 Improves the Customer ExperienceHow Windows-based Hosting version 3.0 Improves the Customer Experience
Monitoring and Reporting• Monitor server or service failure• Mine data• Create customer reports
Centralized Management• Use Group Policies• Improve and scale the administration of multiple servers
Update Management• Provide security alerts• Apply security updates• Reconfigure existing servers
Server Purposing• Build a new server• Repurpose existing servers
11
22
44
33
Windows-based Hosting Solution ComponentsWindows-based Hosting Solution Components
Hosted Infrastructure Components: Server Purposing
Centralized Management
Update Management
Service Provisioning
Monitoring and Reporting
Hosted Services Components: Web Hosting
Windows SharePoint® Services Hosting
Data Hosting
Hosted Exchange 2003 Service
Windows-based Hosting Solution Components and Technologies UsedWindows-based Hosting Solution Components and Technologies Used
Windows-based Hosting Windows-based Hosting solution componentsolution component
Microsoft technologies Microsoft technologies usedused
Server Purposing Automated Deployment Services (ADS)
Centralized Management Active Directory®
Update Management Microsoft Software Update Services (SUS)
Service Provisioning Microsoft Provisioning System (MPS)
Monitoring and Reporting Microsoft Operations Manager (MOM)
Web Hosting Internet Information Service (IIS)
Data Hosting SQL Server™
Windows SharePoint Services SQL Server™
Windows-based Hosting Terms and Concepts (1 of 3)Windows-based Hosting Terms and Concepts (1 of 3) Hoster or service provider: Provides the network
infrastructure
Reseller: Sells infrastructure capacity
Customer: Leases space from a reseller to create Web site(s)
User: Browses customers’ Web sites
Unique IP Web site: Single IP address maps directly to a single customer Web site
Host header Web site: IP address is shared to multiple customers and host headers resolve to a single site
Windows-based Hosting Terms and Concepts (2 of 3)Windows-based Hosting Terms and Concepts (2 of 3)
Dedicated hosting: Single server is dedicated to one customer
Or dedicated servers within a shared Active Directory forest
With dedicated hosting: Customers get better performance and more
control over administration and Web site content.
Customers typically pay more for dedicated servers
Windows-based Hosting Terms and Concepts (3 of 3)Windows-based Hosting Terms and Concepts (3 of 3)
Shared hosting: Multiple customers share services on each server
in service provider's hosted environment
Customers are typically grouped on servers based on the services they purchase—usually corresponding to a particular service level or set of features
Service provider (not the customer) retains administrative control over each server
Documentation ViewerDocumentation Viewer It’s easy to find and use the information you need
with the new Web and CD-based documentation viewers
Content is organized into modules: Server Purposing Centralized Management Service Provisioning Update Management Monitoring and Reporting Data Hosting Web Hosting Windows SharePoint Services Hosting
How the Documentation Viewer is OrganizedHow the Documentation Viewer is Organized
SectionSection DescriptionDescription
Get Started Specific steps to properly plan and deploy the component
Checklist Deployment procedures to complete multi-step tasks
Build Complete deployment steps
Use Steps to manage, maintain, and operate in a hosting environment
Advanced Topics
Optional and advanced configuration and integration information
Best Practices
Best practices for installing, configuring and operating each component
Learn More About
Information for planning process deployment of the component, plus background knowledge related to the component and security design considerations
Online Links List of all external sites used in the module
Navigating the Content ViewerNavigating the Content Viewer
Logical DiagramLogical Diagram
Server Purposing OverviewServer Purposing Overview
With Server Purposing you can: Automate the process of building and configuring
your system, software, and services.
Ensure your security policies and process are implemented on each system.
Server Purposing: Automated Deployment Services (ADS)Server Purposing: Automated Deployment Services (ADS) ADS is a downloadable add-on component of
Windows Server™ 2003, designed for data centers containing over 10,000 servers and provides the following: Automates multi-server builds
Accelerates the process of preparing, purposing, and configuring Windows-based servers from bare metal to a fully operational server
Deploys or configures a server or group of servers based on external events such as a receipt of a customer order
Server Purposing Benefits Server Purposing Benefits BenefitBenefit DescriptionDescription
Significant reduction of server deployment cost
Pre-Boot Execution Environment (PXE) server and deployment agent enable remote builds of PXE-compliant bare-metal boxes, reducing the cost
Consistency in server provisioning, less human error
Through task sequence-driven automation, sample task sequences are extended to automate hardware configuration, operating system deployment, and application installation
Flexibility and agility through new imaging tools
New tools create smaller images that can be updated and edited without first being deployed to a server
Powerful, mass server administration
ADS enhances existing scripting investments and extends your ability to administer hundreds of servers
Simpler hardware configuration
Using Virtual Floppy, ADS incorporates standard server vendor MS-DOS tools into the deployment process to automate hardware configuration.
Easy integration through a choice of user interfaces
ADS offers a graphic user interface, command-line tools, and a rich Windows Management Instrumentation (WMI) program interface.
Consistent record of administrative history
ADS offers a centralized data store to maintain a complete history of all administrative tasks carried out using the ADS infrastructure.
Target Server
Administration Agent Windows-Present
Deployment Agent Pre-OS
ADS Secure, Hands-Off Imaging“Zero Touch Server Builds from Bare Metal”
ADS Secure, Hands-Off Imaging“Zero Touch Server Builds from Bare Metal”
DB
HardDisk
RAM
PXEFW
Logs all activity
ADS Controller
SSLSSL
Bare metal server PXE Boots and task sequence is initiated
Controller transfers deployment agent to RAM disk
Controller downloads DOS image for hardware configuration
11
22
33
Agent authenticates/ requests image
Image is personalized and boots to full OS with agent
Encrypted image is downloaded and deployed
44
55
66
PossiblyMulticast
Centralized Management OverviewCentralized Management Overview
Centralized Management allows you to do the following: Centrally manage all network users, groups,
computers and policies
Increase the number of servers, users, groups, and group policies per single administrator
Manage both shared and dedicated customers
Delegate administrative tasks to enable secure, role-based authentication
Enhance security with central authentication and best practices using Windows Server 2003 Security guidance
B
Centralized Management: Server-focused Benefits Centralized Management: Server-focused Benefits BenefitBenefit DescriptionDescription
Simple modelA model for managing user accounts and associated rights eliminates confusion when accounts and passwords are maintained locally
Cost efficienciesA single central model for managing the service provider accounts results in operational cost efficiencies
One set of toolsBecause all accounts and rights are defined in a single central location using Active Directory, you can use one set of tools to manage the solution
Single design and data store
This design and data store allows simple operational processes for backup, restore, disaster recovery, global system monitoring, and administration
Global security policyOperational benefits are realized through defining and managing a global security policy, including security lockdown processes
Automatic deployment of security policies
Centralized security permits you to deploy security policies globally from a central source to each server
Efficiencies in securityReduced operational tasks are also realized because any additions or changes to the overall security policies are implemented only once.
User-focused Benefits of Centralized ManagementUser-focused Benefits of Centralized Management
BenefitBenefit DescriptionDescription
A single design and data store
You can use simple operational processes to support external access to servers that provide client services
Performance of efficient and secure tasks
The security design and the delegated administration model provides for the extension of access rights to resellers and reseller customers.
Reduced cost and operational load
Cost is reduced because external users can perform tasks that would otherwise require service provider resources.
Active Directory: Components of Centralized ManagementActive Directory: Components of Centralized Management Multi-tenant design
Isolated resellers
Isolated resellers’ customers
Delegated administration
This solution proposes centralized management using two distinct phases:
Centralized server management—The first phase implements the internal service provider accounts and concurrent server rights plus many of the required security lockdown processes, in a centrally managed solution.
Centralized user management—The second phase addresses the extension of access rights to users outside of the service provider.
Centralized Management Design PrinciplesCentralized Management Design Principles
Simple
Secure
Manageable
Scalable
Preferred Active Directory Design: Shared forest
Single tree
Single domain
Active Directory: Recommended Design Single ForestActive Directory: Recommended Design Single Forest
CustomerLevel
DomainLevel
Acmehost.com
ResellerLevel
Hosting
Admin
Admin
Customer4
Admin
Customer3
Admin
Customer2
Admin
Customer1
Joebobhost.com
Sallyhost.com
Centralized Management: Recommended OU DesignCentralized Management: Recommended OU Design
Organizational Unit DesignOrganizational Unit Design Suggested organizational unit (OU) hierarchy for centrally managed
security Domain Controllers (server names AD01, AD02) Computers Servers:
Infrastructure: Management (ADSC01 [ADS Controller]; MOM01;
MOMSQL01;SMS01) Provisioning (MPS01 [MPS Server] ) SQL (SQL01) UTIL01 (utility server)
Other Web Servers:
Shared Dedicated (WEB01, WEB02, PROV01 [provisioning server])
When you deploy individual servers, you first create them in the default computer's OU, configure them, and then move them into the destination OUs
Server Management through Group PolicyServer Management through Group Policy
Propagation of group policy throughout the data center is automatic
Group Policy settings are contained in Group Policy Objects (GPOs)
GPOs are associated with Active Directory object containers
GPOs enforce administrative roles
Group Policy allows delegated administration
Group Policy is the primary tool for defining and controlling how programs, network resources, and the operating system behave.
Update Management OverviewUpdate Management Overview
With update management you can control the deployment and maintenance of interim software releases into your production environments. Update management helps you:
Maintain operational efficiency and effectiveness
Overcome security vulnerabilities
Maintain a stable production environment
Update Management BenefitsUpdate Management Benefits
BenefitBenefit DescriptionDescription
Make updates automatically available
When administrators approve the updates, SUS automatically makes all critical and security updates available to all preconfigured servers.
Consistent installation
Using an automated software distribution tool to install standard software packages and options ensures a consistent installation.
Timely installationAn automated software distribution tool permits software releases and updates to be installed on a precise schedule.
Security Installation of updates typically requires administrative rights.
Timely status reporting
Automated monitoring and reporting capabilities result in feedback on the the installation.
Return on investmentThis investment in using an automated software tool is offset by the return on investment (ROI) that is offered through low overhead as compared to manual methods.
Overview of Update ManagementOverview of Update Management
AssessAssess IdentifyIdentify
Evaluate Evaluate & Plan& PlanDeployDeploy
1. Assess—Determine what you have in your production environment, what security threats and vulnerabilities you face, and whether your organization is prepared to respond to a new software update.
2. Identify—Discover new software updates in a reliable way, determine whether they are relevant to your production environment, and whether an update represents a normal or emergency change.
3. Evaluate and Plan—Make a decision whether to deploy the software update, determine what it will take to deploy it, and test the software update.
4. Deploy—Roll out the approved software update into your production environment so that you meet the requirements of any SLAs you have in place.
Windows Update: How It WorksScenario 1: User Initiated AccessScenario 2: Access via Automatic Updates (AU)
Windows Update: How It WorksScenario 1: User Initiated AccessScenario 2: Access via Automatic Updates (AU)
Windows Update
2. Client side code (CC) in browser (or AU) validates WU server and gets download catalog metadata
1. User points selects ‘Scan for updates’ or AU automatically checks for new updates (every 17-22 hours)
3. CC (or AU) uses metadata to identify missing updates
4. WU (or AU, if so configured) lists missing updates and user selects updates to download
5. CC (or AU) downloads, validates, and installs updates. AU downloads using BITS, and can be configured to allow user to select updates to install
6. CC (or AU) updates history and statistics information*
*Note: No personally identifiable information is collected.See http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy
ParentWUS Server
Firewall
ChildWUS Server
ChildWUS Server
Bandwidth
Throttling
WindowsUpdate Service
WindowsUpdate Service
Bandwidth
Throttling
Ban
dw
idth
Th
rottlin
g
2. Administrator reviews, evaluates, and approves updates
1. WUS Server check for updates every 24 hours*
3. Approvals & updates synced with child WUS servers**
4. AU (the WUS client) gets approved updates list from WUS server
6. AU either notifies user or auto-installs updates
7. AU records install history
5. AU downloads approved updates from WUS server or Windows Update
**WUS maintains approval logs & download, sync, & install statistics*Configurable 1/day or 1/week
WUS 1.0WUS 1.0
Update Management StrategiesUpdate Management Strategies
The Windows-based Hosting solution provides strategies for service providers and information about relevant Microsoft technologies, which include the following: Windows Update
Software Update Services (SUS)
Windows Update Services
Microsoft Baseline Security Analyzer (MBSA)
Systems Management Server (SMS)
Co
re U
pd
ate
Man
agem
ent
Cap
abili
ties
*MBSA does not support scanning Win98 – Win98 can be updated using SMS2003 inventory management and software distribution capabilities
Choosing A Update Management SolutionChoosing A Update Management Solution
CapabilityCapability Windows UpdateWindows Update SUS 1.0SUS 1.0 SMS 2003SMS 2003
Supported Platforms for Content
NT 4.0, Win2K, WS2003, WinXP, WinME, Win98 Win2K, WS2003, WinXP NT 4.0, Win2K, WS2003,
WinXP, Win98*
Supported Content Types
All patches, updates (including drivers), & service packs (SPs) for the above
Only security & security rollup patches, critical updates, & SPs for the above
All patches, SPs & updates for the above; supports patch, update, & app installs for MS & other apps
Granularity of Control
Targeting Content to Systems No No Yes
Network Bandwidth Optimization No Yes
(for patch deployment)
Yes (for patch deployment & server sync)
Patch Distribution Control No Basic Advanced
Patch Installation & Scheduling Flexibility Manual, end user controlled Admin (auto) or user
(manual) controlled
Administrator control with granular scheduling capabilities
Patch Installation Status Reporting
Assessing computer history only
Limited (client install history & server based install logs)
Comprehensive (install status, result, and compliance details)
Additional Software Distribution Capabilities
Deployment Planning N/A N/A Yes
Inventory Management N/A N/A Yes
Compliance Checking N/A N/A Yes
Service Provisioning OverviewService Provisioning Overview
Service provisioning relies on the Microsoft Provisioning System (MPS) to automate routine administrative server management tasks such as: Adding new users
Updating directory entries
Provisioning applications
Provisioning services
Service Provisioning BenefitsService Provisioning BenefitsBenefit Description
Improved process management
MPS manages multistep processes that can be executed asynchronously or synchronously a system administrator.
Task automation Automation of frequent or complex tasks reduces errors from manual performance.
Application providersProviders are included for Microsoft Active Directory, Internet Information Server (IIS), Exchange, Microsoft FrontPage® Server Extensions, and Telnet
Time savings System administrators can spend increased time with new users or customers.
Lowered administrative burden
Server-to-administrator ratio for Windows servers is improved, resulting in lower administration costs.
Lower costs Operational costs are lower due to fewer on-site visits.
Browser UI Web-based user interface (UI) can be controlled from any browser and provides you with a simple, out-of the-box interface.
Remote script execution
Execute scripts you already have by using the Telnet Provider and have the benefit of an audit trail for each server
Service Provisioning can automate:Service Provisioning can automate: Active Directory entries
Organizations and Users
SMTP Domains
User Accounts
Mailbox Allocation, Stores
Public Folders
Address Book Views
VPN circuits
VLAN segment configuration
User security
Print queues
File shares
Remote desktop config
DNS
Published applications
VPN user level security
Load balancing systems
Sites Servers, routers, SANs
Overview of Microsoft Provisioning System (MPS)Overview of Microsoft Provisioning System (MPS)
Microsoft Provisioning System–ProceduresMicrosoft Provisioning System–Procedures
Procedure can be a single provisioning action or a sequence of calls to other procedures
Procedure exposes a well defined XML input and output with schema checking
XML document describing procedure and namespace
Procedure can run using credentials
Microsoft Provisioning System–ProvidersMicrosoft Provisioning System–Providers Providers are COM objects
Do actual provisioning tasks as directed by a Procedure
Also implements compensation functionality Enables rollback
Standard Providers Active Directory Internet Information Server (IIS) Exchange FrontPage/SharePoint Team Services 2002 File System
Microsoft Provisioning System–InterfaceMicrosoft Provisioning System–Interface
The Interface is the method by which provisioning request data is submitted
Can also receive back data verifying whether any errors occurred or not
Requests can be received via: SOAP Listener
ProvTest.exe command line utility
Programmatic COM Object Interface
Microsoft Provisioning System–NamespacesMicrosoft Provisioning System–Namespaces
Defines a collection of related procedures Can be referenced directly by requests (public
namespace)
Can be called by other registered procedures (private namespace)
The provisioning engine caches namespaces and their procedures
Access to a namespace can be restricted by setting a namespace to public/private or group membership
MPS Request FlowMPS Request Flow Sign up a new customer Assign services
Shared IIS FrontPage
ActiveDirectory
IIS ResourceManager
IIS FrontPage
2. XML Provisioning Request1. HTTP Post via SSL
4. Providers perform tasks
5. XML Response6. HTML – Update Complete
• Active Directory Provider• Create New OU• Create Groups• Set Security• Delegate Permissions
• IIS Resource Manager• Find Available Resource
• IIS Provider• Create Folder• Set Security on Folder• Create Site• Set Security on Site
• FrontPage Provider• Enable SharePoint Team Services
3. Request Expansion
Web ControlPanel
Web ControlPanel
AD RM IIS FP
MPF
Request ExpansionRequest Expansion
Request Tasks
Overview of Monitoring and ReportingOverview of Monitoring and Reporting
Monitoring allows you to:
Correct problems before outages occur.
Reduce the costs of resolving problems when they do occur.
Meet your service level agreement obligations.
Plan for growth.
Share key system performance information with resellers and customers.
Business Benefits of MOMBusiness Benefits of MOM
MOM BenefitsMOM Benefits
BenefitBenefit DescriptionDescription
Distributed event management
MOM captures system and applications events and aggregates them into a central repository. Administrators can receive an overall view of server and service availability or they can obtain specific information.
Rules Administrator-created rules in MOM allow the system to react automatically to incoming message.
Alerts Any MOM rule can be configured to generate specific alerts with associated severity levels.
Performance monitoring
MOM can be set to monitor key performance thresholds. Rules may be customized and new rules added, allowing system and application performance trends to be monitored both for historical reporting purposes and capacity planning.
Enterprise scalability MOM manages Windows-based systems of all sizes. Systems running MOM can be designed to handle hundreds of millions of events per day.
Intelligent agents Based on the rule-sets defined by the administrators at a central console, MOM agents provide a high degree of intelligence.
Automated agent and rule deployment
MOM automatically detects and reports the presence of new servers and applications and services installed on them.
Mission-critical availability
Because both event and performance management of servers and applications are crucial to successful operations, MOM provides mission critical availability of the MOM servers and even the MOM database itself.
MMC console MOM uses the Microsoft Management Console (MMC) for all administrative tasks. Administrators can easily navigate through the hierarchical tree to access events, rules, reports and configuration activities.
InteroperabilityIntegration with Microsoft Windows Management Instrumentation (WMI) allows MOM to consume a wide range of events and performance data. MOM can also be configured to monitor SNMP event data (traps) for any specified devices.
MOM Architectural OverviewKey TermsMOM Architectural OverviewKey Terms Data sources
Events: Windows, application, WMI, service change, SNMP traps, timed events, missing events, UNIX syslogs, and so on
Performance data: used for graphs, reports and to set thresholds
Alerts MOMs indication of a particular issue: What operators see
first Based on events, performance thresholds, or script output
Response Reaction to an alert (auto-resolve, send e-mail, page, run
script)
Management Pack (MP) Set of processing rules to monitor applications Supporting views and reports
MOM ArchitectureMOM Architecture System Center Data Warehouse
SQL Reporting Services
MOM Database Data aggregation Knowledge - management
packs Configuration data
MOM Server Database access Consolidator Agent manager User interfaces Agentless monitoring
MOM Agents Local monitoring Local management Encrypted Communications
System CenterData Warehouse
Reporting
Agents
DB
Management Server
Ops ConsoleAdmin ConsoleWeb Console
Agents
Consoles View Alerts/Server State
condition requiring intervention execute tasks topological views service level exceptions
OpsConsole
Reporting
Internet Information
Server
HTTP
AdminConsole
Examples Server Availability Operational Health Security Events
System Center Data Warehouse
MOM Server
Agents Agents
WebConsole
Windows-based Hosting Management Pack Windows-based Hosting Management Pack
The Management Pack monitors and includes: System and service availability
System usage and performance
Errors and events
Data for views and reports
Automatic responses for: Self correcting problems Notification
The Management Pack is a bundle of selected rules that monitor critical services in the Windows-based Hosting platform. Having this Management Pack will help you to install and deploy MOM in one to two business days.
Logical DiagramLogical Diagram
Overview of Hosted Exchange 2003Overview of Hosted Exchange 2003
Hosted Exchange 2003 allows you to offer rich messaging services for consumers and small office/home office and small-to-medium sized enterprises.
You can offer a broad range of services that go from basic e-mail up to higher value services, such as providing additional storage, hosting vanity domains and calendars.
Overview of Hosted Exchange 2003 – User ExperienceOverview of Hosted Exchange 2003 – User Experience Multi-tenant hosting of server message blocks (SMBs)
Customer isolation in Active Directory®, address lists
Consumer users
Clients and protocols HTTP – Outlook® Web Access (OWA)
POP3/IMAP4
RPC over HTTPS – Outlook 2003
Automated provisioning
Delegated administration
Monitoring and reporting
Overview of Hosted Exchange 2003– Solution ContentsOverview of Hosted Exchange 2003– Solution Contents Documentation
Pub Studio content viewer PDF’s for printing
Reference architecture Fully prescriptive deployment steps
Code Provisioning Monitoring and reporting MakeGAlLinked.exe SMTP Domain Event Sink RPC over HTTP profile configuration Web site
Fully tested PSS supported
Improvements in Exchange 2003Improvements in Exchange 2003
Improvements related to front-end server deployment include: RPC proxy server Outlook Mobile Access (OWA) Exchange ActiveSync® OWA forms-based
authentication OWA S/MIME OWA compression
Improvements related to back-end server deployment include: Support for 8-node clustering
Improvements in Client ConnectivityImprovements in Client Connectivity
You can give customers more options for accessing e-mail, calendar, and contact information:
Outlook 2003
Outlook Web Access 2003
Outlook Mobile Access
ActiveSync
You can integrate a self-provisioning Web site for customers with the Hosted Exchange Web service methods and MPS. Through the site, a users could:
Update their Outlook profile settings.
Automatically configure their Outlook 2003 to connect directly through the Internet to Hosted Exchange 2003.
Connectivity for Mobile Devices Connectivity for Mobile Devices
Hosted Exchange 2003 allows service providers to enable the same features for mobile clientsas Exchange Server 2003. This includes: Allowing users to use mobile devices to access
their e-mail and their Contacts, Calendar, and Tasks folders, through OWA.
Allowing users to send and receive e-mail, contacts, and calendar items via wireless devices.
Considerations for Defining Messaging Service OfferingsConsiderations for Defining Messaging Service Offerings
Outlook 2003
Outlook Web Access for Exchange Server 2003
Mobile clients
Supporting POP3 and IMAP4 clients
Supporting public folders
Additional mailbox storage
Supporting mailbox backup and restore
Logical DiagramLogical Diagram
Web Hosting OverviewWeb Hosting Overview
Web Hosting enables you to offer customers a variety of hosted Web services, including: Basic dedicated mail.
ASP.NET applications.
Network Attached Storage (NAS) coverage.
The solution offers specific guidance for hosting Microsoft Internet Information Services (IIS) 6.0 and ASP.NET which results in: Easier deployment and configuration.
Reduced operational costs.
Increased scalability, functionality, and security.
Web Hosting Security OverviewWeb Hosting Security Overview
IIS 6.0 not installed by default Except Web Server Edition
Web Service Extensions Deny all undefined ISAPI and CGI
Improved NTFS permissions
Default Web site is static content only
URLScan-like rules enforced by default in http.sys
Undefined MIME types are not delivered
Applications do not run as System
Web Hosting BenefitsWeb Hosting BenefitsBenefitBenefit DescriptionDescription
Increased Web server reliability and availability
IIS 6.0 features a new, fault-tolerant architecture with health monitoring and process recycling that significantly increases the reliability of your Web server infrastructure.
Easier server management
IIS 6.0 features new management tools that reduce the time it takes to manage your Web server infrastructure, including a plain text XML configuration file that can be modified without having to stop the server.
Server consolidationIIS 6.0 is a highly-scalable Web server that provides new opportunities for Web server consolidation and enables more applications to be hosted on a single server.
Faster application development
With Windows Server 2003 and IIS 6.0, application developers benefit from a single, integrated application hosting environment and a broad choice of languages for rapid application development.
Increased securityIIS 6.0 provides improved security for Web servers. IIS 6.0 is locked down by default, limiting the attack surface area through aggressive security defaults.
Web Hosting Scenarios Web Hosting Scenarios The scenarios below describe the most likely configurations for service providers:
Discount Dedicated Hosting The host running IIS is dedicated to the exclusive use of one customer
and there is no Active Directory management of the server or users. Managed Dedicated Hosting
The host running IIS is dedicated to the exclusive use of one customer and Active Directory may be used by the service provider to manage the server, but not the users.
Shared Web Hosting The host running IIS is shared by multiple customers and Active
Directory is used to manage the server and the users. IIS deployments are configured to use Windows Authentication mode. When IIS is integrated with Active Directory in this way, only users with a valid Active Directory account can connect.
Application Hosting The service provider offers either shared or dedicated Web hosting
services and uses Active Directory to manage the server and users. The Web sites hosted in IIS will often be integrated with other applications. IIS deployments are configured to use Windows Authentication mode because Active Directory is used to manage both the server and the users.
Internet Information Server (IIS) 6.0 ArchitectureInternet Information Server (IIS) 6.0 Architecture
WWW WWW ServiceServiceWWW WWW
ServiceService
Co
nfi
g M
gr
Pro
cess
Mg
r
HTTP.sysHTTP.sysHTTP.sysHTTP.sys
Web GardenWeb Garden
W3WP.exeW3WP.exeW3WP.exeW3WP.exe
ISAPIISAPIExtensionsExtensions(ASP, etc.)(ASP, etc.)
ISAPI FiltersISAPI Filters
Application Pool 2
Application Pool 2
W3WP.exeW3WP.exeW3WP.exeW3WP.exe
ASP.NET ISAPI
CLR Application Domain
CLR Application Domain
W3WP.exeW3WP.exeW3WP.exeW3WP.exe
ASP.NET ISAPI
CLR Application Domain
CLR Application Domain
INETINFOINETINFO
metabase
Application Pool 1
Application Pool 1
W3WP.exeW3WP.exeW3WP.exeW3WP.exe
ISAPIExtensions(ASP, etc.)
ISAPI Filters
Overview of Data HostingOverview of Data Hosting
Provide Data Hosting services to customers on dedicated servers, shared servers, or both.
Keep customer data secure by using one of two authentication models: The authentication method you choose impacts your
SQL Server deployment for both user authentication and the account under which the SQL Services run.
When you deploy SQL Server, choose between Windows Authentication Mode and Mixed Mode. Active Directory is required for Windows Authentication Mode and is optional for Mixed Mode.
Deploy Shared or Dedicated Servers.
Data Hosting Deployment Scenarios:Shared and DedicatedData Hosting Deployment Scenarios:Shared and Dedicated
Shared – one SQL Server shared by multiple customers Customers usually have some restrictions on how they
access this server, and what SQL functionality is available For example, the Microsoft Distributed Transaction Coordinator
(MSDTC) may be disabled.
Dedicated - one SQL Server per customer Windows-based Hosting solution doesn’t recommend
placing IIS and SQL Server on the same server
Customers typically have more freedom to use all the functionality of SQL Server (unless managed by service provider, in which case some restrictions may apply)
Data Hosting Authentication Mode: Why Use Windows Authentication Only?Data Hosting Authentication Mode: Why Use Windows Authentication Only?
Reference architecture uses Windows authentication Most secure configuration for SQL Server
configuration
Can use Windows and SQL authentication Gain benefit of Active Directory for centralized
management Without using Active Directory for user
management, you rely on SQL Servers’ security methods to protect data Much less secure because SQL login credentials are
passed over the network and not hashed
Data Hosting BenefitsData Hosting Benefits
BenefitBenefit DescriptionDescription
Clickstream analysisGain a deep understanding of online customer behavior, so that you can make better business decisions.
Distributed partitioned views
Partition your workload among multiple servers for additional scalability.
High availabilityMaximize the availability of your business applications with log shipping, online backups, and failover clusters.
SecurityEnsure your applications are secure in any networked environment, with role-based security and file and network encryption.
Simplified database administration
Automatic tuning and maintenance features enable administrators to focus on other critical tasks.
Application hostingWith multi-instance support, SQL Server enables you to take full advantage of your hardware investments so that multiple applications can be run on a single server, or outsourced.
Logical DiagramLogical Diagram
Windows SharePoint Services OverviewWindows SharePoint Services Overview
Windows SharePoint Services Hosting allows you to create Web sites for information sharing and document collaboration.
Windows SharePoint Services is a component of the Windows Server 2003 information worker infrastructure that: Provides team services and sites to Microsoft
Office System and other desktop programs.
Serves as a platform for application development.
Windows SharePoint Services Benefits Windows SharePoint Services Benefits BenefitBenefit DescriptionDescription
Advanced file sharingWindows SharePoint Services supplies Web sites with document storage and retrieval with check-in and check-out functionality, version history, custom metadata, and flexible, customizable views.
Information management
SharePoint sites store event calendars, contacts, Web links, discussions, issues lists, announcements, and more.
Configurable user control
You can grant users the ability to create sites, control site membership, monitor site usage directly, and moderate content submissions. Users can create and share site templates.
Tracking and quota management
Despite the authority delegated to users, Windows SharePoint Services enables you to track which sites are created, who owns them, how long a site has gone unused, and so on.
Enterprise scalability
Deploy Windows SharePoint Services in server farms that support tens of thousands of sites and can handle hundreds of thousands of users. Windows SharePoint Services supports load balancing for Web servers and server clustering technology for all data.
Choice of management channels
You can manage and configure Windows SharePoint Services by using a Web browser or command-line utilities. You can also manage server farms, servers, and sites by using the Microsoft .NET Framework–based object model and Web services.
The newest version of Windows SharePoint Services Hosting includes the following new features:The newest version of Windows SharePoint Services Hosting includes the following new features:
A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS
A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS
Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)
Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)
What’s New in Windows SharePoint ServicesWhat’s New in Windows SharePoint Services
Windows SharePoint Services ArchitectureWindows SharePoint Services Architecture
Enabling Contextual CollaborationAdding “Real-Time” to Microsoft Office SystemEnabling Contextual CollaborationAdding “Real-Time” to Microsoft Office System
Presence, IM, and Web Conferencing in Outlook, Word, SharePoint, etc.
Enabling higher productivity from peoples’ favorite applications
Microsoft’s Hosting SolutionsMicrosoft’s Hosting Solutions
What do I do next?What do I do next? Schedule a Quick Start–Proof of Concept (POC) in
lab environment for Windows-based Hosting by contacting the technical specialist (TS): All knowledge transfer from Architectural Design
session will be communicated from TS to Tireno for Quick Start POC.
In addition to Tireno, at least one technical staff at your company will shadow Tireno Consultant .
OR All knowledge (all Windows-based Hosting materials
listed above) transfer from ADS will be managed by the TS to you, the customer.
Review materials, resources, and solution components for self-paced deployment.
Discussion and Q&ADiscussion and Q&A
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.