Richard H. KarlSenior Technology Consultant

Solution Overview Solution Overview The fourth version of Windows-based Hosting launching

September 2004.

A Dedicated Sales and Solutions (Product) team at Microsoft that delivers Microsoft technology and programs in a hosted infrastructure, including:

Technical training. Extensive testing and scenario simulation of Windows-based

technologies. Marketing programs. Dedicated premier support staff and outside consulting

companies for Windows-based Hosting delivery and solution testing and training.

Community groups. Joint selling programs. Service Provider Licensing Agreement (SPLA).

Windows-based HostingWindows-based Hosting

WebServices

SharePoint hosting

Hosted Exchange

Data hostingASP.NET

Delivery Platform

• Purposing • Provisioning • Monitoring • Security • • Centralized Management • Platform Design •

Hosted Applications

Foundation for ServicesFoundation for Services

How Windows-based Hosting version 3.0 Improves the Customer ExperienceHow Windows-based Hosting version 3.0 Improves the Customer Experience

Monitoring and Reporting• Monitor server or service failure• Mine data• Create customer reports

Centralized Management• Use Group Policies• Improve and scale the administration of multiple servers

Update Management• Provide security alerts• Apply security updates• Reconfigure existing servers

Server Purposing• Build a new server• Repurpose existing servers

11

22

44

33

Windows-based Hosting Solution ComponentsWindows-based Hosting Solution Components

Hosted Infrastructure Components: Server Purposing

Centralized Management

Update Management

Service Provisioning

Monitoring and Reporting

Hosted Services Components: Web Hosting

Windows SharePoint® Services Hosting

Data Hosting

Hosted Exchange 2003 Service

Windows-based Hosting Solution Components and Technologies UsedWindows-based Hosting Solution Components and Technologies Used

Windows-based Hosting Windows-based Hosting solution componentsolution component

Microsoft technologies Microsoft technologies usedused

Server Purposing Automated Deployment Services (ADS)

Centralized Management Active Directory®

Update Management Microsoft Software Update Services (SUS)

Service Provisioning Microsoft Provisioning System (MPS)

Monitoring and Reporting Microsoft Operations Manager (MOM)

Web Hosting Internet Information Service (IIS)

Data Hosting SQL Server™

Windows SharePoint Services SQL Server™

Windows-based Hosting Terms and Concepts (1 of 3)Windows-based Hosting Terms and Concepts (1 of 3) Hoster or service provider: Provides the network

infrastructure

Reseller: Sells infrastructure capacity

Customer: Leases space from a reseller to create Web site(s)

User: Browses customers’ Web sites

Unique IP Web site: Single IP address maps directly to a single customer Web site

Host header Web site: IP address is shared to multiple customers and host headers resolve to a single site

Windows-based Hosting Terms and Concepts (2 of 3)Windows-based Hosting Terms and Concepts (2 of 3)

Dedicated hosting: Single server is dedicated to one customer

Or dedicated servers within a shared Active Directory forest

With dedicated hosting: Customers get better performance and more

control over administration and Web site content.

Customers typically pay more for dedicated servers

Windows-based Hosting Terms and Concepts (3 of 3)Windows-based Hosting Terms and Concepts (3 of 3)

Shared hosting: Multiple customers share services on each server

in service provider's hosted environment

Customers are typically grouped on servers based on the services they purchase—usually corresponding to a particular service level or set of features

Service provider (not the customer) retains administrative control over each server

Documentation ViewerDocumentation Viewer It’s easy to find and use the information you need

with the new Web and CD-based documentation viewers

Content is organized into modules: Server Purposing Centralized Management Service Provisioning Update Management Monitoring and Reporting Data Hosting Web Hosting Windows SharePoint Services Hosting

How the Documentation Viewer is OrganizedHow the Documentation Viewer is Organized

SectionSection DescriptionDescription

Get Started Specific steps to properly plan and deploy the component

Checklist Deployment procedures to complete multi-step tasks

Build Complete deployment steps

Use Steps to manage, maintain, and operate in a hosting environment

Advanced Topics

Optional and advanced configuration and integration information

Best Practices

Best practices for installing, configuring and operating each component

Learn More About

Information for planning process deployment of the component, plus background knowledge related to the component and security design considerations

Online Links List of all external sites used in the module

 

Navigating the Content ViewerNavigating the Content Viewer

Logical DiagramLogical Diagram

Server Purposing OverviewServer Purposing Overview

With Server Purposing you can: Automate the process of building and configuring

your system, software, and services.

Ensure your security policies and process are implemented on each system.

Server Purposing: Automated Deployment Services (ADS)Server Purposing: Automated Deployment Services (ADS) ADS is a downloadable add-on component of

Windows Server™ 2003, designed for data centers containing over 10,000 servers and provides the following: Automates multi-server builds

Accelerates the process of preparing, purposing, and configuring Windows-based servers from bare metal to a fully operational server

Deploys or configures a server or group of servers based on external events such as a receipt of a customer order

Server Purposing Benefits Server Purposing Benefits BenefitBenefit DescriptionDescription

Significant reduction of server deployment cost

Pre-Boot Execution Environment (PXE) server and deployment agent enable remote builds of PXE-compliant bare-metal boxes, reducing the cost

Consistency in server provisioning, less human error

Through task sequence-driven automation, sample task sequences are extended to automate hardware configuration, operating system deployment, and application installation

Flexibility and agility through new imaging tools

New tools create smaller images that can be updated and edited without first being deployed to a server

Powerful, mass server administration

ADS enhances existing scripting investments and extends your ability to administer hundreds of servers

Simpler hardware configuration

Using Virtual Floppy, ADS incorporates standard server vendor MS-DOS tools into the deployment process to automate hardware configuration.

Easy integration through a choice of user interfaces

ADS offers a graphic user interface, command-line tools, and a rich Windows Management Instrumentation (WMI) program interface.

Consistent record of administrative history

ADS offers a centralized data store to maintain a complete history of all administrative tasks carried out using the ADS infrastructure.

 

Target Server

Administration Agent Windows-Present

Deployment Agent Pre-OS

ADS Secure, Hands-Off Imaging“Zero Touch Server Builds from Bare Metal”

ADS Secure, Hands-Off Imaging“Zero Touch Server Builds from Bare Metal”

DB

HardDisk

RAM

PXEFW

Logs all activity

ADS Controller

SSLSSL

Bare metal server PXE Boots and task sequence is initiated

Controller transfers deployment agent to RAM disk

Controller downloads DOS image for hardware configuration

11

22

33

Agent authenticates/ requests image

Image is personalized and boots to full OS with agent

Encrypted image is downloaded and deployed

44

55

66

PossiblyMulticast

Centralized Management OverviewCentralized Management Overview

Centralized Management allows you to do the following: Centrally manage all network users, groups,

computers and policies

Increase the number of servers, users, groups, and group policies per single administrator

Manage both shared and dedicated customers

Delegate administrative tasks to enable secure, role-based authentication

Enhance security with central authentication and best practices using Windows Server 2003 Security guidance

B

Centralized Management: Server-focused Benefits Centralized Management: Server-focused Benefits BenefitBenefit DescriptionDescription

Simple modelA model for managing user accounts and associated rights eliminates confusion when accounts and passwords are maintained locally

Cost efficienciesA single central model for managing the service provider accounts results in operational cost efficiencies

One set of toolsBecause all accounts and rights are defined in a single central location using Active Directory, you can use one set of tools to manage the solution

Single design and data store

This design and data store allows simple operational processes for backup, restore, disaster recovery, global system monitoring, and administration

Global security policyOperational benefits are realized through defining and managing a global security policy, including security lockdown processes

Automatic deployment of security policies

Centralized security permits you to deploy security policies globally from a central source to each server

Efficiencies in securityReduced operational tasks are also realized because any additions or changes to the overall security policies are implemented only once.

 

User-focused Benefits of Centralized ManagementUser-focused Benefits of Centralized Management

BenefitBenefit DescriptionDescription

A single design and data store

You can use simple operational processes to support external access to servers that provide client services

Performance of efficient and secure tasks

The security design and the delegated administration model provides for the extension of access rights to resellers and reseller customers.

Reduced cost and operational load

Cost is reduced because external users can perform tasks that would otherwise require service provider resources.

 

Active Directory: Components of Centralized ManagementActive Directory: Components of Centralized Management Multi-tenant design

Isolated resellers

Isolated resellers’ customers

Delegated administration

This solution proposes centralized management using two distinct phases:

Centralized server management—The first phase implements the internal service provider accounts and concurrent server rights plus many of the required security lockdown processes, in a centrally managed solution.

Centralized user management—The second phase addresses the extension of access rights to users outside of the service provider.

Centralized Management Design PrinciplesCentralized Management Design Principles

Simple

Secure

Manageable

Scalable

Preferred Active Directory Design: Shared forest

Single tree

Single domain

Active Directory: Recommended Design Single ForestActive Directory: Recommended Design Single Forest

CustomerLevel

DomainLevel

Acmehost.com

ResellerLevel

Hosting

Admin

Admin

Customer4

Admin

Customer3

Admin

Customer2

Admin

Customer1

Admin@joebobhost.com

Joebobhost.com

Admin@Sallyhost.com

Sallyhost.com

Centralized Management: Recommended OU DesignCentralized Management: Recommended OU Design

Organizational Unit DesignOrganizational Unit Design Suggested organizational unit (OU) hierarchy for centrally managed

security Domain Controllers (server names AD01, AD02) Computers Servers:

Infrastructure: Management (ADSC01 [ADS Controller]; MOM01;

MOMSQL01;SMS01) Provisioning (MPS01 [MPS Server] ) SQL (SQL01) UTIL01 (utility server)

Other Web Servers:

Shared Dedicated (WEB01, WEB02, PROV01 [provisioning server])

When you deploy individual servers, you first create them in the default computer's OU, configure them, and then move them into the destination OUs

Server Management through Group PolicyServer Management through Group Policy

Propagation of group policy throughout the data center is automatic

Group Policy settings are contained in Group Policy Objects (GPOs)

GPOs are associated with Active Directory object containers

GPOs enforce administrative roles

Group Policy allows delegated administration

Group Policy is the primary tool for defining and controlling how programs, network resources, and the operating system behave.

Update Management OverviewUpdate Management Overview

With update management you can control the deployment and maintenance of interim software releases into your production environments. Update management helps you:

Maintain operational efficiency and effectiveness

Overcome security vulnerabilities

Maintain a stable production environment

Update Management BenefitsUpdate Management Benefits

BenefitBenefit DescriptionDescription

Make updates automatically available

When administrators approve the updates, SUS automatically makes all critical and security updates available to all preconfigured servers.

Consistent installation

Using an automated software distribution tool to install standard software packages and options ensures a consistent installation.

Timely installationAn automated software distribution tool permits software releases and updates to be installed on a precise schedule.

Security Installation of updates typically requires administrative rights.

Timely status reporting

Automated monitoring and reporting capabilities result in feedback on the the installation.

Return on investmentThis investment in using an automated software tool is offset by the return on investment (ROI) that is offered through low overhead as compared to manual methods.

 

Overview of Update ManagementOverview of Update Management

AssessAssess IdentifyIdentify

Evaluate Evaluate & Plan& PlanDeployDeploy

1. Assess—Determine what you have in your production environment, what security threats and vulnerabilities you face, and whether your organization is prepared to respond to a new software update.

2. Identify—Discover new software updates in a reliable way, determine whether they are relevant to your production environment, and whether an update represents a normal or emergency change.

3. Evaluate and Plan—Make a decision whether to deploy the software update, determine what it will take to deploy it, and test the software update.

4. Deploy—Roll out the approved software update into your production environment so that you meet the requirements of any SLAs you have in place.

Windows Update: How It WorksScenario 1: User Initiated AccessScenario 2: Access via Automatic Updates (AU)

Windows Update: How It WorksScenario 1: User Initiated AccessScenario 2: Access via Automatic Updates (AU)

Windows Update

2. Client side code (CC) in browser (or AU) validates WU server and gets download catalog metadata

1. User points selects ‘Scan for updates’ or AU automatically checks for new updates (every 17-22 hours)

3. CC (or AU) uses metadata to identify missing updates

4. WU (or AU, if so configured) lists missing updates and user selects updates to download

5. CC (or AU) downloads, validates, and installs updates. AU downloads using BITS, and can be configured to allow user to select updates to install

6. CC (or AU) updates history and statistics information*

*Note: No personally identifiable information is collected.See http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy

ParentWUS Server

Firewall

ChildWUS Server

ChildWUS Server

Bandwidth

Throttling

WindowsUpdate Service

WindowsUpdate Service

Bandwidth

Throttling

Ban

dw

idth

Th

rottlin

g

2. Administrator reviews, evaluates, and approves updates

1. WUS Server check for updates every 24 hours*

3. Approvals & updates synced with child WUS servers**

4. AU (the WUS client) gets approved updates list from WUS server

6. AU either notifies user or auto-installs updates

7. AU records install history

5. AU downloads approved updates from WUS server or Windows Update

**WUS maintains approval logs & download, sync, & install statistics*Configurable 1/day or 1/week

WUS 1.0WUS 1.0

Update Management StrategiesUpdate Management Strategies

The Windows-based Hosting solution provides strategies for service providers and information about relevant Microsoft technologies, which include the following: Windows Update

Software Update Services (SUS)

Windows Update Services

Microsoft Baseline Security Analyzer (MBSA)

Systems Management Server (SMS)

Co

re U

pd

ate

Man

agem

ent

Cap

abili

ties

*MBSA does not support scanning Win98 – Win98 can be updated using SMS2003 inventory management and software distribution capabilities

Choosing A Update Management SolutionChoosing A Update Management Solution

CapabilityCapability Windows UpdateWindows Update SUS 1.0SUS 1.0 SMS 2003SMS 2003

Supported Platforms for Content

NT 4.0, Win2K, WS2003, WinXP, WinME, Win98 Win2K, WS2003, WinXP NT 4.0, Win2K, WS2003,

WinXP, Win98*

Supported Content Types

All patches, updates (including drivers), & service packs (SPs) for the above

Only security & security rollup patches, critical updates, & SPs for the above

All patches, SPs & updates for the above; supports patch, update, & app installs for MS & other apps

Granularity of Control

Targeting Content to Systems No No Yes

Network Bandwidth Optimization No Yes

(for patch deployment)

Yes (for patch deployment & server sync)

Patch Distribution Control No Basic Advanced

Patch Installation & Scheduling Flexibility Manual, end user controlled Admin (auto) or user

(manual) controlled

Administrator control with granular scheduling capabilities

Patch Installation Status Reporting

Assessing computer history only

Limited (client install history & server based install logs)

Comprehensive (install status, result, and compliance details)

Additional Software Distribution Capabilities

Deployment Planning N/A N/A Yes

Inventory Management N/A N/A Yes

Compliance Checking N/A N/A Yes

Service Provisioning OverviewService Provisioning Overview

Service provisioning relies on the Microsoft Provisioning System (MPS) to automate routine administrative server management tasks such as: Adding new users

Updating directory entries

Provisioning applications

Provisioning services

Service Provisioning BenefitsService Provisioning BenefitsBenefit Description

Improved process management

MPS manages multistep processes that can be executed asynchronously or synchronously a system administrator.

Task automation Automation of frequent or complex tasks reduces errors from manual performance.

Application providersProviders are included for Microsoft Active Directory, Internet Information Server (IIS), Exchange, Microsoft FrontPage® Server Extensions, and Telnet

Time savings System administrators can spend increased time with new users or customers.

Lowered administrative burden

Server-to-administrator ratio for Windows servers is improved, resulting in lower administration costs.

Lower costs Operational costs are lower due to fewer on-site visits.

Browser UI Web-based user interface (UI) can be controlled from any browser and provides you with a simple, out-of the-box interface.

Remote script execution

Execute scripts you already have by using the Telnet Provider and have the benefit of an audit trail for each server

 

Service Provisioning can automate:Service Provisioning can automate: Active Directory entries

Organizations and Users

SMTP Domains

User Accounts

Mailbox Allocation, Stores

Public Folders

Address Book Views

VPN circuits

VLAN segment configuration

User security

Print queues

File shares

Remote desktop config

DNS

Published applications

VPN user level security

Load balancing systems

Sites Servers, routers, SANs

Overview of Microsoft Provisioning System (MPS)Overview of Microsoft Provisioning System (MPS)

Microsoft Provisioning System–ProceduresMicrosoft Provisioning System–Procedures

Procedure can be a single provisioning action or a sequence of calls to other procedures

Procedure exposes a well defined XML input and output with schema checking

XML document describing procedure and namespace

Procedure can run using credentials

Microsoft Provisioning System–ProvidersMicrosoft Provisioning System–Providers Providers are COM objects

Do actual provisioning tasks as directed by a Procedure

Also implements compensation functionality Enables rollback

Standard Providers Active Directory Internet Information Server (IIS) Exchange FrontPage/SharePoint Team Services 2002 File System

Microsoft Provisioning System–InterfaceMicrosoft Provisioning System–Interface

The Interface is the method by which provisioning request data is submitted

Can also receive back data verifying whether any errors occurred or not

Requests can be received via: SOAP Listener

ProvTest.exe command line utility

Programmatic COM Object Interface

Microsoft Provisioning System–NamespacesMicrosoft Provisioning System–Namespaces

Defines a collection of related procedures Can be referenced directly by requests (public

namespace)

Can be called by other registered procedures (private namespace)

The provisioning engine caches namespaces and their procedures

Access to a namespace can be restricted by setting a namespace to public/private or group membership

MPS Request FlowMPS Request Flow Sign up a new customer Assign services

Shared IIS FrontPage

ActiveDirectory

IIS ResourceManager

IIS FrontPage

2. XML Provisioning Request1. HTTP Post via SSL

4. Providers perform tasks

5. XML Response6. HTML – Update Complete

• Active Directory Provider• Create New OU• Create Groups• Set Security• Delegate Permissions

• IIS Resource Manager• Find Available Resource

• IIS Provider• Create Folder• Set Security on Folder• Create Site• Set Security on Site

• FrontPage Provider• Enable SharePoint Team Services

3. Request Expansion

Web ControlPanel

Web ControlPanel

AD RM IIS FP

MPF

Request ExpansionRequest Expansion

Request Tasks

Overview of Monitoring and ReportingOverview of Monitoring and Reporting

Monitoring allows you to:

Correct problems before outages occur.

Reduce the costs of resolving problems when they do occur.

Meet your service level agreement obligations.

Plan for growth.

Share key system performance information with resellers and customers.

Business Benefits of MOMBusiness Benefits of MOM

MOM BenefitsMOM Benefits

BenefitBenefit DescriptionDescription

Distributed event management

MOM captures system and applications events and aggregates them into a central repository. Administrators can receive an overall view of server and service availability or they can obtain specific information.

Rules Administrator-created rules in MOM allow the system to react automatically to incoming message.

Alerts Any MOM rule can be configured to generate specific alerts with associated severity levels.

Performance monitoring

MOM can be set to monitor key performance thresholds. Rules may be customized and new rules added, allowing system and application performance trends to be monitored both for historical reporting purposes and capacity planning.

Enterprise scalability MOM manages Windows-based systems of all sizes. Systems running MOM can be designed to handle hundreds of millions of events per day.

Intelligent agents Based on the rule-sets defined by the administrators at a central console, MOM agents provide a high degree of intelligence.

Automated agent and rule deployment

MOM automatically detects and reports the presence of new servers and applications and services installed on them.

Mission-critical availability

Because both event and performance management of servers and applications are crucial to successful operations, MOM provides mission critical availability of the MOM servers and even the MOM database itself.

MMC console MOM uses the Microsoft Management Console (MMC) for all administrative tasks. Administrators can easily navigate through the hierarchical tree to access events, rules, reports and configuration activities.

InteroperabilityIntegration with Microsoft Windows Management Instrumentation (WMI) allows MOM to consume a wide range of events and performance data. MOM can also be configured to monitor SNMP event data (traps) for any specified devices.

MOM Architectural OverviewKey TermsMOM Architectural OverviewKey Terms Data sources

Events: Windows, application, WMI, service change, SNMP traps, timed events, missing events, UNIX syslogs, and so on

Performance data: used for graphs, reports and to set thresholds

Alerts MOMs indication of a particular issue: What operators see

first Based on events, performance thresholds, or script output

Response Reaction to an alert (auto-resolve, send e-mail, page, run

script)

Management Pack (MP) Set of processing rules to monitor applications Supporting views and reports

MOM ArchitectureMOM Architecture System Center Data Warehouse

SQL Reporting Services

MOM Database Data aggregation Knowledge - management

packs Configuration data

MOM Server Database access Consolidator Agent manager User interfaces Agentless monitoring

MOM Agents Local monitoring Local management Encrypted Communications

System CenterData Warehouse

Reporting

Agents

DB

Management Server

Ops ConsoleAdmin ConsoleWeb Console

Agents

Consoles View Alerts/Server State

condition requiring intervention execute tasks topological views service level exceptions

OpsConsole

Reporting

Internet Information

Server

HTTP

AdminConsole

Examples Server Availability Operational Health Security Events

System Center Data Warehouse

MOM Server

Agents Agents

WebConsole

Windows-based Hosting Management Pack Windows-based Hosting Management Pack

The Management Pack monitors and includes: System and service availability

System usage and performance

Errors and events

Data for views and reports

Automatic responses for: Self correcting problems Notification

The Management Pack is a bundle of selected rules that monitor critical services in the Windows-based Hosting platform. Having this Management Pack will help you to install and deploy MOM in one to two business days.

Logical DiagramLogical Diagram

Overview of Hosted Exchange 2003Overview of Hosted Exchange 2003

Hosted Exchange 2003 allows you to offer rich messaging services for consumers and small office/home office and small-to-medium sized enterprises.

You can offer a broad range of services that go from basic e-mail up to higher value services, such as providing additional storage, hosting vanity domains and calendars.

Overview of Hosted Exchange 2003 – User ExperienceOverview of Hosted Exchange 2003 – User Experience Multi-tenant hosting of server message blocks (SMBs)

Customer isolation in Active Directory®, address lists

Consumer users

Clients and protocols HTTP – Outlook® Web Access (OWA)

POP3/IMAP4

RPC over HTTPS – Outlook 2003

Automated provisioning

Delegated administration

Monitoring and reporting

Overview of Hosted Exchange 2003– Solution ContentsOverview of Hosted Exchange 2003– Solution Contents Documentation

Pub Studio content viewer PDF’s for printing

Reference architecture Fully prescriptive deployment steps

Code Provisioning Monitoring and reporting MakeGAlLinked.exe SMTP Domain Event Sink RPC over HTTP profile configuration Web site

Fully tested PSS supported

Improvements in Exchange 2003Improvements in Exchange 2003

Improvements related to front-end server deployment include: RPC proxy server Outlook Mobile Access (OWA)  Exchange ActiveSync®  OWA forms-based

authentication OWA S/MIME OWA compression

Improvements related to back-end server deployment include: Support for 8-node clustering

Improvements in Client ConnectivityImprovements in Client Connectivity

You can give customers more options for accessing e-mail, calendar, and contact information:

Outlook 2003

Outlook Web Access 2003

Outlook Mobile Access

ActiveSync

You can integrate a self-provisioning Web site for customers with the Hosted Exchange Web service methods and MPS. Through the site, a users could:

Update their Outlook profile settings.

Automatically configure their Outlook 2003 to connect directly through the Internet to Hosted Exchange 2003.

Connectivity for Mobile Devices Connectivity for Mobile Devices

Hosted Exchange 2003 allows service providers to enable the same features for mobile clientsas Exchange Server 2003. This includes: Allowing users to use mobile devices to access

their e-mail and their Contacts, Calendar, and Tasks folders, through OWA.

Allowing users to send and receive e-mail, contacts, and calendar items via wireless devices.

Considerations for Defining Messaging Service OfferingsConsiderations for Defining Messaging Service Offerings

Outlook 2003

Outlook Web Access for Exchange Server 2003

Mobile clients

Supporting POP3 and IMAP4 clients

Supporting public folders

Additional mailbox storage

Supporting mailbox backup and restore

Logical DiagramLogical Diagram

Web Hosting OverviewWeb Hosting Overview

Web Hosting enables you to offer customers a variety of hosted Web services, including: Basic dedicated mail.

ASP.NET applications.

Network Attached Storage (NAS) coverage.

The solution offers specific guidance for hosting Microsoft Internet Information Services (IIS) 6.0 and ASP.NET which results in: Easier deployment and configuration.

Reduced operational costs.

Increased scalability, functionality, and security.

Web Hosting Security OverviewWeb Hosting Security Overview

IIS 6.0 not installed by default Except Web Server Edition

Web Service Extensions Deny all undefined ISAPI and CGI

Improved NTFS permissions

Default Web site is static content only

URLScan-like rules enforced by default in http.sys

Undefined MIME types are not delivered

Applications do not run as System

Web Hosting BenefitsWeb Hosting BenefitsBenefitBenefit DescriptionDescription

Increased Web server reliability and availability

IIS 6.0 features a new, fault-tolerant architecture with health monitoring and process recycling that significantly increases the reliability of your Web server infrastructure.

Easier server management

IIS 6.0 features new management tools that reduce the time it takes to manage your Web server infrastructure, including a plain text XML configuration file that can be modified without having to stop the server.

Server consolidationIIS 6.0 is a highly-scalable Web server that provides new opportunities for Web server consolidation and enables more applications to be hosted on a single server.

Faster application development

With Windows Server 2003 and IIS 6.0, application developers benefit from a single, integrated application hosting environment and a broad choice of languages for rapid application development.

Increased securityIIS 6.0 provides improved security for Web servers. IIS 6.0 is locked down by default, limiting the attack surface area through aggressive security defaults.

 

Web Hosting Scenarios Web Hosting Scenarios The scenarios below describe the most likely configurations for service providers:

Discount Dedicated Hosting The host running IIS is dedicated to the exclusive use of one customer

and there is no Active Directory management of the server or users. Managed Dedicated Hosting

The host running IIS is dedicated to the exclusive use of one customer and Active Directory may be used by the service provider to manage the server, but not the users.

Shared Web Hosting The host running IIS is shared by multiple customers and Active

Directory is used to manage the server and the users. IIS deployments are configured to use Windows Authentication mode. When IIS is integrated with Active Directory in this way, only users with a valid Active Directory account can connect.

Application Hosting The service provider offers either shared or dedicated Web hosting

services and uses Active Directory to manage the server and users. The Web sites hosted in IIS will often be integrated with other applications. IIS deployments are configured to use Windows Authentication mode because Active Directory is used to manage both the server and the users.

Internet Information Server (IIS) 6.0 ArchitectureInternet Information Server (IIS) 6.0 Architecture

WWW WWW ServiceServiceWWW WWW

ServiceService

Co

nfi

g M

gr

Pro

cess

Mg

r

HTTP.sysHTTP.sysHTTP.sysHTTP.sys

Web GardenWeb Garden

W3WP.exeW3WP.exeW3WP.exeW3WP.exe

ISAPIISAPIExtensionsExtensions(ASP, etc.)(ASP, etc.)

ISAPI FiltersISAPI Filters

Application Pool 2

Application Pool 2

W3WP.exeW3WP.exeW3WP.exeW3WP.exe

ASP.NET ISAPI

CLR Application Domain

CLR Application Domain

W3WP.exeW3WP.exeW3WP.exeW3WP.exe

ASP.NET ISAPI

CLR Application Domain

CLR Application Domain

INETINFOINETINFO

metabase

Application Pool 1

Application Pool 1

W3WP.exeW3WP.exeW3WP.exeW3WP.exe

ISAPIExtensions(ASP, etc.)

ISAPI Filters

Overview of Data HostingOverview of Data Hosting

Provide Data Hosting services to customers on dedicated servers, shared servers, or both.

Keep customer data secure by using one of two authentication models: The authentication method you choose impacts your

SQL Server deployment for both user authentication and the account under which the SQL Services run.

When you deploy SQL Server, choose between Windows Authentication Mode and Mixed Mode. Active Directory is required for Windows Authentication Mode and is optional for Mixed Mode.

Deploy Shared or Dedicated Servers.

Data Hosting Deployment Scenarios:Shared and DedicatedData Hosting Deployment Scenarios:Shared and Dedicated

Shared – one SQL Server shared by multiple customers Customers usually have some restrictions on how they

access this server, and what SQL functionality is available For example, the Microsoft Distributed Transaction Coordinator

(MSDTC) may be disabled.

Dedicated - one SQL Server per customer Windows-based Hosting solution doesn’t recommend

placing IIS and SQL Server on the same server

Customers typically have more freedom to use all the functionality of SQL Server (unless managed by service provider, in which case some restrictions may apply)

Data Hosting Authentication Mode: Why Use Windows Authentication Only?Data Hosting Authentication Mode: Why Use Windows Authentication Only?

Reference architecture uses Windows authentication Most secure configuration for SQL Server

configuration

Can use Windows and SQL authentication Gain benefit of Active Directory for centralized

management Without using Active Directory for user

management, you rely on SQL Servers’ security methods to protect data Much less secure because SQL login credentials are

passed over the network and not hashed

Data Hosting BenefitsData Hosting Benefits

BenefitBenefit DescriptionDescription

Clickstream analysisGain a deep understanding of online customer behavior, so that you can make better business decisions.

Distributed partitioned views

Partition your workload among multiple servers for additional scalability.

High availabilityMaximize the availability of your business applications with log shipping, online backups, and failover clusters.

SecurityEnsure your applications are secure in any networked environment, with role-based security and file and network encryption.

Simplified database administration

Automatic tuning and maintenance features enable administrators to focus on other critical tasks.

Application hostingWith multi-instance support, SQL Server enables you to take full advantage of your hardware investments so that multiple applications can be run on a single server, or outsourced.

Logical DiagramLogical Diagram

Windows SharePoint Services OverviewWindows SharePoint Services Overview

Windows SharePoint Services Hosting allows you to create Web sites for information sharing and document collaboration.

Windows SharePoint Services is a component of the Windows Server 2003 information worker infrastructure that: Provides team services and sites to Microsoft

Office System and other desktop programs.

Serves as a platform for application development.

Windows SharePoint Services Benefits Windows SharePoint Services Benefits BenefitBenefit DescriptionDescription

Advanced file sharingWindows SharePoint Services supplies Web sites with document storage and retrieval with check-in and check-out functionality, version history, custom metadata, and flexible, customizable views.

Information management

SharePoint sites store event calendars, contacts, Web links, discussions, issues lists, announcements, and more.

Configurable user control

You can grant users the ability to create sites, control site membership, monitor site usage directly, and moderate content submissions. Users can create and share site templates.

Tracking and quota management

Despite the authority delegated to users, Windows SharePoint Services enables you to track which sites are created, who owns them, how long a site has gone unused, and so on.

Enterprise scalability

Deploy Windows SharePoint Services in server farms that support tens of thousands of sites and can handle hundreds of thousands of users. Windows SharePoint Services supports load balancing for Web servers and server clustering technology for all data.

Choice of management channels

You can manage and configure Windows SharePoint Services by using a Web browser or command-line utilities. You can also manage server farms, servers, and sites by using the Microsoft .NET Framework–based object model and Web services.

 

The newest version of Windows SharePoint Services Hosting includes the following new features:The newest version of Windows SharePoint Services Hosting includes the following new features:

A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS

A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS

Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)

Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)

What’s New in Windows SharePoint ServicesWhat’s New in Windows SharePoint Services

Windows SharePoint Services ArchitectureWindows SharePoint Services Architecture

Enabling Contextual CollaborationAdding “Real-Time” to Microsoft Office SystemEnabling Contextual CollaborationAdding “Real-Time” to Microsoft Office System

Presence, IM, and Web Conferencing in Outlook, Word, SharePoint, etc.

Enabling higher productivity from peoples’ favorite applications

Microsoft’s Hosting SolutionsMicrosoft’s Hosting Solutions

What do I do next?What do I do next? Schedule a Quick Start–Proof of Concept (POC) in

lab environment for Windows-based Hosting by contacting the technical specialist (TS): All knowledge transfer from Architectural Design

session will be communicated from TS to Tireno for Quick Start POC.

In addition to Tireno, at least one technical staff at your company will shadow Tireno Consultant .

OR All knowledge (all Windows-based Hosting materials

listed above) transfer from ADS will be managed by the TS to you, the customer.

Review materials, resources, and solution components for self-paced deployment.

Discussion and Q&ADiscussion and Q&A

© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.