Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
ON GUARDHow to stay one step ahead of the hacker. Page 10
THE INSIDER’S GUIDE TO MICROSOF T TECHNOLOGY// SEPTEMBER 04
THE PERFECT BALANCEHow can Microsoft Partnershelp the IT pro? Page 8
ORCHESTRATING ITGet the best out of Active Directory. Page 18
REGULARS14. DEPLOYMENT:How to deploy IIS 6.0
16. SOLUTIONS IN ACTION: .NET Framework for the Inland Revenue
23. EMERGING TECHNOLOGY:Business Intelligence with SQL
26. HIDDEN GEMS:Office secrets, part II
30. MODEL ENTERPRISE:The benefits of .NET Framework
FEATURES4. UPDATE:Including online communities, lifecyclesupport and IT Forum preview
29. FACE TO FACE: With Microsoft’s mobile services director
34. FAQS:Your questions answered
03
Dear all,Welcome to the Autumn 2004 edition of FYI magazine. It’s been nearly a year since we began evolving this publication and your input, feedback andsupport has been invaluable in shaping a magazine that I hope is bothinteresting and useful.
Inside this issue, we explore system security, a high priority for all of us, andyou’ll find practical advice on making sure you have the best defence strategyin place. We give you step by step guidelines on how to make the move to ActiveDirectory® and in the Deployment feature we focus on successfulimplementation of IIS 6.0. In the Model Enterprise feature we find out how theinternal Microsoft IT team has made beneficial use of the .NET Framework andyou can read a case study on the technology behind the Inland Revenue’sswitch to an online PAYE system.
I’m keen to make sure that FYI continues to fulfil your informationrequirements and invite you to complete the survey enclosed. The survey is brief, and I would greatly appreciate you taking the time to complete it – if you do, you get the chance to win one of three fabulous i-mate GSM/GPRSPocket PCs.
I hope that you enjoy the magazine.
Kind regards
Claire SmythIT Professional Audience Manager
P.S. To get your copy of FYI, subscribe FREE at www.microsoft.com/uk/fyi or fill in the
subscriptions card with this issue.
EDITOR’S VIEW
FYI is published for Microsoft Ltd by Just, 76-80, Southwark Street, London, SE1 OPN. Telephone: 020 7837 8337Editorial enquiries: [email protected]
For Microsoft Ltd IT Pro Audience Manager Claire Smyth IT Pro Audience Communication Manager Julie Kertesz
For JustManaging editor Lisa Finnis Deputy editor Liesl Hattingh Sub editor Louise Stewart Art Director Steven Price Production controller Eleanor Woods Account manager Miles Wratten Repro by Zebra Printed by Wiliams Lea Group© 2004 Microsoft Corporation. All rights reserved. Microsoft, the Microsoft logo, Active Directory, Visio, Encarta,Visual Studio, MapPoint, MSDN, Windows, Windows Server System, InfoPath,Windows NT, Outlook, Visual Basic andVisual C# are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.All other trademarks are held by their respective companies.
COVER PHOTOGRAPHY: Getty Images
Microsoft contributorsJohn Allwright – Product Marketing ManagerJacqueline Boyle – Breadth Partner Marketing Team ManagerCheryl Bradley – Programme Manager, Support PolicyRenaud Besnard – Product Solution Marketing ManagerKeith Burns – Data Platform Technical SpecialistLisa Clegg – Partner Development Manager, Certified Partner Programme Mary-Alice Colvin – Product Manager, IISRam Dhaliwal – Partner Development Manager, Training and Certification Michael Emanuel – Director in Enterprise Management DivisionRob Gray – Data Platform Technical SpecialistJo-anne Handley – Product Manager, Visio, Publisher and OneNoteNeil Laver – Group Product Marketing ManagerRichard T Manion – Partner Technical Lead, Microsoft EMEAStuart Okin – Chief Security OfficerRandy Ramusack – Senior IT Account ManagerDave Sayers – Technical SpecialistTim Sneath – Architectural Engineer, Developer and Platform GroupMark Spain – Director, Windows MobileMatthew Stephen – Data Platform Technical Specialist Mark Tenant – Windows Server Product Manager Dianne Terry – Project Marketing ManagerMelita Walton – Communities Marketing ManagerJonathan Wells – Product Manager, .NET Framework Microsoft CorpHilary Wittmann – Server Solutions Marketing Manager
WELCOME SEPTEMBER 2004
If you ve enjoyed TechNet events or webcasts, this month s cover mount
should appeal to you. It contains all you need to enjoy Radio TechNet. This is
audio-only content aimed at IT professionals, and is usually available on the
Microsoft TechNet web site at
www.microsoft.com/technet/community/tnradio/default.mspx
Each month, TechNet Radio features broadcasts from Microsoft
insiders on the most current issues of the day. Recent broadcasts
include how Microsoft handles patch management tasks and
performs security updates on one of the world s busiest corporate
websites; and how Microsoft Information and Technology group
develops key security strategies, manages risks, and maintains its
security environment.
UPDATE
An overview of upcoming events, products in the pipeline and key new initiatives update
04
Customers buying or upgrading to Visio¤
Professional 2003 can make Visio even more
useful by taking advantage of a special offer
on the Microsoft Office Visio 2003 Resource
Kit for IT Professionals. Visio 2003 lets you
create business and technical diagrams that
document and organise complex ideas,
processes and systems.
By adding the Resource Kit for IT
Professionals, you can increase the
usefulness of Visio in your role as an IT
Pro. The kit will auto discover the layout
and contents of your local area network,
and you can make use of thousands of
manufacturer-specific equipment shapes to
produce a network diagram that clearly and
accurately reflects the structure and contents
of your infrastructure.
The kit gives you access to Fluke Networks
LAN MapShot (a product valued at US$495),
and to Altima Technologies NetZoom
Stencils for Visio (valued at US$299), but
costs just US$18.95 plus shipping and
handling. The offer expires on 1 January 2005.
LAN MapShot discovers all the IP and
NetBIOS devices, including switches,
servers, routers, printers, hubs, hosts and
Fluke Networks tools, as well as IPX
servers and printers, in your local broadcast
domain. This data is collected,
automatically exported to Visio 2003, and
a diagram of the infrastructure devices is
created including slot, port and line speed
between connected devices.
NetZoom allows users to create network
designs and documentation, presentations
and proposals with Visio 2003.
The full NetZoom collection consists of
over 60,000 manufacturer-specific
equipment shapes from over 2,000 popular
computer, network, telecommunications and
audio/video equipment manufacturers. The
Visio kit includes the most popular 28,000
shapes from the NetZoom collection.
Visiospecial offer
If you can t find a shape to meet your
requirements, you can subscribe to the full
copy of NetZoom, and Altima will create the
shape you need.
For more information and to order please
go to http://microsoft.order-9.com/
visiopro/splash.htm
Your FREETechNet Radio CD
UPDATE
05
Microsoft relaunched its product support
lifecycle policy in June with the intention of
offering IT professionals a cycle time that fits
more closely with their internal IT lifecycles.
You ll know from the product launch date what
the support lifecycle of the product will be, so
you can plan investment before you buy the
product. You will be able to build your IT
plan for five or seven years into the future.
Now, most Microsoft business and
developer products will have 10 years of
product support from the date launched, split
into five years of mainstream support, and
five years of extended support. Mainstream
support covers incident support, security
updates, and requests for non-security
hotfixes. Extended support includes paid
assisted support and security update support
at no extra cost. Non-security related hotfix
support requires a separate Extended Hotfix
Support contract to be purchased. Find out
more at www.microsoft.com/lifecycle
Supportlifecycle
IT ForumpreviewThe theme at this year s IT Forum is Security,
and the conference for IT managers, systems
and applications architects, specialists and
administrators will be held in Copenhagen
from 16-19 November. The keynote speaker
is Bill Gates and the conference offers over
200 sessions covering areas including
security; messaging and mobility; planning
and deployment; administration and
management; all designed to help you plan,
deploy and manage the secure connected
enterprise. Attendees will also have the
opportunity to take part in hands-on labs
to try out the latest versions of Microsoft
software. To register, go to
www.microsoft.com/europe/MSITforum
TechEd 2004
As an IT pro or developer you re probably already a
member of several user groups or communities and
fully aware of the benefits they bring. If you re not,
here s a quick summary of what they can offer you.
The many active user groups around the UK are a
great source of support and understanding from
people who are in similar roles to yourself, so you
can talk about your software and what you re using it
for. Many of the user groups run events, often
featuring leading speakers, who can be pretty
inspirational. And at IT events such as these there are
usually opportunities for having fun and networking.
As an example of the type of group you might join,
the UK SQL Server Community has over 7,500
members in the UK. It offers free membership,
events, comprehensive FAQs, forums, and SQL
blogging. Like many groups, it is run by a Most
Valued Professional (MVP), and it has access to most
of the world s leading SQL Server and
database professionals. You can find
details of all the UK user groups on the
MSDN¤ site — check out the
Communities link at
www.microsoft.com/uk/
msdn/community/usergroups.asp
If you can t see the group you want, or you have
other questions relating to communities and user
groups, send an email to [email protected]
If you do choose to join a group, you ll find that
the combination of experts and other professionals
using the same software as you means that you
become part of a community who understand the
challenges you re facing.
You’renot alone
Over 6,500 IT pros and developers attended this year s
TechEd Europe in Amsterdam to hear announcements of new
products and to attend the hundreds of technical sessions
on every aspect of Microsoft products. The event kicked off
with a keynote address where every attendee was given an
African drum and encouraged to take part in an impromptu
recital. Being in a crowd of 6,500 people drumming out
rhythms was quite an experience! Leading on from this
extravaganza, attendees heard details about the new
Microsoft Express product line, a set of lightweight software
development tools designed for use by people who want to
try out programming in Visual Studio¤ .NET but who don t
have the full product. It s envisaged that the product will
appeal to hobby programmers and students.
The other major announcements at TechEd were the
release of Visual Studio 2005 Beta 1 for testing and
evaluation; and real-time locations services for MapPoint
Location Server — thanks to a partnership involving
Microsoft MapPoint¤ , O2 and TeliaSonera AB. In the future,
companies will be able to use the service to improve the
way they locate, track and manage their mobile assets and
mobile work force.
september 2004
UPDATE
06
Q: What exactly is System Center?
A: This is a new product suite that will include both Systems
Management Server (SMS) and Microsoft Operations
Manager (MOM). System Center will make use of the
new version of Systems Management Server.
The great thing about it is that it will join all the information
together that SMS and MOM create. At the moment, the
information ends up in two separate stores — the SMS database
and the MOM database. This means that system
administrators can t easily take information from MOM, say,
and compare it against actions taken by an SMS operator. For
example, it would be very useful to correlate an error reported
by MOM, with changes reported by SMS. With System
Center this will be possible.
The missing piece that will provide this is integration
of a common data repository that coordinates data from both
sources. The third piece, System Center Reporting Server
2005, won t affect any use of MOM or SMS individually, but
it will synchronise data from MOM and SMS and join the two
into a powerful data reporting back end. It will be based on
data warehousing and data mining techniques. The process
is quite sophisticated. If you get a record in from SMS, and the
data store has received similar data relating to the same thing
from MOM, the reporting server must resolve the conflict.
It must also ensure that timestamps are synchronised so that
reports can provide information such as What changes have
we made since yesterday at two o clock?
System Center Reporting Server will become the basis of
your decision support centre. It s based on SQL Server and
SQL Server Reporting Services, which is a key fact.
IT has grown up as a separate science from everything else.
People have invested vast amounts of money on custom
applications, where you just wish that if only you could use
standard Office tools, the solutions would be a lot cheaper.
Excel offers a great way to visualise data, couldn t I use it
against my standard SMS system, couldn t I use it against
my SMNP system that s monitoring my network? Often today
the answer is that it s too difficult. But if we could start using
standard SQL reporting tools, then potentially you can use all
business intelligence tools against it, even to the point of
integrating your enterprise resource planning (ERP) system
into your IT system.
This would all help the idea of ERPfor IT, of IT governance.
ACFO of an organisation is responsible for knowing where
every penny goes — if they re running a manufacturing plant,
they will know where every piece of capitalised equipment is,
they ll know how much all their plant costs, how they re
depreciating it, they ll know about everything — except, they
just gave this much money to the IT department, and they
don t know what happened to it. And why not? The answer
is, the information is probably there, but it s in a different
database. Of course it would be very nice if the tools used by
the IT staff would feed standard business tools. And that s
exactly what we ll be able to do with System Center.
The other thing we ll be providing at that level, which has
already begun with MOM 2005, is a web services layer on top
of the alerting services of MOM.
MOM is able to look at all the events that are flying around
the network in a day, and find one problem — often hidden
among potentially tens of millions of pieces of data. It s great
to be able to pop that one problem up onto the screen for the IT
staff to deal with, but if we can publish that same alert and the
history behind it to a web services layer where everyone could
subscribe, that would mean other systems could be alerted and
take appropriate action — not just other management systems
with dedicated integration gateways, but any business system.
After all, if I know that my web servers are having some
trouble, that might have an impact on my ability to take orders.
So it would be very nice to be able to feed the alert that says
Your web servers are under-performing to the person who s
responsible for the ordering system, so they realise that the
backlog of orders in their queue is due to the problem with the
web servers rather than any other cause.
The three components that make up System Center in
the first version will be the change management, operations
management, and the reporting server back-end. The change
management, for reasons of history, is called SMS, and the
operations manager is called MOM. If we were starting from
scratch, they d be called System Center Change Manager and
System Center Operations Manager. We re leaving the names
intact because we want to make it clear to customers that they
don t have to buy all three. However, if you use two or three
of the components, the systems integrate and complement
each other to give a better together experience.
Q: If customers already have SMS, MOM, and the
Reporting Services from SQLServer under Software
Assurance, will they need to buy the System Center
as a separate product?
A: We will be able to give them the additional pieces to integrate
the elements together. If they own the elements but don t have
Software Assurance, SMS and MOM will still be fine, but
they ll need to buy System Center Reporting Services at the
back end, and that will integrate the other two pieces.
For more informationwww.microsoft.com/management/sc-overview.mspx
Looking aheadto System CenterMichael Emanuel, Director in the Enterprise Management Division
of Microsoft Corp, tells FYI about what System Center will offer
“System Center Reporting Server… will synchronise data from MOM or SMS and join the two into a powerful data reporting back end.”
september 2004
UPDATE
06
Q: What exactly is System Center?
A: This is a new product suite that will include both Systems
Management Server (SMS) and Microsoft Operations
Manager (MOM). System Center will make use of the
new version of Systems Management Server.
The great thing about it is that it will join all the information
together that SMS and MOM create. At the moment, the
information ends up in two separate stores � the SMS database
and the MOM database. This means that system
administrators can�t easily take information from MOM, say,
and compare it against actions taken by an SMS operator. For
example, it would be very useful to correlate an error reported
by MOM, with changes reported by SMS. With System
Center this will be possible.
The missing piece that will provide this is integration
of a common data repository that coordinates data from both
sources. The third piece, System Center Reporting Server
2005, won�t affect any use of MOM or SMS individually, but
it will synchronise data from MOM and SMS and join the two
into a powerful data reporting back end. It will be based on
data warehousing and data mining techniques. The process
is quite sophisticated. If you get a record in from SMS, and the
data store has received similar data relating to the same thing
from MOM, the reporting server must resolve the conflict.
It must also ensure that timestamps are synchronised so that
reports can provide information such as �What changes have
we made since yesterday at two o�clock?�
System Center Reporting Server will become the basis of
your decision support centre. It�s based on SQL Server and
SQL Server Reporting Services, which is a key fact.
IT has grown up as a separate science from everything else.
People have invested vast amounts of money on custom
applications, where you just wish that if only you could use
standard Office tools, the solutions would be a lot cheaper.
Excel offers a great way to visualise data, couldn�t I use it
against my standard SMS system, couldn�t I use it against
my SMNP system that�s monitoring my network? Often today
the answer is that it�s too difficult. But if we could start using
standard SQL reporting tools, then potentially you can use all
business intelligence tools against it, even to the point of
integrating your enterprise resource planning (ERP) system
into your IT system.
This would all help the idea of ERPfor IT, of IT governance.
ACFO of an organisation is responsible for knowing where
every penny goes � if they�re running a manufacturing plant,
they will know where every piece of capitalised equipment is,
they�ll know how much all their plant costs, how they�re
depreciating it, they�ll know about everything � except, they
just gave this much money to the IT department, and they
don�t know what happened to it. And why not? The answer
is, the information is probably there, but it�s in a different
database. Of course it would be very nice if the tools used by
the IT staff would �feed�standard business tools. And that�s
exactly what we�ll be able to do with System Center.
The other thing we�ll be providing at that level, which has
already begun with MOM 2005, is a web services layer on top
of the alerting services of MOM.
MOM is able to look at all the events that are flying around
the network in a day, and find one problem � often hidden
among potentially tens of millions of pieces of data. It�s great
to be able to pop that one problem up onto the screen for the IT
staff to deal with, but if we can publish that same alert and the
history behind it to a web services layer where everyone could
subscribe, that would mean other systems could be alerted and
take appropriate action � not just other management systems
with dedicated integration gateways, but any business system.
After all, if I know that my web servers are having some
trouble, that might have an impact on my ability to take orders.
So it would be very nice to be able to feed the alert that says
�Your web servers are under-performing�to the person who�s
responsible for the ordering system, so they realise that the
backlog of orders in their queue is due to the problem with the
web servers rather than any other cause.
The three components that make up System Center in
the first version will be the change management, operations
management, and the reporting server back-end. The change
management, for reasons of history, is called SMS, and the
operations manager is called MOM. If we were starting from
scratch, they�d be called System Center Change Manager and
System Center Operations Manager. We�re leaving the names
intact because we want to make it clear to customers that they
don�t have to buy all three. However, if you use two or three
of the components, the systems integrate and complement
each other to give a �better together� experience.
Q: If customers already have SMS, MOM, and the
Reporting Services from SQLServer under Software
Assurance, will they need to buy the System Center
as a separate product?
A: We will be able to give them the additional pieces to integrate
the elements together. If they own the elements but don�t have
Software Assurance, SMS and MOM will still be fine, but
they�ll need to buy System Center Reporting Services at the
back end, and that will integrate the other two pieces.
For more informationwww.microsoft.com/management/sc-overview.mspx
Looking aheadto System CenterMichael Emanuel, Director in the Enterprise Management Division
of Microsoft Corp, tells FYI about what System Center will offer
“System Center Reporting Server… will synchronise data from MOM or SMS and join the two into a powerful data reporting back end.”
september 2004
pre-sales technical assistance via the Web or
over the phone.
Gold Certified PartnerThis is the top level partnership. To achieve
Gold certification an organisation would have
demonstrated expertise in one or more areas
of Microsoft technology and have proven
customer success stories in one or more
Competency areas. They are offered additional
benefits including co-marketing support and
top level ranking in partner directories.
Balancing expertise Already there are over 2,000 Microsoft
Certified Partners, nearly 200 Gold Certified
Partners and over 7,000 Registered Members
in the UK. The 92 per cent renewal rate
of Certified Partners indicates a high level of
programme satisfaction.
Microsoft would expect many organisations
to join at the Registered Member level and then
progress through the partner grades to become
a Certified or Gold Certified Partner.
The level that an organisation achieves
is based on what are called Partner Points.
By achieving various objectives a partner
company gains points allowing them to
register at an appropriate level.
Points can be awarded across a range
of activities such as gaining a Microsoft
Competency, having Microsoft Certified staff,
servicing and supporting Microsoft based
solutions, customer references, customer
satisfaction and developing software. During
AGENDA
september 2004
08
The new Partner Programme, launched in
April 2004, represents a distinct change for
the better as partner organisations can now
be measured on their practical capabilities
and reference capability as well as through
their certification levels.
There are three levels of partner
membership. Each level contains a set of
benefits which are added to incrementally
as the partner progresses through the ranks.
Registered MemberThis represents the entry level of partnership
and can be gained by any partner
organisation, irrespective of skills or
engagement profile. This level is free of
charge to join, and provides access to some
key Microsoft resources, including free
Business Critical Telephone Support —
which allows a partner to contact Microsoft
directly in order to obtain telephone
technical support for its customers who
are in a system-down situation.
Certified PartnerThese partners have already demonstrated
expertise in areas of Microsoft technologies
and engagement with customers. In addition
to this they will hold Microsoft certifications.
Access to software for internal use is a major
incentive for Certified Partners and can
significantly offset the costs of joining the
programme (currently £1,000 +VAT per
year). Certified Partners are also assigned a
telephone account manager at Microsoft and
The Microsoft Partner Programme is one of
the most successful customer engagement
models in the IT industry. We look at what
the Partner Programme consists of and
what it means to you
ESSENTIALSUMMARY
The Microsoft Partner Programme
provides a robust framework for the
successful deployment of Microsoft-
based business solutions. IT pros using
partner organisations to deliver
solutions can be assured of the best
skillsets outside of Microsoft itself.
BUSINESS VIEWPOINT
Benefits of using a Microsoft
Certified or Gold Certified Partner
■ Confidence in the knowledge the
partner has been approved by
Microsoft and they are supported
through training, tools and regular
updates. You can be confident they
are well qualified to give you the
right advice.
■ Confidence in the technical
understanding of the partner and
their quality, as all partners have
access to fully road-tested
techniques and architectures –
supplied by Microsoft.
■ Confidence in the commitment to
Microsoft-based technologies made
by the partner. All Microsoft Certified
Partners have Microsoft Certified
professionals working for them.
Perfect partners: getting the balance right
AGENDA
09
september 2004
FOR MOREINFORMATION
Find a partner
If you’re looking for a partner go to
www.microsoft.com/uk/experts
Microsoft Partner Programme
For more information, or to join, visit
www.microsoft.com/uk/partner/programme
Partner Training and Events Centre
Microsoft is developing programmes
and offers in conjunction with its
Gold Certified Partners for Learning
Solutions (CPLS – formerly CTECs)
to assist partners in achieving the
relevant training and certifications
required per competency. Find out
more at
www.microsoft.com/uk/partner/
trainingandevents
Partner Update
To subscribe to the new-look Partner
Update magazine, visit
www.microsoft.com/uk/partner/
partnering/subscription
The next issue is out in October.
2004 the programme will mature further and
additional categories will attract points such
as unit sales of Official Microsoft Learning
Products and revenue generated by credited
sales of Microsoft software licences.
The rationale behind the points system is
to clearly balance expertise across the board.
Partners are many and varied, and developing
a fair framework to measure an organisation s
competencies is difficult, but this goes a long
way to address this problem. No more is it a
case of just having as many Microsoft
Certified Professionals (MCPs) as possible,
now a partner needs to demonstrate practical
use of their skills if they wish to progress to
become a Gold Certified Partner.
CompetenciesAs mentioned, a partner can define an area of
specialisation known as a Competency. These
Competencies cover a range of recognised
expert solution areas and to gain a Competency
a partner needs to demonstrate technical and
business skills in a solution area, backed up
by customer references.
Partner Competencies include networking
infrastructure, security, business intelligence,
information worker and learning solutions.
Each of these Competencies has been fine-
tuned by Microsoft to represent industry best
practices and by achieving a Competency,
partners can demonstrate to their potential
customers that they really do understand a
solution area. For the partner, the benefits of
achieving a Competency include additional
access to tools, services and content tuned to
that solution area.
The benefit of joining the Microsoft
Partner Programme is significant, and any
organisation selling IT-related services
should seriously review the opportunities
it presents. Even for organisations with wide
skill sets, Microsoft software is so prevalent
it is a fair bet it will touch many of the
customer solutions or business requirements
that partners are involved with.
Finding the right partner Microsoft partners come in all shapes and sizes.
Due to the breadth of the new programme it is
possible to register at the basic level as a one-
person operation. At the other end of the
spectrum, Microsoft has huge partners such as
Computacenter and HPcapable of delivering
large global solutions.
The benefit of the programme is absolutely
in the knowledge that to achieve a level of
membership there is a requirement to
demonstrate proven expertise. Probably one of
the most beneficial aspects of the programme
is the customer references. The references give
potential customers the security of knowing
that existing customers have been happy with
the way the partner has treated them, and that
the projects undertaken have ended
successfully. This reduces concerns about
committing a large amount of time and money
to a new venture with a partner with whom the
customer has not previously worked.
Finding a partner is now a lot easier as
you can base your choice on Microsoft
Competencies — finding a partner who has
delivered a similar solution to your sector
is a great place to start. The partner search
tools on the Microsoft web site also allow
searches based on technical expertise and
geographical area covered. Additional
information about your vertical industry helps
to refine the result set.
The perceived independence of a Microsoft
partner would be of concern to many IT
professionals. By becoming a member of
the Microsoft Partner Programme, an
organisation is, of course, making a public
statement about their endorsement of
Microsoft based technologies. Does this mean
that a partner would force an inappropriate
solution on a customer simply because it is
from Microsoft? The answer is no — the major
factor in the success of a partner is its ability to
stay in business. Despite being aligned with
Microsoft many partners are also aligned
with other vendors so that customers have a
broader choice. The major disadvantage of
this may be that some partners spread their
expertise too thin on occasions as they attempt
to understand competing technologies. Again,
the choice is ultimately down to the customer.
What type of activity would a partner get
involved in? Turn that around and ask what
sort of problem or issue are you trying to
solve? Maybe you have a need to deploy
Windows¤ XP, maybe you have an Exchange
upgrade requirement or maybe you need to
get a business solution developed. Microsoft
partners are able to work through all of these
and many more requirements.
Looking at the cross section of partners
Microsoft has, most are in the infrastructure
and software roll-out area. Quite a few are
training providers and then you have the niche
providers typically undertaking bespoke
software development using products such
as Visual Studio and the .NET Framework.
ConclusionThe Microsoft Partner Programme has
evolved considerably since it started many
years ago. Back then it was a question of
paying money, meeting Microsoft
certifications and joining the programme,
which allowed a variable quality of partner.
The new Partner Programme delivers an
effective, quality engagement model that
an IT professional can rely on to help them
achieve their objectives. After all, this is
what it is all about! ■
september 2004
10 Hackers, their tools, their expertise and their
ability to subvert security mechanisms are
improving all the time. Long gone are the days
when installing a firewall on your perimeter was
‘enough’. With the open architectures of today’s
IT infrastructures hackers have the ability to
reach right into our back end systems, through the
firewall and via our web applications that feed
into our database servers. Open design and end-
to-end communication, while good for doing
business, have made it easy for the attacker.
A firewall cares not about what’s inside
a packet travelling on the network wire, it
only troubles itself with packets sent to
Defeating the
hackerEveryone knows hackers are out there. We
all wonder when and where they will strike
next and whether we will be a target. David
Litchfield takes a cool-headed look at the
problem and poses the question ‘Are your
defences robust enough to stop an attack?’
SECURITY BULLETIN
ESSENTIALSUMMARY
As IT pros we’re all very well aware
that we’re living in a world where
system security is a vital requirement
but an endless task to deliver. We have
to be constantly aware of all the
potential threats and dangers and be
equipped with strategies to defend
our systems. This article refreshes our
understanding of how to keep one step
ahead of threats to system security.
unauthorised channels; and to do business we
are required to allow traffic to our public
web servers. We need something more than
a simple firewall if we’re to defeat the hacker,
something that understands data. The problem
is exacerbated by external hackers not being
the only threat to our digital assets. It’s an
accepted fact that our users on the ‘inside’
can potentially pose even greater risks than
those on the ‘outside’.
An effective defenceTo defend our systems effectively we need to
change the way we think about our networks.
We should no longer consider them to be a
collection of machines and software but rather
a continuous flow of dynamic data with
entry and exit points, jump offs and
stores. Defend these and you
defend the network.
Defence and security are
many layered affairs with
mulitple levels of responsibility in which
everyone has a role to play, however minor.
There are lots of great security solutions
available, but you should always be aware that
100 per cent security is difficult to achieve.
The key is to put enough defence in place to
hold up the attackers while still allowing
routine business transactions and operations to
occur. Time is the crucial factor. Bank vaults
aren’t sold directly on how strong they are but
how able they are to withstand attack,
measured in time. How long will it take a
safecracker armed with a blow torch to break
the vault? If this time is sufficiently long, then,
it is hoped that someone will notice the would-
be thief and stop them.
Enough on the theory behind defeating the
attacker: let’s examine some of the practical
measures that can be employed as part of
SECURITY BULLETIN
11
september 2004
but segregated into distinct business areas.
There’s no reason why a temporary
employee or contractor working in the
marketing department should be able to
gain direct access to the accounting
department’s database servers.
■ Segregate your network.
■ Enable logging on all security devices
and ensure that the logs are regularly
reviewed by someone with the relevant
experience. If you’re not keeping an eye
out for attacks you’re not going to know
when one is actually underway. Network
and host based Intrusion Detection/
Prevention Systems can help here.
■ Consider deploying such systems but again,
it’s important to stress that these devices are
useless unless they are well configured and
regularly monitored.
an in-depth defensive strategy that still
allows for the openness we need to actually
run our businesses.
Practical measuresWhile it may sound obvious to say it, for an
attacker to break in they have to exploit a
security vulnerability. Security vulnerabilities
come in many forms such as software bugs,
configuration errors and even process and
policy based problems.
■ Fix, or patch, as many of the known
vulnerabilities as possible. This includes
fixing security weaknesses in your own
custom code. The fewer holes there are in
the system, the less likely a hacker is to
succeed with a break in. How many of us
truly know what security vulnerabilities
exist in our networks that we need to fix?
You can’t fix something unless you know
it’s broken. The quickest and most cost
effective way of discovering what’s broken
on the network is to perform regular
vulnerability assessments.
■There are many good commercial and free
packages out there that automate this; as
a word of advice don’t just rely on one
scanner. Ensure your security toolbox
contains two or three. Further, scanners
that are able to audit bespoke or custom
applications should be in everyone’s toolbox.
■ Install (and configure well) devices that can
filter traffic like a firewall but are also
capable of understanding the higher levels
of the OSI model such as Microsoft’s ISA
Server (see side panel on page 12). But just
rolling such devices out ad hoc is not
enough. Networks should not be flat
FOR MOREINFORMATION
Security Advice
For security advice and further
information from Microsoft, visit
www.microsoft.com/security/default.mspx
IT Showcase
Visit IT Showcase to see how Microsoft
manages its security at
www.microsoft.com/services/
microsoftservices/sec_sol.mspx
ISA Server 2004... differs fromtraditional firewalls because itperforms deep inspection ofInternet protocols
>
■ Use, where possible, strong authenticated
access. A good example would be on B2B
web applications. By requiring client
certificates, only those with a valid
certificate can interact with the application.
This helps to reduce the attack surface from
those that shouldn’t be using the application.
Reducing attack surface is one of the key
tenets of securing a system and this will be
explained in the next point.
■ Only run those services that are needed as
a strict business requirement. Not only does
this reduce attack surface but it also boosts
performance; the CPU time and memory
are freed up.
■ The final two points are not technical but
rather human based. Empower your
system administrators. How many people
out there would feel absolutely
comfortable pulling the plug if they
noticed that something serious was
happening? If your main public business
web server was compromised by a hacker
would your system administrators feel
empowered enough to disconnect it from
the network? These are questions that
need to be anwered.
■ The final measure is to educate your users.
They need to be taught what is considered
as acceptable behaviour and what is not;
they need to be taught that emails bearing
executable attachments should not be
opened. A security education programme
for your users can go a long way to helping
keep attackers out and your networks
secure.
All of these measures need to be framed in
a well considered security plan, backed up
with workable security policy. The system
succeeds or fails as a whole and any area of
weakness should be stamped out. ■
David Litchfield is an industry expert on
security and a speaker at Microsoft
events. He is the MD of NGSSoftware.
BUSINESS VIEWPOINT
The key business benefits that set
Microsoft ISA Server 2004 apart from
other firewall solutions include:
■ Advanced protection capabilities
which enhance security against the
new generation of attacks
■ Ease of use making it flexibile and
easy for administrators to use
■ Simplifies firewall setup by
installing both firewall and Web
caching components, automatically
■ Ability to provide fast and secure
Internet access fully integrating VPN
functionality into the firewall
architecture, accelerating Web
caching, and maximizing firewall
filtering speeds
■ Built-in IPsec tunnel mode to connect
to branch office VPN providers
Focus on ISA Server 2004
A key product in the battle to keep IT infrastructures secure is Microsoft Internet
Security and Acceleration (ISA) Server 2004. This combines an application-layer
firewall, virtual private network (VPN), and web cache solution.
At the heart of ISA Server 2004 is its application-layer-aware firewall. This differs
from traditional firewalls because it performs deep inspection of Internet protocols
such as Hypertext Transfer Protocol (HTTP), which enables it to detect threats hidden
inside the traffic. ISA Server also supports stateful filtering and inspection of all VPN
traffic. This means that ISA Server can work out which packets will be allowed to pass
through to the secured network circuit and application-layer proxy services. Stateful
filtering opens ports automatically only as needed and then closes the ports when
the communication ends.
ISA Server 2004 also stops attacks against email servers, both through Secure
Sockets Layer (SSL) decryption, which enables SSL traffic to be inspected for
malicious code, and through HTTP filtering, which provides deep inspection of
application content. In addition, ISA Server 2004 uses preauthentication to prevent
anonymous user logins, a key attack vector aimed at internal servers.
It can also help prevent potentially dangerous anonymous requests from reaching
Microsoft Exchange Server, and can be used for attachment-blocking and session
time-out settings to prevent users’ email sessions from being left open indefinitely
for others to use.
■ Use, where possible, strong authenticated
access. A good example would be on B2B
web applications. By requiring client
certificates, only those with a valid
certificate can interact with the application.
This helps to reduce the attack surface from
those that shouldn’t be using the application.
Reducing attack surface is one of the key
tenets of securing a system and this will be
explained in the next point.
■ Only run those services that are needed as
a strict business requirement. Not only does
this reduce attack surface but it also boosts
performance; the CPU time and memory
are freed up.
■ The final two points are not technical but
rather human based. Empower your
system administrators. How many people
out there would feel absolutely
comfortable pulling the plug if they
noticed that something serious was
happening? If your main public business
web server was compromised by a hacker
would your system administrators feel
empowered enough to disconnect it from
the network? These are questions that
need to be anwered.
■ The final measure is to educate your users.
They need to be taught what is considered
as acceptable behaviour and what is not;
they need to be taught that emails bearing
executable attachments should not be
opened. A security education programme
for your users can go a long way to helping
keep attackers out and your networks
secure.
All of these measures need to be framed in
a well considered security plan, backed up
with workable security policy. The system
succeeds or fails as a whole and any area of
weakness should be stamped out. ■
David Litchfield is an industry expert on
security and a speaker at Microsoft
events. He is the MD of NGSSoftware.
BUSINESS VIEWPOINT
The key business benefits that set
Microsoft ISA Server 2004 apart from
other firewall solutions include:
■ Advanced protection capabilities
which enhance security against the
new generation of attacks
■ Ease of use making it flexibile and
easy for administrators to use
■ Simplifies firewall setup by
installing both firewall and Web
caching components, automatically
■ Ability to provide fast and secure
Internet access fully integrating VPN
functionality into the firewall
architecture, accelerating Web
caching, and maximizing firewall
filtering speeds
■ Built-in IPsec tunnel mode to connect
to branch office VPN providers
Focus on ISA Server 2004
A key product in the battle to keep IT infrastructures secure is Microsoft Internet
Security and Acceleration (ISA) Server 2004. This combines an application-layer
firewall, virtual private network (VPN), and web cache solution.
At the heart of ISA Server 2004 is its application-layer-aware firewall. This differs
from traditional firewalls because it performs deep inspection of Internet protocols
such as Hypertext Transfer Protocol (HTTP), which enables it to detect threats hidden
inside the traffic. ISA Server also supports stateful filtering and inspection of all VPN
traffic. This means that ISA Server can work out which packets will be allowed to pass
through to the secured network circuit and application-layer proxy services. Stateful
filtering opens ports automatically only as needed and then closes the ports when
the communication ends.
ISA Server 2004 also stops attacks against email servers, both through Secure
Sockets Layer (SSL) decryption, which enables SSL traffic to be inspected for
malicious code, and through HTTP filtering, which provides deep inspection of
application content. In addition, ISA Server 2004 uses preauthentication to prevent
anonymous user logins, a key attack vector aimed at internal servers.
It can also help prevent potentially dangerous anonymous requests from reaching
Microsoft Exchange Server, and can be used for attachment-blocking and session
time-out settings to prevent users’ email sessions from being left open indefinitely
for others to use.
Web servers provide critical infrastructure for
modern businesses. Internet-facing servers
manage customer and partner interactions,
carrying your brand to the world — and
delivering valuable services to your business
processes. Internal servers handle collaboration,
delivering enterprise portals and web-based
applications to the desks of your users. It s
important to make sure you ve deployed your
web servers so that they can operate effectively.
To ensure minimum attack surface for
Windows Servers, Internet Information
Services (IIS) 6.0 is locked down and not
installed by default on Windows Standard,
Enterprise and Datacenter editions. Install it
manually if you want to implement a Windows
web server — and the initial install will only
serve static content.
You ll need to configure active content
support through the management console or
directly through the XML metabase or via
command line. The Windows Server System“
includes a new member, the dedicated Web
Edition, which is a low-cost version of Windows
Server for dedicated hosting and web farms —
giving the ability to roll out identical servers
quickly, ready to deploy applications from a
central store. For information about the Web
Edition version of Windows Server 2003, see
www.microsoft.com/windowsserver2003/
evaluation/overview/web.mspx
Once you ve started working with IIS 6.0,
it is worth planning how you intend to deploy
it. There are four basic scenarios:
1. Installing a completely new web server
2. Upgrading an existing web server
3. Migrating existing IIS web sites to a new
web server
4. Migrating non-IIS web sites to a new
web server
DEPLOYMENT
september 2004
14
ESSENTIALSUMMARY
Internet Information Services (IIS) 6.0
is available with all versions of
Windows Server 2003 and together
they provide the newest web server
software from Microsoft. It provides a
highly reliable, manageable and
scalable web application infrastructure.
If you want to run web applications,
you need IIS. We show you what you
need to do to get the most from IIS
under all circumstances.
BUSINESS VIEWPOINT
The business benefits of IIS 6.0 include:
■ Increased reliability of Web server
infrastructure – greater continuous
uptime and increased site and
application availability to users
■ Easier server management resulting
in decreased operating and downtime
costs, more efficient, standardised
administration and better monitoring
and problem response
■ Server consolidation and compression
capabilities, resulting in reduced costs
and faster site applications, and so
increased operational efficiency
■ Faster application development
■ Increased security of systems and
decreased system management costs
development tool, and Microsoft has
developed a set of server extensions that allow
page designers to quickly deploy active
content on their sites. FrontPage Server
extensions can be installed with IIS 6.0
through Add/Remove Windows Components
in the Control Panel. Also check out Windows
SharePoint Services, which offer many similar
functions such as the FrontPage extensions, as
well as giving you the platform for quickly
deploying collaborative web sites.
Network storageIT consolidation has meant that many
businesses have begun to rely on network-
attached storage. This approach can cause
problems for web servers, as authenticating
web users against remote storage systems can
be difficult. While IIS 6.0 supports a single
server username to proxy file requests (just
like IIS 5.0), it also implements pass-through
authentication . This will take user credentials
and use them to determine whether IIS can
deliver a file. This is a helpful tool, as it allows
system administrators the use of familiar
Windows access control lists to manage access
to files over the Web — giving web application
users the same rights they would have through
a standard Windows network connection. Read
the white paper on using remote content with
IIS 6.0 at www.microsoft.com/technet/
prodtechnol/windowsserver2003/
technologies/webapp/iis/remstorg.mspx
Application poolsIf you re planning to run more than one web
application on your Windows web server, then
you ll want to take advantage of the application
isolation features in IIS 6.0. These allow you to
run web applications in separate memory pools
Internet Information Services is a key component of the Windows Server System. More than
just a web server, it’s a tool for delivering reliable and secure web applications. It’s an ideal
technology for delivering web services as well as web pages, and is ready for use with the
latest ASP.NET dynamic web page technologies. Simon Bisson takes a look
A very modern approach
Anew server is the easiest approach — all
you need to do is install your server, and
you re ready to start building ASP.NET
applications. The upgrade process handles
most of the issues related to migrating,
keeping as many of your settings as possible.
You ll need to do a little more work when
migrating applications from one server to
another, while migrating from non-IIS
technologies like Apache can be more complex.
You ll need to plan for how you ll deploy
and tune your web services, configuring them
for the services you want to provide, and the
technologies you want to use. Internet
Information Services is a complex application,
with a lot of low-level features that can be
tuned to give your site the optimum
performance. It s a good idea to start by
downloading the IIS 6.0 Resource Kit and its
associated tools. Download the Resource Kit at
www.microsoft.com/downloads/
details.aspx?FamilyID=80a1b6e6-829e-
49b7-8c02-333d9c148e69&DisplayLang=en.
Download the Resource Kit Tools at
www.microsoft.com/downloads/details.asp
x?FamilyID=56fc92ee-a71a-4c73-b628-
ade629c89499&DisplayLang=en.
These will provide set-up and migration
guidelines that get you started quickly,
configuring your web servers and handling
the delicate process of migrating applications
to the new platform. The resource kit uses
checklists to guide you through setting up
and deploying your servers, while the toolkit
includes software to help you move your web
applications over from earlier versions of IIS.
You ll also find that it includes tools and
guidelines to help you bring sites from the
open-source Apache web server to IIS 6.0.
Microsoft FrontPage is a popular web
DEPLOYMENT
15
september 2004
requests and more and can automatically
restart applications based on your criteria.
It s important to note ASP.NET applications
need more resources than ASP, so you may find
that you need to use more powerful hardware
or more servers when migrating a site from
ASP to ASP.NET. It s good to spend some time
planning how many application pools you want
to run on each web server, before you deploy
your systems. While IIS is more reliable than
earlier versions, performance may be degraded
if you deploy too many application pools.
Improved securityYou ll find that IIS 6.0 improves your server
security by implementing a number of features
that provide in-depth defence, starting with a
locked-down server. This may require modifying
existing applications, but will result in a reduced
attack surface area — protecting your company s
web assets. Security features include:
■ IIS installs in a locked-down mode
■ IIS serves only file types defined in the
server s Multipurpose Internet Mail
Extensions (MIME) type list
■All dynamic functionality, including ASP
and ASP.NET are disabled by default
■ASP parent paths are disabled by default
■Global.asa events are run as anonymous user
■Anonymous password synchronisation is
disabled by default
■ Only configured executables (CGI and
ISAPI) can be requested.Access is restricted
for executables
These are a comprehensive set of features that
add defence in depth to your IIS 6.0 deployment.
ConclusionOnce IIS is deployed to take full advantage of
your network infrastructure, you ll find it easy
to manage your web applications. All it needs is
some initial planning. Microsoft provides tools
and guidelines to help you take advantage of the
features of IIS 6.0, and to deploy successfully. ■
Simon Bisson is a freelance technology
consultant and writer. He has run the
technical side of a national ISP, as well
as worked as a consulting architect on
many larger web applications.
and processes, increasing reliability, security
and performance. It s a technique to allow you
to treat web sites and applications as separate
entities with their own resource requirements.
IIS 6.0 is built on top of a new kernel driver that
acts as an HTTP listener, which places HTTP
requests into a queue that feeds applications
running in an application pool. The applications
are run in processes called worker processes,
the friendly name for w3wp.exe. These
communicate directly with the kernel HTTP.sys
driver. This means that if one application fails
the rest of your applications carry on running.
The IIS Manager is used to create
application pools and to assign the various
applications that make up your web sites to
application pools. You can use application
pools to separate web sites and web
applications, as well as to give different pools
different access rights on your systems. One
advantage of the application pool approach is
that it can help debug your web applications,
allowing you to isolate unreliable applications.
IIS 6.0 monitors applications for health,
memory usage, CPU usage, number of
Web serversprovide criticalinfrastructure formodern businesses
FOR MOREINFORMATIONIIS 6.0
Learn more about deploying and
configuring Internet Information
Services by downloading the IIS 6.0
resource kit from Microsoft’s TechNet
site or by viewing the resources on
www.TryIIS.com and
www.microsoft.com/uk/technet
InetinfoInetinfo
Administration&
Monitoring
AdministrationAdministration& &
MonitoringMonitoring
WWW ServiceWWW Service
HTTPCacheCacheQueueQueue
Kernel modeKernel mode
User modeUser mode
XMLXMLMetabaseMetabase
RequestRequest ResponseResponse
Application PoolsApplication Pools
��XX
IIS 6.0 Request Processing
As part of the UK s e-government initiative, all
employers will have to file their Pay-As-You-
Earn (PAYE) returns electronically by 2010.
Companies who fail to comply with the
appropriate deadline will have to pay a penalty
of up to £3,000 per annum per PAYE scheme,
in addition to any existing late filing penalties.
Incentives of up to £825 over five years are
being offered to small companies to encourage
early adoption of e-filing.
Project requirementsSoftware developers, Digita, are one of the
many suppliers providing client side services
which make use of the Inland Revenue s PAYE
filing interface.
The need for all companies to make use of
electronic PAYE filing will involve all kinds
of business administrators and managers and
SOLUTIONS IN ACTION
september 2004
16
enterprise-wide business processes and data.
Digita wanted to build a web service
capable of validating the data before packaging
it and securely transmitting it to the Inland
Revenue Online Filing service through the
Government Gateway.
An elegant solutionWhen Digita had to choose the right
technology for the work, they opted for the
Microsoft .NET Framework. According to
Craig Buckler, lead developer at Digita, The
.NET Framework is excellent for creating web
services. It treats everything as objects. There
are other technologies, but we haven t found
any set of tools that makes web services as
simply. Everything in Visual Studio .NET and
the .NET Framework is very coherently tied
together. Not only that, but compliance with
some of them may not be confident users
of computers or the Internet. Therefore, an
essential requirement of the payroll service
was that the solution should make the
transition from manual to electronic systems
as easy as possible, and avoid the need for
businesses with little automation to learn
complex payroll packages/systems.
With this in mind, Digita deployed the
front-end using Microsoft Office System
components so that users would have a
familiar interface to work in. InfoPath¤ 2003
provides forms for companies who do not
require record-keeping facilities, while Excel
2003 workbook components provide payroll
record-keeping facilities for organisations
who need them. The aim was to create a
front-end solution that was powerful yet
intuitive, and one that could be used with
ESSENTIALSUMMARY
Service-Orientated-Architechures
(SOA) enable IT systems to match agile
companies’ demands through easily
re-composed networks of re-usable
web services. Web services built upon
the .NET Framework reduce development
cost, speed-up project delivery and
ease integration with existing software.
Visual Studio .NET enables developers
to use their preferred language in a
familiar environment to simply create
re-usable, standards based web services
with a minimum of hand-coding.
By May 2006, larger companies will be required to file their PAYE returns electronically,
and the requirement will cover all companies by 2010. The electronic facility for PAYE
returns has been implemented using web services
PAYE the taxman his dues
SOLUTIONS IN ACTION
17
september 2004
client payroll returns can be completed and
stored on the user s own PC, ready for
transmission to a web service on a secure
Internet server whenever an Internet
connection becomes available.
Digita now has a web service that sits
between the client application and the
Government Gateway. Previous applications
written to use the Government Gateway
involved creating and validating a large XML
document, having to manage various dialogues
with the Gateway to pass data, and receiving
reports confirming pass or fail and what errors
there were, if any. The web service simply sits
between the client and the Gateway, so that
service-aware client applications can file very
quickly with minimal complexity.
BenefitsDigita s view is that the .NET Framework
offers an exceptionally efficient technical
environment, providing savings in development
time, cost reductions and faster deployment.
Paul Duffield, Product Manager at Digita,
estimates that on projects that typically would
have taken eight to nine months, Digita is
achieving time savings of 65-70 per cent.
Much of this is achieved by simply not
having to hand code, as we have done in the
past, and by being able to re-use code. Once
components have been coded for the
application, regardless of the language, the
.NET Framework makes it possible to re-use
them across all web applications. This, in
turn, reduces the time required for testing,
bug fixing and re-testing. Typically, it took
two or three months work to create one of our
client products for the Government Gateway.
Now the web service has been built, the time
it is taking us to build other clients has
reduced to an average of a week.
This is a huge saving in development effort
and in commercial terms represents a cost
saving to Digita of about £75,000.
Protection for dataDealing with personal financial data, its
transmission through different systems and
its presentation to the Government Gateway
means that security has been a key issue
throughout the payroll service project. Digita s
work in the financial services sector has
provided much experience in this and Digita
is confident that the .NET environment can
meet the most exacting demands.
As Buckler explains, If tomorrow we
wanted to create a solution based around
another technology it would be quite
straightforward. We d just point it at the web
service to get the object, populate it with data
and post it. We can also evolve the web service
over time, adding more procedures as required
by new client applications, without affecting
any of the applications already using it.
The Digita payroll service enables key
financial decision-makers in business to:
■ Comply with mandatory e-filing at the
appropriate time
■ Qualify for e-government incentives (small
companies only)
■ Use a simple, easy-to-use, low-cost solution
based on familiar Microsoft tools
■ Increase productivity by managing end-of-
year PAYE reporting and PAYE payslip
production through a single solution.
By using the payroll service, business
owners can improve employee productivity,
increase collaboration and reduce costs.
The .NET Framework has simplified the
development of the payroll service — on both
the Web and client sides — allowing for
timely delivery along with considerable
savings in time and costs. ■
Taken from the .NET Live case study
booklet series. For information and
downloads, visit www.microsoft.com/
uk/visualstudio/casestudies
industry standards means that anyone using a
services-capable application will be able to use
our payroll filing gateway.
The coherence between the front-end
components and the .NET Framework was also
important, particularly in ensuring usability
and the ability to continue development of the
payroll service in an efficient fashion.
Buckler s view is that InfoPath focuses on the
electronic reproduction and use of forms,
making it an ideal tool for the payroll filing
easy to talk to a web service because, once
pointed at the service, InfoPath automatically
creates the necessary forms for you.
Consequently, once the web service was in
place, the client-side development was very
straightforward.
As the solutions are off-line, users can
control the security of their own data. Smart
BUSINESS VIEWPOINT
■ Minimise code and test effort by re-
using web services within the same or
related projects
■ Industry standard interfaces ensure
interoperability with existing software
and applications
■ Remain flexible in your choice of client
platform. Web Services can be
accessed by traditional Web Browser
clients or by smart client applications
such as InfoPath, Word or Excel
■ Deploy and access secure, reliable
web services using the .NET
Framework and Microsoft Web
Services Enhancements (WSE) for
advanced Internet applications
■ Accelerate change through
Service-Orientated-Architecture (SOA)
principles. Compose new business
applications from existing re-usable
web services to accelerate time-to-
market, decrease costs or lead-times
to gain competitive advantage
FOR MOREINFORMATION
.NET Framework
To find out more information on the .NET
Framework, visit
http://msdn.microsoft.com/netframework
Focus on .NET Framework
An integral component of the Windows operating system, the .NET Framework is for
building and running the next generation of applications and web services. It provides
a highly productive, standards-based, enterprise-ready, multi-language environment
that simplifies application development, enables developers to take advantage of
their existing skill set, facilitates integration with existing software, and eases the
challenges of deploying and operating Internet-scale applications.
The Framework consists of two main parts: the common language runtime and
a unified, hierarchical class library that includes a revolutionary advance to Active
Server Pages (Microsoft ASP.NET), an environment for building smart client
applications (Windows Forms), and a loosely coupled data access subsystem
(Microsoft ADO.NET).
FROM A TO B
september 2004
18
Microsoft Active Directory provides a number
of benefits to organisations of all sizes.
Many organisations, however, may not be
using Active Directory (AD), or not using it
to its fullest extent. For example, an
organisation could install Active Directory
as an upgrade of older, inappropriate domain
structures, with the result that costs are
higher than need be and management savings
are not realised.
AD is the information hub of the Windows
Server network. It was first introduced with
Windows 2000 Server in February 2000 with
a later version as part of Windows Server 2003
in April 2003.
There are some perceptions evident today
around AD: it is only for larger organisations;
deploying it will take years, is complex and
not worth the risk. These are in fact misplaced,
as businesses of all sizes today are seeing the
benefits of using the technology and most
organisations in the UK deploy within eight
months without any hitches.
In this article, we ll dispel the fears around
it, discuss what it is, what it offers in terms
of both technical and business benefits,
examine why you should use it, and explain
how to set up a successful structure. Even if
you already have AD, read on to see if you are
using it to its full potential.
What is AD and why should you use it?AD provides a central repository of
information about objects in a network such
■ I need to manage and enforce security
policies from a central location
■ I want to provide the ability to sign on once
and access all our systems
■ I want to protect my company s sensitive
information from unauthorised access
■ I need to enable users to quickly find people,
schedules and resources such as printers
■ I want to provide users with secure access
to information assets over any network and
from any location
■ I want to provide a guaranteed bandwidth
to users or groups when they really need it
■ My external partners need controlled
access to my data and systems
■ I need my users to log on from any PC and
get their own settings and documents
■ I want to specify what users can and cannot
do when using their PC
■ I want to provide users with the applications
they need depending on their job role
If these are issues or requirements that you
have then AD can address all of them.
It provides three key business benefits
to organisations:
■ Simplified IT management The IT
systems in place in most organisations today
can be time-consuming to manage. All too
often, when you add an application to your
portfolio, you need to hire more personnel
to distribute software to the desktop
appropriately and manage the multiple
applications. AD enables you to reduce
management costs by providing a single
place to manage users, groups and network
Orchestrating IT from the Active DirectoryIt sets the tone for the entire Windows Server network whatever the
size of your organisation. Thomas Lee finds there are a number of
tools that will help you install and get the best out of Active Directory
ESSENTIALSUMMARY
Active Directory (AD) is Microsoft’s
directory service, it is the focal point
for the Windows Server network,
providing the ability to define and
manage users, groups, computers and
other objects. Using this repository,
administrators can manage the rights
and permissions of all users, secure
the desktop, deploy software, and
delegate administrative control.
as users, computers, network shares and
printers, in a hierarchical fashion. It then
provides this information to users and
administrators, as well as to network
components, enabling users to obtain
appropriate access to resources across an
organisation s network, using a single sign-on.
It also provides the mechanism to lock down
user desktops, thereby minimising both
security and help desk issues.
There are a number of benefits this provides
to organisations including:
■ The power to apply companywide policies
such as desktop lockdown
■ Provide secure access for internal
and external users to resources through
single sign-on
■ Provide central administration to the
IT department as well as allow delegated
administration
■ Provide users with the ability to quickly
locate people, schedules and resources such
as printers
■ Provide the ability to target and therefore
automatically deploy applications to
individual users or groups.
Will AD meet my business requirements?When it comes to IT management and identity
systems there are a number of typical issues
and demands I hear from customers:
■ My help desk costs are high
■ I ve too many identity stores and the cost of
managing them is too high
BUSINESS VIEWPOINT
Active Directory offers benefits to
organisations of all sizes, such as:
■ Increase efficiency of managing
your IT through reduced complexity
and costs
■ Manage and enforce security policies
from a central location
■ Provide users with a single sign-on
to systems, applications and
networks
■ Enable users to quickly locate
people, schedules and resources
such as printers
■ Give users secure access to
information assets over any network
and from any location
FROM A TO B
19
september 2004
resources, as well as a consistent way to
distribute software and manage desktop
configurations.
■ Strengthened network security
AD provides a number of features that enable
you to improve your network security,
including the ability to deploy additional
security controls over user access, such as
smart cards and X.509 digital certificates, and
IPSec for additional network and data security.
■ Extended and improved interoperability
With organisations deploying a diverse
collection of applications and application
directories, interoperability and consistency
are often significant issues. AD enables you to
interoperate with your existing applications,
and thus take full advantage of existing
investment. Using AD s open interfaces,
connectors and synchronisation methods, you
can easily interoperate with other directories.
These benefits are important to both large
and small organisations. Organisations of all
sizes need the ability to simplify the
management of user desktops, and/or to ensure
network security. For small business with a
few locations and limited bandwidth, AD s
Site facility can cut down replication traffic, as
compared to Windows NT¤ 4.
Migration to AD While AD will benefit all organisations, there
are some features which only larger
organisations will decide to deploy. These
include the support of multiple forests/
trees/domains, plus the ability to link forests
with cross-forest trusts. These features can
take time and effort to design and deploy
(and can require a higher level of maintenance
and skills to manage and control). For many
smaller organisations a very simple AD
design — a single domain with a single site —
is perfectly adequate.
In terms of basic platform, Windows Server
2003 combined with Windows XP is the
platform of choice, offering better
performance, scalability and flexibility,
although you can deploy AD using Windows
2000 for both client and server. Having said
that, with AD, you can mix and match as
appropriate to your organisation: you can mix
Windows 2000 clients, Windows Server 2003
DCs or XP clients and Windows 2000 DCs.
Irrespective of your specific platform,
before you start you need to do some basic
planning. Agreat starting point is Microsoft s
Windows 2003 Deployment Kit, which
contains a wealth of detailed deployment
Businesses of allsizes today areseeing the benefitsof using AD andmost organisationsin the UK deploywithin eight monthswithout any hitches
>
FROM A TO B
september 2004
advice. You can access this at:
www.microsoft.com/
resources/documentation/WindowsServ/
2003/all/deployguide/en-us/
Default.asp?url=/resources/documentation
/ WindowsServ/2003/all/deployguide/
en-us/dpgDSS_overview.asp
Specific issues you need to cover include:
■ AD Logical Structure and Site topology
You need to determine your forest and domain
structure and your physical site structure.
Akey design goal is to keep it as simple as
possible. See www.microsoft.com/
resources/documentation/WindowsServ/
2003/all/deployguide/en-us/
dssbc_logi_overview.asp?frame=true for
more information on designing your AD
logical structure, and www.microsoft.com/
resources/documentation/WindowsServ/
2003/all/deployguide/en-us/
dssbd_topo_overview.asp?frame=true for
more information on site design.
■ DNS Namespace and DNS Service
DNS is fundamental to AD, and is required by
both AD clients and domain controllers. The
first key design decision concerns
the DNS domain name you will use for
your AD implementation. Although you
have several options in terms of your DNS
namespace design, www.microsoft.com/
resources/documentation/WindowsServ/
2003/all/deployguide/en-us/
Default.asp?url=/resources/documentation/
windowsserv/2003/all/deployguide/en-
us/dssbc_logi_tgny.asp has more details
on designing your DNS infrastructure.
■ Disaster recovery You need to consider
carefully your strategy for dealing with
disasters such as fire and flood. See
http://go.microsoft.com/fwlink/?LinkId=85
97 for a white paper outlining an approach to
AD disaster recovery.
■ Security settings AD provides you with a
variety of security settings that can be
confusing given the nature and scope of these
settings. Microsoft s Active Directory Security
Center provides additional practical
information and in-depth security resources, at
www.microsoft.com/technet/security/
prodtech/ad/default.mspx
Migration from NT4 Server 4.0If you are currently planning your migration
from Windows NT Server 4.0 (NT4) to
Windows Server 2003 and AD, a key issue for
you is how much of your existing structure is
taken forward. To some degree, the answer to
this will depend on the complexity of your
current infrastructure as well as what you are
trying to achieve.
For organisations still running NT4, one of
the first issues in deploying AD will be
whether to migrate to either Windows 2000 or
Windows Server 2003 or whether to start from
scratch with a new, pristine AD forest.
Creating a pristine forest can provide a more
robust basis for moving forward, but can
involve time and resources, for example, to
provide new user IDs for all users, moving
computers into the new domain and updating
Access Control Lists on all resources based on
the new users and groups.
Depending on how well your current domain
model meets your business needs, you may find
either a simple upgrade, or upgrade combined
with migration and consolidation, can be less
complex than a complete new forest.
There are three broad scenarios to consider:
■ If you currently have a single NT4 domain
(ie the single domain model). In this case, an
upgrade is likely to be both the simplest and
most straightforward approach. This leaves
your current domain name and user names
the same and enables you to avoid any
re-ACLing (updating the access control
lists with new account information) of
your resources.
■ If you have a master account domain
with one or more resource domains (ie the
master domain model). In this scenario, you
Depending on how well your currentdomain model meets your business needs,you may find either a simple upgrade, orupgrade combined with migration andconsolidation, can be less complex than a complete new forest
20
1. Have clear goals for what you want AD
to deliver.
You should do some up-front planning to define
your AD goals, ensure you have some method
of measuring achievement and require that your
business and IT groups align their priorities.
2. Determine whether to migrate or
start afresh.
Some organisations deployed NT4 in a less
than organised way, the result being a mish-
mash of domains, trusts, and permissions.
In such cases, it may be easier to start
afresh and create a pristine AD forest, then
migrate users over.
3. Create a good inventory of users,
computers, applications and your
network components.
You need to know where you are starting from
in order to work out how to get from where you
are to where you want to be.
4. If you do not already have one, create
a testing lab.
This lab should contain examples of all the
hardware you want to support, based on your
earlier inventory. Also, consider using tools
such as Virtual PC or VMware to support your
testing activities.
5. Ensure you have a DNS service defined
and working before you start AD migration.
DNS has traditionally been a major source of
customer problems – so make sure DNS is
designed, implemented and monitored carefully.
6. Ensure you monitor your AD service
(including DNS) on a regular basis
CHECKLIST Use this 10-point checklist to ensure a successful migration:
speed. Specific training courses you might
consider taking include:
■ 2283: Migrating from Microsoft
Windows NT to Microsoft Windows Server
2003 This three-day instructor-led course
provides students with the skills and
knowledge needed to migrate an organisation
from Windows NT4.0 to Windows Server 2003.
■ 2282: Designing a Microsoft Windows
Server 2003 Active Directory and Network
Infrastructure This five-day course teaches
the design principles and considerations for
designing an Active Directory and network
services infrastructure in a Microsoft Windows
Server 2003 environment.
■ 2279: Planning, Implementing, and
Maintaining a Microsoft Windows Server
2003 Active Directory Infrastructure This
five-day course provides the knowledge and
skills necessary to plan, implement, and
maintain a Windows Server 2003 active
directory infrastructure.
ConclusionAD offers many advantages, and some forward
planning is needed to ensure all goes well.
There are a variety of tools and services
providers to assist you in planning and
deploying Active Directory. ■
Thomas Lee, Windows editor on FYI, is a
Microsoft Regional Director and MVP who
writes, teaches and consults on Windows
2000/2002/XP and Windows networking.
FROM A TO B
FOR MOREINFORMATION
AD in Windows Server 2003
For more information on Active
Directory in Windows Server 2003, see
the Windows Server 2003 AD portal at
www.microsoft.com/windowsserver2003/
technologies/directory/activedirectory/
default.mspx
Action points
1. Review all the AD related material
noted in this article
2. If you are currently running on
Windows NT4, start planning your
migration (assuming you have not
yet done so)
3. Take a course or two, and upgrade
your MCSE/MCSA certification. To find
training courses, please visit
www.microsoft.com/uk/learning/find-training
4. Take a look at the online news-
groups at http://www.microsoft.com/
backstage/bkst_column_43.mspx
run the DCPROMO.EXE tool to install AD on
your domain controller. If you have more than
one domain and you plan to upgrade, you need
to create the initial domain, the forest root
domain, then add in any additional domains.
Once you have your new first domain
created, you can begin migrating users, groups
and computers into the new domain by using
Active Directory Migration Tool (ADMT).
ADMT is also useful where you want to
collapse an existing domain into a new AD
domain, for example, when you want to
collapse a second NT4 account domain into
your new AD domain. You can download the
latest version of ADMT from
www.microsoft.com/downloads/details.asp
x?FamilyID=788975b1-5849-4707-9817-
8c9773c25c6c&DisplayLang=en
KB Article 325851 contains details on how to
set up ADMT for a Windows NT4 to Windows
Server 2003 migration. See Professor Window s
column at www.microsoft.com/technet/
community/columns/profwin/pw0402.mspx
which contains a more detailed look at the
migration process.
While ADMT is a great free tool, for more
complex migrations, you may need to consider
third party tools, such as the Aelita Domain
Migration Wizard from Quest.
Useful training When planning your migration from Windows
NT4 to Windows Server 2003, you need to
consider training as a quick way to get up to
can upgrade your account domain, then
migrate and collapse the resources into this
single resource domain. You may need to
consider additional domains, possibly
to bound replication, or to enable different
security settings.
■ If you have multiple account and resource
domains, possibly with resources and accounts
not well segregated, (ie either the multiple
master domain model or the complete trust
domain model). This is more complex, and
typically involves a combination of migration
and collapsing, as in the previous case.
However, with users and group definitions
in multiple domains, you have to take great
care in ensuring you migrate everything in
the correct order.
For more information on how to determine
your AD design and deployment requirements,
see: www.microsoft.com/resources/
documentation/WindowsServ/2003/all/depl
oyguide/en-us/Default.asp?url=/resources/
documentation/windowsserv/2003/all/
deployguide/en-us/dssbb_over_vgfc.asp
Tools available to help youThere are a number of Microsoft and third-
party tools to assist you in migration. For
simple domain upgrade (ie migrating a single
NT4 domain to an AD domain), you just need
to upgrade your Domain Controller to Windows
Server 2003 (or Windows 2000), starting with
the Primary Domain Controller (PDC). When
the OS upgrade is complete, the OS will then
21
both during deployment and subsequently.
You should pay particular attention to AD
replication, File Replication service or DNS
failures. Errors from any of these services
may stop your AD from working as designed.
Consider using Microsoft Operations Manager
to monitor your service.
7. Avoid data duplication.
For larger organisations, it may be that the
definition of users is based on an ERP or HR
system. Rather than re-entering user details into
AD, consider using tools such as Microsoft
Identity Interation Server (MIIS) to co-ordinate
user details across disparate systems.
8. Avoid schema changes unless necessary.
While AD allows you to change your schema,
many organisations find it prudent to only
make such updates when absolutely required.
9. Consider using AD Application Mode
(ADAM) for internally created applications.
While corporate applications could be developed
to take advantage AD’s rich information storage
and retrieval facilities, it may be simpler to use
ADAM to store application data, while leaving AD
to store application generic user/group
information.
10. Automate, automate and automate!
Automation is an important tool in driving down
the costs of management and thereby improv-
ing TCO. AD provides you with the ability to
automate many key tasks, through the use of
scripts as well as lower level interfaces such
as ADSI and WMI and MIIS. Take advantage of
this, and use tools such as MIIS to automate
as much of your daily operations as you can.
september 2004
EMERGING TECHNOLOGY
23
september 2004
Databases, as the name suggests, store data.
So, perfectly reasonably, that s what we put
into them. Rather less reasonably, what we
want to pull out of the database is not data but
information. Decision makers rarely want to
look at the raw numbers, they want some form
of synthesised aggregation of the data that will
give them a greater understanding of their
business. Which is exactly what Business
Intelligence (BI) is all about — extracting
information from a mess of data. BI
techniques let you find the hidden trends and
underlying business truths that are inherent in
the data held in your databases.
The only problem is that BI tools have, over
the years, acquired a certain mystique — a
reputation for being expensive and difficult to
set up and use. In fairness, a major reason for
this perception is that many products that were
developed in the late 1980s and early 1990s
were precisely that. The net result is that some
people still shy away from using them.
However, since SQL Server“ 7.0, Microsoft
has been bundling BI tools with the product
which are genuinely powerful, easy to use
and simple to install. And if you already use
SQL Server, these tools are about as cost
effective as it gets.
What users ask forThe best place to start is, of course, with the
users requirements. Ask a random set of users
(myself included) how they want information
presented to them for analysis and they will
usually answer in terms of graphs, grids and
reports. In other words, they want to see the
data as bar charts and pie charts, as
spreadsheets and as reports (sometimes
printed, sometimes on the Web). Users often
like to see summary or aggregate views of
The business intelligence tools bundled with SQL Server offer you several ways
to extract the information you need from the jumble of data available. In this
article Mark Whitehorn explains which ones to use, when and where
their data. Traditional data structures, such as
relational tables, are excellent for managing
transactional data but are less than optimal for
supporting this kind of analysis. No problem,
we can simply take a copy of the data and
reorganise it as a multi-dimensional structure.
These are also known as On-Line Analytical
Processing (OLAP) cubes. Once created, a user
can connect to a cube using a visualisation tool
such as ProClarity and can browse through the
data in an entirely graphical way. The enormous
attraction of this kind of analysis is twofold.
First it is graphically driven, which means that
you can navigate through, and query, the data
simply using a mouse. Secondly, it is
blisteringly fast. Several years ago, Microsoft
demonstrated a cube that was created from 1.2
Tbytes of relational data and had a 7.7 billion
row fact table. Given a 16 processor server
with 3.8 Gb RAM and 50 concurrent users,
Business intelligence with
If you already useSQL Server, thesetools are aboutas cost effectiveas it gets
EMERGING TECHNOLOGY
24
ESSENTIALSUMMARY
SQL Server’s business intelligence tools
hone in on the data you need to create
a robust business model. They are
powerful, easy to use, simple to install
and cost effective. On-line Analytical
Processing (OLAP) cubes present data
in clear graphic formats that are quick
and easy to navigate. Integration with
Office (via BI Accelerator scorecards)
and Reporting Services are also key
to the success of this advanced data
mining technology.
BUSINESS VIEWPOINT
Bundling business intelligence tools with
SQL Server allows businesses to:
■ Provide end-users timely access to
enterprise-wide data to make decisions
faster, integrating disparate data points
■ Enable users to perform Business
Intelligence (BI) functions across all
leves of the organisation
■ Facilitate cross-group collaboration,
decision-making and coordinated
actions to improve business productivity
■ Simplify measurement, reporting and
management of metrics and strategies
■ Improve ROI by leveraging information
assets across the organisation
half of the queries ran in less than 0.08
seconds (median response time) and the mean
was just 1.2 seconds. Oh, and that included
the network delay...
To put this into perspective, before OLAP,
we lived in a world where business users
struggled to query their own databases. They
either needed a human translator (who could
speak both Human and SQL) or they needed
a significant level of understanding of
relational database structures; even if they
were using a query-by-example tool. They
also had to put up with response times often
measured in hours. Post OLAP, given a mouse
they can surf through their data graphically,
essentially in real time.
In fact, once you get your brain around these
multi-dimensional structures, they turn out to
have other huge advantages. For example, in
relational databases there is no concept of the
relative position of data. So they don t
inherently understand that February comes
after January and before March. This makes
it very difficult, even for a skilled database
person, to write an SQL statement that, for
example, calculated a year-to-date value
for each month. Which is unfortunate because
such questions are a very common business
requirement. Microsoft has developed a multi-
dimensional equivalent of SQL called MDX
(Multi-Dimensional eXpressions). Since this
language is built to address a structure where
the data is inherently ordered, the resulting
year-to-date calculation is completely trivial,
for example:
Sum(YTD(Time.CurrentMember),
Measures.Sales)
In other words, not only do business users
find OLAP structures much easier to
understand and query, so do the technical staff
who support the users.
OK, so that takes care of the users graphical
requirements. Spreadsheets are easy, because
you can hook directly into an OLAP cube from
within Excel. Therefore business users who are
familiar with Excel (and there are many of
them) can utilise the power of OLAP from
within a familiar environment.
Indeed, Microsoft sees the integration of
Office and BI as essential and, to that end,
has released a variety of BI Accelerators for
Office 2003. The most recent of these,
announced on 2 June 2004, are the Microsoft
Office Business Scorecards Accelerator and
the Microsoft Office Excel Add-in for SQL
Server Analysis Services.
The Business Scorecards Accelerator is a
web-based application that makes it easier to
simplify the measurement and management
of key performance indicators. It can help to
automate the process of collecting and
analysing strategic business data.
The scorecard project will enable us to
manage our business more effectively, said
Bill Bradford, Senior Vice President of sales
and marketing for ON Semiconductor. The
toolset allows for prioritisation of key issues
and a drive to action , so we can allocate
resources to achieve our critical goals and
objectives faster and with a higher probability
of success than ever before.
The Excel Add-in for Analysis Services
makes it very easy for users to access and
analyse data held in OLAP cubes directly
from Excel.
Reporting is also easy. Microsoft has
relatively recently added Reporting Services
to the BI armoury. This highly adaptable tool
can draw data from either relational or
multi-dimensional sources. It provides the
user with a graphical environment where
reports can be laid out and designed. Once
they are completed, they can be published to
the Web. Each time the report is viewed, the
data source can either be queried afresh and
the most recent information presented in the
report or the report can use a cached copy of
the data which can provide consistency and
enhanced performance by reducing the load
on the database.
Not only that, the reports can be designed
so that the users can select the data that they
see in the report. For example, imagine that
you have to roll out identical reports to five
different regions, on about six different
product lines over three different years. That
makes 5 x 6 x 3 = 90 different reports. With
Reporting Services, you can design one report
and equip it with three combo boxes. The
users simply choose the region, product group
and year, the query extracts the relevant data
from the database and generates the
appropriate report.
What users don’t ask forAll the foregoing can be delivered by BI and it
can do much else besides. Unfortunately, given
the historical pain that some users have
suffered, many don t even consider asking
for more. Agood example of this is the
English Query feature.
Formalised data structures are traditionally
used for storing transactional data: the most
common structure is the relational database
with its constituent tables. The easiest way to
query a formalised data structure is by using a
formalised query language: SQLdominates the
field. Database administrators learn to love
SQL but users learn to hate it and, in the early
database days, asked repeatedly for the ability to
write queries in understandable English. At the
time this was simply too technically difficult.
Now, English Query has became part of SQL
Server s feature set.
Essentially, English Query relies upon
semantic mapping of the database, which
means tying English words to entities in the
database and relationships between them.
During the mapping process the database is
taught that entities referred to in tables, for
example in a Customer table, can also be
referred to as buyers, purchasers or clients.
Similarly, entities from a Product table could
also be called items, goods or units sold.
The complex many-to-many relationship
between those two could be termed bought,
purchased or sold.
Cleverly, huge sets of words and
associations come ready loaded into the
English Query tool and as long as the database
uses sensible English words for its tables and
fields, much of the hard work can be
performed painlessly. The result is that users
can type in questions like, What are the total
sales of shrimp to customers in the
Birmingham area over the last four years?
and expect an accurate answer. Any queries
september 2004
25
that cannot be translated are stacked for the
database administrator s attention and once
the required semantic information is added,
the query will run.
English Query makes it easy to ask
questions, but what if you don t know what to
ask? It is often suspected that large stores of
data hold interesting information but nobody
knows what to ask to release it. The English
Query posed above is a very specific question:
finding sales in defined areas is interesting,
but far more relevant to the business as a
whole might be the fact that males under 30
who buy olive oil also buy the most fish.
However, if nobody has a hunch that this is
so, the question never gets asked.
Data mining provides a way of looking at
large sets of data and flagging interesting
information. So it will ask millions of
questions of the data and only flag those which
give statistically significant answers.
For instance, an insurance company rings
its existing customers when their policies fall
due for renewal. Using data mining techniques,
it was found that the single most important
factor for a successful renewal was a close
correlation in age between the customer and
the agent. Prior to the mining, nobody had
even suspected that matching ages for caller
and customer had any bearing on renewal rates.
There is a whole variety of mining data
algorithms and SQL Server 2000 comes
with two built in and ready to use. These are
clustering and decision trees.
Clustering is a descriptive algorithm and is
usually used with demographic data: it could
reveal that females over 35 in the high income
bracket and from the south-west buy more
branded than own-brand goods in their
supermarket shopping.
Decision trees are predictive: after learning
the sort of data that is usually recorded a
prediction is made about future behaviour.
Incoming data can now be matched against the
prediction and deviations from normal
behaviour spotted: for example, this can be
used to detect fraudulent credit card usage.
With such wide-ranging applications, BI tools
should be an indispensible addition to your IT
infrastructure and a key means of accessing
essential data across the business. ■
Mark Whitehorn runs a consultancy and
lectures at Dundee University.
FOR MOREINFORMATION
Resources
Find a wealth of BI information at
www.microsoft.com/sql/evaluation/bi/
default.asp
Training
Read about Microsoft training
courses at
www.microsoft.com/learning/solutions/
intelligence.asp and
www.microsoft.com/uk/learning/
find-training
Direct downloads
Find Business Scorecards at
www.microsoft.com/office/solutions/
accelerators/scorecards/default.mspx
Find the Excel add-in at
www.microsoft.com/office/solutions/
accelerators/exceladdin/default.mspx
Find Reporting Services at
www.microsoft.com/sql/reporting
EMERGING TECHNOLOGY
september 2004
Users can type inquestions like,“What are the totalsales of shrimp tocustomers in theBirmingham areaover the last fouryears?” and expectan accurate answer
Word■ Fonts and sizes
Although normal best practice for selecting
fonts and sizes in a Word document is to use
paragraph styles, there are occasions when
you want to make ad hoc changes. There are
some keyboard shortcuts that allow you to
achieve results quickly. For example, suppose
you want to increase the font size of a head-
ing or headline. Select the text and press
Ctrl+] repeatedly until it s the desired size.
This key combination increases font size by
one point. If you want to decrease font size
then Ctrl+[ works in the same way. This tech-
nique can easily result in a non-standard font
size being used. If you want to ensure that
you only use font sizes available in the
Formatting toolbar s drop-down list use
Ctrl+Shift+> to increase the font size and
Ctrl+Shift+< to decrease the font size.
HIDDEN GEMS
september 2004
26
layout in a multi-chapter document with
each one starting on a right-hand page.
■ Bullets and numbering
Bullet characters in Word can be symbols or
can follow a numbering scheme. But what if
you wish to use a short text item, such as NEW
or NOTE to precede multiple indented points in
place of a bullet character? Do this by creating a
custom bullet using the Bullets and Numbering
dialog accessed either via the Format menu or
from the pop-up menu when you right-click on
text. Go to the Numbered tab and choose one of
the formats that you don t intend to use. Click
the Customize button to open the Customize
Numbered List dialog. In the Number format
box, type your text and use the Font button to
select an appropriate point size and set its style
to bold. You can enter up to 30 characters in the
box but 10 is a more reasonable maximum.
secrets
■ Layout
You want to create a professional looking
layout — for example an initial paragraph that
spans the page followed by newspaper style
columns for the main document reverting to
single column layout to accommodate
footnotes or a bibliography. The key to this
versatility is to use section breaks. As well as
being able to vary the number of columns in
different sections they can also have different
margins, paper size or orientation. Headers and
footers, line numbering and page numbering
are other aspects that can be controlled within
sections. Use the Break command on the
Insert menu to insert a section break. There
are four options; Continuous is the one to
use for the scenario described above. The
others are to start the section on the next
page or on the next odd or even page, which
are useful options if you want a consistent
Office Part 2: Become more effective in
your use of Office – Janet Swift shares
tips and tricks to save time and add
professional touches
HIDDEN GEMS
27
september 2004
Outlook■ Date and time
Although there s a date picker in Outlook¤
it s often quicker to type in a date rather than
select it. Outlook also has some date shortcuts
that make forward planning easier still. By
using the Appointment dialog if you want to
set up the next quarterly meeting, you don t
need to consult the calendar and count 13
weeks, instead simply type 13w into the
Start time box and Outlook will work out
the date. If an appointment is for 4 weeks
on Friday and today is Wednesday enter
4w2d. It also accepts the shortcuts mo for
month and y for year. There are similar time
shortcuts using m (minute) and h (hour).
When entering a specific time you don t need
to type the colon — Outlook will interpret 945
as 9:45 and 1630 (or 430p, where p stands
for PM) as 16:30.
Publisher■ Working with watermarks
When you circulate a draft document you
may want to add a watermark that reminds
your readers of its status. Equally, when you
produce a final report adding a company logo
as a watermark adds a professional touch. The
first step is to locate or create the picture you
want to convert to a watermark. For the Draft
watermark you could use WordArt — if so use
Save as Picture and then Insert Picture to
modify it. Right-click on the picture and
select Format Picture. Choose Washout from
the dropdown list for the Color box in the
lower part of the dialog and click OK. Now
save the picture under a suitable name in the
My Pictures directory.
There are two distinct options for using
this watermark as a background. In both cases
go to the Master Page of your publication
(using Ctrl + M or via the View menu). One
option is to Select Background from the
Format menu. Click on More Backgrounds,
then in the Fill Effects dialog click Select
Picture, choose your watermark file and click
the Insert button. Clicking OK takes you back
to the Master Page that now appears filled
with a repeating pattern of the watermark.
If you want a single occurrence of the
ghostly text draw a rectangle (or other shape).
Right-click this container and select Format
AutoShape. In the dialog choose Fill Effects
from the dropdown list of options in the Color
box. Click on the Picture tab in the next dialog
and then on Select Picture. Again choose the
watermark file, click the Insert button and
then OK. Use Ctrl-M to close the Master
Page view. ■
Janet Swift is a computer consultant
and author with an extensive
knowledge of Office applications.
Her specialism is spreadsheet
modelling, a topic about which she
has written several books.
Ensure that the Number style is set to (none)
and consider whether to adjust the Number
position — the distance from left margin at
which the bullet text will appear. Increase the
Indent if the paragraphs being preceded by
bullet points are longer than a single line and
you want subsequent lines to be left-aligned.
Excel■ Conditional formatting
Conditional formatting is normally used to
highlight cells to draw the user s attention to
exceptional or important results. However, the
same technique can be used to hide or
downplay insignificant information, which can
be distracting by providing unnecessary detail.
For example, to hide zero values make sure the
Conditional Cell Value is equal to 0 and set font
colour to white — the same colour as the
background. You might prefer to apply a wider
condition — such as values between —1 and +1 —
and make them barely visible by selecting light
grey as the font colour. You can specify up to
three criteria to be applied simultaneously and
can use the cell s border or background as well
as font. For example, you could apply a
multiple condition that added a bright yellow
background to results that out-performed a
target, displayed negative values in red at the
same time as hiding near-zero values in a range.
■ Date and time
There are two well-known functions in Excel
that enter the current date using your PC s in-
built clock into a worksheet. They are
=TODAY() which returns the date in the
default date format and =NOW() which gives
both date and time. The disadvantage of these
functions, if you want to record the time and
date at which something happened, is that the
values entered will change with the passage of
time if these functions are active. You can fix
them by converting them to values (by using
Edit, Copy followed by Paste Special and
selecting Values) but there s a much easier
solution. The keyboard shortcut Ctrl + ; enters
the current date as a fixed value and Ctrl +
Shift + ; enters the time. If you want both date
and time a quick solution is to enter =NOW()
into the cell above the one in which you want it
and then use the shortcut Ctrl + Shift + which
copies the value from the cell above.
FOR MOREINFORMATION
Office Secrets Part 1
Download Part 1 of Office Secrets in
the archived February 2004 issue of
FYI at www.microsoft.com/uk/fyi
Office
To find out more about Office visit
www.microsoft.com/uk/office
29
september 2004
Perhaps you could start by explaining the
overall mobile strategy within Microsoft?
MS: We�re investing in the tools and
programming environments that will enable
developers worldwide to create a wide range
of applications that will differentiate mobile
devices running Microsoft technology from
those running software from other companies.
Companies can then deploy the technology
to their mobile workforce. We want to extend
the value to customers who are using our .NET
servers, so that they can use mobile devices as
part of their corporate IT infrastructure.
JW: Because we offer the .NET Framework
on mobile devices, it�s now really easy for
developers who are already familiar with
our Visual Studio development platform
to create applications that will run on
mobile devices.
Why should an IT pro be interested in
what Microsoft is doing in terms of the
.NET Framework?
JW: The .NET Framework also brings
advantages for the IT pro. It makes it easy to
deploy applications on mobile devices. The
way the Framework itself is deployed means
that the actual applications are small,
simplifying the task of distributing the
software to the mobile devices. And the use of
the Framework makes it easier for developers
to deploy and maintain their code.
Finally, the use of the Framework means
that developers can use familiar programming
environments such as Visual Basic® on their
PCs to create their own applications to run on
mobile devices, so reducing costs and adding
flexibility to the mix. We envisage IT pros
will create applications to monitor server
processes, for example, with the results
provided in SMS messages to mobile devices,
or other �make my life simpler�type
applications that help IT pros to be more
effective in their day to day roles.
MS: Our stated goal is to empower people so
that they can reach their full potential. If you
think about that with respect to mobile devices,
we have the potential to offer richer levels of
information, which in turn will make
organisations and individuals more effective.
If we look in particular at the knowledge
worker level, for mobile professionals the
important thing about mobile devices is �it�s
in my pocket, with me at all times�. That
enables us to build a wide range of applications
to assist mobile professionals in their work.
If a company is selecting a particular type
of mobile device as the company standard,
how can they make the ‘right’ decision
whilst providing a level of future proofing?
MS: Looking to the future, I believe the
market will both widen and become more
focused. That sounds contradictory, but
I foresee a wider range of devices in terms
of the form factors, the physical types of
device. But at the same time, it�s reasonable
to expect convergence, a blurring between
what are currently different device categories.
If a device lets you make phone calls, type
emails, run applications, and store multimedia
files, is it a Smartphone, or a PDA, or what?
From a Microsoft perspective, the most
important thing is to offer a powerful
platform that is familiar to the end user and
consistent to the developer, with a standard
operating environment. It�s a similar
situation to that of current laptops � you might
choose a laptop with a low weight, small
screen and lack of expandability for some
purposes, while other users would choose a
large screen, lots of expansion options, and
be willing to accept the increased weight that
comes with those features. But a user of the
lightweight small laptop could confidently
sit down in front of the high-end machine
and be able to use it without trouble.
Mobile devices are carried around away
from the corporate environment. If they are
increasingly used to access corporate IT
resources, how can IT pros ensure that
security is maintained?
JW:This is one of the advantages of using
the .NET Framework, because it�s built with
security in mind from the ground up, which
means it�s easy to crank out secure applications.
MS: It�s also important to look at mobile
security in the context of Microsoft�s overall
commitment to Trustworthy Computing.
For the Windows Mobile� business, security
is core from the standpoint of making sure
that every level of the stack has security
factored in. In addition to the security that
is found in other sectors, mobile devices also
need to be secured to prevent unauthorised
access. It�s possible to provide a range of
security measures � authentication measures,
encryption for files or data stored on the disk.
There are also some great examples of ways
that mobile devices can be secured using their
own strengths. For example, over the air
provisioning policies enable companies to
send a set of commands to a device. So, if
a user reports their Windows Mobile device
as lost or stolen, commands can be sent to
lock the device, delete sensitive data, and turn
it off with instructions not to restart.
Those commands will be executed
immediately � as soon as the next incoming
message is received, or the next time the device
is turned on. Of course, over the air
provisioning isn�t just used for security � it
can be useful to update client software on the
device, so avoiding the need to recall devices
for software updates.
How do you see the use of mobile devices
changing in the future, particularly with
relation to corporate IT infrastructures?
MS: We recognise that companies have
investments in terms of their infrastructure
products and their desktop applications, and
that they are familiar with their tools and
developer products. Mobility is becoming
baked in across the board, particularly in the
current set of products.
For example, if you look at Exchange
Server, in the 2000 release, there were extra
licences to be acquired and configuration to
be carried out in order to extend high fidelity
messaging to users of mobile devices. In
Exchange Server 2003, the mobile support is
integrated as a core attribute, so every set of
customers has the integrated capabilities.
The same model applies across the board �
SQL Server, Visual Studio, Office, Windows
Server 2003 � our current releases of products
come with built-in support for mobile devices
to allow customers and partners the ability to
maximise their investments.
JW: From the developer�s perspective, we�ve
extended the tools to target mobile devices,
with the goal of turning PC developers into
mobile developers. The great thing is that it�s
just a matter of awareness.
We�ve got millions of developers with both
the knowledge and the software to develop
applications for mobile devices, and the route
towards creating applications is easy. The
message is very clear � now is the time to
have a look at mobile.
For more information
www.microsoft.com/windowsmobile
For information about the .NET Framework,
visit www.microsoft.com/net
For Microsoft mobile devices UK, visit
www.microsoft.com/uk/windowsmobile
FYI talks with Mark Spain, Microsoft’s Director of Worldwide Developer
and Partner Programs for Windows Mobile, and Jonathan Wells,
Product Manager of the Microsoft .NET Framework
The future of mobile
Q & A
Mark Spain
Director of Worldwide Developer
and Partner Programs for
Windows Mobile
MODEL ENTERPRISE
september 2004
30
As with other large enterprises, the adoption of
new technologies across Microsoft s existing
systems is incremental. However, unlike other
organisations, Microsoft IT has the added
objective of trialing new solutions to ensure the
oganisation remains a model enterprise by
demonstrating the value of Micrsosoft products
and solutions. As major projects arise for new or
upgraded internal applications, they are
implemented using the .NET Framework and
XML-based technologies. The three projects
reviewed here used different .NET technologies
available at the time to deliver both measurable
and qualitative benefits.
Release Services ManagerAn early success (in 2001) for .NET within
Microsoft, was the 2.0 version of Microsoft s
Release Services Manager (RSM). RSM is a
line-of-business application that supports the
electronic delivery of product information to
manufacturing vendors and business partners
and provides Microsoft with real-time access to
product and release data. The application
requires a complex User Interface (UI) and the
previous ASP-based UI involved time-
consuming navigation through many pages.
For RSM 2.0, a smart client application
was developed with less effort than the
planned project modifying the web-based
UI. This Windows Forms application uses
.NET Framework classes to manipulate files
on the client computer. Multithreading
techniques maximise performance and let
the UI remain responsive.
RSM ExplorerWindowsForms
Executable
RSM ExplorerWindowsForms
Executable
RSM ExplorerWindowsForms
Executable
RSM ExplorerWindowsForms
Executable
QueryingWeb Service
Win
dow
s S
ervi
ce(c
ache
s ap
plic
atio
n an
d us
ersp
ecifi
ed s
ecur
ity in
form
atio
n)
ServiceRequest
Web Service
Common Classes(DataLayer, Common, XML Helper, Error Handler)
RSM 2.0 Windows Forms Smart Client
Presentation Tier
Middle Tier
Database Tier
Microsoft ADO.NET
HTTPS/SOAPtransport
.NET Remotingcaching datastored andtransferred
Fig 1: RSM 2.0 Smart Client ApplicationArchitecture
.NET stepsup to the markAndy Thomson reviews the benefits that .NET tools and languages
have brought to some of Microsoft’s own business systems and
finds out what types of project .NET had been used for and how
successful these projects have been
Transaction ServerSQL Server 2000
ESSENTIALSUMMARY
.NET isn’t just important to developers,
it has implications for IT pros as well.
This article explains how Microsoft has
implemented and is making use of
.NET, identifying the benefits the
organisation has gained as a result and
illustrating how you as an IT pro can
make the best use of it.
BUSINESS VIEWPOINT
The benefits of an XML and ASP.NET-
driven system are:
■ Solutions based on .NET are flexible
and accessible from smart clients
or URL-activated Windows Forms
applications are easy to deploy
■ Clients can access the main business
logic very flexibly using web services
technologies
■ A sound technical and management
infrasctructure simplifies and
standardises the development of
reusable web services
■ For ASP.NET web applications, custom
handlers can be linked to XML content
to create an efficient yet flexible
framework for even the largest
corporate web site
MODEL ENTERPRISE
31
september 2004
The smart client interacts with several XML
web services that provide the middle tier
business logic [see Figure 1 (left)]. These,
in turn, communicate with the SQL Server
2000 database using ADO.NET. Web services
technology enables lightweight, distributed
components to work in environments
employing firewalls and Network Address
Translation (NAT) software, as well as
abstracting the inner workings of a component
and the clients using it. The web services also
interact with a Windows Service specifically
written to support caching of application-
specific or user-specific security information.
The icing on the cake, with regard to smart
client Windows Forms applications like the
RSM 2.0, is deployment to a user s machine by
means of one-click URL-activation. This
means the smart client executable files and
DLLs are made available from an Internet
Information Services (IIS) server virtual root.
When the user navigates to the web site to use
the application, the files are downloaded and
installed automatically on the user s
workstation. Also known as no-touch
deployment , the server is checked for updated
components and the client updated
automatically whenever the code runs.
The smart client version (2.0) of RSM
yielded several benefits, including:
■ Increased application functionality
and automation
■Aricher and more flexible user interface
■ Better performance in the user interface with
background processing
■ Fewer deployment issues, by virtue of URL-
activation and automatic updating, which
improves application supportability
■ Reduced application maintenance costs
■ Improved security because downloaded
applications run under the code access
security policies enforced by the common
language runtime.
Account Explorer and AlchemyAdifferent approach was taken for the Account
Explorer web-based application, developed by
the Sales and Support IT team to address the
issue of customer and partner information being
held in different databases, each with its own
front-end application, security credentials and
query mechanism.
Rather than force sales users to repeatedly
query each system, Account Explorer users see
a My Accounts home page, which provides
a choice of customer data views, drawn as
required from the Microsoft Sales database,
a Siebel CRM application, the Clarify Product
Support Services tracking tool and a
worldwide marketing database.
Account Explorer was, in fact, a client to an
important set of web services, known as
Alchemy, which provides the information
integration services. Written using Microsoft
Visual Studio .NET and the Microsoft .NET
Framework 1.0 in just eight weeks, this
integration layer exposes all four data-source
systems through a single set of web services.
Within the Alchemy layer, the development
team achieved integration with Clarify and the
marketing database by using ADO.NET and
standard database calls because no updates were
needed in these systems [see Figure 2 (right)].
They took advantage of the COM Interop
feature in the .NET Framework to re-use
existing Siebel business objects. By taking this
approach, they were able to easily achieve read
and write access into Siebel data without having
to worry about the low-level details of how the
application actually stores this information.
The major benefit of the web services-based
Alchemy layer is re-use cost savings. Originally
developed for use with Account Explorer,
Alchemy services have since been leveraged in
many other applications that draw on
customer-related data.
The .NET Platform Strategy Group used the
Alchemy web services interface into Siebel in
building a tool called the .NET Evangelism
Factory. This tool allows users to view relevant
data in whatever manner makes the most sense
— by customer, events, initiatives, products,
technologies, or supporting content. Because
the Alchemy layer returns data to the application
in XMLformat, developers enjoyed complete
freedom in determining how to present
information to the user. The application was
delivered just weeks after the Alchemy layer
had been completed, and also takes advantage
of other web services within Microsoft.
Web Services Development andManagement SolutionAlthough projects like RSM 2.0 and Alchemy
HTTP Request
Return XML Data Format
Fig 2: The Account Explorer andAlchemy hardware architecture
COM-basedapplications
had been highly successful, Microsoft IT
recognised that there was too much diversity
among developers of web services with respect
to tools, languages, configuration settings,
deployment methods and variations of
standards. This gave rise to an IT management
and infrastructure initiative — the Microsoft IT
Group s Web Services Development and
Management Solution — designed to reduce
duplication of effort, apply standards and get the
most benefit from web services-based projects.
The Web Services Development and
Management Solution involved creating two
main subsystems: the Alchemy Backend and
the Alchemy Interface . The Alchemy Backend
The major benefit ofthe web services-based Alchemy layeris re-use... Alchemyservices have sincebeen leveraged inmany otherapplications thatdraw on customer-related data
Web Server
Web ServiceServer
SQL Server
MODEL ENTERPRISE
september 2004
32
provides services for data management,
transaction history storage, service registration
and execution verification. It also handles the
interaction and storage of web services
configuration data including system users, roles
and operational metrics. The Alchemy Interface
handles all incoming and outgoing Simple
Object Access Protocol (SOAP) request/
response transactions. An identical Alchemy
Interface runs in-process in the consuming
Visual Studio.NET 2002
WSE 1.0
.NETFramework 1.0
Visual Studio 2005
2002 &Prior
Visual Studio.NET 2002
.NETF ramework 2.0
WSE 2.0
BizTalkServer 2004
SQLServer 2005
2006 andbeyond
Win FX (partof Longhorn)
Visual StudioOrcas
.NETFramework 1.1
Fig 3: Microsoft IT Web Services Development and Management Solution
Fig 4: Masthead, Navigation and FooterElements surround the central content pane
application and the web service provider. By
default, interaction with the Alchemy Interface
is abstracted entirely from the host application.
The implementation of the Alchemy Interface
was based on Microsoft .NET Framework 1.0
[see Figure 3 (left)]. Web services
enhancements (WSE) is based on the latest
enhancements to web services, as standardised
by WS-I.Org. These evolving web services
specifications provide support for binary
MODEL ENTERPRISE
33
september 2004
message attachments and security features such
as digital signatures and encryption.
Furthermore, WSE will interoperate out-of-the-
box with non-Microsoft platforms that
implement the WS- series of advanced web
services specifications. The internal web
services development and management solution
now supports most of the organisation s web
services and provides a number of benefits:
■Aframework for building, deploying,
maintaining and managing web services
■ The solution abstracts away most
configuration settings as administrative
parameters that can be configured
centrally. These include settings for
authentication, digital signing and
encryption and messages.
■Acommon set of administrative tools are
used to deploy web services in development,
test and production environments.
■ Reduced time and effort required to develop,
test and deploy new web services. Based on
the experience of Microsoft IT with several
projects, a web services implementation
that, in the past, required four to six months
of effort is reduced to four to six weeks.
■ Proactive management of service level
agreements for web services
Microsoft.comOriginally, the vast Microsoft.com domain
embraced a loose federation of disparate
websites, designed and built as required by
individual business units and product groups
within Microsoft. Although this model was
attractive to those content-owners, different
navigation mechanisms, styles and layouts
led to an inconsistent customer-experience.
Astandard corporate look and feel was needed.
The key to this standardisation is a
presentation framework developed on the
Microsoft .NET Framework and written in
Visual C#¤ , ASP.NET, XML, and XSLT.
The framework includes a custom ASP.NET
HTTPhandler written using C#. Pages that use
the presentation framework have the .mspx
filename extension, which is registered in
Microsoft Internet Information Services (IIS)
on the web servers. When a Microsoft.com
web server receives a request for an .mspx page,
this custom HTTP handler intercepts the call
and passes it to the framework for processing.
The presentation framework locates and
retrieves the XML content from the data
store to construct the page. Both the page
and the XML content are cached for
subsequent requests.
Within the file that holds the content for the
page, XMLtags identify the content template to
be used. The framework retrieves the appropriate
template and uses a series of XSLTs to assemble
the page, including the masthead, the footer, and
the primary navigational column, finally
rendering the content within the content pane.
The specific elements of each page (for
example, the template, branding elements and
locale) are identified in a set of XML
configuration files [see Figure 4 (page 32)].
Generally, site owners maintain the
configuration files, which hold information
for all the pages within a site.
The centre of the page displays the page s
unique content using a choice of 15 XML-
based templates. The templates include
XML schemas that define the content
types and XSL transformations to render
the display.
From these examples, we can see that .NET
has enabled Microsoft to build solutions in
acelerated timeframes using the architecture
model that was right for the business. ■
Andy Thomson is a Principal Technologist
with QA, the UK's leading independent
IT Training provider.
GlossaryACLAccess Control List. A list of security
protections that applies to an object. An
entry in an ACL is an access-control entry
(ACE). There are two types of ACLs:
discretionary and system.
ADAMActive Directory Application Mode. An
independent mode of AD, minus
infrastructure features, that provides
directory services for applications. It
provides a data store and services for
accessing the data store.
ADMTActive Directory Migration Tool. It
provides an easy, secure and fast way to
migrate from Windows NT to the Windows
2000 Server AD service. It can also be
employed to restructure Windows 2000
AD domains.
ADSIActive Directory Service Interfaces.
Abstracts the capabilities of directory
services from different network providers
in a distributed computing environment to
present a single set of directory service
interfaces for managing network resources.
COM InteroperabilityAservice that enables .NET Framework
objects to communicate with COM
(Component Object Model) objects.
Data miningThe process of using automated methods to
uncover trends, patterns, and relationships
from accumulated electronic traces of data.
IPSecInternet Protocol Security. Aframework of
open standards for ensuring private, secure
communications over Internet Protocol (IP)
networks, through the use of cryptographic
security services.
MDXMulti-Dimensional eXpressions. Asyntax
used for defining multi-dimensional objects
and querying and manipulating multi-
dimensional data.
OLAPOnline Analytical Processing. Atechnology
that uses multi-dimensional structures to
provide rapid access to data for analysis.
SOAPSimple Object Access Protocol. Asimple,
XML-based protocol to exchange structured
data and type information on the Web.
WMI Windows Management Instrumentation.
Acomponent of the Microsoft Windows
operating system and is the Microsoft
implementation of Web-based Enterprise
Management (WBEM), which is an
industry initiative to develop a standard
technology for accessing management
information in an enterprise environment.
WSEWeb Services Enhancements. The WSE for
.NET provides access to features specified
in the XML web services architecture, also
known as the web services specifications,
by building on the programming model for
web services created using ASP.NET.
.NET projects
Find out more about RSM 2.0, Account
Explorer, Alchemy and other major .NET
projects at www.microsoft.com/services/
microsoftservices/msnet_sol.mspx
Microsoft.com technology
Get further details of the microsoft.com
web site technology at
www.microsoft.com/backstage/
bkst_column_46.mspx
Microsoft case studies
To access information relating to
Microsoft case studies, please visit
www.microsoft.com/uk/casestudies
Microsoft training
For information about training, visit
www.microsoft.com/uk/learning/find-training
Microsoft.NET framework
www.microsoft.com/net
Don’t miss the webcast follow-up
at 2pm on 23 September. Please visit
www.microsoft.com/uk/technet/
training/webcasts.mspx
FOR MOREINFORMATION
If you sometimes find you need a little help keeping up with the latest industry terminology, take a look at our list below. If you stillcan’t find what you’re after you may track it down at: www.microsoft.com/resources/glossary/default.mspx
september 2004
34
Windows Server 2003I’ve just upgraded to WindowsServer 2003 from Windows 2000Server. Prior to doing the upgrade,I backed up the System Stateusing the Windows Backup utility. I started a manual restore to getback the System State, but thecomputer won’t restart. Why?The reason this happens is that the System
State restore operation was started when
Windows Server 2003 was installed in the
C:\Windows folder, whereas the System State
backup was created when Windows was
installed in the C:\Winnt folder.
By default, Windows 2000 is installed in
the C:\Winnt folder. Therefore, when you
upgrade to Windows Server 2003, Windows
uses the C:\Winnt folder. However, when you
perform a new installation of Windows Server
2003, Windows is in fact installed in the
C:\Windows folder. Because the System State
was backed up from the C:\Winnt folder, the
Backup utility cannot find the Windows
installation in the C:\Windows folder.
This issue does not occur when you use
the Automated System Recovery (ASR)
wizard to save and restore the system files
and configuration settings.
The solution to the problem is to perform a
second installation of Windows Server 2003.
When you do this, Windows discovers the
existing installation in the C:\Windows folder,
and then you are prompted to specify another
folder for the installation. When this occurs,
you can specify the C:\Winnt folder. You can
then restore the System State by using the
backup that now matches the location of the
Windows installation in the C:\Winnt folder.
Windows UpdateWhen I use the Windows Updatescan feature, the scan quicklyreaches 100 per cent, and thendisplays the ‘There are no updatesavailable at this time’ message.The log file contains error0x800c0008 or 0x80072EE4. The error is caused by Secure Socket Layer
(SSL). The scan process requires SSL and if
the date and time on your computer varies too
much from the valid date and time of the SSL
certificates on Windows Update, the process
will fail. Make sure that your computer�s date
and time are accurate and that the Internet
Explorer language option is not empty.
You can do this from Internet Explorer�s
Tools menu, from where you should select
Internet Options, Languages. Make sure at
least one language is listed in the �Language
Options� dialog box. You should also delete
the Internet cache and cookies using the
Internet Options from the Tools menu. Click
�Delete Cookies�, then click �Delete Files�.
MOMWhen I am using the MicrosoftManagement Console (MMC) in
Microsoft Operations Manager(MOM), if I click the All Agentsoption, some of the agents display a red down-arrow. The red down-arrow is an indicator that the
Consolidator does not pick up a �heartbeat�
signal from those agents. The arrow remains
until the agent has successfully sent a signal
to the Consolidator at the next heartbeat. You
don�t need to worry if the red arrows appears
to stay for some time, as this is normal
behaviour if the interval between heartbeats
is long. The default interval is 10 minutes.
You may sometimes see all MOM
components displaying a red down-arrow.
This happens if the agent on the Consolidator
misses a heartbeat.
You can reduce the amount of time that the
arrows remain on display by specifying a
shorter time between agent heartbeats. In the
Microsoft Operations Manager MMC, go to
Global Settings under Configuration.
In the right pane, double-click Agents.
Click the Heartbeat tab, and then set the
heartbeat interval to a shorter time period, for
example 60 seconds. Click OK. Right-click
Rules, and then click Force Configuration
Changes Now.
To verify the change, click All Agents
under Monitor, and then note the Last
Contact time.
SQL ServerHow can I set the database to
single user mode and restrict theaccess to dbo use only?In SQL Server 2000, a database cannot be in
single-user mode with dbo use only. Instead,
several alternative options are available by
using the ALTER DATABASE command.
The choices are:
■ ALTER DATABASE database SET
SINGLE_USER.
■ This command restricts access to the
database to only one user at a time.
■ ALTER DATABASE database SET
RESTRICTED_USER.
■ This command restricts access to the
database to only members of the
db_owner, dbcreator, or sysadmin roles.
■ ALTER DATABASE database SET
MULTI_USER.
■ This command returns access to the
database to its normal operating state.
Do I need to use the multi-protocol network library to enable encryption?No, Microsoft SQL Server 2000 can use the
Secure Sockets Layer (SSL) to encrypt all
data transmitted between an application
computer and a SQL Server instance on a
database computer. The SSL encryption is
performed within the Super Socket Net-
Library (Dbnetlib.dll and Ssnetlib.dll) and
applies to all inter-computer protocols
supported by SQL Server 2000. ■
FAQS
Our panel of Microsoft support experts tackle
some of your frequent product issues
Expert advice: The Microsoft PSS
team. If you want to pose a
question to the team, email:
QUESTION TIME
M992