September 2004 Windows-based Hosting Solution Luis Miguel García Microsoft.

September 2004

Windows-based Hosting SolutionWindows-based Hosting Solution

Luis Miguel GarcíaMicrosoft

Windows-based Hosting 3.0GoalWindows-based Hosting 3.0Goal

The solution provides knowledge, tested best practices, tools, code samples, and scripts to enable you to plan, practice deploying, and then efficiently deploy a high-volume hosting solution using Microsoft technologies.

How Windows-based Hosting version 3.0 Improves the Customer ExperienceHow Windows-based Hosting version 3.0 Improves the Customer Experience

Monitoring and Reporting• Monitor server or service failure• Mine data• Create customer reports

Centralized Management• Use Group Policies• Improve and scale the administration of multiple servers

Update Management• Provide security alerts• Apply security updates• Reconfigure existing servers

Server Purposing• Build a new server• Repurpose existing servers

11

22

44

33

Windows-based Hosting Solution Components (2 of 2)Windows-based Hosting Solution Components (2 of 2) Hosted Services Components:

Hosted Exchange 2003 Service and LCS

Web Hosting

Data Hosting

Windows SharePoint® Services Hosting

Windows-based Hosting Solution Components and Technologies UsedWindows-based Hosting Solution Components and Technologies Used

Windows-based Hosting Windows-based Hosting solution componentsolution component

Microsoft technologies Microsoft technologies usedused

Server Purposing Automated Deployment Services (ADS)

Centralized Management Active Directory®

Update Management Microsoft Software Update Services (SUS)

Service Provisioning Microsoft Provisioning System (MPS)

Monitoring and Reporting Microsoft Operations Manager (MOM)

Web Hosting Internet Information Service (IIS)

Data Hosting SQL Server™

Windows SharePoint Services SQL Server™

Logical DiagramLogical Diagram

Active Directory: Recommended Design Single ForestActive Directory: Recommended Design Single Forest

CustomerLevel

DomainLevel

Acmehost.com

ResellerLevel

Hosting

Admin

Admin

Customer4

Admin

Customer3

Admin

Customer2

Admin

Customer1

[email protected]

Joebobhost.com

[email protected]

Sallyhost.com



Web Hosting

Data Hosting


Overview of Hosted Exchange 2003Overview of Hosted Exchange 2003

Hosted Exchange 2003 allows you to offer rich messaging services for consumers and small office/home office and small-to-medium sized enterprises.

You can offer a broad range of services that go from basic e-mail up to higher value services, such as providing additional storage, hosting vanity domains and calendars.

Overview of Hosted Exchange 2003 – User ExperienceOverview of Hosted Exchange 2003 – User Experience Customer isolation in Active Directory®, address

lists

Consumer users

Clients and protocols HTTP – Outlook® Web Access (OWA) POP3/IMAP4 RPC over HTTPS – Outlook 2003

Automated provisioning

Delegated administration

Monitoring and reporting

Experiencia de usuario finalMicrosoft Outlook: Cliente“rico” de correoExperiencia de usuario finalMicrosoft Outlook: Cliente“rico” de correo

Modo cacheado de Exchange aisla a usuario final de posibles problemas de red

Acceso HTTP/HTTPs desde Outlook (no necesario VPNs)

Compresión MAPI en servidor y empaquetado del buffer

Posibilidad de supervisar el Rendimiento

Filtros avanzados para correo no solicitado

Listas de seguridad para mayor control de correo no solicitado

Bloqueo por defecto de HTML Externo

Autenticación Kerberos

entre Outlook-Exchange

Experiencia de usuario finalMicrosoft Outlook: Cliente“rico” de correo

Experiencia de usuario finalMicrosoft Outlook Web Access (OWA) : Básico o Premium


•Cliente Premium muy cercano a Outlook 2003•Mejor rendimiento•Modos básico/avanzado•Features: Spellcheck, Tasks, Rules•Seguridad: S/MIME, Timed Log-off, bloqueo de direcciones y de attachments


Experiencia de usuario finalMicrosoft Outlook Web Access (OWA) : Calendario

Experiencia de usuario finalAcceso desde dispositivos móviles (basados en Windows Mobile)

Experiencia de usuario finalAcceso desde dispositivos móviles (basados en Windows Mobile)

Sincronización de correo, tareas y calendario

AUTD : notificación SMS para sincronización automática

Experiencia de usuario finalAcceso desde todo tipo de dispositivos móviles: Outlook Mobile Access (OMA)

Experiencia de usuario finalAcceso desde todo tipo de dispositivos móviles: Outlook Mobile Access (OMA) Soporte para HTML, Extensible HTML

(XHTML), Wireless Application Protocol (WAP) 2.x, y HTML (CHTML iMode)

Usar Email Borrar, Marcar, hacer seguimiento Escribir, Reenviar, Responder Acceder a la estructura de carpetas

Encontrar Contactos Buscar en las libretas de direcciones Establecer llamadas y enviar mensajes

Calendario Ver y Crear reuniones Aceptar, Hacer Tentativas, Declinar Responder a peticiones o cancelaciones de

reuniones

Tareas Actualizar, marcar como acabada, tomar notas

Contactos Visualizar y Añadir contactos

Overview of Hosted Exchange 2003– Solution ContentsOverview of Hosted Exchange 2003– Solution Contents Documentation

Pub Studio content viewer PDF’s for printing

Reference architecture Fully prescriptive deployment steps

Code Provisioning Monitoring and reporting MakeGAlLinked.exe SMTP Domain Event Sink RPC over HTTP profile configuration Web site

Fully tested PSS supported

StepsSteps

Improvements in Back-end Exchange 2003Improvements in Back-end Exchange 2003

Improvements related to back-end server deployment include: Support for 8-node clustering

Memory management

Permissions model

Improvements in Front-end Exchange 2003Improvements in Front-end Exchange 2003

Improvements related to front-end server deployment include: RPC proxy server

Outlook Mobile Access (OWA)

Exchange ActiveSync®

OWA forms-based authentication

OWA S/MIME

OWA compression

Improvements in Client ConnectivityImprovements in Client Connectivity

You can give customers more options for accessing e-mail, calendar, and contact information:

Outlook 2003

Outlook Web Access 2003

Outlook Mobile Access

ActiveSync

You can integrate a self-provisioning Web site for customers with the Hosted Exchange Web service methods and MPS. Through the site, a users could:

Update their Outlook profile settings.

Automatically configure their Outlook 2003 to connect directly through the Internet to Hosted Exchange 2003.

Hosted Exchange Services

Exchange Front-end Servers

SMTP:EXSMTP01EXSMTP02

OWA/POP/IMAP and RPC Proxy:

EXFE01EXFE02EXFE03

Exchange Back-end Server Cluster (4+1)

EXBE01EXBE02EXBE03EXBE04EXBE05

Exchange ServersExchange Servers

Front-end Exchange ServersFront-end Exchange Servers

Eight client access methods Outlook® Web Access (OWA)

Outlook Mobile Access (OMA) ActiveSync®

Simple Mail Transfer Protocol (SMTP)

Post Office Protocol 3 (POP3)

Internet Message Access Protocol, version 4 (IMAP4)

Full Messaging Application Programming Interface (MAPI)

Outlook over the Internet (RPC/HTTP)

Front-end roles are divided into servers based on the protocols used

Back-end Server Software RequirementsBack-end Server Software Requirements

All five nodes of the back-end Exchange 2003 Server cluster must run the following software: Microsoft Windows Server™ 2003, Enterprise

Edition

Microsoft Exchange Server 2003, Enterprise Edition

Note: You You mustmust install the security update described in the Microsoft Security Bulletin MS03-026 on install the security update described in the Microsoft Security Bulletin MS03-026 on Windows Server 2003.Windows Server 2003.

Note: You You mustmust install the security update described in the Microsoft Security Bulletin MS03-026 on install the security update described in the Microsoft Security Bulletin MS03-026 on Windows Server 2003.Windows Server 2003.

Back-end and Front-end Server ArchitectureBack-end and Front-end Server Architecture

Platform ServicesWeb and Data Hosting

Hosted Exchange Services

Border Router Perimeter/NetPerimeter/NetPerimeter/NetPerimeter/Net Perimeter Firewall Services

Packet and Port FilteringSSL TerminationStateful InspectionApplication Filtering

FrontNetFrontNetFrontNetFrontNet

BackNetBackNetBackNetBackNet

BackUp-Build-NetBackUp-Build-NetBackUp-Build-NetBackUp-Build-Net

Exchange Front-end Servers

SMTP:EXSMTP01EXSMTP02

OWA/POP/IMAP and RPC Proxy:

EXFE01EXFE02EXFE03

Web HostingWEB01

External DNSDNS01DNS02DNS03DNS04

Patch Management

SMS01

Provisioning Front-end

PROV01

Backup and Restore

Exchange Back-end Server Cluster (4+1)

EXBE01EXBE02EXBE03EXBE04EXBE05

Data HostingShared

SQL01Dedicated

SQL02

Monitoring and Reporting

MOM01MOMSQL01

Active Directory

AD01AD02

Service Provisioning

MPS01

Server Purposing

ADSC01

RPC over HTTP PortsRPC over HTTP Ports

Considerations for Defining Service Level AgreementsConsiderations for Defining Service Level Agreements Defining service level and service level

agreements (SLAs)

Considerations for Exchange Server requirements

Considerations for monitoring and reporting requirements

Considerations for provisioning requirements

Colaboración en tiempo real: VisiónColaboración en tiempo real: Visión

Conectar personas e informaciónen tiempo real aumentando la eficiencia del negocio y acelerando la toma de decisiones

Colaboración multimodal Fácil de usar, integrado con las aplicaciones existentes y

extensibles Integrado con la infraestructura existente Disponibilidad Seguridad

PlataformaCliente

Client API

Windows Messenger

5.0

Third-party Client

Third-party Automation

SIP

Third-party Application

Third-party Script

Client API


Audio/VideoAudio/Video

Application SharingApplication Sharing

Remote AssistanceRemote Assistance

Instant MessagingInstant Messaging

NotificationsNotifications

PresencePresence

File TransferFile TransferWhiteboardingWhiteboarding

Experiencia de usuario sencillaExperiencia de usuario sencilla

Windows Messenger 5.0 integra distintos tipos de sesiónWindows Messenger 5.0 integra distintos tipos de sesión

PlataformaServidor

Client API

Windows Messenger

5.0

Third-party Client


SIP


Third-party Script

Client API


Basado en SIP Basado en SIP

Protocolo sencillo que provee localización, negociación y gestión

Funciones INVITE, ACK, BYE, CANCEL, OPTIONS, REGISTER

SUBSCRIBE, NOTIFY, MESSAGE

Requiere de cliente y servidor Session and state is maintained by the endpoints

User Agent - UA Client, UA Server

Registrar, Redirector and Proxy (funciones de servidor)

Otros protocolos internos a SIP Session Description Protocol (SDP)

SIMPLE ExtensionsSIMPLE Extensions Alternative to Wireless Village (IMPS) and XMPP (Jabber) Supported by Microsoft, IBM, Sun, Oracle, Cisco, Avaya dynamicsoft,Nokia, Ericsson,

Nortel

A framework for event notifications Presence changes are the focus, but can be applied to wide range of events PUBLISH: Allows client to inform server of event SUBSCRIBE: Creates a subscription to changes in some state NOTIFY: Informs subscribers of the event change CPIM-PIDF: XML format for conveying presence information (carried in the NOTIFY) RPID: Extensions to CPIM-PIDF for richer presence such as location information

http://www.ietf.org/internet-drafts/draft-ietf-simple-rpid-00.txt

A mechanism for sending instant messages MESSAGE: Carries the instant message. Defined in RFC3428

http://www.ietf.org/rfc/rfc3428.txt

http://www.ietf.org/internet-drafts/draft-ietf-simple-rpid-00.txt

http://www.ietf.org/rfc/rfc3428.txt

Integración telefonía tradicionalIntegración telefonía tradicional

ServerRequerimientosServerRequerimientos

2 X procesadores (1.4 Ghz)

Red: 100 Mb/Sec

2 GB RAM

Disco: 2X40Gb Ultra2 SCSI RAID 0

Total number of

users

Required number

of home

servers

Recommended

number of

front-end

servers

Maximum number

of users per

home server

1,000 1 N/A 10,000

5,000 1 N/A 10,000

10,000 1 N/A 10,000

20,000 2 1-2 10,000

30,000 4 1-2 7,500

50,000 8 2 6,500

100,000 16 2 6,500

150,000 24 4 6,500

PlataformaExtensibilidad

Client API

Windows Messenger

5.0

Third-party Client


SIP


Third-party Script

Client API


Ejemplos de integraciónEjemplos de integración

Agente inteligente: SQL Server for Notification Services y alertas (Servicio de alertas helpdesk)

Enrutamiento de llamadas que entren fuera del horario de trabajo a un sistema contestador

Definición de un contacto virtual que enrute la llamada al contacto desocupado (HelpDesk)



Web Hosting

Data Hosting


Web Hosting BenefitsWeb Hosting BenefitsBenefitBenefit DescriptionDescription

Increased Web server reliability and availability

IIS 6.0 features a new, fault-tolerant architecture with health monitoring and process recycling that significantly increases the reliability of your Web server infrastructure.

Easier server management

IIS 6.0 features new management tools that reduce the time it takes to manage your Web server infrastructure, including a plain text XML configuration file that can be modified without having to stop the server.

Server consolidationIIS 6.0 is a highly-scalable Web server that provides new opportunities for Web server consolidation and enables more applications to be hosted on a single server.

Faster application development

With Windows Server 2003 and IIS 6.0, application developers benefit from a single, integrated application hosting environment and a broad choice of languages for rapid application development.

Increased securityIIS 6.0 provides improved security for Web servers. IIS 6.0 is locked down by default, limiting the attack surface area through aggressive security defaults.

Web HostingWeb Hosting

Windows-based Hosting 2.0 addresses these new Windows Server 2003 technologies: IIS 6.0

ASP.NET

NAS/UNC

POP3

SMTP

FTP / FrontPage content publishing to same content hierarchy

FTP user isolation support

Web Hosting Scenarios Web Hosting Scenarios The scenarios below describe the most likely configurations for service providers:

Discount Dedicated Hosting The host running IIS is dedicated to the exclusive use of one customer

and there is no Active Directory management of the server or users. Managed Dedicated Hosting

The host running IIS is dedicated to the exclusive use of one customer and Active Directory may be used by the service provider to manage the server, but not the users.

Shared Web Hosting The host running IIS is shared by multiple customers and Active

Directory is used to manage the server and the users. IIS deployments are configured to use Windows Authentication mode. When IIS is integrated with Active Directory in this way, only users with a valid Active Directory account can connect.

Application Hosting The service provider offers either shared or dedicated Web hosting

services and uses Active Directory to manage the server and users. The Web sites hosted in IIS will often be integrated with other applications. IIS deployments are configured to use Windows Authentication mode because Active Directory is used to manage both the server and the users.

StepsSteps

Internet Information Server (IIS) 6.0 ArchitectureInternet Information Server (IIS) 6.0 Architecture

WWW WWW ServiceServiceWWW WWW

ServiceService

Co

nfi

g M

gr

Pro

cess

Mg

r

HTTP.sysHTTP.sysHTTP.sysHTTP.sys

Web GardenWeb Garden

W3WP.exeW3WP.exeW3WP.exeW3WP.exe

ISAPIISAPIExtensionsExtensions(ASP, etc.)(ASP, etc.)

ISAPI FiltersISAPI Filters

Application Pool 2

Application Pool 2


ASP.NET ISAPI

CLR Application Domain



ASP.NET ISAPI



INETINFOINETINFO

metabase

Application Pool 1

Application Pool 1


ISAPIExtensions(ASP, etc.)

ISAPI Filters

Web Gardens and Processor AffinityWeb Gardens and Processor Affinity

Web Gardens Application pool with

multiple worker processes

Connection-based routing within garden

Processor affinity Bind processes to one

or more CPUs

Mask-based configuration

HTTP.sysHTTP.sysHTTP.sysHTTP.sys

Web Garden Application Pool

WWW WWW ServiceServiceWWW WWW

ServiceService

Worker ProcessWorker ProcessWorker ProcessWorker Process

ISAPIExtension

ISAPI Filter

Web Hosting Security OverviewWeb Hosting Security Overview

IIS 6.0 not installed by default Except Web Server Edition

Web Service Extensions Deny all undefined ISAPI and CGI

Improved NTFS permissions

Default Web site is static content only

URLScan-like rules enforced by default in http.sys

Undefined MIME types are not delivered

Applications do not run as System



Web Hosting

Data Hosting


Overview of Data HostingOverview of Data Hosting

Provide Data Hosting services to customers on dedicated servers, shared servers, or both.

Keep customer data secure by using one of two authentication models: The authentication method you choose impacts your

SQL Server deployment for both user authentication and the account under which the SQL Services run.

When you deploy SQL Server, choose between Windows Authentication Mode and Mixed Mode. Active Directory is required for Windows Authentication Mode and is optional for Mixed Mode.

Deploy Shared or Dedicated Servers.

Data Hosting BenefitsData Hosting Benefits

BenefitBenefit DescriptionDescription

Clickstream analysisGain a deep understanding of online customer behavior, so that you can make better business decisions.

Distributed partitioned views

Partition your workload among multiple servers for additional scalability.

High availabilityMaximize the availability of your business applications with log shipping, online backups, and failover clusters.

SecurityEnsure your applications are secure in any networked environment, with role-based security and file and network encryption.

Simplified database administration

Automatic tuning and maintenance features enable administrators to focus on other critical tasks.

Application hostingWith multi-instance support, SQL Server enables you to take full advantage of your hardware investments so that multiple applications can be run on a single server, or outsourced.

StepsSteps

Data Hosting Deployment Scenarios:Shared and DedicatedData Hosting Deployment Scenarios:Shared and Dedicated Shared – one SQL Server shared by multiple customers

Customers usually have some restrictions on how they access this server, and what SQL functionality is available For example, the Microsoft Distributed Transaction Coordinator

(MSDTC) may be disabled.

Dedicated - one SQL Server per customer Windows-based Hosting solution doesn’t recommend

placing IIS and SQL Server on the same server

Customers typically have more freedom to use all the functionality of SQL Server (unless managed by service provider, in which case some restrictions may apply)

Book 7: Data Hosting in Volume 2: Windows-based Hosting TechnologiesSee section “Deployment Options”

Data Hosting Deployment Scenarios: Active Directory ConsiderationsData Hosting Deployment Scenarios: Active Directory Considerations Uses User and Computer Management

Offers the most secure and scalable management model for SQL Server hosting

Reference architecture recommendation Could use Active Directory for SQL Server Administration

and Computer management and SQL Security for users

Active Directory performs authentication for SQL Server users

Domain-based model (requires domain controller) Administration and security through Active Directory SQL permissions granted to accounts in Active Directory

Reference architecture recommendation Other Models: Mixed, Stand-alone

Book 7: Data Hosting in Volume 2: Windows-based Hosting TechnologiesSee sections “Directory Considerations” and “Directory Models”

Data Hosting - Network Configuration and Security for SQLData Hosting - Network Configuration and Security for SQL

SQL ports necessary for discovery and connection to the server are only accessible from servers located in your data center

Reference architecture doesn’t support external connectivity directly to SQL Server

Provides Enterprise Manager access to customer databases, without opening SQL ports to the Internet

Offer Virtual Private Network (VPN), through firewalls, for customer applications that need access, from the Internet, to internal databases

Firewall port configuration Outside of reference architecture Allows enterprise manager or application access through firewall

Reference architecture uses Active Directory SQL Server must communicate with an Active Directory domain

controller Ensure any firewall between SQL Server and the Active Directory domain

controller is configured appropriately for Active Directory authentication traffic

Book 7: Data Hosting in Volume 2: Windows-based Hosting TechnologiesSee sections “Network Considerations,” “Network Security,” and “Customer Access to Enterprise Manager”



Web Hosting

Data Hosting


Windows SharePoint Services OverviewWindows SharePoint Services Overview

Windows SharePoint Services Hosting allows you to create Web sites for information sharing and document collaboration.

Windows SharePoint Services is a component of the Windows Server 2003 information worker infrastructure that: Provides team services and sites to Microsoft

Office System and other desktop programs.

Serves as a platform for application development.

Windows SharePoint Services Benefits Windows SharePoint Services Benefits BenefitBenefit DescriptionDescription

Advanced file sharingWindows SharePoint Services supplies Web sites with document storage and retrieval with check-in and check-out functionality, version history, custom metadata, and flexible, customizable views.

Information management

SharePoint sites store event calendars, contacts, Web links, discussions, issues lists, announcements, and more.

Configurable user control

You can grant users the ability to create sites, control site membership, monitor site usage directly, and moderate content submissions. Users can create and share site templates.

Tracking and quota management

Despite the authority delegated to users, Windows SharePoint Services enables you to track which sites are created, who owns them, how long a site has gone unused, and so on.

Enterprise scalability

Deploy Windows SharePoint Services in server farms that support tens of thousands of sites and can handle hundreds of thousands of users. Windows SharePoint Services supports load balancing for Web servers and server clustering technology for all data.

Choice of management channels

You can manage and configure Windows SharePoint Services by using a Web browser or command-line utilities. You can also manage server farms, servers, and sites by using the Microsoft .NET Framework–based object model and Web services.

The newest version of Windows SharePoint Services Hosting includes the following new features:The newest version of Windows SharePoint Services Hosting includes the following new features:

A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS

A Microsoft Provisioning Service (MPS) provider, allowing better integration between Windows SharePoint Services and MPS

Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)

Changes to quota template usage, including the use of storage-based quotas and site-based quotas (except in shared deployments)

What’s New in Windows SharePoint ServicesWhat’s New in Windows SharePoint Services

Windows SharePoint Services ArchitectureWindows SharePoint Services Architecture

Microsoft’s Hosting SolutionsMicrosoft’s Hosting Solutions Windows Shared Hosting Accelerator:

Scalable, feature-rich Web hosting offering for Windows Server 2003 Free for hosters Delegated admin (security, data, Web logs) Better technical guidance, tools and best practices

Windows-based Hosting Discussions community forums: Answers on technical configuration, deployment, and operations management

of Windows-based Hosting services for administrators of hosting services Managed and monitored by the Microsoft Solution Group Information on the Windows-based Hosting solution, the Solution for Hosted

Exchange, Shared Web Hosting Deployment Guide, IIS, SQL and ASP.NET

Shared Hosting Deployment Guide: Guidance to deploy Windows Server 2003 and SQL Server 2000 in a shared

Web hosting environment Simple, practical, procedure-based guidance on configuration, deployment,

and troubleshooting

Hosted Exchange 2003: Hosting platform for service providers to offer Rich & Basic e-mailboxes (OWA, OMA,, MAPI, POP3) Collaboration Services

September 2004 Windows-based Hosting Solution Luis Miguel García Microsoft.

Documents

Transcript of September 2004 Windows-based Hosting Solution Luis Miguel García Microsoft.