by Greg Sullivan and Don Benage
You have learned about the components and purpose of BackOffice. Now it is time to get ready for implementation. Before you actually install BackOffice in your organization, there is much to prepare. In this chapter, you learn the important pieces you must put into place before installing BackOffice.
After you have read this chapter, you will know how to prepare your organization for a successful installation, and you will be ready to implement BackOffice.
There is no significance to the order in which these work steps are presented. All these issues need to be addressed, and the sequence is not important. In fact, several of these activities overlap chronologically. The intent is not to present a detailed work plan, but to identify all the areas that deserve attention. Following these guidelines will enhance the likelihood of a successful BackOffice implementation.
One of the important reasons for the existence of BackOffice is to facilitate the delivery of meaningful information to desktop personal computers (PCs) or desktop network computers (NCs). BackOffice is truly the "glue" that brings together information on the desktop. Whether you are delivering your information to PCs or NCs, you must have a physical network in place for BackOffice to provide this capability.
The network cabling must extend to every desktop PC and NC to which you desire to deliver data. The network cabling must also connect to the servers that will run server-based applications, such as the products that make up BackOffice. Each PC, NC, and server must contain a network interface card (NIC) appropriate for the type of network you are using (for example, Ethernet, token-ring, or asynchronous transfer mode).
A representation of a typical network is shown in Figure 3.1. It is important to note that this representation is logical in nature. The network is shown with a hub in the center, even though most modern networks are physically wired in a star configuration with a wire running from each workstation to a multiport hub of some type. In its simplest form, a network consists of network cabling and connectors, communication devices (such as routers and hubs) that propagate data over the cabling, server computers, and client PCs or NCs.
The simplest networks show servers, client PCs, and client NCs logically attached to a central network hub.
See "Understanding Information Networks," [Ch. 1]
Each network, whether it is a client-server network or an intranet, also requires a network operating system (NOS). The NOS is the software that enables the hardware to act as a network. The NOS for a BackOffice network is Windows NT Server. It provides all the basic NOS services, such as user authentication and controlling access to shared resources (e.g., files and printers). Windows NT Server includes a rich set of graphical administration tools that make it easy to manage your network.
See "A Network Operating System," [Ch. 2]
Before you build a new network for BackOffice, or prepare your existing network, there are some networking fundamentals that you must understand.
The basic building block of an enterprise private network is the local area network (LAN). It is called local because all the PCs, NCs, and servers are physically connected via the same cabling. The simple network shown in Figure 3.1 is an example of a LAN.
Many organizations have people located in geographically separate locations. In this situation, it is not convenient, or even possible, to connect everyone to the same LAN cabling system. However, it is still desirable to enable computer systems at different locations to communicate with one another. The solution is to connect multiple LANs together to form a wide area network (WAN). Figure 3.2 shows a typical representation of a WAN.
Wide area networks typically incorporate multiple local area networks, which are geographically separated into a single, larger network.
The link that connects the LANs is some type of communication line. These lines are available in many forms from providers of communication transmission services, also known as carriers. In addition to the communication lines, which are typically leased, it is necessary to install equipment, such as a router or bridge, to physically connect a LAN to a communication line.
The advantage of a wide area network is that users can interact with one another as if they were connected to the same physical cabling system, as shown in Figure 3.3. The type of connection is usually transparent to a user connected to the network. In some cases, however, the communication lines that connect LANs do not operate at the same rate of speed as local cabling. In these situations, users may experience delays when interacting with a server application, client PC, or client NC on another LAN connected to the WAN.
For simplicity's sake, logical network representations often do not distinguish between the LAN and the WAN because this is usually transparent to the users.
Figure 3.1 through Figure 3.3 depict generic networks. A typical BackOffice network is shown in Figure 3.4. In this figure, each BackOffice product is shown to be installed on a separate server computer. Even though in some situations it is possible to install multiple BackOffice server applications on the same server, they are depicted as individual components in the network diagram. This helps to clarify the role of each server application.
A BackOffice network shows the various BackOffice server products attached to the network as logical processes.
The BackOffice network may also include a connection to an IBM mainframe or minicomputer through the services of SNA Server. You may also notice this network includes remote users that connect to the network through the services of Windows NT Remote Access Service (RAS). In this sense, your private network also includes computers and users that access the network by dialing in from outside the physical location of the network.
You may also desire to connect your organization to the rest of the world. This is possible now due to the proliferation of the Internet. The Internet is a worldwide, wide area network. It was first developed by the United States Department of Defense to facilitate global communication. At its inception, the academic community was included. Academicians throughout the world continue to communicate with one another and share information via the Internet. Therefore, it has become a critical component of educational systems internationally.
See "What Is the Internet?," [Ch.18]
The network in Figure 3.4 did not depict a connection to the Internet. BackOffice contains a product that enables you to create and maintain a presence on the Internet: the Internet Information Server (IIS). A BackOffice network connected to the Internet is shown in Figure 3.5.
Internet Information Server provides a BackOffice network an Internet presence that allows Internet users to visit your site.
To connect your network to the Internet, you must acquire the services of an Internet service provider (ISP). Most communities now have several companies that provide access to the Internet. These companies will place communication equipment on your premises and connect it to both your network and the Internet. The link to the Internet is made through another communication line, similar to the one you might use to create a wide area network. There are many ways in which to connect to the Internet. Your local ISP will help you understand your options and the associated costs.
See "Choosing an Internet Service Provider," [Ch.18]
The two primary reasons to connect to a public network, such as the Internet, are to facilitate communication and share information.
BackOffice provides the basic capabilities to communicate and share information with others on both private networks and on the Internet. If you utilize the Internet technologies within BackOffice on your private network, then you have created an intranet. As the Internet grows in popularity, the tools used to manage private networks begin to share many similarities with Internet tools; such is the case with most features of BackOffice.
Communication
Internet technology enables people to communicate electronically using their computers. This communication exists in the form of e-mail. A user can type a message to anyone else connected to the Internet and send the message as long as the user knows the recipient's Internet e-mail address. This form of communication is quite convenient and has become widely accepted in a short amount of time.
BackOffice supports e-mail on an intranet through the services of Exchange Server. This product enables users on the network to electronically communicate with one another. The combination of Exchange Server and Internet Information Server permits users to electronically communicate with not only those on your private network, but also everyone on the global Internet.
Information
Internet technologies can be also used to share information. An intranet or Internet user can publish any information for purposes of sharing it with other interested users on the private or public network. The most popular vehicle for sharing published information on the Internet is referred to as the World Wide Web (Web). Other methods are available as well, with equally colorful monikers. Members of the Internet community have defined how information is to be formatted and placed on the Internet and how other users are to access it.
After you have connected your network to the Internet, a server on your network can be configured to enable access to the information you desire Internet users to see. This computer is usually referred to simply as a Web server. You can place the information you want to share on this computer after formatting it using Hypertext Markup Language (HTML). HTML is a collection of formatting codes created by the Internet community. A variety of utilities, including FrontPage (which is covered in Chapter 21, "Using Microsoft FrontPage 97"), make it relatively painless to annotate documents with HTML codes.
See "Hypertext Markup Language," [Ch.18]
Web servers publish HTML pages using Hypertext Transfer Protocol (HTTP). If you set up your server properly, anyone on the Internet can locate your Web server and view the information. The capability to do this is provided by a software package called a browser, or Web browser. Browsers for the Web are available from a number of vendors, including Microsoft.
See "What Are Web Browsers?," [Ch.20]
One of the features available to you with Internet Information Server is this capability to publish information and share it with anyone on the Internet. At times, you may want to publish information only to those within your organization, but still leverage the power and flexibility of the Internet tools. Internet Information Server provides the capability to publish internal information on a private Web server. This example illustrates one reason why your private network can be viewed as an intranet.
Because the Web was originally intended for publication purposes, the information was primarily static. Information changed only when the author manually made changes to the published document on the Web server. The need for Web information to be more dynamic has grown, however, because it is more meaningful to present information to users based on their input. This has resulted in more sophisticated Web server and browser products.
See "dbWeb," [ See Ch. 26 in Special Edition Using Microsoft BackOffice, Volume 2 ]
See "The Internet Database Connector," [ See Ch. 26 in Special Edition Using Microsoft BackOffice, Volume 2 ]
Many organizations now use, or plan to use, the Internet to interact with their customers. One example of this type of interaction is referred to as electronic commerce. Microsoft offers a product known as Merchant Server as a part of its Internet services family of products for this purpose. Supported by the capabilities of dynamic Web information and sophisticated browsers, an organization can sell its products over the Internet.
Electronic commerce is simply the act of enabling a customer connected to the Internet to conduct a secure financial transaction with the organization. For example, a customer can connect to a Web server and place an order for a product. This type of transaction can only be performed if the Web server is capable of dynamically interacting with the user.
NOTE: Many other applications are available for the Internet beyond those described here. Chapter 49, "Building BackOffice Applications," explains how you can use BackOffice to build and implement these applications.
One of the most important characteristics of your network is the rate of speed at which data is transmitted. The cables that make up your network are similar to the plumbing in a building. The pipes carry water, and the network cables carry data. As such, the network cabling is often referred to as the data pipe.
If you want the plumbing to carry more water at a faster pace, then a larger pipe is needed or a faster pipe-to-pipe transfer is needed. Similar logic applies in networking except that the pipe is not physically enlarged. Instead, a different kind of cable is used, or the communication equipment that transmits data over the cable is enhanced.
Data traveling across the network is referred to as network traffic. The amount of data and the rate of speed with which it moves through the network cables is referred to as bandwidth. The more network traffic or the faster the data must be transmitted, the more bandwidth the network requires.
NOTE: Network bandwidth is determined by the type of cabling and type of communication equipment used to build the network. These physical aspects define the maximum bandwidth that your network will ever achieve. In some cases, software that implements compression algorithms can be employed to maximize productivity of the existing bandwidth.
Most networks today experience bandwidth limitations. This is due to the nature of the applications that run on the network. Applications based on the client-server and I-net process models are designed specifically to minimize the amount of data transmitted across the network. Therefore, as organizations make increasing use of the client-server and I-net process models, network traffic is reduced. However, networks are still used for many tasks that are bandwidth-intensive, such as file transfers and disk backups. This reinforces the need to proactively plan for an appropriate amount of bandwidth.
CAUTION: You must anticipate the need for more bandwidth when building a network. Your network will likely be transmitting many new types of data in the near future. Some of the unstructured data types, such as full-motion video and audio and other multimedia data, are significantly larger than traditional structured data. It is important that your network can accommodate these volumes and types of data before users require additional bandwidth.
It is almost impossible to over build your network with respect to bandwidth. If your organization is creating a network with an expected lifetime of over three years, any excess capacity will eventually be needed as new data types and applications are added to the network.
Another important aspect of your BackOffice implementation is a team of administrators. The administrators are the individuals responsible for the implementation of BackOffice. After the applications are installed and available to computer users, the administrators are responsible for the ongoing successful operation of the network and BackOffice server applications.
CAUTION: You must have an adequately staffed team of administrators. Many managers underestimate the significance of this issue. Under staffing in this area can be costly to the organization. Many hidden costs are associated with a weak or under-staffed administration team because the burden of managing server applications and troubleshooting associated problems falls into the hands of the users. This results in a loss of productivity across the organization.
There is an administrative role for each server application installed on the network. Depending on the size of the organization and the extent of the applications being used, this does not always need to be filled by an additional person. A talented administrator may be able to handle more than one administrative role. This is especially true for BackOffice because the server applications have so many operating similarities.
Conversely, on a very large network with hundreds or thousands of workstations, you will undoubtedly need many people in each role. The key issues are that the tasks and responsibilities associated with each product need to be identified and managed. Watch for signs that an administrator has too much to manage.
Because there is usually overlap in responsibilities across server applications, the administrators should work together as a team. This also provides a built-in means for providing backup administrators. Each server application should have a primary administrator and a backup administrator in case the primary administrator is unavailable in an emergency.
NOTE: Administrators should be thoroughly trained in the products for which they are responsible. This training should include not only product training, but also training in the fundamentals of the underlying technology.
The roles and responsibilities for each member of a BackOffice administration team are covered in detail in their respective product sections of this book. Following is a brief description of the administration requirements for each BackOffice product and highlights of administrator responsibilities.
See "Understanding the Role of a Network Administrator," [Ch. 7]
The primary role of Windows NT Server is to act as the network operating system. The administrator in charge of the network operating system is usually referred to as a network administrator or LAN administrator. In addition to managing the network operating system, this individual is typically responsible for the shared resources on the network, such as printers and disk drives on servers. In small organizations, the network administrator may also be responsible for all network connections, as well as the PCs and NCs that connect to the network.
NOTE: The network administrator is responsible for the successful implementation of the network and the network operating system. This includes accepting responsibility for those connected to the network and what they can do while they are on it. In most cases, the network administrator's domain of influence includes the other administrators because the network administrator must coordinate all activity on the network.
The following list highlights the roles and responsibilities of the network administrator:
In addition to the role of network administrator, Windows NT Server gives you the flexibility of assigning a limited set of administrative duties to individuals called operators. Operators are frequently chosen from among the personnel of a department to act as a pseudo administrator for the department. An operator cannot perform all the duties of a network administrator, but because they are usually more accessible to users, they can increase the effectiveness of the administrative team and the satisfaction level of the user community. The four types of operators are as follows:
The most commonly used are account and print operators. Account operators can assist users who have forgotten their passwords by giving them new passwords. They can also perform other account related tasks, such as changing a user's name (common after a marriage) or creating an account for a new user. An account operator cannot create or modify an administrator's account.
NOTE: Neither an account operator nor an administrator can see a user's password. They can, however, enter a new password for the user if the old one has been forgotten.
Print operators assist users having difficulty with documents that have been sent to a network printer. In administrative jargon, these are jobs in a print queue, and if a job experiences problems, it can create a log jam effect for all the print requests sent behind it. For example, if a user sends a print request formatted with the PostScript page description language to a non-PostScript printer, dozens of pages of gibberish are usually the result. If the user who sent the job has left for a meeting or lunch, only a print operator or administrator can pause the printer, delete the faulty job, and restart the printer.
See "A Guide to Services Provided by the Internet Information Server," [Ch. 19]
The administrator responsible for Internet Information Server is referred to as the Internet administrator. Because this often includes responsibility for the information, or content, placed on the Web server, the Internet administrator is sometimes referred to as the Webmaster. This job overlaps with the database administrator (DBA) in cases where dynamic Web information is driven by SQL Server databases.
NOTE: The Internet administrator is responsible for the successful operation of Internet Information Server. This includes accepting responsibility for stability and performance of the Internet connection. This can also include accepting responsibility for the information published on the Web server.
The following list highlights the roles and responsibilities of the Internet administrator:
In addition to these tasks, the Internet administrator will likely also administer related Internet server products. Within BackOffice, this includes Proxy Server, Index Server, and Content Replication Server. Additionally, this may include other Internet server products such as Personalization Server, Merchant Server, and many others. Microsoft will continue to create new server products based on IIS which also must be administered by an administrator. The Internet administrator is the best candidate for administration of these servers.
The administrator responsible for Exchange Server is referred to as the Exchange administrator, or the mail administrator.
As organizations become dependent on e-mail, this administrator bears the burden of keeping e-mail flowing all the time. Users expect their e-mail to be received and delivered in a timely fashion just as they are accustomed to reliable voice communication over the telephone. The mail administrator can also lead the organization through an e-mail culture transition. Organizations are said to have an e-mail culture if its members rely heavily on electronic messaging.
NOTE: The Exchange administrator is responsible for the successful operation of Exchange Server. This includes accepting responsibility for the timely flow of messages throughout the organization and, possibly, to and from external mail systems and the Internet.
The following list highlights the roles and responsibilities of the Exchange administrator:
See "What Does a DBA Do?," [ See Ch. 34 in Special Edition Using Microsoft BackOffice, Volume 2 ]
The administrator responsible for SQL Server is referred to as the database administrator, or DBA. The DBA installs and operates SQL Server. The DBA can also be responsible for managing the organization's data stored in SQL Server databases. In some cases, the DBA can also design the databases.
NOTE: The database administrator is responsible for the successful operation of SQL Server. This can also include accepting responsibility for the data managed by SQL Server.
The following list highlights the roles and responsibilities of the database administrator:
See "Managing Connectivity to Host Computer Resources," [ See Ch. 43 in Special Edition Using Microsoft BackOffice, Volume 2 ]
The administrator responsible for SNA Server is referred to as the SNA Server administrator. The SNA Server administrator is responsible for providing host connectivity to client PCs on the network. The SNA Server administrator determines the maximum number of concurrent users and configures the environment to accommodate their simultaneous connection to the host.
NOTE: The SNA Server administrator is responsible for the successful operation of SNA Server. This can also include accepting responsibility for assigning user privileges on the mainframe or minicomputers for which SNA Server provides a connection.
The following list highlights the roles and responsibilities of the SNA Server administrator:
The administrator responsible for Systems Management Server (SMS) is referred to as the SMS administrator. Sometimes the SMS administrator is also referred to as the system administrator. Regardless of the title, this job is one of the most complex administrator positions. This is consistent with the associated complexities of managing a network to the level of detail supported by SMS. See the section "Understanding the Impact of SMS" later in the chapter for more information.
NOTE: The SMS administrator is responsible for the successful operation of SMS. This can also include accepting responsibility for the software and hardware located across the network.
The following list highlights the roles and responsibilities of the SMS administrator:
As you think about the size and number of servers you will need, remember that the server is not the place to economize. By the time you have installed LAN cabling and hubs, added desktop computers and NCs, and provided training to the user community, the incremental cost for servers is a small percentage of the overall cost.
The way in which each BackOffice application uses computing resources may guide your decision-making process. For example, the questions of selecting appropriate equipment for a particular server-based task, sizing the server, and performance tuning are challenging issues. The guidelines contained in this section can help you make the best decisions. Finally, validating your decisions with tools like the Windows NT Performance Monitor, and then making adjustments as needed, is an important step in completing the process.
Windows NT Server is used as a platform on which to run other applications. It is also responsible on many networks for sharing files and printers unless an alternative NOS (such as NetWare) has been implemented. Sharing files and printers is I/O intensive. Servers upon which Windows NT Server is used exclusively for file and print services will exercise the disk subsystem: disk controllers, disk drives, and drive arrays. Adding more power in the form of additional processors will not usually provide as much performance improvement as adding additional components to the I/O subsystem, such as an additional disk controller.
An exception to this guideline is servers used to operate Windows NT Server as domain controllers. These computers are responsible for validating logon requests. They typically have heavy demands placed on their network adapters and processors, especially during the periods when many users log on to the network, for example, early morning at a typical company. An appropriate choice for a domain controller that was not also used for file and print services, might be a dual processor system with a high-speed network adapter. Current network hub technology can enable a server to have its own high-speed LAN segment to improve network throughput as well.
For most organizations, the demands placed on a computer to run Internet Information Server (IIS) will not be too great. There are exceptions, however. The IIS product was used to create the Web server for the 1997 Super Bowl site, http://www.superbowl.com. For this type of special situation with thousands of users, the demands can be substantial.
The type of demands depend on the type of Web server you create. A traditional publishing server primarily will tax the disk subsystem and networking components. If you are implementing a server for electronic commerce and interacting with SQL Server, your processing requirements will increase. RAM used for caching information also plays an important role on Web servers.
Whereas the BackOffice family of products now includes numerous current and forthcoming Internet server products, such as Proxy Server, Index Server, and Content Replication Server, similar considerations must be given to the server computers upon which these processes will execute. Care must be taken when incorporating these Internet server processes on top of IIS.
Exchange Server is a product that, like SQL Server, exercises all subsystems in the computer. It uses a number of server-based services, which place demands on processing power and RAM, and benefits from the addition of one or more additional processors and additional RAM. It manages potentially large user mailboxes with rich data types and can therefore place demands on the disk subsystem. Finally, Exchange uses the network components as its pipeline to the world. Like SQL Server, a large, actively used Exchange Server places balanced demands on all computer subsystems.
Sizing and performance tuning servers running SQL Server are special challenges. How a computer will be utilized by database systems is difficult to anticipate and manage. SQL Server certainly places demands on the disk subsystem, but SQL Server also performs part of the application processing on the server through the use of stored procedures. In addition, it makes good use of additional RAM for procedure and data caching and to manage user data structures.
You could say that it is easy to size a SQL Serverñmake it big and don't skimp on anything. If you must economize, the disk subsystem is probably the single element that has the biggest impact on performance. It is the area you should invest in first.
The role of SNA Server is to provide connectivity over the network. It is not surprising, therefore, that high-speed network components are important. What is not always recognized is the important role RAM plays for caching of information. Therefore, RAM and networking components are the most important elements of an SNA Server, with the disk subsystem playing a relatively minor role. Processor demands are not exceptional.
The distinguishing characteristic of SMS is its use of multiple server-based services. SMS benefits from additional processors and additional RAM. Its disk subsystem requirements vary dramatically depending on the extent to which your organization uses SMS for package distribution. If this feature of SMS is exploited heavily, it will require a lot of storage for package processing.
The concept of redundancy should be carefully reviewed among the members of the administrative team. Consider implementing redundant sources of important information and equipment to avoid any single points of failure. The use of data replication in SQL Server and the automatic replication of the user account database among domain controllers provided by Windows NT Server are two examples of redundancy. Although redundant components add to the expense of the network, they usually reduce operating costs and expenses associated with down time. Some of these are hidden costs that can dramatically reduce the effectiveness of your computing infrastructure.
Now that you have some general guidelines on the way BackOffice components use computing resources, only a few additional considerations remain. In this section, specific types of hardware are discussed.
Of all the advice provided in this book, the discussion on hardware configuration may be the most controversial. Microsoft's own guidelines for the amount of RAM required for servers is frequently dismissed as too little. Certainly, different hardware vendors have different opinions, and they may even produce charts and graphs proving they are right. The information presented in this section will help you determine the specific hardware components that are best for you.
Hardware comes in many shapes and sizes, and it changes constantly. Microsoft includes a Hardware Compatibility List (HCL) in the Windows NT Server (and Windows NT Workstation) box, and provides regular updates to that list on CompuServe, the Microsoft Network online service (MSN), and the Microsoft Web server (www.microsoft.com). This is a good starting point when selecting server hardware. If you are considering a computer that doesn't appear on this list, proceed with caution. It need not be completely ruled out, but you should at least ask the hardware vendor for assurances that it is indeed compatible with Windows NT Server. Literally thousands of computers will run Windows NT Server.
After you have found a computer that supports Windows NT Server, you must decide what components and peripherals should be included. Microsoft includes a help file with BackOffice that provides detailed guidelines to assist in determining acceptable minimums for each product, given a user population of a certain size. The preceding discussion about resource utilization by BackOffice products will help you intelligently configure a computer that goes well beyond a minimum configuration.
After reviewing these materials and your own requirements, you should be able to make sound judgments about hardware configurations. The only thing that prevents someone from producing a definitive chart showing exactly what is required is the subjective nature of performance. How fast is fast enough? This is the intangible that you must factor into your decision-making process that depends on the nature of your user community and the type of applications you will provide. Supporting traders on Wall Street is different from using BackOffice to run a monastery print shop. Both are important, but they imply a different level of service.
The selection of processor type is one of the most hotly debated topics in this area. Intel continues to dominate the marketplace, and support for Intel processors is always available first. Because of their market share, the broadest range of products is available on this platform.
RISC processors, according to their vendors, provide greater price performance than those from Intel. These claims are difficult to substantiate, although there is evidence indicating that for some types of processing, you can achieve superior performance using these devices. Windows NT Server supports three RISC processor types: MIPS, Alpha AXP, and PowerPC. Unfortunately, not all BackOffice products are available for all processor types. If you want to use RISC processors, check with Microsoft or your software vendor to be certain that all BackOffice components you want to use are available for that processor.
The use of multiple processors in servers is growing. Although multiple processors have been employed on large computers for years, only in the last few years have they been available in mass-produced computers at a price affordable for small organizations. Multiple processors make sense for processor-intensive applications.
The design of Windows NT Server is such that the operating system does not require extensive tuningñnor do applications need to be rewrittenñto take advantage of multiple processors. You can usually just rerun the Setup program to add multiprocessor support while maintaining all your other settings.
Server-based, 32-bit applications written for Windows NT Server (including all BackOffice components) generally employ multiple threads of execution. Windows NT automatically utilizes multiple processors to run these multithreaded applications. The Windows NT Server operating system is itself multithreaded and will benefit from the addition of multiple processors.
If you want to start with a single processor server, you should at least explore the capability to add processors to the machine later. A computer that supports adding processors typically costs more initially. However, by offering you the capability to "snap in" additional power without having to build a new server, this option can save time and money in the long run.
The guidelines provided by Microsoft with the BackOffice product were created after extensive testing in its computer labs. They can certainly be taken as useful minimums and will serve organizations with low-end to medium expectations well. If your organization uses applications of a particularly demanding nature, consider adding more memory. Under any circumstances, choose computers that support the addition of plenty of RAM, even if you start with a minimal amount.
Because Windows NT supports virtual memory, you will not generally run out of memory if you exceed the available amount. The operating system uses a paging file to move some of the contents of memory temporarily to disk and then swap it back in when needed. You want to avoid a situation in which your server is swapping frequently. Monitoring the use of memory on a server using Performance Monitor (running on another Windows NT machine) is an excellent way to determine whether additional memory is needed on a particular server.
An area of the computer sometimes overlooked is the system bus. Several high-speed bus technologies are now available. When selecting a machine for use as a server, make sure that it is based on a high-speed bus architecture.
At the risk of sounding flippant, a good rule of thumb for sizing disk drives is to start with the amount you think you need, then double it, and double it again. Seriously, it is almost impossible to purchase too much disk space.
With the content and capabilities of software increasing, the use of new and richer data types (especially such multimedia types as video and audio), and the growing use of online help and product manuals, disk space is essential. The price of disk subsystems continues to fall, so the additional requirements are somewhat easier to accept.
You must consider a number of important options when selecting disk subsystems. A number of hardware vendors offer RAID (Redundant Array of Inexpensive Disks) technology. RAID level 5, the most commonly used, offers the capability to divide stored data across multiple disks thereby achieving faster read/write speeds through the use of multiple disk drives and (in some cases) disk controllers. RAID level 5 stores redundant information that enables the automatic re-creation of your data should a single drive fail. This technology is particularly appropriate for SQL Server and situations in which the information is mission critical and high performance is important.
In addition to the RAID capabilities provided by hardware, it is also possible to implement RAID using Windows NT Server. With a premium SCSI adapter and four 2G hard drives you can implement your own RAID.
To minimize down time (when a server is unavailable) a number of hardware vendors offer hot swappable disk drives. This type of equipment enables you to remove and replace a disk drive while the computer is running. By itself, this technology does not provide any redundancy or backup capability. It simply reduces the amount of time the server is shut down and unavailable and can complement other technologies used for data management.
In addition to the standard components, you usually need some peripheral devices to complete your server. With the size and complexity of modern server-based applications, the compact disk (CD) has become the preferred distribution media for these large applications. Strongly consider at least one CD drive for your server. You may also want to consider sharing a CD tower on one of your servers. These devices combine multiple CD drives into a single chassis with shared power and simplified connectivity requirements.
The use of shared laser printers was one of the initial advantages of networking, and it continues to be a widely used feature. It has become common to attach printers directly to the LAN cabling system rather than to a server. Print jobs are still typically sent to a print queue on a server, and then de-spooled to the network printer. Many options are available for printers including support for color printing, duplexing (printing on both sides of the paper), and different sizes and types of paper.
Making backups of your important information is a critical part of managing your computing resources. Tape backup units are the most practical means of backing up large amounts of information. Some promising new technologies offer large amounts of storage with long shelf life, but tape drives still offer the best balance of features, performance, and cost. If you plan to back up systems over the network, you should recognize the enormous impact this can have on bandwidth utilization, and make every effort to accomplish this task during off-peak periods.
Finally, always provide an uninterruptible power supply (UPS) for your servers. You can use a large UPS for multiple servers or provide each server with its own smaller unit. Windows NT Server supports the use of a UPS and even automatically warns users and shuts down the server when the backup power is about to be depleted. Of course, unless the user's computers are also provided with backup power supplies, they will have already failed.
The primary benefit of a UPS for a server is to avoid power loss in the midst of disk write activity or other important tasks. By permitting an orderly shutdown of the server, all files will be closed and the integrity of data can be ensured. In addition, a good UPS prevents the server from rebooting during a brief power surge or outage. Split-second power outages are annoying at home because you must reset all your digital clocks, microwaves, VCRs, and so on. In the office, they can cause your data to be lost, or even worse, they may physically damage an active server.
The server computers upon which the BackOffice applications operate should be physically separate from user PCs and NCs. These server computers manage, process, and contain the organization's data. Although means exist for protecting the data electronically, the very best protection available is physical isolation in a locked machine room or wiring closet.
NOTE: Most computer fraud results from access violations. This can be entirely avoided if physical access to the data is restricted.
Confining the server computers to a single location has other advantages, as well. At times when administrators require physical access to the servers, they will find them all conveniently located together. This also enables administrators to more conveniently control the server operating environment by adding features, such as uninterruptible power supplies to all server computers at once.
In organizations where distributed servers are required, it remains necessary to follow similar guidelines for server management. Server computers located in remote locations outside the main server facility should be placed in physical isolation as well.
One of the most important issues the administration team should address is the organization's security policy. Hopefully, your organization already has such a policy in place. If so, you can skip this section or review it quickly. If you do not have a visible, actively monitored security policy, then strongly consider the adoption of such a policy immediately.
A complete discussion of appropriate security measures for an organization using computer-based systems is beyond the scope of this book. However, the rudiments of such a policy are outlined in the following list to provide a basic policy upon which further development can be added. Here are some basic, concrete steps that can be taken to improve the security in your organization:
Choosing a PasswordTo ensure that good passwords are created, have your users comply with the following guidelines:
- Make it at least six characters long.
- Do not choose a word that appears in any dictionary.
- Include at least one special character.
- Choose one that is easy to remember (which lessens the temptation to write it down).
- Do not choose one that is based on personal attributes, such as a birthday, pet's name, or favorite color.
One way to create acceptable passwords is to use phonetic spelling or replace letters with numerals. For example, Gu3xer&25% is a pretty good password, as is 24%Faers97.
Now that these passwords have appeared in this book, however, they are very poor choices. A well-known tactic used by devious hackers is to employ a dictionary attack in which a collection of likely passwords is automatically supplied to attempt access to an account. Example passwords have an uncanny likelihood of ending up in such a dictionary, as do words that beginners think no one would ever guess (but many people do), such as sex, love, secret, and so on.
After you have established a security policy, review it carefully with key members of the organization before presenting it to the entire organization. A good security policy is at least a little inconvenient for computer users. For most organizations, however, the threat of being victimized by industrial espionage, malicious hacking, or innocent yet destructive foolishness is real.
In addition to network, hardware, human, and facility issues, there remain several issues to discuss. Windows NT Server contains numerous configuration options and operational characteristics with which it is important to become acquainted, including the following:
A brief description of each follows.
When you install Windows NT Server, you need to create disk partitions. This deserves some thought. The Windows NT Disk Administrator and the operating system itself, provide powerful capabilities to manage storage. Judicious use of partitions can be appropriate. For example, many administrators create a separate partition for the operating system and print spooling information. Others choose to keep all user subdirectories on a separate partition. Using partitions can limit the growth of disk use for some applications and safeguard needed space for the operating system.
Windows NT Server supports different file systems. The File Allocation Table (FAT) file system used by MS-DOS is somewhat easier to deal with when responding to hardware problems because you can use MS-DOS based utilities to do diagnostics and so on. However, the NT File System (NTFS) provides a great deal more security.
You can configure Windows NT Server to copy (or dump) the entire contents of RAM to a hard disk in the event of a serious system crash. If you are having serious problems with a server, this can be an important option. It requires, of course, that enough disk space be kept available.
If you have a computer with 128M of RAM, for example, then you must reserve 128M of disk space for the memory dump. You can also set Windows NT Server to restart automatically when such an event occurs, rather than the default behavior of waiting for a manual restart.
Windows NT Server does not (yet) offer the capability to establish per-user disk quotas. This is a feature requested by many users and organizations, and Microsoft has indicated that it may add this feature to future versions of Windows NT Server.
In the meantime, third-party software packages are available that deliver this capability for Windows NT Server. Either use a disk quota package or isolate user directories on a separate partition. If you don't, they will grow to fill the space allowed. They should certainly not be kept on the same drive partition used for the Windows NT paging file.
Backup and recovery are mentioned in several locations in this book, and it is a topic that bears mentioning again. In fact, you should go even one step farther and implement a full disaster recovery plan. There are sad, but true, stories of organizations that simply ceased to exist after a disaster, such as a fire, because all the information about the organization, its personnel, and its constituents was destroyed.
Imagine for a moment that your most important computer systems have crashed, or your entire premises have been destroyed in a fire. Where are your backups? How long will it take to get replacement equipment up and running and reload your backups. Do you have a written plan in place that everyone is aware of and can follow easily? What would you tell the top person in your organization if you were paid a visit immediately following such a disaster? Make a plan, write it down, stage a drill if possible, and be prepared!
Windows NT Server includes the Remote Access Service (RAS). This service enables computer users to connect to the network from remote locations through a variety of means. Chapter 12, "Implementing Remote Access Service (RAS)," explores RAS in more detail, but you should already be considering the ramifications to security and other organizational policies that may be caused by adding RAS to your network. Who is authorized to use the service? Can they call from anywhere (a hotel for example), or will the system use a dial-back mechanism for greater security, but limiting them to one location (usually their homes)? If properly managed, it can be a great asset to your organization.
Your organization should also have a policy on, or at least a general understanding of, the role of the network in general. What is the expected rate of availability? Is it acceptable for the network to be down for an hour? For a day? Must all maintenance be done outside certain peak work hours? These answers can profoundly affect the decisions you make and the amount of money you will have to spend to achieve the desired levels of service.
Perhaps one of the biggest decisions you will make regarding your BackOffice installation is whether to implement SMS. If you choose to implement SMS, you must also decide at what level to take advantage of its services.
NOTE: Starting your BackOffice environment with SMS will change the course of action taken for preparation and implementation.
The bad news is that SMS can be complicated to administer. A full-featured SMS installation should be administered by a full-time professional system administrator, if not a team of administrators. The point here is that it is difficult to take business-minded people with good technical skills and convert them into effective SMS system administrators.
The job of administering SMS should be performed by trained system management experts with a background in computer systems and plenty of experience in network management. Assigning SMS administration responsibilities to anyone else will, at a minimum, create the potential for problems and possibly even lead to a system disaster.
Assuming that you put SMS administration in the hands of a trained professional, many benefits are available to you. Many of the topics you learned regarding your preparation for BackOffice become simplified if you choose to implement SMS. For example, SMS does the following:
See "Understanding Systems Management," [ See Ch. 44 in Special Edition Using Microsoft BackOffice, Volume 2 ]
Because SMS provides so much support in the implementation of the BackOffice products, incorporating it into the network has an impact on all the other server product installations. Done correctly, SMS will simplify the implementation and administration of the other products. This is good news after you have borne the startup cost associated with a first-time installation of SMS.
For the most part, SMS is a fairly complicated product to install and learn. However, it is possible to implement a limited SMS installation that is administered by someone other than a trained professional. Beginners should have no problem implementing the inventory features of SMS, assuming that they possess adequate networking and general PC skills. At this level, SMS still provides value to the organization.
Finally, SMS yields significant savings with regard to user support. System administrators can use SMS to support users on the network by remotely observing, or controlling, the user's PC. This is a powerful feature of SMS, which offers significant benefits to the organization.
NOTE: Preparing for SMS, implementing SMS, the role of the SMS administrator, and several SMS advanced topics are covered entirely in Part IX, "Systems Management Server (SMS)," in Volume II.
At this point, you have learned how to prepare the physical aspects of your BackOffice environment. You have also learned how to build your network and staff your BackOffice administration team to position your organization for a successful implementation. The only remaining item prior to jumping into the details is to purchase the software.
Where and how can BackOffice be purchased? Regardless of the size of your organization, you can only purchase BackOffice from a Microsoft software reseller. Even large organizations that have corporate agreements in place with Microsoft must purchase BackOffice from retail software outlets.
Typically, however, you will not find BackOffice on the shelves of your local software store. This product is targeted at a smaller market than the general public or the population of office PC users. Therefore, retailers are not willing to provide much shelf space for the package. You must ask for BackOffice and, in some cases, it will need to be ordered.
BackOffice server products are licensed independently from the client software components that utilize the server services. This licensing model provides the flexibility to accommodate various uses and configurations in an information network. There are two simple guidelines to remember when licensing BackOffice:
In a typical network, as shown in Figure 3.6, server licenses are purchased for BackOffice server applications, and client access licenses are purchased for the client PCs and NCs.
Server applications are licensed separately from client PCs and NCs.
BackOffice networks can contain multiple servers of the same type, multiple servers of different types, or both. A network with varying numbers of the same type of BackOffice server applications can be built by licensing BackOffice as a whole, by licensing individual server application licenses, or both. In some cases, it is advantageous to purchase the entire BackOffice package even though all the products will not be installed. Such is the case when using SMS and SQL Server. The combined license for both of these products is currently more expensive than the single license for BackOffice.
In addition to providing some financial advantage by licensing all the products together for less than the combined individual licenses, Microsoft sometimes offers promotional packages. Some special packages combine server licenses with a fixed number of client access licenses. These types of promotions are offered for your convenience. Other offers include special pricing for upgrading from previous versions of BackOffice or individual BackOffice products. Finally, Microsoft occasionally offers special pricing to those organizations upgrading from a competitive product.
Before jumping into a discussion of the type of licenses to purchase, it will help you to know that Windows NT Server contains a small application to assist in implementing the decisions you make regarding client licenses. The application, shown in Figure 3.7, is available on the Control Panel.
Use the License Management Control Panel applet to select which BackOffice product to license.
This application is used to set the number of licenses you have acquired. Once set, the number of licenses is monitored by Windows NT Server. If the number of licenses is exceeded, it will record an entry in the Windows NT Server Event Log. These events should be monitored by an appropriate administrator in order that license agreements are honored.
See "Viewing Event Logs," [Ch. 5]
All BackOffice products are server applications. Each computer running a server application requires a server license. This is true regardless of the number of users that access, or will ever access, the server application. A given computer on the network can run more than one server application at a time. Nevertheless, a separate server license must be purchased for each server application.
NOTE: Each BackOffice server application, regardless of which computer it runs on or how many other servers of the same application exist on the network, must have its own server license.
SMS requires special server licensing. It requires a server license for SQL Server, as well its own server license. Also, it is common for SMS installations to run SMS on more than one server. Sometimes the primary SMS site server works with other site servers and so-called helper servers. In this case, each server running SMS applications requires its own server license.
NOTE: An SMS server license is not required for Windows NT servers or NetWare servers that share applications installed by SMS for use by client PCs unless the server is also running SMS server components. (This would be possible only on a Windows NT server.)
You have seen how an information network has application servers (computers that run server software) and user computers (PCs or NCs used by the management and staff of your organization). The user computers are sometimes referred to as client PCs or client NCs because they receive services from the application servers.
Server computers run software from Microsoft or other software vendors, such as the products included in BackOffice. Additionally, client PCs and client NCs require software that enables them to communicate with server applications. By installing the client software component on a client PC or client NC, the user can access the services of that particular application server on the information network.
Each BackOffice product has a client software component. In most cases, the client software component (but not the client license) is bundled with the server software. One exception to this is the Windows NT Server client software, which is built in to Microsoft desktop operating systems, such as Windows for Workgroups, Windows 95, and Windows NT Workstation. This makes it easier for you to build an information network. Windows for Workgroups and Microsoft networking software for MS-DOS is included on the Windows NT Server CD, but not Windows 95 or Windows NT Workstation.
Regardless of how you obtained the client software, you must purchase a license to use it on every PC or NC that accesses a server. The license you need for the client software component is known as the client access license. This license must be purchased regardless of whether the client PC or client NC will be permanently connected to the server.
NOTE: You do not need to acquire a new client software package for each client PC and client NC. You need only purchase the right to use the client software on each client PC and client NC. This is known as a client access license.
There are two ways to purchase client access licenses. You can acquire client access licenses per server or per seat. Purchasing the per server license implies that the client privileges are granted from the server's perspective. Purchasing the per seat license implies that the client privileges are granted from the clients' perspective. Regardless of whether client access licenses are purchased per server or per client, you must always purchase a server license. Again, the Windows NT license management application will assist you in implementing the client access license type, as shown in Figure 3.8.
Use the Choose Licensing Mode dialog box to select the client access license mode for the BackOffice product selected.
Per Server Client Access License
Licensing client software in per server mode is equivalent to selling concurrent use licenses. In this scenario, client access licenses are purchased for the server, as opposed to being purchased for client PCs and client NCs. By purchasing client access licenses for the server, you restrict the number of concurrent users of that particular server application. Again, this applies to every server on the network, regardless of whether the same server product is running on multiple computers.
NOTE: Per server client access licensing is sometimes referred to as concurrent use licensing. Even in per server licensing, each additional server requires a new set of client access licenses for the total number of concurrent clients that can access it.
In per server licensing, you must purchase as many client access licenses as you expect to have concurrent users of that particular server.
NOTE: Windows NT Server provides a notification if a server application reaches the maximum number of concurrent users. When this occurs, no other users are allowed to connect except for the administrator (unless, of course, some users drop their connections). The administrator can always connect to resolve a lockout.
As you see in the licensing examples below, per server client access licenses are the best way to start as your organization undergoes a gradual implementation of a complete information network. In the early stages of the network, it is common for server usage to be less frequent as applications are being tested and implemented throughout the organization. As users become more dependent on the applications built upon the information network, their access to servers approaches constant use. When this occurs, it makes more sense to convert to the per seat mode of licensing clients.
NOTE: There are two special cases for per server client access licenses. The first is that SMS does not allow per server client access licenses. You can purchase client access licenses for SMS only on a per seat basis (explained in the following section). Second, there exists a special client access license option when you purchase BackOffice. This option enables the client PCs and client NCs to access each server application within the BackOffice package. This type of client access license can be purchased only in the per seat mode, as well.
Per Seat Client Access License
Although licensing clients per seat is not necessarily the most economical in the early stages of building your information network, it is the simplest means for licensing clients. This model makes sense when most client PCs and client NCs require constant access to a server. Also, it is required for SMS and the full BackOffice client access license option.
NOTE: Per seat client access licensing is advantageous when you have multiple, similar server applications throughout the network.
In this model, you license client access from the client's perspective. Given a client PC or client NC, determine how many different types of servers the client requires access to. A client access license is then purchased for each type of server that the client desires access to. A client access license is purchased for every server application it will access, but it is only purchased once for each type of server, not for each server. For example, a client with a per seat SQL Server client access license can simultaneously use one, ten, or fifty servers running SQL Server in the organization.
Converting from Per Server to Per Seat Client Licensing
Many organizations start with per server client access licenses because client access to servers is infrequent and not simultaneous. At some point, it is prudent to convert from per server client licensing to per seat client licensing. This occurs when the number of concurrent use (per server) client access licenses equals or exceeds the number of client PCs and client NCs on the network.
NOTE: If you are uncertain about which licensing method to begin with, you should choose per server licensing. Because Microsoft allows a one-time conversion from per server to per seat licensing at no cost, there is little or no disadvantage to begin with per server licensing.
Microsoft recognizes that this situation occurs as organizations build their information networks. Therefore, they provide an opportunity to convert from per server client licensing to per seat client licensing. However, you can convert only once. At the time of the conversion you need not purchase any additional client software or change any client software configurations. In fact, you do not even need to notify Microsoft. You need only to convert the server itself. Henceforth, all client access licenses will be purchased in per seat mode.
TIP: The best time to convert from per server to per seat client access licenses is when the number of concurrent use client access licenses equals or exceeds the number of client PCs and client NCs on the network.
For example, if you start with one server and ten per server client access licenses, when you implement a second server of the same type, you can either license it in the same manner as the first or convert the first server to per seat licensing and configure the second server the same. This enables your ten client access licenses to access either server. Of course, the second server will carry its own server license.
As explained in a previous section, "Client Licenses," client access licenses are purchased for each server product a given PC or NC will access. In this sense access implies connecting to the server and utilizing its services. Instead of purchasing client access licenses for each individual server application on each PC and NC, it is possible to equip a PC or NC with a BackOffice client access license.
This entitles the user of this PC or NC to access any or all of the BackOffice server applications installed on the network. The BackOffice client access license can be purchased regardless of whether the server applications were purchased as a part of BackOffice or as individual components.
Microsoft provides different ways to license client PCs and client NCs for server access because not every organization uses BackOffice in the same manner. It is helpful to see examples of how the licensing model is applied in some typical situations. In the following examples, SNA Server, SMS, and Internet Information Server are not shown. Nevertheless, the same licenses apply to these products except as noted earlier. These examples provide a basis upon which you can extend the licensing model if more servers or more clients are needed.
Starting with a Simple Windows NT Network
Seeing an example can help you understand how a simple Windows NT network should be licensed. This scenario serves as a basis for understanding more complex networks, even though it does not make sense to purchase the entire BackOffice package in this case.
The network shown in Figure 3.9 has one server operating Windows NT Server, two client PCs, and one client NC. Windows NT Server provides basic network operating system services. The server enables the client PCs and client NC to share files, printers, and other resources.
A simple Windows NT network has only one Windows NT Server installation and a few client PCs or client NCs.
See "A Network Operating System," [Ch. 1]
Client PCs may be using different operating systems. If they are using Windows for Workgroups, Windows 95, or Windows NT Workstation, the client software is included in the operating system. Nevertheless, a client access license should be purchased for each client PC.
Client NCs may not be using any operating system at all, even though they may be using different browsers. Regardless of the client NC configuration, a client access license must be purchased for each one. The following licenses should be purchased in this example:
In this example, it makes sense to license the client PCs and client NCs per seat because they will be connected to the network at all times during network operation. As such, they will be able to share files and network printers.
Adding One SQL Server
Figure 3.10 shows the same network as Figure 3.9 with the addition of another server computer running SQL Server.
FIG. 3.10
A more sophisticated Windows NT Network also contains SQL Server.
This server computer running SQL Server also requires Windows NT Server. However, the client PCs and client NCs need only purchase client access licenses to the SQL Server on this computer. Additionally, if a Windows NT Server is running a server application on another network operating system, such as Novell NetWare, there is no need to purchase client access licenses for the Windows NT Server. Client access licenses for Windows NT Server need only be purchased if the Windows NT Server provides any of the following services:
Server computers that only run other server applications need not have Windows NT Server client access licenses. Because these services are provided by the other Windows NT Server computer, the SQL Server computer only requires client access licenses for SQL Server. The following licenses should be purchased in this example:
Because each client PC and client NC requires network services at all times, the Windows NT Server client access licenses should be purchased on a per seat basis. However, the SQL Server client access licenses can be purchased on a per server basis if you do not expect both PCs and the NC to be accessing the SQL Server at the same time. As soon as each client PC and client NC requires a constant connection to the SQL Server, it is time to convert the SQL Server client access licenses to the per seat licensing model.
Adding Remote PCs
Windows NT Server also provides access to the network for remote PCs. This is available through the built-in Remote Access Service (RAS), which is a service that controls remote access to the network via modems. Adding remote PCs to a network highlights the flexibility of the BackOffice licensing model.
See "Understanding Dial-Up Access to BackOffice," [Ch. 4]
Figure 3.11 shows the same network as in Figure 3.10 with the addition of five remote PCs. In this example, the remote PCs are enabled to dial in at any time on the available modems. However, because the RAS computer is equipped with only two modems, a maximum of two remote PCs can be connected at one time. The following licenses should be purchased in this example:
Adding remote PCs, which require access to application servers on the Windows NT network, creates a more complex licensing scenario.
This example highlights per server client access licenses due to the remote PCs. Because the remote PCs have a limited connection path to the other servers, it is prudent to purchase client access licenses from the servers' perspectives.
These examples serve to illustrate the flexibility of the BackOffice licensing model. Clearly, your networks can be considerably more complex. In such cases, the licensing examples given in this chapter can be extended based on the principles described and demonstrated for each scenario.
Prior to this chapter, you gained a general understanding of what BackOffice is and what it can do for you. In this chapter, you learned all the areas that require attention before implementing BackOffice in your organization. This includes information about important aspects of preparation, such as network hardware and server computer configuration, human issues pertaining to the administration of the network and server applications, security and related policies and procedures, facility management, and actually purchasing BackOffice. For more information on these and related topics, see the following chapters:
© Copyright, Macmillan Computer Publishing. All rights reserved.