The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, places or events is intended or should be inferred.

Microsoft, Windows, Active Directory, and BizTalk are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners

1001

Contents

Executive Summary................................................................. 1

Audience...................................................................................... 2

Chapter Introductions........................................................ 3

Chapter 2, Network Infrastructure Design 3

Chapter 3, Firewall Design 3

Chapter 4, Storage Design 3

Chapter 5, Security Design 3

Chapter 6, Database Design 3

Chapter 7, Management Design 3

Chapter 8, BizTalk Server Design 4

Chapter 9, Commerce Server Design 4

Chapter 10, Designing Your Testing Process 4

Documentation Scope............................................................ 5

style Conventions.................................................................. 6

Appendixes.................................................................................. 7

Appendix 1.1 – Consolidated Architecture 7

Executive Summary

A modern, agile enterprise level business relies on its information technology services to provide the infrastructure it needs to support its business goals. In order to fulfill these goals, these information technology services must be relied upon to be available and have the capacity to grow as business requirements increase.

The Microsoft® Systems Architecture Internet Data Center (MSA IDC) includes a detailed reference architecture model that enables customers to build scalable, reliable, secure, and manageable Internet data center environments. By following the recommendations in the Internet Data Center documentation, an organization can quickly and efficiently build an Internet data center infrastructure that will support the long-term business needs.

The chapters in this reference guide provide the detailed design methodologies and considerations that need to be taken into account when designing an Internet data center solution. This chapter provides a roadmap for the remaining chapters in the Reference Architecture Guide.

Audience

This guide is primarily intended for consultants, IT professionals, and developers who are responsible for the planning stages of application or infrastructure development and deployment across multiple projects. This includes the following common job descriptions:

· Architects and planners who are responsible for driving the architecture efforts for their organizations

· Business analysts and decision-makers (BDMs) who have critical business objectives and requirements that need IT support

· Consultants, both MCS and partners, who need knowledge transfer tools for enterprise customers and partners

However, other readers involved in planning, designing, and implementing an infrastructure project will find that this guide contains relevant and useful information. There are many roles in infrastructure development, and each person involved in the project requires different types and levels of information.

Also an audience for this Reference Architecture are our software, hardware and systems integration partners who would like to produce prescriptive guidance, using MSA as a blueprint, that includes their own unique product offerings that provide specific business and technical value and benefits.

Chapter Introductions

This Reference Architecture Guide consists of the following chapters (beyond this Introduction), each of which discusses an aspect of the Internet Data Center architecture design.

Chapter 2, Network Infrastructure Design

This chapter describes the overall design that is used in the Internet Data Center architecture. It provides an overview of architectural elements, such as the routers and switches as well as Web infrastructure design and components. It also discusses the configuration of the Microsoft Windows® 2000 Server operating system and traffic between virtual local area networks (VLANs).

Chapter 3, Firewall Design

This chapter describes the overall firewall design that is used in the Internet Data Center architecture. It provides an overview of elements, such as the security features, caching, Network Load Balancing, and virtual private networks (VPNs). It also discusses some of the additional areas that can be affected by the firewall design.

Chapter 4, Storage Design

This chapter describes the Microsoft® Systems Architecture Internet Data Center storage design. Considerations for storage planning are discussed in the areas of SAN fabrics, storage systems and host bus adapters. SAN security issues are also discussed.

Chapter 5, Security Design

This chapter describes the British Standard 7799 code of practice for information security, and the defense-in-depth strategy used in the security design. After a discussion of hacker techniques, this chapter describes Microsoft Internet Information Server (IIS) security configuration and the design for Active Directory, Domain Name Service (DNS), and Group Policy. The final part of this chapter covers authentication mechanisms used in the Internet Data Center architecture.

Chapter 6, Database Design

This chapter focuses on SQL Server security, including service account, registry, and auditing considerations; it also discusses SQL Server failover clustering, server federations, and SQL Server performance tuning.

Chapter 7, Management Design

This chapter covers the four key management areas: server monitoring and alerting, remote management, content deployment, and backup and restore. The monitoring and alerting solution for the Internet Data Center architecture is described, including the design of this solution and its components: Microsoft Operations Manager 2000, NetIQ Operations Manager, NetIQ AppManager and Xtremesoft AppMetrics. This chapter then describes the remote management design used, including the use of Terminal Services for primary access and the features of the additional server management cards. The third part of this chapter describes content deployment, change management, and the role of Microsoft Application Center 2000 in extending the base Internet Data Center architecture. Topics covered include server placement, accessibility, and security, as well as the content management release process in the Web, infrastructure, and data networks.

This chapter also gives an overview of the backup solution for Internet Data Center used in the architecture.

Chapter 8, BizTalk Server Design

This chapter explores the issues involved in integrating a Microsoft BizTalk™ Server solution into the Internet Data Center architecture. The chapter provides guidance for the appropriate infrastructure design for both partner integration solutions that use BizTalk Server messaging functionality, and business process automation using BizTalk Server orchestration services. Design challenges such as the location of BizTalk Server components and related services, for example Message Queuing, are discussed together with configuration issues relating to security, availability, and scalability. Communications protocols such as HTTP, SMTP, FTP, and Message Queuing are considered, and guidance for configuring and securing each protocol is given.

Chapter 9, Commerce Server Design

This chapter describes the recommended infrastructure design for integrating a Microsoft Commerce Server 2000 e-commerce site into the Internet Data Center architecture. The chapter discusses issues that you could face when deploying the various different components of a Commerce Server solution, including how to integrate Commerce Server services, Commerce Server databases, and pipeline components. The document highlights key design decisions that will help you build secure e-commerce solutions that can scale to your needs.

Chapter 10, Designing Your Testing Process

This chapter describes the process to be used when testing an implementation of the Microsoft® Systems Architecture Internet Data Center design. Details on how to manage the test process are given, together with criteria for release and testing tools to be used. The key testing documents are described, and template and example documents are provided as appendices.

Documentation Scope

This documentation will be augmented and updated in future versions. As a result, certain aspects of the Internet Data Center architecture are discussed at an intentionally general or high level. Items considered out of the scope of this documentation include specific guidance or details in the following areas:

· Applications design and development

· Multi-site architecture

· Host system and legacy integration or migration

· Extended scalability and performance data

style Conventions

This guide uses the following style conventions and terminology.

Element	Meaning
bold font	Characters that you type exactly as shown, including commands and switches. User interface elements are also bold.
Italic font	Placeholder for variables for which you supply a specific value. For example, Filename.ext could refer to any valid file name for the case in question. New terminology also appears in italic on first use.
Monospace font	Code samples.
%SystemRoot%	The folder in which Windows 2000 is installed.
Note	Alerts you to supplementary information.
Important	Alerts you to supplementary information that is essential to the completion of a task.

Table 1. MSA IDC documentation style conventions

Appendixes

This section provides detail of the appendices provided for this chapter as part of the Internet Data Center architecture documentation.

Appendix 1.1 – Consolidated Architecture

The Consolidated Architecture diagram illustrates all the technical components of the architecture as described at reference level in this guide. It is intended as a “complete” picture that will be a useful reference whilst working your way through, or selectively reading, the chapters in this guide. It should not be seen as a definition of what the Internet Data Center is due to the fact that customization is always required for specific customer implementations. The source file for this diagram, in Microsoft Visio format and called Reference Architecture Diagrams.vsd, can be found in the appendix files for this guide.