Microsoft Windows DNA Deployment Checklist Edward A' Jezierski COM and WinDNA Middleware Engineer Mi

1
Microsoft Windows DNA Deployment
ChecklistEdward A. JezierskiCOM and WinDNA
Middleware EngineerMicrosoft Corporation
2
Agenda

• Why deployment?
• Good deployment practices
• Communication requirements
• Servers and clients
• Security and transactions
• Other technologies

3
Why Deployment?Why is deployment such a pain?

• Expensive delays
• Seldom-tested phase
• High visibility
• Costly moment to fix errors
• New people working together
• Technologies working together differently

4
Deployment PracticesSome good tips to have a
great D-Day

• Test and rehearse
• Same environment
• Same people
• Same expectations
• Same resources
• Same pressure
• Document, document, document

5
Deployment Practices
What can I do to have a better deployment?

• Use checkpoints and diagnostics
• For each tier
• For full application flows

Service Wrappers
Business Logic
Persistent Services
SQL
Exchange
ERP
ETC
6
Deployment Practices (2)
What can I do to have a better deployment?

• Use checkpoints and diagnostics
• For each tier
• For full application flows

Service Wrappers
Business Logic
Persistent Services
SQL
Exchange
ERP
ETC
7
Web Server to Application Server

• Typical communication channels
• DCOM
• Transactions
• Security
• DCOM authentication is complex remotely
• Set identities on Web applications and COM
  applications that can be authenticated
• Avoid callbacks

8
Server Components (1 of 2)
How should I configure my server components?

• Avoid extra process jumps
• Web site isolation high (dedicated DLLHOST)
• Local COM application library activation
• Is it beneficial to isolate server processes?
• Yes, if they are dedicated to each other
• No, if there are other clients
• Making library applications
• Isolate server failures from affecting other
  local clients

9
Server Components (2 of 2)
Where should I place my components?

• Components on the Web server
• Components using ASP (request, response)
• Components whose only client is local ASP pages
• Rendering components
• Cache wrappers
• Remote Components
• Components use resources that hinder Web
  performance
• Sharing, for example leverage larger connection
  pools
• Easier rollout

10
SQL Server

• Select an appropriate netlib
• TCP, port 1433
• Q250550 - Change Default NetLib w/o Client
  Network Utility
• To deploy simple databases, detach and/or attach
  files
• No replication, security, and so on
• Applying SQL Server 7.0 SP1 on a cluster can be
  complex
• Q249802 Error Installing SQL 7.0 SPs in Cluster
• Practice backup and restore
• Practice failover

11
Security (1 of 3)
How can we know whos calling?

• Authentication works for
• Local users
• Users in its domain
• Users in trusted domains
• Remote users with same user and password

12
Security (2 of 3)
Security gotchas

• Change default passwords
• Use delegation conscientiously
• Watch out for transient information
• Example password expiration
• Use secure storages
• No passwords in constructor strings
• Use UDL files and secure with NTFS

13
Security (3 of 3)
Putting it all together under the right domains

• Domain Configuration

Web app and components
Internal SQL servers
DMZ DC
Corp DC
14
Transactions (1 of 2)
Typical deployment issue transaction doesnt work

• Transaction flow requires DTC
• DTCs refer each other by NetBIOS name
• Test by pinging by name
• DTC and Clusters ? Dedicated name resource
• Use hosts file when no DNS available
• Open SQL connections by server name

15
Transactions (2 of 2)
Typical deployment issue transaction doesnt
work

• DTCs talk to each other through RPC
• Connection-oriented transport nacn_
• Firewall considerations
• Open RPC ports, use DCOM white paper
• Troubleshoot with RPCPing or DTCPing

16
MSMQ and Site Server

• MSMQ is a persistent resource
• Cluster, not NLBS
• Use private queues for cloned application servers
• MSMQ and firewalls
• Q178517 TCP, UDP, and RPC Ports Used by MSMQ
• Q183293 Configure a Firewall for MSMQ Access
• Site Server and firewall
• LDAP on the corpnet 389 1002 and other ports
• Using Membership and AD for session
  datehttp//msdn.microsoft.com/library/winresourc
  e/ssreskit/rk_sessstate_zcpu.htm (NOTE The
  above link is one path it has been wrapped for
  readability.

17
COM Queued ComponentsHow do I deploy queued
components?

• Validate MSMQ setup
• Create and/or install queued applications
• Send test messages
• Test exception classes
• Redeploy proxies when settings change

18
COM Queued Components
How does security come into play with QC?

• Authentication
• Need MSMQ installed in Domain mode
• Need domain identities
• Need certificate (use Control Panel)
• Need users registry hive
• Stores the certificate
• Start Dummy service with process identity

19
Windows Clients

• Use Windows Installer
• Design to reduce interface dependencies
• Isolating server changes from clients
• Some applications implement bootstraps
• Helper EXEs that update local files from a share
• Current VSI not ready for remote components
• Install COM application proxy MSI

20
Miscellaneous

• Clusters
• Read setup documents, Readme files, KB articles
• Test failover
• Test operation on both nodes
• Firewalls
• Understand when two-way comes in
• Each service requires different ports

21
Hosting Considerations

• Currently DNA works very well for ASP scenarios
• We are making things even easier
• SQL Server 2000
• Multiple instances version, security,
  maintenance
• COM 1.x (the release that follows Windows 2000)
• Partitions have many instances of same COM
  application

22
Links

• DNA blueprint
• http//msdn.microsoft.com/library/techart/dnablue
  print.htm
• Application center
• http//www.microsoft.com/applicationcenter/
• Support WebCasts
• http//support.microsoft.com/WebCasts
• DCOM and firewalls
• http//msdn.microsoft.com/library/backgrnd/html/m
  sdn_dcomfirewall.htm
• (Note that the URLs should be entered as one
  line they are wrapped here for readability.)

23
(No Transcript)