Title: Microsoft Windows DNA Deployment Checklist Edward A' Jezierski COM and WinDNA Middleware Engineer Mi
1Microsoft Windows DNA Deployment
ChecklistEdward A. JezierskiCOM and WinDNA
Middleware EngineerMicrosoft Corporation
2Agenda
- Why deployment?
- Good deployment practices
- Communication requirements
- Servers and clients
- Security and transactions
- Other technologies
3Why Deployment?Why is deployment such a pain?
- Expensive delays
- Seldom-tested phase
- High visibility
- Costly moment to fix errors
- New people working together
- Technologies working together differently
4Deployment PracticesSome good tips to have a
great D-Day
- Test and rehearse
- Same environment
- Same people
- Same expectations
- Same resources
- Same pressure
- Document, document, document
5Deployment Practices
What can I do to have a better deployment?
- Use checkpoints and diagnostics
- For each tier
- For full application flows
Service Wrappers
Business Logic
Persistent Services
SQL
Exchange
ERP
ETC
6Deployment Practices (2)
What can I do to have a better deployment?
- Use checkpoints and diagnostics
- For each tier
- For full application flows
Service Wrappers
Business Logic
Persistent Services
SQL
Exchange
ERP
ETC
7Web Server to Application Server
- Typical communication channels
- DCOM
- Transactions
- Security
- DCOM authentication is complex remotely
- Set identities on Web applications and COM
applications that can be authenticated - Avoid callbacks
8Server Components (1 of 2)
How should I configure my server components?
- Avoid extra process jumps
- Web site isolation high (dedicated DLLHOST)
- Local COM application library activation
- Is it beneficial to isolate server processes?
- Yes, if they are dedicated to each other
- No, if there are other clients
- Making library applications
- Isolate server failures from affecting other
local clients
9Server Components (2 of 2)
Where should I place my components?
- Components on the Web server
- Components using ASP (request, response)
- Components whose only client is local ASP pages
- Rendering components
- Cache wrappers
- Remote Components
- Components use resources that hinder Web
performance - Sharing, for example leverage larger connection
pools - Easier rollout
10SQL Server
- Select an appropriate netlib
- TCP, port 1433
- Q250550 - Change Default NetLib w/o Client
Network Utility - To deploy simple databases, detach and/or attach
files - No replication, security, and so on
- Applying SQL Server 7.0 SP1 on a cluster can be
complex - Q249802 Error Installing SQL 7.0 SPs in Cluster
- Practice backup and restore
- Practice failover
11Security (1 of 3)
How can we know whos calling?
- Authentication works for
- Local users
- Users in its domain
- Users in trusted domains
- Remote users with same user and password
12Security (2 of 3)
Security gotchas
- Change default passwords
- Use delegation conscientiously
- Watch out for transient information
- Example password expiration
- Use secure storages
- No passwords in constructor strings
- Use UDL files and secure with NTFS
13Security (3 of 3)
Putting it all together under the right domains
Web app and components
Internal SQL servers
DMZ DC
Corp DC
14Transactions (1 of 2)
Typical deployment issue transaction doesnt work
- Transaction flow requires DTC
- DTCs refer each other by NetBIOS name
- Test by pinging by name
- DTC and Clusters ? Dedicated name resource
- Use hosts file when no DNS available
- Open SQL connections by server name
15Transactions (2 of 2)
Typical deployment issue transaction doesnt
work
- DTCs talk to each other through RPC
- Connection-oriented transport nacn_
- Firewall considerations
- Open RPC ports, use DCOM white paper
- Troubleshoot with RPCPing or DTCPing
16MSMQ and Site Server
- MSMQ is a persistent resource
- Cluster, not NLBS
- Use private queues for cloned application servers
- MSMQ and firewalls
- Q178517 TCP, UDP, and RPC Ports Used by MSMQ
- Q183293 Configure a Firewall for MSMQ Access
- Site Server and firewall
- LDAP on the corpnet 389 1002 and other ports
- Using Membership and AD for session
datehttp//msdn.microsoft.com/library/winresourc
e/ssreskit/rk_sessstate_zcpu.htm (NOTE The
above link is one path it has been wrapped for
readability.
17COM Queued ComponentsHow do I deploy queued
components?
- Validate MSMQ setup
- Create and/or install queued applications
- Send test messages
- Test exception classes
- Redeploy proxies when settings change
18COM Queued Components
How does security come into play with QC?
- Authentication
- Need MSMQ installed in Domain mode
- Need domain identities
- Need certificate (use Control Panel)
- Need users registry hive
- Stores the certificate
- Start Dummy service with process identity
19Windows Clients
- Use Windows Installer
- Design to reduce interface dependencies
- Isolating server changes from clients
- Some applications implement bootstraps
- Helper EXEs that update local files from a share
- Current VSI not ready for remote components
- Install COM application proxy MSI
20Miscellaneous
- Clusters
- Read setup documents, Readme files, KB articles
- Test failover
- Test operation on both nodes
- Firewalls
- Understand when two-way comes in
- Each service requires different ports
21Hosting Considerations
- Currently DNA works very well for ASP scenarios
- We are making things even easier
- SQL Server 2000
- Multiple instances version, security,
maintenance - COM 1.x (the release that follows Windows 2000)
- Partitions have many instances of same COM
application
22Links
- DNA blueprint
- http//msdn.microsoft.com/library/techart/dnablue
print.htm - Application center
- http//www.microsoft.com/applicationcenter/
- Support WebCasts
- http//support.microsoft.com/WebCasts
- DCOM and firewalls
- http//msdn.microsoft.com/library/backgrnd/html/m
sdn_dcomfirewall.htm - (Note that the URLs should be entered as one
line they are wrapped here for readability.)
23(No Transcript)