Special Edition, Using Microsoft BackOffice, Ch. 03

03 - Preparing to Implement Microsoft BackOffice

by Greg Sullivan and Don Benage

You have learned about the components and purpose of Microsoft BackOffice. Now it is time to get ready for implementation. Before you actually install Microsoft BackOffice in your organization, there is much to prepare. In this chapter, you learn the important pieces you must put into place before installing Microsoft BackOffice.

  • Keys to building your network - Gain insight into how to build your network with Microsoft BackOffice in mind. Discussion centers on the significance of intranet concepts and the Internet to your network.

  • How to organize an administration team - See how an administration team should be built and organized with attention given to each Microsoft BackOffice product.

  • How to select server hardware for Microsoft BackOffice - Understand the most important aspects of server hardware selection pertaining to each Microsoft BackOffice product.

  • How to prepare the facility and set appropriate policies and procedures - These guidelines help you to understand the physical, logistical, and practical aspects of your Microsoft BackOffice implementation.

  • The significance of Microsoft Systems Management Server - See how Microsoft SMS can impact overall network administration if it is incorporated into your Microsoft BackOffice environment.

  • How to license Microsoft BackOffice - Learn the ins and outs of the flexible Microsoft BackOffice licensing scheme.


After you have read this chapter, you will know how to prepare your organization for a successful installation, and you will be ready to implement Microsoft BackOffice.

There is no significance to the order in which these work steps are presented. All these issues need to be addressed, and the sequence is not important. In fact, several of these activities overlap each other chronologically. The intent is not to present a detailed work plan, but to identify all the areas that deserve attention. Following these guidelines will enhance the likelihood of a successful Microsoft BackOffice implementation.

Building Your Network

One of the important reasons for the existence of Microsoft BackOffice is to facilitate the delivery of meaningful information to desktop personal computers (PCs). For Microsoft BackOffice to provide this capability, you must have a physical network in place.

The network cabling must extend to every desktop PC to which you desire to deliver data. The network cabling must also connect to the servers that will run server-based applications like the products that make up Microsoft BackOffice. Each PC and server must contain a network interface card (NIC) appropriate for the type of network you are using (for example, Ethernet or token ring).

A representation of a typical network is shown in figure 3.1. It is important to note that this representation is logical in nature. The network is shown as a ring, even though most modern networks are physically wired in a star configuration, with a wire running from each workstation to a multiport hub of some type. In its simplest form, a network consists of network cabling and connectors, communications devices (such as routers and hubs) that propagate data over the cabling, server computers, and client PCs.

Fig. 3.1 - The simplest client-server networks show server applications and client PCs attached to a circle, which logically indicates that the server computers and client computers are connected on a network.

See "Understanding Information Networks," (Ch. 1)

Each network also requires a network operating system (NOS). The NOS is the software that enables the hardware to act as a network. The NOS for a Microsoft BackOffice network is Windows NT Server. It provides all the basic NOS services such as user authentication and controlling access to shared resources like files and printers. Windows NT Server includes a rich set of graphical administration tools that make it easy to manage your network.

See "A Network Operating System," (Ch. 2)

Before you build a new network for Microsoft BackOffice, or prepare your existing network, there are some networking fundamentals to cover.

Intranet

The network within your organization is sometimes referred to as an intranet. The name, as it implies, is taken from an external perspective. Your internal network is referred to as an intranet with respect to the worldwide network, which is known as the Internet. The Internet is discussed later in this chapter.

The basic building block of an enterprise network is the local area network (LAN). It is called "local" because all the PCs and servers are connected via the same physical cabling. The simple network shown in figure 3.1 is an example of a LAN.

Many organizations have people located in geographically separate locations. In this situation it is not convenient, or even possible, to connect everyone to the same LAN cabling system. However, it is still desirable to allow computer systems at different locations to communicate with one another. The solution is to connect multiple LANs together to form a wide area network (WAN). Figure 3.2 shows a typical representation of a WAN.

Fig. 3.2 - Wide area networks typically incorporate multiple local area networks, which are geographically separated into a single, larger network.

The link that connects the LANs is some type of communication line. These lines are available in many forms from providers of communication transmission services, also known as carriers. In addition to the communication lines, which are typically leased, it is necessary to install equipment such as a router or bridge to physically connect a LAN to a communication line.

The advantage of a wide area network is that users can interact with one another as if they were connected to the same physical cabling system, as shown in figure 3.3. The type of connection is usually transparent to a user connected to the network. In some cases, however, the communication lines that connect LANs do not operate at the same rate of speed as local cabling. In these situations, users may experience delays when interacting with a server application or client PC on another LAN connected to the WAN.

Fig. 3.3 - For simplicity's sake, logical network representations often do not distinguish between the LAN and the WAN because this is usually transparent to the users.

Figures 3.1, 3.2, and 3.3 depict generic networks. The server applications shown in these figures are representations of logical processes that execute on server computers. A typical Microsoft BackOffice network is shown in figure 3.4.

Fig. 3.4 - A Microsoft BackOffice network shows the various BackOffice products attached to the network as logical processes.

In figure 3.4, each Microsoft BackOffice product is installed on a separate server computer. Even though in some situations it is possible to install multiple Microsoft BackOffice server applications on the same server, they are depicted as individual components in the network diagram. This helps to clarify the role of each server application.

The Microsoft BackOffice network may also include a connection to an IBM mainframe or minicomputer through the services of Microsoft SNA Server. You may also notice that this network includes remote users that connect to the network through the services of Windows NT Remote Access Server (RAS). In this sense, your intranet also includes computers and users that access the network by dialing in from outside the physical location of the network.

The Internet

You may also desire to connect your organization to the rest of the world. This is possible now due to the proliferation of the Internet. The Internet is a worldwide, wide area network. It was first developed by the United States Department of Defense to facilitate global communications. At its inception, the academic community was included. Academicians throughout the world communicate with one another and share information via the Internet. It has become a critical component of the international educational system.

See "Joining the Internet Community," (Ch.10)

The network in figure 3.4 did not depict a connection to the Internet. Microsoft BackOffice contains a product that allows you to connect your network to the Internet - the Microsoft Internet Information Server. An intranet connected to the Internet is shown in figure 3.5.

Fig. 3.5 - A Microsoft BackOffice network (the intranet) can be connected to the Internet via Internet Information Server.

To connect your network to the Internet, you must acquire the services of an Internet service provider. Most communities now have several companies that provide access to the Internet. These companies will place communications equipment on your premises and connect it to both your network and the Internet. The link to the Internet is made through another communication line, similar to the one you might use to create a wide area network. There are many ways in which to connect to the Internet. Your local Internet service provider will help you understand your options and the associated costs.

See "Preparing for Internet Information Server," (Ch.10)

The two primary roles of the Internet are to:

  • Facilitate communication

  • Share information

Because Microsoft BackOffice also provides these basic capabilities on your own network, you can view your intranet as your own "private" Internet. As the Internet grows in popularity, the tools used to manage private networks begin to share many similarities with Internet tools; such is the case with some features of Microsoft BackOffice.

Communications

The Internet enables people to communicate electronically using their computers. This communication exists in the form of e-mail. A user can type a message to anyone else connected to the Internet and send the message to him or her as long as the user knows the person's Internet e-mail address. This form of communication is quite convenient and has become widely accepted in a short period of time.

Microsoft BackOffice supports e-mail on an intranet through the services of Microsoft Exchange Server. This product enables users on the network to electronically communicate with one another. The combination of Microsoft Exchange Server and Microsoft Internet Information Server permits users to electronically communicate with not only those on the intranet, but also everyone on the global Internet.

Information

The Internet is also used to share information. An Internet user can publish any information for purposes of sharing it with other interested Internet users. The most popular vehicle for sharing published information is referred to as the Worldwide Web (WWW). Other methods are available as well, with equally colorful acronyms. Members of the Internet community have defined how information is to be formatted and placed on the Internet and how other users are to access it.

After you have connected your network to the Internet, a server on your network can be configured as a WWW server, usually referred to simply as a Web server. You can place the information you want to share on this computer after formatting it using HyperText Markup Language (HTML). HTML is a collection of formatting codes created by the Internet community. A variety of utilities, including the Microsoft Word Internet Assistant, make it relatively painless to annotate documents with HTML codes.

See "HyperText Markup Language," (Ch.9)

Web servers publish HTML pages using HyperText Transfer Protocol (HTTP). If you set up your server properly, anyone on the Internet can locate your Web server and view the information. The capability to do this is provided by a software package called a browser, or Web browser. Browsers for the WWW are available from a number of vendors, including Microsoft.

One of the features available to you with Microsoft Internet Information Server is this capability to publish information and share it with anyone on the Internet. At times, you may want to publish information only to those within your organization, but still leverage the power and flexibility of the Internet tools. Microsoft Internet Information Server provides the capability to publish internal information on a private WWW server. This example illustrates one reason why an intranet can be viewed as your private Internet.

Because the WWW was originally intended for publication purposes, the information was primarily static. Information changed only when the author manually made changes to the published document on the Web server. The need for WWW information to be more dynamic has grown, however, because it is more meaningful to present information to users based on their input. This has resulted in more sophisticated Web server and browser products.

Many organizations now use, or plan to use, the Internet to interact with their customers. One example of this type of interaction is referred to as electronic commerce. Supported by the capabilities of dynamic WWW information and sophisticated browsers, an organization can sell its products over the Internet.

Electronic commerce is simply the act of allowing a customer connected to the Internet to conduct a secure financial transaction with the organization. For example, a customer can connect to a Web server and place an order for a product. This type of transaction can only be performed if the Web server is capable of dynamically interacting with the user.


Many other applications are available for the Internet beyond those described here. The Chapter 31, "Building Applications with Microsoft BackOffice," offers an example of how to use the Internet for customer interaction.

Significance of Bandwidth

One of the most important characteristics of your network is the rate of speed at which data is transmitted. The cables that comprise your network are similar to the plumbing in a building. The pipes carry water, and the network cables carry data. As such, the network cabling is often referred to as the data pipe.

If you want the plumbing to carry more water at a faster pace, then a larger pipe is needed. Similar logic applies in networking except that the pipe is not physically enlarged. Instead, a different kind of cable is used, or the communication equipment that transmits data over the cable is enhanced.

Data traveling across the network is referred to as network traffic. The amount of data and the rate of speed with which it moves through the network cables is referred to as bandwidth. The more network traffic, or the faster the data must be transmitted, the more bandwidth the network requires.


Network bandwidth is determined by the type of cabling and type of communication equipment used to build the network. These physical aspects of your network will define the maximum bandwidth your network will ever achieve. In some cases, software that implements compression algorithms may be employed to maximize productive use of the existing bandwidth.

Most networks today experience bandwidth limitations. This is due to the nature of the applications that run on the network. Applications based on the client-server process model are designed specifically to minimize the amount of data transmitted across the network. Therefore, as organizations make increasing use of the client-server model, network traffic is reduced. However, networks are still used for many tasks such as file transfer and disk backups, which are bandwidth-intensive. Consequently, management often overlooks the need to provide additional bandwidth.


You must anticipate the need for more bandwidth when building a network. Your network will likely be transmitting many new types of data in the near future. Some of these data types, such as multimedia data (for example, full motion video and audio), are significantly larger than traditional data. It is important that your network can accommodate these volumes and types of data before users require additional bandwidth.

It is almost impossible to overbuild your network with respect to bandwidth. If your organization is creating a network with an expected lifetime of over three years, any excess capacity will eventually be needed as new data types and applications are added to the network.

Organize Administration Teams

Another important aspect of your Microsoft BackOffice implementation is a team of administrators. The administrators are the individuals responsible for the implementation of Microsoft BackOffice. After the applications are installed and available to computer users, the administrators are responsible for the ongoing successful operation of the network and Microsoft BackOffice server applications.


You must have an adequately staffed team of administrators. Many managers underestimate the significance of this issue. Under staffing in this area can be costly to the organization. Many hidden costs are associated with a weak or under-staffed administration team, because the burden of managing server applications and troubleshooting associated problems falls into the hands of the users. This results in a loss of productivity across the organization.

There is an administrative role for each server application installed on the network. Depending on the size of the organization and the extent of the applications being used, this does not always need to be filled by an additional person. A talented administrator may be able to handle more than one administrative role. This is especially true for Microsoft BackOffice because the server applications have so many operating similarities.

Conversely, on a very large network with hundreds or thousands of workstations you will undoubtedly need multiple people in each role. The key issues are that the tasks and responsibilities associated with each product need to be identified and managed. Watch for signs that an administrator has too much to manage.

Because there is usually overlap in responsibilities across server applications, the administrators should work together as a team. This also provides a built-in means for providing backup administrators. Each server application should have a primary administrator and a backup administrator, in case the primary administrator is unavailable in an emergency.


Administrators should be thoroughly trained in the products for which they are responsible. This training should include not only product training, but also training in the fundamentals of the underlying technology.

The roles and responsibilities for each member of a Microsoft BackOffice administration team are covered in detail in the respective product sections of this book. Following is a brief description of the administration requirements for each Microsoft BackOffice product and the highlights of administrator responsibilities.

Windows NT Server

See "Understanding the Role of A Network Administrator," (Ch. 6)

The primary role of Windows NT Server is to act as the network operating system. The administrator in charge of the network operating system is usually referred to as a network (or LAN) administrator. In addition to managing the network operating system, this individual is typically responsible for the shared resources on the network, such as printers and disk drives on servers. In small organizations, the network administrator may also be responsible for all network connections and PCs that connect to the network.


The network administrator is responsible for the successful implementation of the network and the network operating system. This includes accepting responsibility for who is connected to the network and what they can do while they are on it. In most cases, the network administrator's domain of influence includes the other administrators because the network administrator must coordinate all activity on the network.

The following list highlights roles and responsibilities of the network administrator:

  • Installs Windows NT Server

  • Creates user accounts

  • Organizes user groups

  • Manages sharable resources

  • Sets sharable resource privileges

  • Assigns user permissions

  • Performs backups of network files

  • Monitors network resource utilization

  • Troubleshoots network problems

Operators

In addition to the role of network administrator, Windows NT Server allows you the flexibility of assigning a limited set of administrative duties to individuals called operators. Operators are frequently chosen from among the personnel of a department to act as a pseudo administrator for the department. An operator cannot perform all the duties of a network administrator, but because they are usually more accessible to users, they can increase the effectiveness of the administrative team and the satisfaction level of the user community.

The four types of operators are as follows:

  • Account

  • Server

  • Print

  • Backup

The most commonly used are account and print operators. Account operators can assist users who have forgotten their password by giving them a new password. They can also perform other account related tasks such as changing a user's name (common after a marriage) or creating an account for a new user. An account operator cannot create or modify an administrator's account.


Neither an account operator nor an administrator can see a user's password. They can, however, enter a new password for the user if the old one has been forgotten.

Print operators assist users having difficulty with documents that have been sent to a network printer. In administrative jargon, these are jobs in a print queue, and if a job experiences problems, it can create a log jam effect for all the print requests sent behind it. For example, if a user sends a print request formatted with the PostScript page description language to a non-PostScript printer, dozens of pages of gibberish are usually the result. If the user who sent the job has left for a meeting or lunch, only a print operator or administrator can pause the printer, delete the faulty job, and restart the printer.

Microsoft Internet Information Server

See "Preparing for Internet Information Server"," (Ch. 10)

The administrator responsible for Microsoft Internet Information Server is referred to as the Internet administrator. Because this often includes responsibility for the information, or content, placed on the Web server, the Internet administrator is sometimes referred to as the Webmaster. This job overlaps with the database administrator (DBA) in cases where dynamic WWW information is driven by Microsoft SQL Server databases.


The Internet administrator is responsible for the successful operation of Microsoft Internet Information Server. This includes accepting responsibility for stability and performance of the Internet connection. This may also include accepting responsibility for the information published on the WWW server.

The following list highlights roles and responsibilities of the Internet administrator:

  • Installs Microsoft Internet Information Server

  • Provides client software (Web browsers)

  • Ensures that connection to Internet service provider is constant and stable

  • Sets up WWW servers, internal and external

  • Publishes information on WWW server, if appropriate

  • Enables FTP (file transfer protocol) and Gopher, if appropriate

  • Monitors usage

  • Sets up security firewalls, if appropriate

  • Troubleshoots Internet problems

Microsoft Exchange Server

The administrator responsible for Microsoft Exchange Server is referred to as the Exchange administrator or the Mail administrator.

As organizations become dependent on e-mail, this administrator bears the burden of keeping e-mail flowing all the time. Users expect their e-mail to be received and delivered in a timely fashion just as they are accustomed to reliable voice communications over the telephone. The Mail administrator may also lead the organization through an "e-mail culture" transition. Organizations are said to have an e-mail culture if its members rely heavily on electronic messaging.


The Exchange administrator is responsible for the successful operation of Microsoft Exchange Server. This includes accepting responsibility for the timely flow of messages throughout the organization and, possibly, to and from external mail systems and the Internet.

The following list highlights roles and responsibilities of the Exchange administrator:

  • Installs Microsoft Exchange Server

  • Distributes client software

  • Determines server architecture

  • Configures mail servers

  • Sets up user mailboxes

  • Sets up auditing

  • Enables Internet mail, if appropriate

  • Manages public folders and discussion groups

  • Troubleshoots mail problems

Microsoft SQL Server

See "What Does a DBA Do?," (Ch. 17)

The administrator responsible for Microsoft SQL Server is referred to as the DBA. The DBA installs and operates Microsoft SQL Server. The DBA may also be responsible for managing the organization's data stored in SQL Server databases. In some cases, the DBA may also design the databases.


The database administrator is responsible for the successful operation of Microsoft SQL Server. This may also include accepting responsibility for the data managed by Microsoft SQL Server.

The following list highlights roles and responsibilities of the database administrator:

  • Installs Microsoft SQL Server

  • Establishes standards and procedures for using Microsoft SQL Server

  • Secures the databases

  • Selects related tools and vendors

  • Plans for capacity requirements

  • Backs up databases and recovers databases, if necessary

  • Improves performance of database applications

  • Designs databases and server processes, if appropriate

  • Assists application developers and database users

  • Troubleshoots database problems

Microsoft SNA Server

See "Preparing for Internet Information Server," (Ch.10)

See "Managing Connectivity to Host Computer Resources," (Ch. 24)

The administrator responsible for Microsoft SNA Server is referred to as the SNA Server administrator. The SNA Server administrator is responsible for providing host connectivity to client PCs on the network. The SNA Server administrator determines the maximum number of concurrent users and configures the environment to accommodate their simultaneous connection to the host.


The SNA Server administrator is responsible for the successful operation of Microsoft SNA Server. This may also include accepting responsibility for assigning user privileges on the mainframe or minicomputers for which Microsoft SNA Server provides a connection.

The following list highlights roles and responsibilities of the SNA Server administrator:

  • Installs Microsoft SNA Server

  • Distributes client software

  • Manages connectivity to host computer resources

  • Controls access to Microsoft SNA Server

  • Sets up auditing

  • Monitors security-related events

  • Troubleshoots host communication problems

Microsoft Systems Management Server

The administrator responsible for Microsoft Systems Management Server (SMS) is referred to as the SMS administrator. Sometimes the SMS administrator is also referred to as the system administrator. Regardless of the title, this job is one of the most complex administrator positions. This is consistent with the associated complexities of managing a network to the level of detail supported by Microsoft SMS. See the section "Understand the Impact of Microsoft SMS" later in the chapter for more information.


The SMS administrator is responsible for the successful operation of Microsoft SMS. This may also include accepting responsibility for the software and hardware located across the network.

The following list highlights roles and responsibilities of the SMS administrator:

  • Installs Microsoft SMS

  • Tracks hardware inventory

  • Defines packages for software distribution

  • Creates jobs for distributing software

  • Supports users with remote diagnostics

  • Monitors network performance

  • Tracks user activity and security violations

  • Troubleshoots network and system management problems

Determine Server Configuration

As you think about the size and number of servers you will need, remember that the server is not the place to economize. By the time you have installed LAN cabling and hubs, added desktop computers, and provided training to the user community, the incremental cost for servers is a small percentage of the overall cost.

The way in which each Microsoft BackOffice application uses computing resources may guide your decision-making process. For example, the questions of selecting appropriate equipment for a particular server-based task, sizing the server, and performance tuning are challenging issues. The guidelines contained in this section can help you make the best decisions. Finally, validating your decisions with tools like the Windows NT Performance Monitor, and then making adjustments as needed, is an important step in completing the process.

Windows NT Server

Windows NT Server is used as a platform on which to run other applications. It is also responsible on many networks for sharing files and printers unless an alternative NOS (such as NetWare) has been implemented. Sharing files and printers is I/O intensive. Windows NT servers used exclusively for file and print services will exercise the disk subsystem - disk controller(s), disk drive(s), and drive array(s). Adding more power in the form of additional processors will not usually provide as much performance improvement as adding additional components to the I/O subsystem such as an additional disk controller.

An exception to this guideline is Windows NT servers that act as domain controllers. These computers are responsible for validating logon requests. They typically have heavy demands placed on their network adapters and processors, especially during the periods when many users log on to the network, like early morning at a typical company. An appropriate choice for a domain controller, that was not also used for file and print services, might be a dual processor system with a high-speed network adapter. Current network hub technology can allow a server to have its own high-speed LAN segment to improve network throughput as well.

Internet Information Server

For most organizations, the demands placed on a computer to run Internet Information Server (IIS) will not be too great. There are exceptions, however. The IIS product was used to create the Web server for the 1996 Super Bowl site, http://www.superbowl.com. For this type of special situation, with thousands of users, the demands can be substantial.

The type of demands depend on the type of Web server you create. A traditional publishing server primarily will tax the disk subsystem and networking components. If you are implementing a server for electronic commerce, and interacting with SQL Server, your processing requirements will increase. RAM used for caching information also plays an important role on Web servers.

Exchange Server

Exchange Server is a product that, like SQL Server, exercises all subsystems in the computer. It uses a number of server-based services, which place demands on processing power and RAM, and benefits from the addition of one or more additional processors and additional RAM. It manages potentially large user mailboxes with rich data types and can therefore place demands on the disk subsystem. Finally, Exchange uses the network components as its pipeline to the world. Like SQL Server, a large, actively used Exchange Server places balanced demands on all computer subsystems.

Microsoft SQL Server

Sizing and performance tuning SQL Servers are special challenges. How a computer will be utilized by database systems is difficult to anticipate and manage. SQL Server certainly places demands on the disk subsystem, but SQL Server also performs part of the application processing on the server through the use of stored procedures. In addition, it makes good use of additional RAM for procedure and data caching and to manage user data structures.

You could say that it is easy to size a SQL Server - make it big and don't skimp on anything. If you must economize, the disk subsystem is probably the single element that has the biggest impact on performance. It is the area you should invest in first.

SNA Server

The role of SNA Server is to provide connectivity over the network. It is not surprising, therefore, that high-speed network components are important. What is not always recognized is the important role RAM plays for caching of information. Therefore, RAM and networking components are the most important elements of an SNA Server, with the disk subsystem playing a relatively minor role. Processor demands are not exceptional.

Systems Management Server

The distinguishing characteristic of SMS is its use of multiple server-based services. SMS benefits from additional processors and additional RAM. Its disk subsystem requirements vary dramatically depending on the extent to which your organization uses SMS for package distribution. If this feature of SMS is exploited heavily, it will require a lot of storage for package processing.

Redundant Components

The concept of redundancy should be carefully reviewed among the administrative team. Consider implementing redundant sources of important information and equipment to avoid any single points of failure. The use of data replication in SQL Server and the automatic replication of the user account database among domain controllers provided by Windows NT Server are two examples of redundancy. Although redundant components add to the expense of the network, they usually reduce operating costs and expenses associated with down time. Some of these are hidden costs that can dramatically reduce the effectiveness of your computing infrastructure.

Select the Hardware

Now that you have some general guidelines on the way Microsoft BackOffice components use computing resources, only a few additional considerations remain. In this section, specific types of hardware are discussed.

Of all the advice provided in this book, the discussion on hardware configuration may be the most controversial. Microsoft's own guidelines for the amount of RAM required for servers is frequently dismissed as too little. Certainly different hardware vendors have different opinions, and they may even produce charts and graphs proving they are right. The information presented in this section will help you determine the specific hardware components that are best for you.

Hardware comes in many shapes and sizes, and it changes constantly. Microsoft includes a Hardware Compatibility List (HCL) in the Windows NT Server (and Workstation) box and provides regular updates to that list on CompuServe, the Microsoft Network on-line service (MSN), and the Microsoft Web server (www.microsoft.com). This is a good starting point when selecting server hardware. If a computer you are considering doesn't appear on this list, proceed with caution. It need not be completely ruled out, but you should at least ask the hardware vendor for assurances that it is indeed compatible with Windows NT Server. Literally thousands of computers will run Windows NT Server.

After you have found a computer that supports Windows NT Server, you must decide what components and peripherals should be included. Microsoft includes a help file with BackOffice that provides detailed guidelines to assist in determining acceptable minimums for each product, given a user population of a certain size. The preceding discussion about resource utilization by Microsoft BackOffice products will help you intelligently configure a computer that goes well beyond a minimum configuration.

After reviewing these materials, and your own requirements, you should be able to make sound judgments about hardware configurations. The only thing that prevents someone from producing a definitive chart showing exactly what is required is the subjective nature of performance. How fast is fast enough? This is the intangible that you must factor into your decision-making process that depends on the nature of your user community and the type of applications you will provide. Supporting traders on Wall Street is different from using Microsoft BackOffice to run a bait shop for fishermen. Both are important, but they imply a different level of service.

Processor Type

The selection of processor type is one of the most hotly debated topics in this area. Intel continues to dominate the marketplace, and support for Intel processors is always available first. Because of their market share, the broadest range of products is available on this platform.

RISC processors, according to their vendors, provide greater price performance than those from Intel. These claims are difficult to substantiate, although there is evidence that for some types of processing you may be able to achieve superior performance using these devices. Windows NT Server supports three RISC processor types - MIPS, Alpha AXP, and PowerPC. Unfortunately, not all Microsoft BackOffice products are available for all processor types. If you want to use RISC processors, check with Microsoft or your software vendor to be certain that all BackOffice components you want to use are available for that processor.

Number of Processors

The use of multiple processors in servers is growing. Although multiple processors have been employed on large computers for years, only in the last few years have they been available in mass-produced computers at a price affordable for small organizations. Multiple processors make sense for processor-intensive applications.

The design of Windows NT Server is such that the operating system does not require extensive tuning, nor do applications need to be rewritten, to take advantage of multiple processors. You can usually just rerun the Setup program to add multiprocessor support, while maintaining all your other settings.

Server-based, 32-bit applications written for Windows NT Server (including all Microsoft BackOffice components) generally employ multiple threads of execution. Windows NT automatically utilizes multiple processors to run these multithreaded applications. The Windows NT Server operating system is itself multithreaded and will benefit from the addition of multiple processors.

If you want to start with a single processor server, you should at least explore the capability to add processors to the machine later. A computer that supports adding processors typically costs more initially. However, by offering you the capability to "snap in" additional power without having to build a new server, this option can save time and money in the long run.

Memory

The guidelines provided by Microsoft with the BackOffice product were created after extensive testing in their computer labs. They can certainly be taken as useful minimums and will serve organizations with low-end to medium expectations well. If your organization uses applications of a particularly demanding nature, consider adding more memory. Under any circumstances, choose computers that support the addition of plenty of RAM, even if you start with a minimal amount.

Because Windows NT supports virtual memory, you will not generally run out of memory if you exceed the available amount. The operating system will use a paging file to move some of the contents of memory temporarily to disk and then swap it back in when needed. You want to avoid a situation where your server is swapping frequently. Monitoring the use of memory on a server using Performance Monitor (running on another Windows NT machine) is an excellent way to determine whether additional memory is needed on a particular server.

Bus Architecture

An area of the computer sometimes overlooked is the system bus. Several high-speed bus technologies are now available. When selecting a machine for use as a server, make sure that it is based on a high-speed bus architecture.

Size of Disk

At the risk of sounding flippant, a good rule of thumb for sizing disk drives is to start with the amount you think you will need, double it, and double it again. Seriously, it is almost impossible to purchase too much disk space. With the content and capabilities of software increasing, the use of new and richer data types (especially multimedia types such as video and audio), and the growing use of online help and product manuals, disk space is essential. The price of disk subsystems continues to fall, so the additional requirements are somewhat easier to accept.

Type of Disk Subsystem

You must consider a number of important options when selecting disk subsystems. A number of hardware vendors offer RAID (Redundant Array of Inexpensive Disks) technology. RAID level 5, the most commonly used, offers the capability to divide stored data across multiple disks thereby achieving faster read/write speeds through the use of multiple disk drives and (in some cases) disk controllers. RAID level 5 stores redundant information that allows the automatic re-creation of your data should a single drive fail. This technology is particularly appropriate for SQL Server, and situations where the information is "mission critical" and high performance is important.

To minimize down time (when a server is unavailable) a number of hardware vendors offer hot swappable disk drives. This type of equipment allows you to remove and replace a disk drive while the computer is running. By itself, this technology does not provide any redundancy or backup capability. It simply reduces the amount of time the server is shut down and unavailable and can complement other technologies used for data management.

Peripheral Devices

In addition to the standard components, you usually need some peripheral devices to complete your server. With the size and complexity of modern server-based applications, the Compact Disk (CD) has become the preferred distribution media for these large applications. Strongly consider at least one CD drive for your server. You may also want to consider sharing a CD tower on one of your servers. These devices combine multiple CD drives into a single chassis with shared power and simplified connectivity requirements.

The use of shared laser printers was one of the initial advantages of networking, and it continues to be a widely used feature. It has become common to attach printers directly to the LAN cabling system rather than to a server. Print jobs are still typically sent to a print queue on a server, and then de-spooled to the network-attached printer. Many options are available for printers including support for color printing, duplexing (printing on both sides of the paper), and different sizes and types of paper.

Making backups of your important information is a critical part of managing your computing resources. Tape backup units are the most practical means of backing up large amounts of information. Some promising new technologies offer large amounts of storage with long shelf life, but tape drives still offer the best balance of features, performance, and cost. If you plan to back up systems over the network, you should recognize the enormous impact this can have on bandwidth utilization and make every effort to accomplish this task during off-peak time periods.

Finally, always provide an uninterruptible power supply (UPS) for your servers. You can use a large UPS for multiple servers or provide each server with its own smaller unit. Windows NT Server supports the use of a UPS and even automatically warns users and shuts down the server when the backup power is about to be depleted. Of course, unless the user's computers are also provided with backup power supplies, they will have already failed.

The primary benefit of a UPS for a server is to avoid power loss in the midst of disk write activity or other important tasks. By permitting an orderly shutdown of the server, all files will be closed and the integrity of data can be ensured. In addition, a good UPS prevents the server from rebooting during a brief power surge or outage. Sub-second power outages are annoying at home because you must reset all your digital clocks, microwaves, VCRs, and so on. They can cause your data to be lost; or even worse, may physically damage an active server.

Prepare the Facility

The server computers upon which the Microsoft BackOffice applications operate should be physically separate from user PCs. These server computers manage, process, and contain the organization's data. Although there exist means for protecting the data electronically, the very best protection available is physical isolation in a locked machine room or wiring closet.


The majority of computer fraud crimes result from access violations. These situations can be entirely avoided if physical access to the data is restricted.

Confining the server computers to a single location has other advantages, as well. At times when administrators require physical access to the servers, they will find them all conveniently located together. This also allows administrators to more conveniently control the server operating environment by adding features such as uninterruptible power supplies to all server computers at once.

In organizations where distributed servers are required, it remains necessary to follow similar guidelines for server management. Server computers located in remote locations outside the main server facility should be placed in physical isolation as well.

Create a Security Policy

One of the most important issues the administration team should address is the organization's security policy. Hopefully, your organization already has such a policy in place. If so, you can skip this section or review it quickly. If you do not have a visible, actively monitored security policy, strongly consider the adoption of such a policy immediately.

A complete discussion of appropriate security measures for an organization using computer-based systems is beyond the scope of this book. However, the rudiments of such a policy are outlined in the following list to provide a basic policy upon which further development can be added. Here are some basic, concrete steps that can be taken to improve the security in your organization:

  1. Review the physical security of your premises. This includes such things as the door locks, storage of duplicate keys, and locked furniture (desks, file cabinets, and so on) that contain diskettes, tapes, CDs, and sensitive documents. Without good physical security, there is no security.

  2. Review the (existing or proposed) Windows NT user accounts with Administrator access and make sure only those that need to have it are included.

  3. Implement a password policy that enforces password aging and keeps a history of at least three passwords. Document the elements of a good password and disseminate this information. Encourage employees to either log off or lock their workstations, especially at the end of the day. Encourage the use of password-protected screen savers with a short (five minute) time-out period.


    A good password is at least six characters long, is not a word that appears in any dictionary, and includes at least one special character. It should be easy for the user to remember (so the user won't be tempted to write it down). It should not be based on the user's birthday, dog's name, favorite color, or any such personal attribute. One way to create acceptable passwords is to use phonetic spelling or replace letters with numerals. For example, Bu22er@50% is a pretty good password, as is 19%Branz96.

    Now that these passwords have appeared in this book, however, they are very poor. A well-known tactic used by hackers is to employ a "dictionary" attack in which a collection of likely passwords is automatically supplied to attempt access to an account. Example passwords have an uncanny likelihood of ending up in such a dictionary. So do words that beginners think no one else would ever guess (but many people do) such as sex, love, secret, and so on.

  4. Review all network access permissions periodically. The various servers and shared directories should be documented and published to appropriate employees. You should not use ignorance as an element of security. If employees who should know about resources aren't told about them for fear that the information will be too widely disseminated, you have already been robbed of the complete benefits of that resource. Tell everyone who should know and use sound security to keep intruders out.

  5. Implement auditing and alerts on your network servers and assign personnel to monitor those alerts and take appropriate action. Specifically, it is possible to use the Windows NT Performance Monitor to set alerts on failed logon attempts. Windows NT offers extensive audit and alert capabilities. You should start with a few simple, but important, checkpoints.

  6. Publish a written policy that establishes the organization's concern about keeping your information assets secure. The policy must include criteria for valuing and classifying information. This should not be overly complex and may include only two categories - company confidential and public. Guidelines for how this information is handled and destroyed should also be included.

  7. Publish a written policy on security issues and clearly state the consequences of noncompliance. The tone of this document should be professional and serious, without being threatening.

  8. Discuss security issues in an open forum at regular intervals during organizational meetings. These discussions should be held at least annually, and perhaps more frequently.

After you have established a security policy, review it carefully with key members of the organization before presenting it to the entire organization. A good security policy will be at least a little inconvenient for computer users. For most organizations, however, the threat of being victimized by industrial espionage, malicious hacking, or innocent yet destructive foolishness is real.

Resolve Implementation Issues

In addition to network, hardware, human, and facility issues there remain several issues to discuss. Windows NT Server contains numerous configuration options and operational characteristics with which it is important to become acquainted, including the following:

  • Disk drive partitions

  • File systems

  • Restart options

  • Quota management

  • Disaster recovery

  • Remote access security

  • Network expectations

A brief description of each follows.

Disk Drive Partitions

When you install Windows NT Server, you need to create disk partitions. This deserves some thought. The Windows NT Disk Administrator, and the operating system itself, provides powerful capabilities to manage storage. Judicious use of partitions can be appropriate. For example, many administrators create a separate partition for the operating system and print spooling information. Others choose to keep all user subdirectories on a separate partition. Using partitions can limit the growth of disk use for some applications and safeguard needed space for the operating system.

File Systems

Windows NT Server supports different file systems. The File Allocation Table (FAT) file system used by MS-DOS is somewhat easier to deal with when responding to hardware problems because you can use MS-DOS based utilities to do diagnostics and so on. However, the NT File System (NTFS) provides a great deal more security. In addition, the High Performance File System (HPFS) is supported, although it is used much less frequently.

Restart Options

You can configure Windows NT Server to copy (or dump) the entire contents of RAM to a hard disk in the event of a serious system crash. If you are having serious problems with a server, this can be an important option. It requires, of course, that enough disk space be kept available. If you have a computer with 128M of RAM, for example, then you must reserve 128M of disk space for the memory dump. You can also set Windows NT Server to restart automatically when such an event occurs, rather than the default behavior of waiting for a manual restart.

Quota Management

Windows NT Server does not (yet) offer the capability to establish per-user disk quotas. This is a feature requested by many users and organizations, and Microsoft has indicated that they may add this feature to future versions of Windows NT Server. In the meantime, third-party software packages are available that deliver this capability on Windows NT servers. Either use a disk quota package or isolate user directories on a separate partition. If you don't, they will grow to fill the space allowed. They should certainly not be kept on the same drive partition used for the Windows NT paging file.

Disaster Recovery

Backup and recovery are mentioned in several locations in this book, and it is a topic that bears mentioning again. In fact, you should go even one step farther and implement a full disaster recovery plan. There are sad-but-true stories of organizations that simply ceased to exist after a disaster such as a fire because all the information about the organization, its personnel, and its constituents was destroyed.

Imagine for a moment that your most important computer systems have crashed, or your entire premises have been destroyed in a fire. Where are your backups? How long will it take to get replacement equipment up and running and reload your backups. Do you have a written plan in place that everyone is aware of and can follow easily? What would you tell the top person in your organization if you were paid a visit immediately following such a disaster? Make a plan, write it down, stage a drill if possible, and be prepared!

Remote Access Security

Windows NT Server includes the Remote Access Service (RAS). This service allows computer users to connect to the network from remote locations through a variety of means. Chapter 7, "Implementing the Remote Access Service," explores RAS in more detail, but you should already be considering the ramifications to security and other organizational policies that may be caused by adding RAS to your network. Who is authorized to use the service? Can they call from anywhere (a hotel for example), or will the system use a dial-back mechanism for greater security, but limiting them to one location (usually their home)? If properly managed, it can be a great asset to your organization.

Network Expectations

Your organization should also have a policy on, or at least a general understanding of, the role of the network in general. What is the expected rate of availability? Is it acceptable for the network to be down for an hour? For a day? Must all maintenance be done outside certain peak work hours? These answers can profoundly affect the decisions you make and the amount of money you will have to spend to achieve the desired levels of service.

Understand the Impact of Microsoft SMS

Perhaps one of the biggest decisions you will make regarding your Microsoft BackOffice installation is whether to implement Microsoft SMS. If you choose to implement Microsoft SMS, you must also decide at what level you will take advantage of its services.


Starting your Microsoft BackOffice environment with Microsoft SMS will change the course of action taken for preparation and implementation.

Requirements

The bad news is that Microsoft SMS can be complicated to administer. A full-featured Microsoft SMS installation should be administered by a full-time professional system administrator. The point here is that it is difficult to take business-minded people with good technical skills and convert them into effective Microsoft SMS system administrators.

The job of administering Microsoft SMS should be performed by trained system management experts with a background in computer systems and plenty of experience in network management. Assigning Microsoft SMS administration responsibilities to anyone else will, at a minimum, create the potential for problems and possibly even lead to a system disaster.

Benefits

Assuming that you put Microsoft SMS administration in the hands of a trained professional, many benefits are available to you. Many of the topics you learned regarding your preparation for Microsoft BackOffice become simplified if you choose to implement Microsoft SMS. For example, Microsoft SMS does the following:

  • Provides useful information for network planning and configuration

  • Captures organizational information used in determining server requirements

  • Tracks server configurations and disk utilization

  • Assists in capacity planning

  • Simplifies security administration

  • Remotely administers network PCs

  • Aids in hardware and software inventory tracking

See "Understanding Systems Management," (Ch. 25)

Because Microsoft SMS provides so much support in the implementation of the Microsoft BackOffice products, incorporating it into the network has an impact on all the other server product installations. Done correctly, Microsoft SMS will simplify implementation and administration of the other products. This is good news after you have borne the startup cost associated with a first-time installation of Microsoft SMS.

For the most part, Microsoft SMS is a fairly complicated product to install and learn. However, it is possible to implement a limited Microsoft SMS installation that is administered by someone other than a trained professional. Beginners should have no problem implementing the inventory features of Microsoft SMS assuming that they possess adequate networking and general PC skills. At this level, Microsoft SMS still provides value to the organization.

Finally, Microsoft SMS yields significant savings with regard to user support. System administrators can use Microsoft SMS to support users on the network by remotely observing, or controlling, the user's PC. This is a powerful feature of Microsoft SMS, which offers significant benefits to the organization.

License Microsoft BackOffice

At this point, you have learned how to prepare the physical aspects of your Microsoft BackOffice environment. You have also learned how to staff your Microsoft BackOffice platform and position your organization for a successful implementation. The only remaining item prior to jumping into the details is to purchase the software.

Where and how can Microsoft BackOffice be purchased? Regardless of the size of your organization, you can only purchase Microsoft BackOffice from a Microsoft software reseller. Even large organizations that have corporate agreements in place with Microsoft must purchase Microsoft BackOffice from retail software outlets.

Typically, however, you will not find Microsoft BackOffice on the shelves of your local software retail store. This product is targeted at a smaller market than the general public or the population of office PC users. Therefore, retailers are not willing to provide much shelf space for the package. You must ask for Microsoft BackOffice and, in some cases, it will need to be ordered.

Microsoft BackOffice server products are licensed independently from the client software components that utilize the server services. This licensing model provides the flexibility to accommodate various uses and configurations in an Information Network.

There are two simple guidelines to remember when licensing Microsoft BackOffice:

  • Server License. Each instance of a server product operating on the network must have its own license. In other words, if a Microsoft BackOffice product is running on a computer, then it requires its own license - regardless of how many instances of the same server application are running elsewhere on the network.

  • Client Access License. Each client PC that connects to a server application and utilizes its services must carry its own license to that particular server. Again, this applies even if multiple computers are running the same Microsoft BackOffice server application on the network. As you will see shortly, there are two ways to license client PCs for server access.

As shown in figure 3.6, Server Licenses are purchased for Microsoft BackOffice server applications and Client Access Licenses are purchased for the client PCs.

Fig. 3.6 - Server applications are licensed separately from client PCs.

Microsoft BackOffice networks may contain multiple servers of the same type, multiple servers of different types, or both. A network with varying numbers of the same type of Microsoft BackOffice server applications may be built by licensing Microsoft BackOffice as a whole, by licensing individual server application licenses, or both. In some cases it is advantageous to purchase the entire Microsoft BackOffice package even though all the products will not be installed. Such is the case when using Microsoft SMS and Microsoft SQL Server. The combined license for both of these products is currently more expensive than the single license for Microsoft BackOffice.

In addition to providing some financial advantage by licensing all the products together for less than the combined individual licenses, Microsoft sometimes offers promotional packages. Some special packages combine Server Licenses with a fixed number of Client Access Licenses. These types of promotions are offered for your convenience. Other offers include special pricing for upgrading from previous versions of Microsoft BackOffice or individual Microsoft BackOffice products. Finally, Microsoft occasionally offers special pricing to those organizations upgrading from a competitive product.

Before jumping into a discussion of the type of licenses to purchase, it will help you to know that Windows NT Server contains a small application to assist in implementing the decisions you make regarding client licenses. The application, shown in figure 3.7, is available on the Control Panel.

Fig. 3.7 - Use the License Management Control Panel applet to select which BackOffice product to license.

Server Licenses

All Microsoft BackOffice products are server applications. Each computer running a server application requires a Server License. This is true regardless of the number of users that access, or will ever access, the server application. A given computer on the network can run more than one server application at a time. Nevertheless, a separate Server License must be purchased for each server application.


Each Microsoft BackOffice server application, regardless of which computer it runs on or how many other servers of the same application exist on the network, must have its own Server License.

Microsoft SMS requires special server licensing. It requires a Server License for Microsoft SQL Server, as well its own Server License. Also, it is common for Microsoft SMS installations to run SMS on more than one server. Sometimes the primary Microsoft SMS site server works with other site servers and so-called "helper" servers. In this case, each server running Microsoft SMS applications requires its own Server License.


An SMS Server License is not required for Windows NT servers or NetWare servers that share applications installed by SMS for use by client PCs unless the server is also running SMS server components. (This would be possible only on a Windows NT server.)

Client Licenses

You have seen how an Information Network has application servers (computers that run server software) and user computers (PCs used by the management and staff of your organization). The user computers are sometimes referred to as client PCs because they receive services from the application servers.

Server computers run software from Microsoft or other software vendors, such as the products included in Microsoft BackOffice. Additionally, client PCs require software that enables them to communicate with server applications. By installing the client software component on a client PC, the user can access the services of that particular application server on the Information Network.

Each Microsoft BackOffice product has a client software component. In most cases, the client software component (but not the client license) is bundled with the server software. One exception to this is the Windows NT Server client software, which is built in to Microsoft desktop operating systems such as Windows for Workgroups, Windows 95, and Windows NT Workstation. This makes it easier for you to build an Information Network. Windows for Workgroups and Microsoft networking software for MS-DOS is included on the Windows NT Server CD, but not Windows 95 or Windows NT Workstation.

Regardless of how you obtained the client software, you must purchase a license to use it on every PC that will access a server. The license you need for the client software component is known as the Client Access License. This license must be purchased regardless of whether the client PC will be permanently connected to the server.


You do not need to acquire a new client software package for each client PC. You need only purchase the "right to use" the client software on each client PC. This is known as a Client Access License.

There are two ways to purchase Client Access Licenses. You may acquire Client Access Licenses per server or per seat. Purchasing the per server license implies that the client privileges are granted from the server's perspective. Purchasing the per seat license implies that the client privileges are granted from the clients' perspective. Regardless of whether Client Access Licenses are purchased per server or per client, you must always purchase a Server License. Again, the Windows NT license management application will assist you in implementing the Client Access License type, as shown in figure 3.8.

Fig. 3.8 - Use the License Management Control Panel applet to also select the Client Access License mode for the BackOffice product selected.

Per Server Client Access License

Licensing client software in Per Server mode is equivalent to selling concurrent use licenses. In this scenario, Client Access Licenses are purchased for the server, as opposed to being purchased for client PCs. By purchasing Client Access Licenses for the server, you restrict the number of concurrent users of that particular server application. Again, this applies to every server on the network, regardless of whether the same server product is running on multiple computers.


Per Server Client Access Licensing is sometimes referred to concurrent use licensing. Even in Per Server licensing, each additional server requires a new set of Client Access Licenses for the total number of concurrent clients that may access it.

In per server licensing, you must purchase as many Client Access Licenses as you expect to have concurrent users of that particular server.


Windows NT Server provides a notification if a server application reaches the maximum number of concurrent users. When this occurs, no other users are allowed to connect except for the administrator unless, of course, some users drop their connection. The administrator may always connect to resolve a lockout situation.

As you see in the licensing examples below, Per Server Client Access Licenses are the best way to start as your organization undergoes a gradual implementation of a complete Information Network. In the early stages of the network, it is common for server usage to be less frequent as applications are being tested and implemented throughout the organization. As users become more dependent on the applications built upon the Information Network, their access to servers approaches constant use. When this occurs, it makes more sense to convert to the Per Seat mode of licensing clients.


There are two special cases for Per Server Client Access Licenses. The first is that Microsoft SMS does not allow Per Server Client Access Licenses. You may only purchase Client Access Licenses for Microsoft SMS Per Seat (explained in the following section). Second, there exists a special Client Access License option when you purchase Microsoft BackOffice. This option allows the client PCs to access each server application within the Microsoft BackOffice package. This type of client access License may only be purchased in the Per Seat mode, as well.

Per Seat Client Access License

Although licensing clients per seat is not necessarily the most economical in the early stages of building your Information Network, it is the simplest means for licensing clients. This model makes sense when most client PCs require constant access to a server. Also, it is required for Microsoft SMS and the full Microsoft BackOffice Client Access License option.


Per seat client access licensing is advantageous in situations where you have multiple, similar server applications throughout the network.

In this model, you license client access from the client's perspective. Given a client PC, determine to how many different types of servers the client requires access. A Client Access License is then purchased for each type of server to which the client desires access. A Client Access License is purchased for every server application it will access, but it is only purchased once for each type of server, not for each server. For example, a client with a Per Seat SQL Server Client Access License can simultaneously use one, ten, or fifty SQL Servers in the organization.

Converting from Per Server to Per Seat Client Licensing

Many organizations start with Per Server Client Access Licenses because client access to servers is infrequent and not simultaneous. At some point, it is prudent to convert from Per Server client licensing to Per Seat client licensing. This occurs when the number of concurrent use (per server) Client Access Licenses equals or exceeds the number of client PCs on the network.


If you are not certain which licensing method to begin with, you should first use Per Server licensing. Because Microsoft allows a one-time conversion from Per Server to Per Seat licensing at no cost there is little or no disadvantage to beginning with Per Server licensing.

Microsoft recognizes that this situation occurs as organizations build their Information Networks. Therefore, they provide an opportunity to convert from Per Server client license to Per Seat client licensing. However, you may only convert once. At the time of the conversion you need not purchase any additional client software or change any client software configurations. In fact, you do not even need to notify Microsoft. You need only to convert the server itself. Henceforth, all Client Access Licenses will be purchased in Per Seat mode.


The best time to convert from Per Server to per seat Client Access Licenses is when the number of concurrent use Client Access Licenses equals or exceeds the number of client PCs on the network.

For example, if you start with one server and ten Per Server Client Access Licenses, when you implement a second server of the same type, you can either license it in the same manner as the first or convert the first server to per seat licensing and configure the second server the same. This will allow your ten Client Access Licenses to access either server. Of course, the second server will carry its own Server License.

Licensing Microsoft BackOffice versus Individual Components

As explained earlier, Client Access Licenses are purchased for each server product a given PC will access. In this sense "access" implies connecting to the server and utilizing its services. Instead of purchasing Client Access Licenses for each individual server application on each PC, it is possible to equip a PC with a Microsoft BackOffice Client Access License. This entitles the user of this PC to access any or all of the Microsoft BackOffice server applications installed on the network. The Microsoft BackOffice Client Access License can be purchased regardless of whether the server applications were purchased as a part of Microsoft BackOffice or as individual components.

Licensing Examples

Microsoft provides different ways to license client PCs for server access because not every organization will use BackOffice in the same manner. It is helpful to see examples of how the licensing model is applied in some typical situations. In the following examples Microsoft SNA Server, Microsoft SMS, and Microsoft Internet Information Server are not shown. Nevertheless, the same licenses apply to these products except as noted earlier. These examples provide a basis upon which you can extend the licensing model if more servers or more clients are needed.

Starting with a Simple Windows NT Network

Seeing an example can help you understand how a simple Windows NT network should be licensed. This scenario serves as a basis for understanding more complex networks even though it does not make sense to purchase the entire Microsoft BackOffice package in this case.

The network shown in figure 3.9 has one Windows NT Server and three client PCs. Windows NT Server provides basic network operating system services. The server allows the client PCs to share files, printers, and other resources.

Fig. 3.9 - A simple Windows NT network has only one Windows NT Server and a few client PCs.

See "A Network Operating System," (Ch. 2)

Client PCs may be using different operating systems. If they are using Windows for Workgroups, Windows 95, or Windows NT Workstation, the client software is included in the operating system. Nevertheless, a Client Access License should be purchased for each client PC.

The following licenses should be purchased in this example:

  • One Server License for Windows NT Server

  • Three Per Seat Client Access Licenses for Windows NT Server

In this example, it makes sense to license the client PCs per seat because they will be connected to the network at all times during network operation. As such, they will be able to share files and network printers.

Adding One Microsoft SQL Server

Figure 3.10 shows the same network as figure 3.9 with the addition of another server computer running Microsoft SQL Server.

Fig. 3.10 - A more sophisticated Windows NT Network also contains Microsoft SQL Server.

This server computer running Microsoft SQL Server also requires Windows NT Server. However, the client PCs need only purchase Client Access Licenses to the Microsoft SQL Server on this computer. Additionally, if a Windows NT Server is running a server application on another network operating system, such as Novell NetWare, there is no need to purchase Client Access Licenses for the Windows NT Server. Client access licenses for Windows NT Server need only be purchased if the Windows NT Server provides any of the following services:

  • File sharing services

  • Printer sharing services

  • Macintosh connectivity

  • Remote access services

Server computers that only run other server applications need not have Windows NT Server Client Access Licenses. Because these services are provided by the other Windows NT Server computer, the Microsoft SQL Server computer only requires Client Access Licenses for Microsoft SQL Server.

The following licenses should be purchased in this example:

  • Two Server Licenses for Windows NT Server

  • One Server License for Microsoft SQL Server

  • Three Per Seat Client Access Licenses for Windows NT Server

  • Three Per Seat Client Access Licenses for Microsoft SQL Server

Because each client PC requires network services at all times, the Windows NT Server Client Access Licenses should be purchased on a Per Seat basis. However, the Microsoft SQL Server Client Access Licenses may be purchased on a Per Server basis if you do not expect all three PCs to be accessing the Microsoft SQL Server at the same time. As soon as each client PC requires a constant connection to the Microsoft SQL Server, it is time to convert the Microsoft SQL Server Client Access Licenses to the Per Seat licensing model.

Adding Remote PCs

Windows NT Server also provides access to the network for remote PCs. This is available through the built-in Remote Access Server (RAS). RAS is a service that controls remote access to the network via modems. Adding remote PCs to a network highlights the flexibility of the Microsoft BackOffice licensing model.

See "Understanding the Remote Access Service," (Ch. 4)

Figure 3.11 shows the same network as in figure 3.10, with the addition of five remote PCs. In this example, the remote PCs are allowed to dial in at any time on the available modems. However, because the RAS computer is equipped with only two modems, a maximum of two remote PCs can be connected at one time.

Fig. 3.11 - Adding remote PCs, which require access to application servers on the Windows NT network, creates a more complex licensing scenario.

The following licenses should be purchased in this example:

  • Three Server Licenses for Windows NT Server

  • One Server License for Microsoft SQL Server

  • Five Per Server Client Access Licenses for Windows NT Server

  • Five Per Server Client Access Licenses for Microsoft SQL Server

  • Two Per Server Client Access Licenses for the Windows NT Server running the remote access service

This example highlights Per Server Client Access Licenses due to the remote PCs. Because the remote PCs have a limited connection path to the other servers, it is prudent to purchase Client Access Licenses from the servers' perspectives.

These examples serve to illustrate the flexibility of the Microsoft BackOffice licensing model. Clearly, your networks may be considerably more complex. In such cases, the licensing examples given in this chapter can be extended based on the principles described and demonstrated for each scenario.

From Here...

Prior to this chapter, you gained a general understanding of what Microsoft BackOffice is and what it can do for you. In this chapter, you learned all the areas that require attention before implementing Microsoft BackOffice in your organization. This included information about important aspects of preparation such as network hardware and server computer configuration, human issues pertaining to the administration of the network and server applications, security and related policies and procedures, facility management, and actually purchasing Microsoft BackOffice.

Table of Contents

02 - Characteristics of Microsoft BackOffice

04 - Becoming Part of the Enterprise