Deploying Microsoft� Office Server Extensions in a Commercial Hosting Environment
Published: October 1999
Office Server Extensions Basics
Customer Scenarios Enabled by OSE
Differences Between FrontPage and
Office Server Extensions
Planning for the Office Server Extensions
Security Management Strategies
Deploying Microsoft�
Office Server Extensions in a Commercial Hosting Environment
White Paper
Published: October 1999
For the latest information, please see http://www.microsoft.com/isn/comhost/office_2000_ose.asp
There is a wealth of information available on installing and configuring the Microsoft� Office Server Extensions (OSE). The purpose of this white paper is to gather the most pertinent information from those sources and combine it with sound recommendations for how to deploy OSE in a shared hosting environment.
ISPs that provide hosting for multiple customers have some unique configuration requirements. Therefore, this paper discusses issues such as why to use SQL Server� instead of Microsoft Data Engine in a commercial hosting environment and why the Active Directory� Services Interface can be an ISP�s best friend, and it provides tips such as how to maximize performance when hosting a large number of Webs and users on a server.
This paper is not meant to be an exhaustive step-by-step instruction manual � the Office Resource Kit provides that detail. Rather, it is meant to help you understand how OSE fits into your environment so that you can optimize performance and avoid potential pitfalls.
For more detailed information on the Office Server Extensions, see the Microsoft Office 2000 Resource Kit at http://www.microsoft.com/office/ork/2000/default.htm.� For detailed information on the FrontPage� Server Extensions, see the FrontPage 2000 Server Extensions Resource Kit at http://officeupdate.microsoft.com/frontpage/wpp/serk/.
Office Server Extensions features improve the collaborative process around Office documents, such as spreadsheets, presentations and word processing documents, and Web pages so teams can create documents that better reflect the knowledge of the workgroup. With Office publishing, users can publish documents to the Web as easily as if they were saving files to a file server. With inline discussions, users can share ideas within the context of a document, resulting in better and more timely team output. Finally, using standard Web technologies, users can easily view, search, and retrieve documents stored on Web servers.
Web hosting companies using OSE can give customers powerful tools that they might not otherwise be able to afford. A few (discussed in greater detail below) of the customer scenarios enabled by the Office Server Extensions are:
� Small business communication with clients
� Outsourced intranets
� Internet users who want to collaborate
� Multiple companies collaborating on an outsourced extranet
The Office Server Extensions are a superset of the Microsoft FrontPage 2000 Server Extensions (FPSE). OSE Setup installs FrontPage Server Extensions automatically, and the OSE Configuration Wizard completes the configuration.
Because the Office Server Extensions are a superset of the FPSEs, they contain all of their rich features and functionality, such as the ability to publish in one step, and easily add sophisticated functionality like hit counters, forms, search capabilities, and forms and database support, without having to know programming. This section discusses features of OSE that are in addition to the base FPSE features.
Users can easily save files to or open files on Web
servers from within Office 2000 applications. They can navigate the structure
of a Web built with the FrontPage Web site creation and management tool in the
same way they can navigate the structure of a file server.
This illustration shows how a user with a document open in Microsoft Word 2000
can save directly to any intranet or Internet Web server that is running the
FrontPage 98, FrontPage 2000, or Office 2000 Server Extensions. Instead of
supplying a hard drive or network drive location to store the file on, the user
simply types in the URL for their Web server. Additionally, they can use Web
Folders (in Windows 98 or Windows NT) or My Network Places (in Windows 2000) to
provide shortcuts to Web servers much like they map drives to network locations
today. This means that users running popular Office 2000 applications like Word
2000, Microsoft Excel 2000, or Microsoft PowerPoint�
2000 can use any of these programs to create content for FrontPage-extended or
Office-extended Web sites, and users can save or open files directly from these
applications to FrontPage-extended or OSE-extended Web servers as easily as
they save or open files from a network drive.
Once a user saves a file to a FrontPage-extended or
Office-extended Web server, he or she can edit the document simply by clicking
the Edit button on the Microsoft Internet Explorer 5 browser, and then
choosing to edit it in the application in which it was created, or edit it
using FrontPage or another HTML editor.
This illustration shows that when a document created in Word 2000 is saved to a
FrontPage-extended or Office-extended Web server, it can still be edited in
Word 2000 if the user selects this option from the Edit button in the
browser or if the user opens the document from within Word. This can really
save time and energy�previously, a user would have had to go back to the
original Word document that was saved as HTML, edit it, and then re-save it to
the Web. With Office 2000, the transfer of files back and forth between the Web
server and the application it was created in is easy and seamless.
Users can discuss a document by attaching comments from
within either a browser or an Office 2000 application. Documents can be in
native Office binary (such as .doc, .xls, or .ppt) or HTML or rich text format.
Users can reply to other comments, and more than one user can comment
simultaneously on the same document. Discussion comments are stored separately
from documents, so that the documents themselves are not altered.
This illustration shows that when the Discuss button is selected from
Microsoft Internet Explorer 5 (or a discussion Web page is browsed to from any
other browser), users can connect to a server that is running Office Server
Extensions and then insert comments or reply to comments that are on any
document or Web page. The fact that the comments are stored in a separate
database means that teams can discuss documents without altering them, discuss
documents or Web pages that are not on their Web server (like Web pages on the
Internet), and that their comments are visible only to users who have been
granted rights to use that particular collaboration server.
Users subscribe to particular discussions, documents, or
folders on a Web server and are automatically notified of status changes by
e-mail.
This example shows that a user with rights to an OSE-extended Web server can
subscribe to a document so that they are notified via e-mail when a discussion
hosted on that server is added to a document. They can even be notified when a
page or folder on that server has been modified, and select how often they are
notified and which events should trigger a notification to them.
These features mean that a hosting company can now provide customers with solutions that would be prohibitively expensive without OSE. Some of the scenarios now possible are described here.
An advertising agency wants to solicit feedback from its clients on an advertising plan. They purchase Web site hosting and collaboration services from their Web Presence Provider (WPP) for Microsoft FrontPage� 2000. The ISP sets them up with an intranet site and a URL for a collaboration server for each project they work on. The advertising agency gives the client the URL for their plan (which is on a secure site that requires a password to get into) and the URL for their collaboration server, with corresponding user names and passwords. Instead of providing feedback in writing or in e-mail, the client provides feedback on the Web using Discussions. This allows their clients to provide comments on the documents without having to use Office 2000. The owner of the plan at the advertising agency subscribes to the plan in order to be notified when clients add discussions to the plan.
A workgroup within a large corporation wants to be able to collaborate on team projects, but their internal operations group hasn�t yet deployed Office Server Extensions. The group solves its problem by outsourcing their team Web to a Web Presence Provider. The ISP provides them with a secure OSE-extended Web server to use for their team projects.
A neighborhood association has a Web site to post information about neighborhood activities. They host their Web site with a Web Presence Provider that offers OSE-based hosting services. They post a Web page requesting comments about a new zoning ordinance, and collect those comments using inline discussions. Neighbors who have the proper permissions to the site and who are especially interested to know when new comments have been posted subscribe to the page so that they are notified via e-mail when new comments have been posted.
A retail business wants to work collaboratively within an extranet with their suppliers. They are exchanging Request for Information (RFI) or Request for Proposals (RFP), as well as reviewing electronic orders on-line. They can use the publish, discussion and notification features to effectively work through information so they can offer better supplier communication and customer service.
The Office Server Extensions consist of several client and server components that work together to enable OSE features. A quick overview of the server and client architecture will help you understand deployment and troubleshooting issues. More detailed architectural information is provided in the Office Resource Kit (at http://www.microsoft.com/office/ork/2000/default.htm).
Microsoft Internet Information Server is integral to the Office Server Extensions. IIS creates the virtual servers, and IIS manages all publishing events and all communication with the database for collaboration activities.
Like the FrontPage Server Extensions, the Office Server Extensions use ISAPI and standard HTTP commands. OSE does not require file sharing, FTP, or telnet access. And OSE does not require proprietary file system sharing calls between the client and server. For those features that surpass the base FPSE functionality, OSE uses the following additional components:
�
Microsoft Data Engine (MSDE) or SQL Server �OSE
stores Web Discussions and Web Subscriptions data by using either MSDE (an
embedded version of SQL Server) that is installed by default during OSE Setup
or a Microsoft SQL Server version 6.5 or later database that can be local or
remote. The benefits of each method are explored in the Database Requirement: MSDE or SQL Server
section later in this document.�
� Custom Automation objects � OSE supports features controlled by custom Automation objects. The custom Automation objects are installed on the Web server running OSE, and they perform the functions such as reading and writing to the IIS metabase using the Active Directory Services Interface (ADSI). For more information on ADSI, see http://www.microsoft.com/Windows/server/Technical/directory/adsilinks.asp?RLD=284.�
� Active Server Pages (ASP) pages � ASP pages are script files located on a Web server. ASP pages create HTML tags dynamically to track user state and session information and to connect to various COM-based objects, such as the OSE custom automation objects. ASP pages are installed with OSE, and they process client requests and use custom automation objects to return the appropriate response to the client computer. The OSE Start Page and Administration Home Page are examples of some of the ASP pages.
�
OSE Notification Service and SMTP mail server �
The Office Server Extensions Notification Service is a Microsoft Windows NT
service that OSE Setup installs to run the Subscription and Notification
features. The notification service queries MSDE or the SQL Server database for
queued e-mail notification at immediate, daily, and weekly intervals. The
Office Server Extensions Notification Service delivers the e-mail notification
to the Simple Mail Transfer Protocol (SMTP) mail server you specify when you
configure OSE.
The main difference in installation of OSE as compared to FPSE is the requirements. OSE requires Windows NT 4.0 and IIS; FPSE could run on UNIX. See the Installing section for more information on OSE installation.
Since FPSE is a subset of OSE, the FPSE administration tools are used for all administration at that level (publishing, provisioning, etc.). The other two areas of administration that are new to OSE are client administration and OSE-specific administration (collaboration, etc.). These three areas of administration are discussed in the Remote Management section below.
The minimum requirements for running the Office Server Extensions are identified in the table below. Note that Windows 2000 will run with the Office Server Extensions that will be included with the SR1 version of Office 2000 (to be shipped in 2000).
|
Operating System: Windows NT Server/Workstation 4.0 |
||
|
Component |
Required |
Recommended for ISPs |
|
Processor |
133 MHz Intel Pentium |
300 MHz or higher Intel Pentium |
|
Service Pack |
4 |
5 |
|
Free hard disk space |
167 MB |
At least 167 MB |
|
RAM |
64 MB (plus 8 MB for FPSE) |
256 MB |
|
Web server software |
IIS 4 with WWW service installed |
IIS 5 with WWW service installed |
|
Operating System: Windows 2000 |
||
|
Component |
Required |
Recommended for ISPs |
|
Processor |
166 MHz Intel Pentium |
300 MHz or higher Intel Pentium |
|
Free hard disk space |
167 MB |
|
|
RAM |
128 MB |
256 MB |
|
Web server software |
IIS 4 with WWW service installed |
IIS 5 with WWW service installed |
Note:� The security features of OSE require the NTFS file system. Windows NT includes the Convert.exe utility that you can use to convert an existing file allocation table (FAT) volume to NTFS � without losing data. For more information, see the Microsoft Windows NT Server 4.0 Resource Kit at http://msdn.microsoft.com/isapi/msdnlib.idc?theURL=/library/winresource/ntserv/ntserv.htm.
There are no client licenses required to use the Office Server Extensions-based features. However, client license requirements for other applications used, such as Office 2000, or for file access to a Windows NT-based server, still apply.
For each OSE-extended server, 1 license of Office 2000 Premium or Professional is required.� Office Server Extensions are found on Office Professional CD 1 and Office Premium CD 3. However, members of the Web Presence Provider for FrontPage 2000 program can download the OSE bits and freely distribute them within their company. They receive the URL, user name, and password for a secure site to download them from when they are accepted into the WPP program. For more information about becoming a Web Presence Provider for FrontPage 2000, see http://www.microsoft.com/frontpage/wpp/becoming.htm.
Deploying the Office Server Extensions in a commercial hosting environment has its own special considerations. There are security issues, scalability issues, and configuration issues to understand. The following sections explore these issues and offer some guidance on how to deploy OSE in a hosting environment.
In a shared hosting environment, security is a major issue. Since many different customers will often be hosted on the same physical server, ISPs will need to understand the security options within OSE and how they interact with the server�s security.
There are three different methods of Web authentication that ISPs can choose from. The methods vary in the amount of work they require, but choosing the wrong method can make a customer�s site insecure.
The Office Server Extensions rely on IIS to authenticate users; thus, the authentication options for OSE are the three IIS methods:
� Anonymous (unauthenticated) � With Anonymous authentication, any user will be able to browse all documents on the server. Most customers will want their documents secure, so Anonymous authentication should not be used.
� Windows NT Challenge/Response � Windows NT Challenge/Response leverages the Windows NT network logon so that users need not type their usernames and passwords to gain access to secure sites. This method has the added benefit that usernames and passwords are not passed over the network. This method makes sense in an intranet environment, but has some major drawbacks in an Internet/hosting environment. First, it requires Internet Explorer on the client; and, second, it will not go through firewalls.
� Basic � Basic authentication makes the most sense in a hosting environment, where customers will often have resources that are not meant for public viewing. Basic authentication will require users to enter a name and password to gain access to resources. Basic authentication provides the broadest browser support of the three methods.
Basic authentication passes the username and password in clear text (unencrypted) for every browse and authoring request, so it would be possible for someone to capture and make use of these usernames and passwords. Thus, it might also make sense to encrypt the username and password and all documents by requiring the use of Secure Sockets Layer (SSL) encryption. SSL will entail some processing overhead but it allows you to provide secure access on a per-customer basis. With Basic authentication enabled at the server level, you can also enable Anonymous authentication at the virtual server level for a particular customer; this allows the customer to grant anonymous access to their resources if they wish.
Within the context of user authentication, which is set in IIS, OSE defines itself four roles that all users and operations are mapped into. The four roles are:
� Browsers � browsers can perform an http Get request to browse pages.
� Collaborators � Collaborators, by definition, have browse capability. They can also insert, edit, and view discussions and subscriptions.
� Authors � Authors, by definition, have browse and collaborate capability. They can also add and manipulate content on the Web site. Authors can publish, delete, and rename documents.
�
OSE Administrators � These, by definition, have
all the capabilities of the other three roles. They can also create new Webs on
a particular virtual server, and they can manage permissions. OSE
Administrators are not part of the Windows NT Administrators group; they can
only administer a particular virtual server.
Whenever Office Server Extensions are provisioned onto a Web site, Windows NT Local Groups are created for each role. The Browser, Author, and OSE Administrator role groups are created on a per-Web basis, while the Collaborator role group is created on a per-virtual server basis. To have the Internet Service Manager wizard create the groups, on the Create Windows Groups panel, select Create local machine Groups. The wizard creates the following four user groups: group_prefix Admins, group_prefix Authors, group_prefix Browsers, and group_prefix Collaborators, where group_prefix is a prefix that you specify on the Create Windows Groups panel in the wizard. If you do not specify a prefix, the wizard default prefix is the text name of the Web site you are configuring.
The wizard adds these groups to the access control lists (ACLs) of the appropriate folders. This arrangement simplifies subsequent administration of permissions because you can add or remove user accounts from these groups when you want to grant or deny users permissions on your OSE-extended Web � without modifying ACLs manually.
For the Office Server Extensions, a �Web� is an arbitrary collection of files and folders grouped together for the purposes of content management and security management. For any given virtual server, there is at least one Web, known as the root Web. The site owner may create any number of sub-Webs beneath the root Web. This is where the scoping of roles comes into play. The roles of Browser, Author, and OSE Administrator created per Web, so that a virtual server may have many sub-Webs, each of which has different users in these roles. The Collaborator role, however, will apply to the root Web and any and all sub-Webs within the virtual server. For hosting companies, who often will create a single virtual server for each customer, this scoping will mean that there will be a single collaboration database per customer. To provide a customer with multiple collaboration databases, additional virtual servers need to be created (more on this in the Managing Collaboration Rights section below).
Because effective use of the features of OSE requires proper use of these roles, each user account requires a Windows NT account. Once created, user accounts can then be added to or removed from the OSE role groups using Windows NT�s User Manager. Many ISPs simplify the account creation process by allowing customers to manage their own accounts. Based on Active Directory Services Interface (ADSI), Web-based administration tools can let customers add and remove users and manage group memberships and permissions for their Webs. Using ADSI, ISPs can also script IIS changes, further automating server-side management. For more information on ADSI, see http://www.microsoft.com/Windows/server/Technical/directory/adsilinks.asp?RLD=284. There are plans to provide a Web-based tool that will help ISPs with some of these tasks. For up-to-date information on this and other developments for ISPs, check http://www.microsoft.com/isn/isp/default.asp.��
As there is one Collaborator role for an entire virtual server, there is one collaboration database. The Collaboration Database houses all Discussion and Subscription information. And since Discussion comments and Subscription tracking information are stored separately from the content being discussed, customers can set up a Discussion on content that is located on another virtual server or another machine. Discussions and Subscriptions are also independent of publishing permissions. Users who do not have permissions to write to a document can still insert and reply to comments.
You can use the four role groups defined by OSE to achieve Web-level granularity over security. In other words, assigning users to these groups will satisfy nearly all of a customer�s requirements for site security. Adding and removing users from the built-in groups is effective in controlling who has permission to publish what and where.
If more control is needed over individual files and directories, it is possible to use NTFS ACLs to manage those directly. However, this is an advanced option, and using NTFS ACLs incorrectly can open security holes and break functionality for both publishing and collaboration. There is also a performance hit associated with the use of NTFS ACLs because changing permissions on a group of files means directly touching each and every file to alter its ACL. On a large Web, this can take a long time.
If you opt to use direct ACL access, bear in mind also that it interacts poorly with the FrontPage Client Tools Permissions command, which is the way that customers normally manage permissions on their Webs. When direct ACL access is used, it is recommended to reserve administrative access to the OSE Web. In this case, you would want to use ADSI to let customers manage user accounts.
Generally, the fact
that OSE provides one Collaboration database per virtual server is not a
problem. It usually maps quite well to customers� methodologies, wherein a
workgroup collaborates on all documents within a single virtual server.
For customers that
want to provide privacy to distinct collaborator groups regardless of document
location, ISPs will need to have separate Collaboration databases for each
group. In the absence of a sufficient number of virtual servers, this means
that �dummy� servers (server with no content) may need to be set up to host the
required Collaboration databases.
The Office Server Extensions require a database for the Collaboration and Subscription features to work. The standard OSE installation will attempt to find a local installation of SQL Server (6.5 or 7.0). If it finds it, it will install the Office Server Extensions and connect to SQL Server. If it does not find it, it will automatically install the Microsoft Data Engine (MSDE), which is an embedded version of SQL Server. The following sections discuss the comparative advantages and disadvantages of SQL Server and MSDE and offer recommendations for hosting companies.
The primary advantage of using MSDE is that it is an out of the box solution. It is also self-maintaining and does not require any SQL Server knowledge. And since it resides on the same server as OSE, there is no extra network trip for collaboration data. For these reasons, MSDE is ideal for customers whose only storage needs are for OSE and who have a small number of OSE-extended servers.
A disadvantage to using MSDE is that there are no built-in management tools, so you are not able to adjust performance to suit your needs unless you use the SQL management tools. And because MSDE is an embedded product, its performance is throttled. The main drawback, however, is that MSDE databases tend to proliferate. Because MSDE databases can only be used locally, a new database will be created for each server on which OSE is installed. Having many MSDE databases will be less efficient than having a single SQL database for all of your OSE-extended servers.
Using SQL Server has a number of advantages over using MSDE. First, OSE data can be administered along with data in other databases on your SQL Server. No new administration processes are needed. And OSE data is protected by the backup strategy that you have in place on the SQL Server.
Using SQL Server on its own server also allows you to consolidate your collaboration databases and manage the databases all at once with SQL Server management tools. Using SQL on its own server also allows your OSE-extended server to devote all of its processor, memory, and disk resources to serving up pages and files. The two drawbacks of using SQL Server are that it has to be maintained separately from OSE and that it requires that data travel over the network to and from the database.
In spite of the drawbacks, the recommendation for hosting companies is to use SQL Server (preferably version 7.0). An optimal configuration would be SQL Server 7.0 on a cluster of Windows 2000 Advanced Servers or a cluster of Windows NT Server Enterprise Edition server. At the very least, however, it is recommended to have a dedicated SQL Server that is not running OSE. In this case, you will have to manually prevent installation of MSDE from the command line during OSE setup. This is because the installation wizard will not detect a local install of SQL Server and will install MSDE, and a server with MSDE installed will not be able to connect to a remote SQL Server.
To prevent the installation of MSDE, insert Office Disc 3 for Office 2000 Premium (Disc 1 for with Office 2000 Premium), open a command prompt, change to the CD-ROM drive, and then type the following command:
setupse.exe /nd
During the setup process, you will be given the opportunity to connect to a remote SQL Server.
Customers who use the Office Server Extensions for any kind of document management/collaboration scenario, and this will be most customers, will want to have some level of version control. Version control provides a kind of dynamic backup system, whereby changes to a document are tracked and can be undone. For a collaboration environment, though, version control provides the highly useful ability to lock documents for editing, so that collaborators cannot duplicate each other�s efforts and unknowingly destroy each other�s changes.
With OSE there are three options for version control configuration:
� No version control (default)
� Lightweight check-in/check-out
� Visual SourceSafe�
By default, no version control is configured when you install the Office Server Extensions. However, built into OSE is a fully functional lightweight version control product that you simply enable in your server configuration. This version control software provides for one level of rollback; it does not keep a history of all changes. For customers who do not need full histories of document changes, this solution works quite well, and it entails no performance hit. This solution makes the most sense in a shared hosting environment.
Customers who use lightweight check-in/check-out should use the FrontPage client, as it provides the most complete check-in/check-out interface. Other Office applications provide an option called auto-checkout, which essentially checks a file out (if it is not already checked out), saves it, and checks it in one procedure.
For customers who need more than basic version control, you have the option of installing Visual SourceSafe (VSS) on the server and creating VSS accounts for those users. VSS maintains a complete history of document changes and allows for rollback to any level with the VSS client. For VSS, however, in addition to the additional workload of managing accounts, there is performance overhead. This solution is not advisable in a shared hosting environment. But it may make sense to reserve an entire server and create a dedicated hosting environment for a customer who needs the benefits of VSS. For more information on Visual SourceSafe, see �http://msdn.microsoft.com/ssafe/.�
Setting up a server to run the Office Server Extensions consists of two basic tasks. The first task is running the OSE Setup to copy the OSE bits onto the server. The second task is provisioning Web sites so that they are OSE-extended.
The OSE setup is available in Office Premium, Professional, and Standard. It consists of a one-time OSE Installer that copies the OSE bits onto server so that Web sites can be provisioned.
As mentioned, Setup will install MSDE by default if SQL Server is not present on the server, but you can override this by installing from the command line. Note that there are other command line options (see the table below). To see them, insert Office Disc 3 for Office 2000 Premium (Disc 1 for with Office 2000 Premium), open a command prompt, change to the CD-ROM drive, and then type the following command:
setupse.exe /?
You will see a dialog box with the following available commands:
|
Command |
Does: |
|
/autorun |
Autorun from CD |
|
/wait |
Wait for install to complete before exiting |
|
/settings <.INI file path> |
Read settings file |
|
/I <package path> |
Install/Configure |
|
/x <package path> |
Uninstall |
|
/nd |
Skip install of Microsoft Data Engine |
|
/q[n|b|r][+] |
Display [no|basic|reduced][completion notice] |
|
/l[<logmodes>|*]<logfile path> |
Log mode |
|
/? |
Help |
|
Property=value �property=�value with space �property=�value with ��quote�� |
Set property values |
Note:� <package path> = path to .MSI file on installation media.
OSE setup also provisions a default site if there is only one site present on the server. This would be the case on a server on which IIS had just been installed. This can be scripted using quiet mode from the command line. The Automating Installation and Provisioning With Quiet Mode section below discusses this in more detail.
After OSE has been installed, each site needs to be provisioned to use the Server Extensions. To provision a site:
� Create an IP address for the site.
� Ensure that the virtual server content space resides on an NTFS partition � security will not work on a FAT partition.
� Create the virtual server using the IIS administrative tools.
� Set authentication options for the virtual server.
Once the virtual server is created, you use the OSE tools to extend the virtual server with the Office Server Extensions. The extending process does the following:
� It adds the FrontPage Server Extensions as the publishing portion of OSE.
� It adds the OSE collaboration virtual directories, which allow clients to communicate with OSE database and use the FPSE site authoring capabilities using special HTTP post commands.
� It creates security role groups.
� It conditions ACLs on content so that the role groups will be used to enforce security.
� It creates and provisions the OSE database in the SQL server:
o With SQL 7.0, the database can be provisioned automatically as part of the provisioning process. A SQL 7.0 user account with the proper permissions would also be automatically created. OSE would store the account and connection password as part of the registry information for the virtual server, so that future usage of server will be able to reconnect to the database.
o With SQL 6.5, you would be required to create the database manually. You would also need to create a SQL user account with the ability to add and modify tables.
The primary tool for provisioning sites is the MMC snap-in that is used with IIS. For configuring multiple servers, you can use scripting via quiet mode, which is described below. However, the best tool to use for scripting and customizing installations will be the OSE Command Line Tool, which will be available soon (see http://www.microsoft.com/isn/comhost/office_2000_ose.asp for the latest).
After a site has been provisioned, it might be a good idea to provide customers with a default initial account to get them going. Also, default content that gives instructions and samples can help customers get started with creating their site. OSE does not provide sample content, but you can use the 60 Minute Intranet Kit, available at http://officeupdate.microsoft.com/2000/downloaddetails/60minute.htm.
In a text file, you can specify all the information that OSE Setup needs and then run OSE Setup in quiet mode. Quiet mode does not require any user interaction to complete OSE Setup, so it is convenient when you need to configure several Web sites at one time. By using quiet mode, you can develop a standard installation configuration that you can apply to several computers, while defining the OSE Setup parameters only once.
To run OSE Setup in quiet mode insert Office CD 3 for Office 2000 Premium (CD 1 for with Office 2000 Professional), open a command prompt, change to the CD-ROM drive, and then type the following command:
setupse.exe /q [LOGFILE=logfilepath] [BINROOT=installpath]
where logfilepath is the folder path to the log file containing installation settings, and installpath is the folder path where OSE files are installed.
Note: If you do not specify the LOGFILE switch, OSE Setup defaults to the Cfgquiet.ini file on the CD-ROM in the PFiles\MSOffice\Office folder. If you do not specify the BINROOT switch, OSE files are installed to the Windows NT disk in the C:\Program Files\Microsoft Office folder.
To confirm that OSE Setup is completed, run Task Manager, and then on the Processes tab, check for Setupse.exe. Then restart the computer.
The log file you use when running OSE Setup in quiet mode is a text file with sections that contain entries and values. The log file included on the CD establishes default settings for OSE, and you can copy the file to a writeable location and modify it to meet your needs.
To create the log file, start with the Cfgquiet.ini file that is included with OSE, and modify the file with a text editor such as Notepad. Cfgquiet.ini is located in the PFiles\MSOffice\Office folder on CD 3 of Office 2000 Premium and CD 1 of Office 2000 Professional. If you have already installed Office 2000, Cfgquiet.ini is located in the C:\Program Files\Microsoft Office\Office folder.
Since OSE client components are installed with all Office 2000 products, OSE client installation consists of some simple configurations, which fall into two general categories: configurations that enable publishing and configurations that enable collaboration.
For publishing functionality, the OSE client needs the correct Internet connection settings. OSE client components share proxy settings with Internet Explorer 5, so Internet Explorer 5 customers will not have to configure proxy again. Non Internet Explorer 5 customers can configure proxy setting for OSE within FrontPage. Besides proxy settings, clients need to have Web folders set up in order to save over the Internet. ISPs may want to create shortcuts (simple HTTP paths) to Web folders (Network Places in Windows 2000) as a service to customers.
For collaboration, the client accessing the OSE-based features needs the location of the collaboration server. This can be done by typing the location in manually at the client or by using a policy setting to give the server information to clients.
The best way is to use an ActiveX� control on a Web page that, when hit by a client, sets up shortcuts and configures a collaboration server pointer (this is an example of a custom Automation object). The ActiveX control can also trigger an email to the site owner. This control is contained in the 60 minute Intranet kit, available at http://officeupdate.microsoft.com/2000/downloaddetails/60minute.htm.
Unfortunately, there are no hard and fast rules for how much an Office Server Extensions-extended server can handle. There are a number of factors that influence performance, however, and the following sections look at these structural and operational factors. The scalability rules of thumb are based on these factors and are meant as guidelines.
Structural factors concern the configuration of your server and the size and number of items you are hosting. Structural factors include:
� Number of Webs � The number of Webs on a machine is the most important structural factor.
� Documents per Web � OSE (or FPSE) maintains metadata for every document, so more documents per Web means more overhead for the server.
� Size/richness of documents � OSE tracks embedded images and links going in and out of documents. Large, rich documents use space and CPU cycles.
� Total number of discussions � The number of discussions will impact scalability.
�
Server/Client CPU speed � Server CPU speed will
affect all publishing operations. Client CPU will affect performance for both
publishing and collaboration operations.
Operational factors are, of course, related to structural factors. They concern the operation of a server and include:
� Number of simultaneous saves on particular Web (most important) � Access to a Web in OSE is exclusive. While someone is authoring (saving), other users are put on hold until the first action is done. The higher the number of saves, the longer the wait. Breaking a Web up into subwebs, each with a smaller number of users, will greatly alleviate this.
� Browsing load on server � With Windows NT and IIS, browsing has a very low CPU impact. However, millions of simultaneous hits will collectively have an impact.
� Number of discussions fetched simultaneously - Discussion fetch requires a database lookup and operations within the collaboration COM objects. Thus, there is CPU impact in fetching, adding and removing discussions. Discussion load is usually distributed over time, but there is the possibility of spikes in discussion activity severely impacting performance.
� Index Server� - Index Server, which indexes all documents to allow for full-text searches, can be a major factor in scalability. It was designed to automatically index documents whenever updated, and it assumes that authoring occurs in bulk (that most new documents are uploaded in large quantities and infrequently). This is at odds with the collaboration paradigm, in which there are frequent small changes to documents. And because the Index Server indexing process is very CPU intensive, there can be a major performance hit. Using Index Server on the same machine as OSE is therefore not a good idea. In Windows 2000, Index Server is much more efficient in how it indexes.
� Schedule and frequency of administrative operations � Administrative operations do use resources, so performing these during the day, when the server is busy, will impact performance and scalability.
OSE performance has been greatly improved compared to FrontPage� 98 Server Extensions in terms of latency and the number of documents that can be stored on a given Web. There are, of course, limitations to performance, but based on the operational and structural factors described above, there are things you can do to your OSE configuration to improve performance for publishing and collaboration operations.
Publishing consumes the most server CPU. As a result, the total number of Webs you will be able to host on a server will be greatly affected by the total amount of publishing that takes place. A general rule of thumb, though, is to limit the number of toplevel Web sites to around 200 per Windows NT 4.0 server.
Another important rule of thumb is to use subwebs generously. This is because, as described above, access to a Web is exclusive and only one user can save a document at a time. With subwebs, exclusive access is shared among a smaller number of users. Also, by breaking Webs up into subwebs, each subweb will have fewer documents. This improves performance because OSE will have less metadata to track.
For collaboration scalability, an important area of consideration is whether collaboration clients are uplevel or downlevel (uplevel clients are Office 2000 clients, downlevel clients are IE 4/5 without Office 2000).
For uplevel clients, all work is performed by the client machine. As a result, performance is highly influenced by the client CPU. If customers complain of poor performance, suggest a hardware upgrade.
Downlevel collaboration support, on the other hand, is server-CPU intensive. Thus, if you have a large number of customers using downlevel support, you might consider reducing the number of virtual servers per server.
Another performance issue for collaboration concerns the use of MSDE. MSDE may give temporary backlogs during bulk and stress operations, such as moving or renaming a site. The backlog could cause a five or ten minute delay in sending out notifications. Using SQL Server instead of MSDE can help improve performance.
To maintain an effective collaboration environment, the server administrator has to keep up with tasks such as server backup. Users have certain regular management issues as well, such as removing outdated files.
One of the primary duties of the server administrator is backup and restore. In an OSE environment, there are two steps to the backup process. File system backup tool need to be used to back up documents and files, and database backup tools need to be used to back up the collaboration database.
For the file system, some tools may not back up all the necessary information, such as IIS configuration information and virtual directory configuration information. In this case, a restore might require that the site be re-provisioned.
For the database, MSDE does not provide backup tools. This is another reason to use SQL Server instead of MSDE to store collaboration information.
An issue with backups is synchronization between database backup and file system backup. If changes occur in the time between the two backups, there would not be a transactionally pure snapshot of the Web. A recommendation, then, is to run your backups during the evening or other off-peak times, when changes are less frequent.
Given the need to have unique user accounts with OSE, it is advisable to use Windows NT domains, especially in a multi-server environment. Using a domain gives you central management of all accounts and makes it easy to move sites.
It is also important to delegate account management to site owners. Using ADSI, it is possible to create a Web-based account creation tool. And if you use the user roles defined by OSE, this Web-based solution will be extremely robust, and it will be easy for users to understand.
Content management will generally be the responsibility of the customer. However, ISPs may wish to support customers with specific issues such as standards enforcement and site health management. ISPs can help enforce the use of templates and styles within a given virtual server. For site health management, ISPs may provide customers with reports on broken links and inefficient pages. Where ISPs might be of great help is when customers need to reorganize content. Content reorganization could include services such as creating new Webs, consolidating existing Webs, and fixing links.
As with content management, users will handle many of the duties associated with collaboration management. There are some things an ISP can do to make collaboration more efficient.
For discussions, ISPs might consider the following:
� Aging Policy � Discussions can be aged out. ISPs could suggest that content owners set age of their discussions. This can be done by customers when they create discussions for their sites.
� Non-existent pages � The database will keep a discussion for pages, regardless of whether they are now non-existent. Cleaning up these discussions will reduce needless server overhead. Keep in mind that aging policies will alleviate the need for removing discussion on pages long-since gone.
For subscriptions, ISPs might consider the following:
� Personal Subscription management � Customers may use a Web page for subscription management that any user can access.�
� Stale e-mail addresses � The server administrator might need to get involved to weed out stale email addresses.
� Remove too-broad subscriptions � Users can freely set up subscriptions. Administrators will thus come across situations where not all members of a distribution list want a particular subscription. In this case, administrators will simply have to remove users that complain or that are known not to require a particular subscription.
You can create a new FrontPage-extended Web, change user permissions, and do other administrative tasks when you do not have physical access to the Web server on which you have installed OSE. There are a few tools that you will use for this. Basically, all Web server management can be handled with the FrontPage Server Extensions administration tools. Client administration can be handled from the Start Page. And OSE administration can be handled by browsing to http://<server>/msoffice/msoadmin.
You can use FrontPage Server Extensions HTML Administration Forms and the command-line utility Fpremadm to administer FrontPage Server Extensions locally or remotely from any computer connected to your intranet or the Internet. However, remote administration can be less secure than direct administration.
The following table identifies the administrative tasks you can perform on an OSE-extended Web, and the FrontPage Server Extensions tools to use for each task. For more information on these tools, see the FrontPage 2000 Server Extensions Resource Kit at http://officeupdate.microsoft.com/frontpage/wpp/serk/.
|
|
FrontPage MMC snap-in |
|
|
HTML Administration Forms |
|
Install
extensions |
Yes |
Yes |
Yes |
Yes |
|
Upgrade
extensions |
Yes |
Yes |
Yes |
Yes |
|
Uninstall
extensions |
Yes |
Yes |
Yes |
Yes |
|
Full
uninstall of extensions |
Yes |
Yes |
Yes |
Yes |
|
Create
a subweb |
Yes |
Yes |
Yes |
Yes |
|
Merge a
subweb |
Yes |
Yes |
Yes |
Yes |
|
Check
and fix extensions |
Yes |
Yes |
Yes |
Yes |
|
Administer
security |
Yes |
Yes |
Yes |
Yes |
|
Enable
authoring and administering |
Yes |
Yes |
Yes |
Yes |
|
Disable
authoring and administering |
Yes |
Yes |
Yes |
Yes |
|
Recalculate
Web |
Yes |
Yes |
Yes |
Yes |
|
Import
a file |
No |
Yes |
Yes |
No |
|
Recalculate
hyperlinks |
No |
Yes |
Yes |
No |
|
Delete
a subweb |
Yes |
Yes |
Yes |
Yes |
|
Rename
a subweb |
No |
Yes |
Yes |
Yes |
|
Specify
executable programs |
Yes |
Yes |
Yes |
Yes |
|
Set
e-mail options |
Yes |
No |
No |
No |
|
Specify
scripting language |
Yes |
No |
No |
No |
|
Disable
FrontPage permissions |
Yes |
No |
No |
No |
|
Tune performance |
Yes |
No |
No |
No |
|
Require
SSL |
Yes |
No |
No |
No |
|
Log
authoring activity |
Yes |
No |
No |
No |
Users can perform a variety of tasks through the Start Page, which is accessible by typing http://<server>/msoffice. A list of tasks follows:
|
Discussions |
|
|
Set up a discussion |
Click the Discuss button in Internet Explorer 5. Then click the Discussions button (bottom left) and follow the wizard�s instructions. This is a multi-stepped process, so providing users with step-by-step information is advised. |
|
Reply to, edit, or delete discussion thread. |
Next to the
discussion you want to reply to, edit, or delete, click the |
|
Change to a different collaboration server. |
Click the Discuss button in Internet Explorer 5. Then click the Discussions button and select which server to use, or click Add to add one. |
|
Search for a file on the server using the file properties (like author, title, description) |
Open the Start Page. Select Search Web Folders. |
|
Find out the
directory structure of the Web server (so you know where to save a document
from an Office 2000 application). |
Open the Start Page. Select Browse Web Folders. |
|
Subscriptions |
|
|
Unsubscribe to a document, or change the subscription rules for a document. |
Open the Start Page. Select Manage Web Subscriptions. (Additionally, you are given the opportunity to unsubscribe to a document on every notification you receive--each notification has a link that says "click" here to stop receiving this notification.) |
As already mentioned, the FPSE portion of OSE (publishing, etc.) is managed through the FPSE administration tools and through IIS itself. Other account management can be handled in Windows User Manager or through ADSI-based tools.
The tasks in the table below are all performed through the
OSE Administrator Page, which is
accessed by selecting Start, Programs, Microsoft Office Server
Extensions, and then OSE Administrator (HTML) on the server, or
through the browser at http://<server>/msoffice/msoadmin.
|
OSE Administrative Tasks |
|
|
Limit discussions to documents on this Web server only. |
From the OSE Administrator Page, select Configure Web Discussion Settings, and change Allow Web Discussions On to Documents Located on this server only. |
|
Automatically delete discussions after a certain number of days. |
From the OSE Administrator Page, select Configure Web Discussion Settings, and change Enable automatic deletion of Web Discussion Items to on, and then specify the number of days after which to delete discussions. |
|
See a list of all of the documents being discussed on this server, and delete discussions selectively. |
From the OSE Administrator Page, select Manage Web Discussions. You will see a list of all of the documents being discussed on this server. To delete any, just select them and then press the delete key. |
|
Change the database being used for discussions and subscriptions. |
From the OSE Administrator Page, select Database Settings, and then Change Office Database. Supply the information about the new database, and then click the Submit button. |
|
Change mail server to be used for sending subscription notifications. |
From the OSE Administrator Page, select Configure Web Subscription Settings, and then change the mail server information under Mail will be sent using. |
|
See all of the subscriptions managed by this server, selectively delete them. |
From the OSE Administrator Page, select Manage Web Subscriptions. From there you can sort by user, document, or email address, and selectively delete any of the subscriptions. |
A common task for server administrators is moving sites. Moving a site involves two steps: one for the content; and one for the database.
For content migration, in addition to simply moving the directory, you need to consider virtual directory information, registry information, and security information relating to that data. Of course, a Windows NT domain will alleviate some of the security issues, since account and group information will be globally replicated. However, you will have to specifically copy virtual directory information and registry information. One option for moving a site would be to build a new OSE-extended server, recreate the site and then move the data.
For database migration, you need only to tell OSE how to find the database. The best tool to use for this (if you use SQL Server) is the SQL Data Transformation Services (included with SQL 7.0). Or simply use the HTML administration page to update the location of the database.
There are a number of resources for both the Office Server Extensions and the FrontPage Server Extensions. The Office Resource Kit, available online and printed, contains exhaustive information on configuring and using the publishing and collaboration features of OSE. It also discusses server architecture at length, how to provision sites, settings that servers use, and client configuration. The FrontPage Resource Kit provides a wealth of similar information on the FrontPage Server Extensions.
The Office Server Extensions Toolkit (at http://www.microsoft.com/isn/comhost/office_2000_ose.asp) includes links to key Office and FrontPage Server Extensions information for ISPs. The list below provides some of those links:
�
Office 2000 Resource
Kit (http://www.microsoft.com/office/ork/2000/default.htm).
Provides detailed technical installation, maintenance, and administrative
information about the Office Server Extensions (select �Office 2000 and the
Web� and then �Using Office Server Extensions� for technical specifications).
�
FrontPage 2000
Server Extensions Resource Kit (http://officeupdate.microsoft.com/frontpage/wpp/serk/).
�Provides detailed information
about the FrontPage 2000 Server Extensions, including an overview, and detailed
information about security, setup, and administration.
� How to Become a Registered Web Presence Provider for FrontPage 2000 + Office 2000 (http://www.microsoft.com/frontpage/wpp/becoming.htm). �Gives detailed instructions on how to become a member of the program so that you can receive referrals for your support of the FrontPage 2000 and Office 2000 Server Extensions.
�
Microsoft Office
Server Extensions: Frequently Asked Questions (http://www.microsoft.com/office/2000/office/documents/osefaq.htm).
�Answers commonly asked questions
about the OSEs, including where you can get them, prerequisites, system
requirements, client requirements, and how FrontPage Server Extensions relate
to Office Server Extensions.
�
Microsoft Office Server
Extensions White Paper (http://www.microsoft.com/office/enterprise/prodinfo/osewhtp.htm).
�Describes OSE fundamentals,
features, and installation, administration, and planning considerations.
�
Microsoft FrontPage
2000 Server Extensions Security White Paper (http://msdn.microsoft.com/workshop/languages/fp/2000/fp2ksecurityWP.asp).
�This document presents the
results of tests designed to evaluate the security controls for Microsoft
FrontPage 2000 Server Extensions.
�
FrontPage 2000 Server Extensions downloads.
Downloads are available for Windows
platforms (http://msdn.microsoft.com/workshop/languages/fp/2000/winfpse.asp)
and Unix platforms (http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp).
�
FrontPage Features
that Require Server Extensions (http://support.microsoft.com/support/kb/articles/Q232/5/24.asp).
�Lists the features in FrontPage
2000 that require Server Extensions on the Web server hosting the
content.
�
Newsgroups for
FrontPage (http://support.microsoft.com/support/news/Ngresults.asp?D=fpg).
�Lists the newsgroups for
FrontPage. Newsgroups can be a great way to get technical questions
answered about FrontPage Server Extensions.
While this paper has shown some of the decisions commercial hosting companies need to make regarding Office 2000 Server Extensions, it has not covered every possible situation. Use your knowledge of your environment combined with materials from Microsoft, such as white papers, the Microsoft Office 2000 Resource Kit, and the FrontPage 2000 Server Extensions Resource Kit to effectively deploy Office 2000 Server Extensions in your environment.
For more information: see http://www.microsoft.com/isn/comhost/office_2000_ose.asp�
uuuu
This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document is subject to change without notice. The entire risk of the use or the results of the use of this document remains with the user. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
� 1999 Microsoft Corporation. All rights reserved.
Microsoft, the Office logo, Outlook, PowerPoint, Word, FrontPage, DirectX, SQL Server, Visual SourceSafe, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
next
to the discussion, and select Reply or Edit or Delete.