Microsoft Solution for Supplier Enablement


Deployment Guide

Microsoft Corporation

Service Release 1, May 2002

Applies to:
 Microsoft Solution for Supplier Enablement
 Microsoft Commerce Server 2002
 Microsoft BizTalk Server 2002

Summary Deploy the Microsoft Solution for Supplier Enablement (MSSE). Installation procedures for deploying the MSSE in a medium organization deployment environment are provided. (95 printed pages)

Contents

Introduction
Installation Scope
Deployment Reference Model
Medium Organization Deployment Details
Installing Solution Components
Locking Down the System
Verifying Installation
Known Issues
URL Resources

Introduction

The Microsoft® Solution for Supplier Enablement (MSSE) integrates a number of Microsoft products into a solution that allows suppliers of various sizes to begin trading electronically with their trading partners. These products include Microsoft BizTalk® Server 2002, Microsoft Commerce Server 2002, Microsoft SQL Server™ 2000, and Microsoft BizTalk Accelerator for Suppliers Service Release 1 (AFS).

This guide provides specific installation procedures for deploying the MSSE in a medium organization deployment environment to support catalog publishing and order reception functionality.

Reader Guidance

Before deploying AFS, the entire deployment team should review the "Known Issues" section at the end of this document. Upon successful deployment, operations personnel should become familiar with the product documentation for BizTalk Server, Commerce Server, SQL Server, and BizTalk Accelerator for Suppliers Service Release 1 (AFS).

Installation Scope

While there are many different ways in which to deploy AFS, this document focuses primarily on deploying AFS in a medium organization deployment environment. Using this deployment example as a model, you can modify the appropriate portions of the deployment to suit your particular environment. In addition to the medium deployment, this document also includes information for development and core-medium deployments in the areas of hardware and software requirements, server and network architecture, and functionality verification.

Concepts and Features

The following table describes the key concepts that are used in this document.

Concept Description
Deployment architecture Refers to the logical design of a specific deployment. For example, a deployment might consist of a perimeter network (also known as demilitarized zone or DMZ) and a private intranet zone.
Network architecture Refers to the physical design of a specific deployment. For example, the DMZ of a specific deployment might consist of one domain controller and three Web servers.
Network Load Balancing Refers to the load-balancing feature in Microsoft Windows® 2000 Advanced Server that distributes incoming client requests across multiple Web servers.
Internet Security and Acceleration (ISA) Server Refers to the servers that are used for securing and caching data.
Domain Name System (DNS) servers Refers to the servers that are used in resolving domain names to IP addresses.

Planning Checklist

Before deploying the solution, you must determine which type of deployment to implement. To identify a suitable deployment architecture, consider the following factors:

The results of gathering this information should help you identify a suitable deployment architecture. After the deployment architecture has been determined, make sure you have the following elements:

Installing and Deploying the Solution

When deploying AFS, you have a number of options depending on the amount of order traffic and sales that you expect. Microsoft developer tools and Windows Server System servers have the advantage of being highly scalable, allowing businesses to start off small and then scale to larger enterprise-level designs with small, incremental investments. This section describes the three most typical deployments: development, core-medium, and medium.

Development Deployment

The development deployment involves a two-server architecture that serves as a development and testing environment. This deployment architecture has the simplest configuration, yet is robust enough for a solution to be developed and tested on. The development deployment is not supported in production environments.

The following figure shows the architecture of the development deployment.

Figure 1

In this deployment architecture, all of the software, including all of the components for AFS, are installed on a single server. The single server is protected behind a firewall, which can be a hardware firewall or Microsoft Internet Security and Acceleration (ISA) Server. On this firewall, port 80 must be opened for HTTP and port 443 must be opened for HTTPS. After the solution is developed and tested on the development deployment architecture, it can be migrated to either the core-medium or medium deployment architecture.

For detailed information about installing the MSSE in the development deployment, see the "Installing AFS on One Computer" section of the AFS Installation Guide. The AFS Installation Guide is on the product CD in the file <drive>:\Program Files\Microsoft BizTalk Accelerator for Suppliers\Documentation\installation_guide.htm.

Core-Medium Deployment

The core-medium deployment, designed for small businesses, consists of a three-server architecture. This deployment architecture is designed for sites with low volume. For supporting production environments, this architecture has the simplest and most economical configuration. The core-medium deployment is a good starting point for businesses that have developed and tested their solution on the development deployment, but are not ready to scale to the medium deployment.

The following figure shows the architecture of the core-medium deployment.

Figure 2

The Web server running BizTalk Server, Commerce Server, and AFS receives all incoming client requests. The SQL Server handles all transactions with the database. The two servers are protected by a firewall, which can be a hardware firewall or an ISA Server. On the firewall, port 80 must be opened for HTTP and port 443 must be opened for HTTPS.

As the volume of traffic and business increases, this deployment architecture can scale to the medium deployment architecture, where an additional Web server is used to handle client requests, and XML transformation is isolated onto a separate BizTalk Server.

For detailed information about installing the MSSE in the core-medium deployment, see the "Installing AFS on Multiple Computers" section of the AFS Installation Guide. The AFS Installation Guide is on the product CD in the file <drive>:\Program Files\Microsoft BizTalk Accelerator for Suppliers\Documentation\installation_guide.htm.

Medium Deployment

The medium deployment consists of a nine-server architecture. This deployment architecture is designed for medium-sized organizations that expect sustained activity on the site and want flexibility for scaling. This architecture has the most practical configuration because the design addresses load balancing and security concerns.

The following figure shows the architecture of the medium deployment.

Figure 3

Client requests are received by the Web server in the perimeter network (also known as demilitarized zone or DMZ). This server provides content for the supplier site, while requests containing sensitive data (requests for confirm.asp, crdtcard.asp, and _recvpo.asp) are processed by the Commerce Server Business Desk server running in the intranet. Because the processing of these types of requests consumes more resources, the Business Desk server running in the intranet reduces the load on the DMZ Web server and allows the Web server to serve content exclusively.

To prevent the security of the intranet from being compromised, the intranet firewall only allows access to the intranet through port 1433 for SQL Server, port 1801 for Message Queuing, and port 8080 for HTTP. Requests received on other ports are discarded.

For detailed information about installing the MSSE in the medium deployment, see the "Installing AFS on Multiple Computers" section of the AFS Installation Guide. The AFS Installation Guide is on the product CD in the file <drive>:\Program Files\Microsoft BizTalk Accelerator for Suppliers\Documentation\installation_guide.htm.

Deployment Reference Model

This section provides general information about the minimum hardware requirements, recommended hardware configuration, and solution components for your deployment.

Before implementing the solution, you should identify the hardware requirements for your particular deployment architecture. All hardware used in the deployment should comply with the Microsoft Hardware Compatibility List (HCL).

Minimum Hardware Requirements

Each server in the deployment should meet the following minimum hardware requirements:

In your production environment, the volume of traffic on your Web site might dictate more stringent hardware requirements for Web servers.

Recommended Hardware Configuration

The following table lists the recommended hardware configuration for the development deployment.

Server Processor RAM Hard disk size Network adapters
Single Single 500 MHz 512 MB 8 GB 1
ISA Server Single 500 MHz 512 MB 8 GB 2

The following table lists the recommended hardware configuration for the core-medium deployment.

Server Processor RAM Hard disk size Network adapters
Web server Dual 700 MHz 1 GB 12 GB 1
SQL Server Quad 500 MHz 1 GB 25 GB 1
ISA Server Single 500 MHz 512 MB 8 GB 2

The following table lists the recommended hardware configuration for the medium deployment.

Server Processor RAM Hard disk size Network adapters
3 X DMZ Web server Dual 700 MHz 1 GB 12 GB 2
External ISA Server Single 500 MHz 512 MB 8 GB 3
Business Desk server Dual 700 MHz 1 GB 12 GB 1
BizTalk Server Dual 700 MHz 1 GB 12 GB 1
Intranet ISA Server Single 500 MHz 512 MB 8 GB 3
SQL Server Quad 500 MHz 1 GB 25 GB 1
DC/DNS Servers Single 500 MHz 512 MB 8 GB 1

Solution Components

This section lists the required software products that each server uses for each deployment architecture.

Development Deployment

For the development deployment, the single server uses the following software products:

The firewall server uses the following software products:

Core-Medium Deployment

For the core-medium deployment, the Web server uses the following software products:

The database server uses the following software products:

The firewall server uses the following software products:

Medium Deployment

For the medium deployment, the Web server uses the following software products:

The database server uses the following software products:

The Business Desk server uses the following software products:

The BizTalk Server uses the following software products:

The firewall servers use the following software products:

The DC/DNS server uses the following software products:

On the external firewall server, ports 80 and 443 should be opened for HTTP and HTTPS, respectively. On the internal firewall server, inbound ports 1433 and 1801 should be opened for SQL Server and Message Queuing, respectively. The internal firewall server should also have outbound port 8080 opened for HTTP.

Medium Organization Deployment Details

This section provides detailed instructions for the medium organization deployment. This deployment involves the following primary stages:

  1. Configure the base platform.
  2. Establish communication.
  3. Set up the intranet domain.
  4. Cluster the Web servers.
  5. Install solution components.

In the first stage, you install the base platform (including the operating system) on each server. When establishing communication in the second stage, you configure all IP addresses on all network adapters. In the third stage, you configure the domain controller. In the fourth stage, you configure Network Load Balancing on the DMZ Web cluster. In the fifth stage, you install and configure all of the proper software on each server.

Note Before starting the deployment, you should be familiar with the issues listed in the "Known Issues" section at the end of this document.

The following figure shows an example of the network topology and IP address configuration for the medium deployment. This figure and the subsequent table can serve as useful references when performing the deployment.

Figure 4

Deployment Worksheet

The following table lists the IP addresses assigned to the various network adapters on each server.

Server Network adapter IP address Virtual IP (VIP) Default gateway DNS entry
External ISA Server 1 (public) Public, static IP   Internet gateway Public DNS
  2 (private) 10.10.0.100      
  3 (dedicated) 10.50.0.101      
DMZ Web server 1 1 (public) 10.10.0.1 10.10.0.10 10.10.0.100  
  2 (private) 10.20.0.1      
DMZ Web server 2 1 (public) 10.10.0.2 10.10.0.10 10.10.0.100  
  2 (private) 10.20.0.2      
DMZ Web server 3 1 (public) 10.10.0.3 10.10.0.10 10.10.0.100  
  2 (private) 10.20.0.3      
Intranet ISA Server 1 (public) 10.20.0.100      
  2 (private) 10.30.0.100     10.30.0.200
  3 (dedicated) 10.50.0.100   10.50.0.101  
Intranet DC/DNS server 1 10.30.0.200   10.30.0.100 10.30.0.200
BizTalk Server 1 10.30.0.1   10.30.0.100 10.30.0.200
Business Desk Server 1 10.30.10.1   10.30.0.100 10.30.0.200
SQL Server 1 10.30.20.1   10.30.0.100 10.30.0.200

Configuring the Base Platform

Use the following procedure to configure the base platform.

To configure the base platform

  1. Install Windows 2000 Advanced Server with Service Pack 2 on all servers.

    When installing Windows 2000 Advanced Server, do not install Message Queuing. This feature will be installed later in the deployment process, after other resources have been configured. To prevent Message Queuing from being installed, clear the Message Queuing Services check box in the Windows Components Wizard.

  2. When installing Windows 2000 Advanced Server, install Internet Information Services (IIS) 5.0 on the BizTalk Server, the Business Desk server, and the DMZ Web servers.
  3. The following hotfixes are required by the BizTalk Server, the Business Desk server, and the DMZ Web servers:
    Note In Internet Explorer, navigate to http://support.microsoft.com/. Search for the KB Article Q321827 and follow the online installation instructions.
  4. The following hotfix is required by the ISA, SQL, and DC/DNS Servers:

After configuring the base platform, it might be useful to create a backup image of each server. This backup image allows you to recover the server without re-installing all of the solution components in the event of failure.

Establishing Communication

Before installing and configuring the solution components on each server, you need to establish communication by connecting the appropriate network cables and configuring the IP addresses on all servers. Then, you need to join each server to the appropriate domain. This section provides detailed instructions for completing these tasks.

When establishing network connectivity on each server, see the network figure and deployment worksheet in the "Medium Organization Deployment Details" section.

Connecting the Intranet DC/DNS Server

The following figure shows the network configuration for the intranet DC/DNS server.

Figure 5

Connecting and Renaming the Network Adapter

You should rename the network adapter from Local Area Connection to an informative name, such as Intranet. Use the following procedure to connect and rename the network adapter.

To connect and rename the network adapter

  1. Connect a network cable from the network adapter on the intranet DC/DNS server to Hub 3.
  2. On the desktop of the intranet DC/DNS server, right-click My Network Places, and then click Properties.
  3. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename.
  4. Type Intranet, and then press ENTER.

Configuring the Network Adapter on the Intranet DC/DNS Server

Use the following procedure to configure the Intranet network adapter on the intranet DC/DNS server.

To configure the Intranet network adapter on the intranet DC/DNS server

  1. On the desktop of the intranet DC/DNS server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Intranet, and then click Properties.
  3. In the Intranet Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.0.200
    Subnet mask 255.255.0.0
    Default gateway 10.30.0.100
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS Server 10.30.0.200
  6. Click OK.
  7. In the Intranet Properties dialog box, click OK.

Connecting the BizTalk Server

The following figure shows the network configuration for the BizTalk Server.

Figure 6

Connecting and Renaming the Network Adapter

You should rename the network adapter from Local Area Connection to an informative name, such as Intranet. Use the following procedure to connect and rename the network adapter.

To connect and rename the network adapter

  1. Connect a network cable from the network adapter on the BizTalk Server to Hub 3.
  2. On the desktop of the BizTalk Server, right-click My Network Places, and then click Properties.
  3. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename.
  4. Type Intranet, and then press ENTER.

Configuring the Network Adapter on the BizTalk Server

Use the following procedure to configure the Intranet network adapter on the BizTalk Server.

To configure the Intranet network adapter on the BizTalk Server

  1. On the desktop of the BizTalk Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Intranet, and then click Properties.
  3. In the Intranet Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.0.1
    Subnet mask 255.255.0.0
    Default gateway 10.30.0.100
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS Server 10.30.0.200
  6. Click OK.
  7. In the Intranet Properties dialog box, click OK.

Connecting the Business Desk Server

The following figure shows the network configuration for the Business Desk server.

Figure 7

Connecting and Renaming the Network Adapter

You should rename the network adapter from Local Area Connection to an informative name, such as Intranet. Use the following procedure to connect and rename the network adapter.

To connect and rename the network adapter

  1. Connect a network cable from the network adapter of the Business Desk server to Hub 3.
  2. On the desktop of the Business Desk server, right-click My Network Places, and then click Properties.
  3. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename.
  4. Type Intranet, and then press ENTER.

Configuring the Network Adapter on the Business Desk Server

Use the following procedure to configure the Intranet network adapter on the Business Desk server.

To configure the Intranet network adapter on the Business Desk server

  1. On the desktop of the Business Desk server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Intranet, and then click Properties.
  3. In the Intranet Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.10.1
    Subnet mask 255.255.0.0
    Default gateway 10.30.0.100
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS Server 10.30.0.200
  6. Click OK.
  7. In the Intranet Properties dialog box, click OK.

Connecting the SQL Server

The following figure shows the network configuration for the SQL Server.

Figure 8

Connecting and Renaming the Network Adapter

You should rename the network adapter from Local Area Connection to an informative name, such as Intranet. Use the following procedure to connect and rename the network adapter.

To connect and rename the network adapter

  1. Connect a network cable from the network adapter of the SQL Server to Hub 3.
  2. On the desktop of the SQL Server, right-click My Network Places, and then click Properties.
  3. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename.
  4. Type Intranet, and then press ENTER.

Configuring the Network Adapter on the SQL Server

Use the following procedure to configure the Intranet network adapter on the SQL Server.

To configure the Intranet network adapter on the SQL Server

  1. On the desktop of the SQL Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Intranet, and then click Properties.
  3. In the Intranet Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.20.1
    Subnet mask 255.255.0.0
    Default gateway 10.30.0.100
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS Server 10.30.0.200
  6. Click OK.
  7. In the Intranet Properties dialog box, click OK.

Connecting the Intranet ISA Server

For the medium deployment, the intranet ISA Server requires three network adapters — one public adapter for communicating with the Web servers in the perimeter network (also called demilitarized zone or DMZ), one private adapter for communicating with the servers in the intranet, and one dedicated adapter for communicating with the external ISA Server.

The following figure shows the network configuration for the intranet ISA Server.

Figure 9

Connecting and Renaming the Network Adapters

You should rename the network adapters from Local Area Connection, Local Area Connection 2, and Local Area Connection 3 to more informative names, such as Public, Private, and Dedicated. Use the following procedure to connect and rename the network adapters.

To connect and rename the network adapters

  1. Connect a network cable from the first network adapter of the intranet ISA Server to Hub 2 (the same hub connected to the private network adapters of the DMZ Web cluster). Communication with the DMZ Web cluster occurs over this network adapter.
  2. Connect a network cable from the second network adapter to Hub 3. Communication with the intranet occurs over this network adapter.
  3. Connect a network cable from the third network adapter to Hub 4. Communication with the external ISA Server occurs over this network adapter.
  4. On the desktop of the intranet ISA Server, right-click My Network Places, and then click Properties.
  5. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 2 in step 1.
  6. Type Public, and then press ENTER.
  7. In the Network and Dial-up Connections window, right-click Local Area Connection 2, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 3 in step 2.
  8. Type Private, and then press ENTER.
  9. In the Network and Dial-up Connections window, right-click Local Area Connection 3, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 4 in step 3.
  10. Type Dedicated, and then press ENTER.

Configuring the Public Network Adapter

To communicate with the Web servers in the DMZ, you need to set the TCP/IP properties of the Public network adapter.

To set the TCP/IP properties of the Public network adapter

  1. On the desktop of the intranet ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Public, and then click Properties.
  3. In the Public Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.20.0.100
    Subnet mask 255.255.0.0
    Default gateway Leave blank.
  5. Click Advanced.
  6. In the Advanced TCP/IP Settings dialog box, on the DNS tab, select Append these DNS suffixes (in order), and then click Add.
  7. In the TCP/IP Domain Suffix dialog box, type contoso.com, and then click Add.
  8. In the Advanced TCP/IP Settings dialog box, click OK.
  9. In the Internet Protocol (TCP/IP) Properties dialog box, click OK.
  10. In the Public Properties dialog box, click OK.

Configuring the Private Network Adapter

To communicate with other servers in the intranet, you need to set the TCP/IP properties of the Private network adapter.

To set the TCP/IP properties of the Private network adapter

  1. On the desktop of the intranet ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Private, and then click Properties.
  3. In the Private Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.0.100
    Subnet mask 255.255.0.0
    Default gateway Leave blank.
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS Server 10.30.0.200
  6. Click OK.
  7. In the Private Properties dialog box, click OK.

Configuring the Dedicated Network Adapter

To communicate with the external ISA Server, you need to set the TCP/IP properties of the Dedicated network adapter.

To set the TCP/IP properties of the Dedicated network adapter

  1. On the desktop of the intranet ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Dedicated, and then click Properties.
  3. In the Dedicated Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.50.0.100
    Subnet mask 255.255.0.0
    Default gateway 10.50.0.101
  5. Click OK.
  6. In the Dedicated Properties dialog box, click OK.

Connecting the DMZ Web Cluster

The DMZ Web cluster uses Windows 2000 Network Load Balancing to distribute incoming client requests across the multiple members of the DMZ Web cluster. Each server in the cluster requires two network adapters — one load-balanced adapter for communicating with clients on the public network, and one cluster adapter for communicating with the private network (or intranet). For third-party load balancing devices, only one network adapter might be required.

The following figure shows the network configuration of the DMZ Web cluster.

Figure 10

Connecting and Renaming the Network Adapters

You should rename the network adapters from Local Area Connection and Local Area Connection 2 to more informative names, such as Public and Private. Use the following procedure on each Web server to connect and rename the network adapters.

To connect and rename the network adapters

  1. Connect a network cable from the first network adapter of the Web server to Hub 1.
  2. Connect a network cable from the second network adapter of the Web server to Hub 2.
  3. On the desktop of the Web server, right-click My Network Places, and then click Properties.
  4. In the Network and Dial-up Connections dialog box, right-click Local Area Connection, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 1 in step 1.
  5. Type Public, and then press ENTER.
  6. In the Network and Dial-up Connections window, right-click Local Area Connection 2, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 2 in step 2.
  7. Type Private, and then press ENTER.

Configuring the Public Network Adapter

On Web server 1, set the TCP/IP properties of the Public network adapter.

To set the TCP/IP properties of the Public network adapter

  1. On the desktop of the Web server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Public, and then click Properties.
  3. In the Public Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.10.0.1
    Subnet mask 255.255.0.0
    Default gateway 10.10.0.100
  5. Click Advanced.
  6. In the Advanced TCP/IP Settings dialog box, on the WINS tab, select Disable NetBIOS over TCP/IP, and then click OK.
  7. In the Internet Protocol (TCP/IP) Properties dialog box, click OK.
  8. In the Public Properties dialog box, clear the check box beside Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks, and then click OK.

On Web servers 2 and 3, follow the same procedure using 10.10.0.2 and 10.10.0.3 as the IP addresses, respectively.

Configuring the Private Network Adapter

On Web server 1, change the TCP/IP settings of the Private network adapter.

To change the TCP/IP settings of the Private network adapter

  1. On the desktop of the Web server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Private, and then click Properties.
  3. In the Private Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.20.0.1
    Subnet mask 255.255.0.0
    Default gateway Leave blank.
  5. Click OK.
  6. In the Private Properties dialog box, click OK.

On Web servers 2 and 3, follow the same procedure using 10.20.0.2 and 10.20.0.3 as the IP addresses, respectively.

Connecting the External ISA Server

For the medium deployment, the external ISA Server requires three network adapters — one public adapter for communicating with the Internet, one private adapter for communicating with the servers in the DMZ, and one dedicated adapter for communicating with the intranet ISA Server.

The following figure shows the network configuration for the external ISA Server.

Figure 11

Connecting and Renaming the Network Adapters

You should rename the network adapters from Local Area Connection, Local Area Connection 2, and Local Area Connection 3 to more informative names, such as Public, Private, and Dedicated. Use the following procedure to connect and rename the network adapters.

To connect and rename the network adapters

  1. Connect a network cable from the first network adapter of the external ISA Server to the direct tap. This direct tap should be a direct connection to the Internet.
  2. Connect a network cable from the second network adapter of the external ISA Server to Hub 1 (the same hub connected to the Public network adapters of the DMZ Web cluster).
  3. Connect a network cable from the third network adapter of the external ISA Server to Hub 4 (the same hub connected to the intranet ISA Server).
  4. On the desktop of the external ISA Server, right-click My Network Places, and then click Properties.
  5. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Rename. This network adapter should correspond with the network adapter you connected to the direct tap in step 1.
  6. Type Public, and then press ENTER.
  7. In the Network and Dial-up Connections window, right-click Local Area Connection 2, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 1 in step 2.
  8. Type Private, and then press ENTER.
  9. In the Network and Dial-up Connections window, right-click Local Area Connection 3, and then click Rename. This network adapter should correspond with the network adapter you connected to Hub 4 in step 3.
  10. Type Dedicated, and then press ENTER.

Configuring the Public Network Adapter

To communicate with the Internet, you need to set the TCP/IP properties of the Public network adapter.

To set the TCP/IP properties of the Public network adapter

  1. On the desktop of the external ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Public, and then click Properties.
  3. In the Public Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and type the public IP address in the IP address box. Type the appropriate subnet mask and default gateway in the Subnet mask and Default gateway boxes, respectively.
  5. Select Use the following DNS server addresses, and then type the IP address for your DNS server in the Preferred DNS server box and an alternative IP address in the Alternate DNS server box (if applicable).
  6. Click Advanced.
  7. In the Advanced TCP/IP Settings dialog box, on the WINS tab, select Disable NetBIOS over TCP/IP, and then click OK.
  8. In the Internet Protocol (TCP/IP) Properties dialog box, click OK.
  9. In the Public Properties dialog box, clear the check box for Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks, and then click OK.

Configuring the Private Network Adapter

To communicate with the Web servers in the DMZ, you need to set the TCP/IP properties of the Private network adapter.

To set the TCP/IP properties of the Private network adapter

  1. On the desktop of the external ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Private, and then click Properties.
  3. In the Private Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.10.0.100
    Subnet mask 255.255.0.0
    Default gateway Leave blank.
  5. Click OK.
  6. In the Private Properties dialog box, click OK.

Configuring the Dedicated Network Adapter

To communicate with the intranet ISA Server, you need to set the TCP/IP properties of the Dedicated network adapter.

To set the TCP/IP properties of the Dedicated network adapter

  1. On the desktop of the external ISA Server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Dedicated, and then click Properties.
  3. In the Dedicated Properties dialog box, in the Components checked are used by this connection section, select Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, on the General tab, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.50.0.101
    Subnet mask 255.255.0.0
    Default gateway Leave blank.
  5. Click OK.
  6. In the Dedicated Properties dialog box, click OK.

Setting Up the Intranet Domain

This section describes how to configure your DC/DNS server; create the Contoso domain, new hosts, and the necessary domain accounts; and how to join the intranet servers to the Contoso domain.

Configuring the Intranet DC/DNS Server

Use the following procedure to configure the intranet DC/DNS server.

To launch the Active Directory Installation Wizard and configure your Windows 2000 Advanced Server as an intranet DC/DNS server

  1. Click Start, and then click Run.
  2. In the Run dialog box, in the Run box, type dcpromo, and then click OK.
  3. In the Welcome to the Active Directory Installation Wizard screen, click Next.
  4. In the Domain Controller Type screen, select Domain controller for a new domain, and then click Next.
  5. In the Create Tree or Child Domain screen, select Create a new domain tree, and then click Next.
  6. In the Create or Join Forest screen, select Create a new forest of domain trees, and then click Next.
  7. In the New Domain Name screen, type the full DNS name for the new domain, and then click Next. For example, the full DNS name for your domain might be Contoso.com.
  8. In the NetBIOS Domain Name screen, click Next to use the default NetBIOS Domain name of CONTOSO.
  9. In the Database and Log Locations screen, click Next to store the Active Directory® database and log in the default location. To specify different locations, click Browse and select the appropriate directory.
  10. In the Shared System Volume screen, click Next to use the default location for the Sysvol folder.
  11. In the Active Directory Installation Wizard dialog box, click OK.
  12. In the Configure DNS screen, select Yes, install and configure DNS on this computer (recommended), and then click Next.
  13. In the Permissions screen, select Permissions compatible only with Windows 2000 servers, and then click Next.
  14. In the Directory Services Restore Mode Administrator Password screen, type and confirm a password, and then click Next.
  15. In the Summary screen, review the information to ensure that it is accurate, and then click Next.

    The installation process starts. Note that you may be required to insert the Windows 2000 CD into the CD-ROM drive. Do not skip the DNS installation step of this process; allow the wizard to install DNS.

  16. In the Completing the Active Directory Installation Wizard screen, click Finish.
  17. Restart the server.

Creating New Hosts on the Intranet DC/DNS Server

You must add four new hosts — one for each of the three DMZ Web servers, and one Business Desk server in the intranet.

To add a host for the first DMZ Web server

  1. Click Start, point to Programs, point to Administrative Tools, and then select DNS.
  2. In the DNS window, expand <servername>, expand Forward Lookup Zone, right-click contoso.com, and then click New Host.
  3. In the New Host dialog box, in the Name box, type the name of Web server 1. In the IP address box, type 10.20.0.1, and then click Add Host.
  4. In the DNS dialog box informing you that the host record was successfully created, click OK.

Now add another host for the second DMZ Web server.

To add a host for the second DMZ Web server

  1. In the New Host dialog box, in the Name box, type the name of Web server 2. In the IP address box, type 10.20.0.2, and then click Add Host.
  2. In the DNS dialog box informing you that the host record was successfully created, click OK.

Now add another host for the third DMZ Web server.

To add a host for the third DMZ Web server

  1. In the New Host dialog box, in the Name box, type the name of Web server 3. In the IP address box, type 10.20.0.3, and then click Add Host.
  2. In the DNS dialog box informing you that the host record was successfully created, click OK.

Now add another host for the Business Desk server in the intranet.

To add a host for the Business Desk server in the intranet

  1. In the New Host dialog box, in the Name box, type www. In the IP address box, type 10.30.10.1, and then click Add Host. This IP address corresponds to the IP address of the Business Desk server.
  2. In the DNS dialog box informing you that the host record www.contoso.com was successfully created, click OK.
  3. In the New Host dialog box, click Done.
  4. Close the DNS window.

Creating the Necessary Accounts

After you have configured the intranet DC/DNS server, create the AFS_Admin_Account account as a member of the Domain Admins group. This account is used to run Commerce Server and SQL Server services.

To create the AFS_Admin_Account account on the intranet DC/DNS server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the Active Directory Users and Computers window, expand Contoso.com, right-click Users, point to New, and then click User.
  3. In the New Object - User dialog box, do the following:
    Field Enter
    First name AFS_Admin_Account
    User logon name AFS_Admin_Account
  4. Click Next.
  5. For Password, type a password for the AFS_Admin_Account account, in the Confirm password box, type the password again. Select the check boxes for User cannot change password and Password never expires, and then click Next.
  6. Click Finish.
  7. In the right pane, right-click Domain Admins, and then click Properties.
  8. In the Domain Admins Properties dialog box, on the Members tab, click Add.
  9. In the Select Users, Contacts, or Computers dialog box, select AFS_Admin_Account, click Add, and then click OK.
  10. In the Domain Admins Properties dialog box, click Apply, and then click OK.
  11. Close the Active Directory Users and Computers window.

Repeat steps 1 through 6 to create the AFS_Service_Account account. The AFS_Service_Account account will be created as a member of the Domain Users group, and it will not have administrative privileges. This account will be used for running BizTalk Messaging Service and AFS COM+ applications.

Joining the Intranet Domain

Now that you have connected each server to the appropriate network and configured the DC/DNS server, you are ready to join each server to the domain.

Joining the Business Desk Server to the Intranet Domain

Use the following procedure to join the intranet domain.

To join the Business Desk server to the intranet domain

  1. On the desktop of the Business Desk server, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, on the Network Identification tab, click Properties.
  3. In the Identification Changes dialog box, in the Member of section, select Domain, type Contoso.com, and then click OK.
  4. In the Domain Username and Password dialog box, type administrator, type the password, and then click OK.
  5. In the Network Identification dialog box that welcomes you to the domain, click OK.
  6. In the Network Identification dialog box that advises you to restart the computer, click OK.
  7. In the System Properties dialog box, click OK.
  8. In the System Settings Change dialog box, click Yes to restart the computer.

Joining the SQL Server to the Intranet Domain

Use the following procedure to join the intranet domain.

To join the SQL Server to the intranet domain

  1. On the desktop of the SQL Server, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, on the Network Identification tab, click Properties.
  3. In the Identification Changes dialog box, in the Member of section, select Domain, type Contoso.com, and then click OK.
  4. In the Domain Username and Password dialog box, type administrator, type the corresponding password, and then click OK.
  5. In the Network Identification dialog box that welcomes you to the domain, click OK.
  6. In the Network Identification dialog box that advises you to restart the computer, click OK.
  7. In the System Properties dialog box, click OK.
  8. In the System Settings Change dialog box, click Yes to restart the server.

Joining the BizTalk Server to the Intranet Domain

Use the following procedure to join the intranet domain.

To join the BizTalk Server to the intranet domain

  1. On the desktop of the BizTalk Server, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, on the Network Identification tab, click Properties.
  3. In the Identification Changes dialog box, in the Member of section, select Domain, type Contoso.com, and then click OK.
  4. In the Domain Username and Password dialog box, type administrator, type the corresponding password, and then click OK.
  5. In the Network Identification dialog box that welcomes you to the domain, click OK.
  6. In the Network Identification dialog box that advises you to restart the computer, click OK.
  7. In the System Properties dialog box, click OK.
  8. In the System Settings Change dialog box, click Yes to restart the server.

Clustering the Web Servers

After you have set up the Contoso domain and all servers can communicate properly, you are ready to configure Network Load Balancing on the DMZ Web cluster.

Configuring Network Load Balancing on the DMZ Web Cluster

After the network adapters have been configured, you are ready to configure Network Load Balancing on the Web servers using the following procedure. This procedure must be completed for each server in the Web cluster.

To configure Network Load Balancing on each Web server

  1. On the desktop of the Web server, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Public, and then click Properties.
  3. In the Public Properties dialog box, in the Components checked are used by this connection section, select the Network Load Balancing check box, and then click Properties.
  4. In the Network Load Balancing Properties dialog box, on the Cluster Parameters tab, do the following:
    Field Enter
    Primary IP address 10.10.0.10
    Subnet mask 255.255.0.0
    Full Internet name www.contoso.com
  5. In the Network Load Balancing Properties dialog box, on the Host Parameters tab, do the following:
    Field Enter
    Priority (Unique host ID) 1
    Dedicated IP address 10.10.0.1
    Subnet mask 255.255.0.0
  6. In the Network Load Balancing Properties dialog box, on the Port Rules tab, select the default port rule (from the list of rules located at the bottom of the screen) covering ports 0 to 65535, and then click Remove.
  7. Create a port rule for port 80 (HTTP over TCP/IP) using the following information:
    Field Enter
    Port range 80 to 80
    Protocols Both
    Affinity None
  8. Click OK to return to the Properties dialog box for the load-balanced network adapter.
  9. In the Public Properties dialog box, select Internet Protocol (TCP/IP), and then click Properties.
  10. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
  11. In the Advanced TCP/IP Settings dialog box, on the IP Settings tab, in the IP addresses section, click Add.
  12. In the TCP/IP Address dialog box, do the following:
    Field Enter
    IP address 10.10.0.10
    Subnet mask 255.255.0.0
  13. Click Add.
  14. Click OK three times to complete Network Load Balancing configuration of the load-balanced network adapter.

On Web servers 2 and 3, repeat steps 1 through 14 with the following exceptions to step 5:

Cluster member Priority (Unique host ID) Dedicated IP address
Web server 2 2 10.10.0.2
Web server 3 3 10.10.0.3

Verifying Network Load Balancing Configuration on the DMZ Web Cluster

After the Web servers have restarted, you can test whether Network Load Balancing is functioning properly by typing wlbs query in a command prompt window. You should see the following:

WLBS Cluster Control Utility V2.3. <c> 1997-99 Microsoft Corporation 
Host 1 converged as DEFAULT with the following host(s) as part of the cluster:
1, 2, 3

Modifying the Hosts File

Because the Web servers are not part of a domain, you must modify the hosts file so that Web servers will use the www.contoso.com URL as the VIP address of the Web servers. You must also resolve the SQL Server and BizTalk Server names to the intranet ISA Server. By default, the hosts file is located in the <drive>:\WINNT\system32\drivers\etc folder. Add the following entry to the hosts file on each Web server:

10.10.0.10 www.contoso.com
10.20.0.100 Type the computer name of the SQL Server, not the fully qualified domain name.
10.20.0.100 Type the computer name of the BizTalk Server, not fully qualified domain name.

Installing Solution Components

This section provides detailed instructions about installing the AFS solution components. Specifically, this section describes how to:

Setting Up the Intranet Servers

To set up the intranet servers, you will need to install the appropriate software and configure the following servers:

Installing and Configuring the SQL Server

This section provides detailed instructions about installing and configuring Microsoft SQL Server 2000. Specifically, this section describes how to:

Note It is important to log on as the AFS_Admin_Account user in the Contoso domain.

Installing SQL Server 2000 Enterprise Edition

Use the following procedure to install SQL Server 2000 Enterprise Edition.

To install SQL Server 2000 Enterprise Edition

  1. Insert the SQL Server 2000 Enterprise Edition CD into the CD-ROM drive of the SQL Server.
  2. In Windows Explorer, navigate to the folder containing the SQL Server 2000 setup file, and then double-click autorun.exe.
  3. In the SQL Server 2000 Autorun Menu, select SQL Server 2000 Components.
  4. In the Install Components screen, select Install Database Server.

    The Microsoft SQL Server Installation Wizard starts.

  5. In the Welcome screen, click Next.
  6. In the Computer Name screen, select Local Computer, and then click Next.
  7. In the Installation Selection screen, select Create a new instance of SQL Server, or install Client Tools, and then click Next.
  8. In the User Information screen, type a Name and Company, and then click Next.
  9. In the Software License Agreement screen, read the End-User License Agreement (EULA), and select Yes to proceed with installation.
  10. In the CD-Key screen, type the CD-Key, and then click Next.
  11. In the Installation Definition screen, select Server and Client Tools, and then click Next.
  12. In the Instance Name screen, leave the default values and click Next.
  13. In the Setup Type screen, select Typical, accept the default installation locations, and then click Next.
  14. In the Services Accounts screen, select Use the same account for each service, in the Service Settings section, select Use a Domain User account, and do the following:
    Field Enter
    Username AFS_Admin_Account
    Password The corresponding password.
    Domain Contoso
  15. Click Next.
  16. In the Authentication Mode screen, select Mixed Mode, type and confirm a password for user sa, and then click Next.
  17. In the Start Copying Files screen, click Next.
  18. In the Choose Licensing Mode screen, in the Licensing Mode section, select the appropriate number of licenses, and then click Continue.

    This step starts the installation process.

  19. In the Setup Complete screen, click Finish.

Installing Analysis Services

Use the following procedure to install Analysis Services.

To install Analysis Services

  1. Insert the SQL Server 2000 Enterprise Edition CD into the CD-ROM drive of the SQL Server.
  2. In Windows Explorer, navigate to the folder containing the SQL Server 2000 Analysis Services setup file, and then double-click autorun.exe.
  3. In the SQL Server 2000 Autorun Menu, select SQL Server 2000 Components.
  4. In the Install Components screen, select Install Analysis Services.

    The Microsoft SQL Server Installation Wizard starts.

  5. In the Welcome screen, click Next.
  6. In the Software License Agreement screen, read the End-User License Agreement (EULA), and select Yes to proceed with installation.
  7. In the Select Components screen, accept the default values, and click Next.
  8. In the Data Folder Location screen, click Next.
  9. In the Select Program Folder screen, click Next.

    This step starts the installation process.

  10. In the Setup Complete screen, click Finish.

Installing SQL Server 2000 Service Pack 2

Use the following procedure on the SQL Server to install SQL Server 2000 Service Pack 2 (SP2).

To install SQL Server 2000 SP2

  1. In Windows Explorer, navigate to the folder containing the SQL Server 2000 SP2 setup file, and then double-click SQL2KSP2.exe.
  2. In the Installation Folder screen, use the default installation path of <drive>:\sql2ksp2, and then click Finish.
  3. In the PackageForTheWeb dialog box, click OK.

    The SQL2KSP2 files will be extracted to the sql2ksp2 folder.

  4. In the PackageForTheWeb dialog box, click OK.
  5. In Windows Explorer, navigate to the <drive>:\sql2ksp2 folder, and then double-click setup.bat.

    The SQL Server 2000 SP2 Setup Wizard starts.

  6. In the Welcome screen, click Next.
  7. In the Software License Agreement screen, read the End-User License Agreement (EULA), and then click Yes to proceed with installation.
  8. In the Instance Name screen, click Next.
  9. In the Connect to Server screen, select Windows authentication, and then click Next.
  10. In the Start Copying Files screen, click Next.
  11. If the Microsoft Data Access Components 2.6 Setup screen appears, click Next, and then click Finish.

    This step starts the installation process.

  12. In the Setup dialog box that advises you to back up your master and msdb databases, click OK.
  13. In the Setup Complete screen, click Yes, I want to restart my computer now, and then click Finish.

Installing Analysis Services Service Pack 2

Use the following procedure to install Analysis Services Service Pack 2 (SP2).

To install Analysis Services SP2

  1. In Windows Explorer, navigate to the folder containing the SQL Server 2000 Analysis Services SP2 setup file, and then double-click SQL2KASP2.exe.
  2. In the Installation Folder screen, type <drive>:\sql2ksp2olap, and then click Finish.
  3. In the PackageForTheWeb dialog box, click OK.

    The SQL2KSP2 OLAP files will be extracted to the sql2ksp2olap folder.

  4. In the PackageForTheWeb dialog box, click OK.
  5. In Windows Explorer, navigate to the <drive>:\sql2ksp2olap\msolap\install folder, and then double-click setup.exe.

    This step starts the installation process.

  6. In the Welcome screen, click Next.
  7. In the Software License Agreement screen, read the End-User License Agreement (EULA), and select Yes to proceed with installation.
  8. In the Setup Complete screen, click Finish.

Disabling Named Pipes

After installation, disable named pipes and use only TCP/IP as described in the following procedure. If your setup requires named pipes, ensure that TCP/IP has a higher precedence than named pipes.

To disable named pipes

  1. Click Start, and then click Run.
  2. In the Run dialog box, in the Open box, type cliconfg, and then click OK.
  3. In the SQL Server Client Network Utility dialog box, on the General tab, in the Enabled protocols by order section, click Named Pipes, click Disable, and then click OK.

    This step moves Named Pipes to the Disabled protocols list.

Creating the AFSSQL SQL Server Account

Use the following procedure to create the AFSSQL SQL Server Account.

To create the AFSSQL SQL Server account

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
  2. In SQL Server Enterprise Manager, expand Microsoft SQL Servers, expand SQL Server Group, expand <servername>, expand Security, and then click Logins.
  3. Right-click Logins and then click New Login.
  4. In the SQL Server Login Properties - New Login dialog box, in the Name box, type AFSSQL.
  5. In the Authentication section, click SQL Server Authentication, in the Password box, type the password for the AFSSQL user, and then click OK.
  6. In the Confirm Password dialog box, in the Confirm new password box, type the password for the AFSSQL user, and then click OK.
  7. In the right pane of SQL Server Enterprise Manager, in the list of users, right-click the newly created AFSSQL user, and then click Properties.
  8. In the SQL Server Login Properties - AFSSQL dialog box, in the Server Roles tab, select the Database Creators check box.
  9. In the SQL Server Login Properties - AFSSQL dialog box, on the Database Access tab, in the Specify which databases can be accessed by the login box, select the check box for msdb.
  10. In the Database roles for msdb box, select db_owner, and then click OK.

Installing and Configuring the BizTalk Server

Note It is important to log on as the AFS_Admin_Account user in the Contoso domain.

This section provides detailed instructions for configuring the Microsoft BizTalk Server. This section describes how to:

Installing MSXML 3.0 Service Pack 2

Use the following procedure to install MSXML 3.0 Service Pack 2 (SP2).

To install MSXML 3.0 SP2

  1. In Windows Explorer, navigate to the folder containing the MSXML 3.0 SP2 installation file, and then double-click msxml3sp2Setup.exe.
  2. In the Welcome to the Microsoft XML Parser Setup screen, click Next.
  3. In the Microsoft XML Parser License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the License Agreement, and then click Next to proceed with installation.
  4. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The name of your organization.
  5. Click Next.
  6. In the Ready to Install screen, click Install.

    This step starts the installation process.

  7. In the Completing the Microsoft XML Parser Setup Wizard, click Finish.

Installing Message Queuing

Install Message Queuing (also known as MSMQ) as its own service, not as a dependent client. Use the following procedure on the BizTalk Server to install Message Queuing with the Windows 2000 Configure Your Server utility. During this installation process, you will be prompted to insert the Windows 2000 Advanced Server CD into the CD-ROM drive.

To install Message Queuing with the Windows 2000 Configure Your Server utility

  1. Click Start, point to Programs, point to Administrative Tools, and then click Configure Your Server.
  2. In the Windows 2000 Configure Your Server dialog box, in the left column, expand Advanced, and then select Message Queuing.
  3. In the right pane, click Start to start the Message Queuing Installation Wizard.
  4. In the Welcome to the Message Queuing Installation Wizard screen, click Next.
  5. In the Message Queuing Type screen, select Message Queuing server, ensure that the Enable routing and Manually select access mode to Active Directory boxes are not selected, and then click Next.
  6. In the Message Queuing Server screen, select Message Queuing will not access a directory service, and then click Next.
  7. In the Completing the Message Queuing Installation Wizard screen, click Finish.

Verifying the Message Queuing Installation

After completing the Message Queuing Installation Wizard, you must verify that Message Queuing was installed properly and that all required subdirectories exist.

To verify the Message Queuing installation

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management screen, expand Services and Applications, expand Message Queuing, and then select Private Queues.
  3. In the details pane, verify that the following four private queues exist:

Installing SQL Server 2000 Client Utilities

Because a separate SQL Server exists, only the SQL Server 2000 client utilities need to be installed on the BizTalk Server.

To install the SQL Server 2000 client utilities

  1. Insert the SQL Server 2000 CD into the CD-ROM drive of the BizTalk Server.
  2. In Windows Explorer, navigate to the folder containing the SQL Server 2000 setup file, and then double-click autorun.exe.
  3. In the SQL Server 2000 Autorun Menu, click SQL Server 2000 Components.
  4. In the Install Components screen, select Install Database Server.

    The SQL Server Installation Wizard starts.

  5. In the Welcome to the Microsoft SQL Server Installation Wizard screen, click Next.
  6. In the Computer Name screen, select Local Computer, and then click Next.
  7. In the Installation Selection screen, select Create a new instance of SQL Server, or install Client Tools, and then click Next.
  8. In the User Information screen, in the Name box, type your name, in the Company box, type the name of your company, and then click Next.
  9. In the Software License Agreement screen, read the End-User License Agreement (EULA), and then click Yes to proceed with installation.
  10. In the CD-Key screen, type the CD-Key, and then click Next.
  11. In the Installation Definition screen, select Client Tools Only, and then click Next.
  12. In the Select Components screen, click Next.
  13. In the Start Copying Files screen, click Next.

    This step starts the SQL Server installation process.

  14. In the Setup Complete screen, click Finish. If Setup prompts you to restart the server, click Yes.

Installing SQL Server 2000 Service Pack 2

After installing SQL Server 2000 client utilities, you need to install SQL Server 2000 Service Pack 2 (SP2) on the BizTalk Server.

To install SQL Server 2000 SP2

  1. In Windows Explorer, navigate to the folder containing the SQL Server 2000 SP2 setup file, and then double-click SQL2KSP2.exe.
  2. In the Installation Folder screen, use the default installation path of <drive>:\sql2ksp2, and then click Finish.
  3. In the PackageForTheWeb dialog box, click OK.

    The SQL2KSP2 files will be extracted to the sql2ksp2 folder.

  4. In the PackageForTheWeb dialog box, click OK.
  5. In Windows Explorer, navigate to the folder containing the SQL Server 2000 SP2 setup file, and then double-click setup.bat.
  6. In the Welcome to the Microsoft SQL Server 2000 Service Pack 2 Installation Wizard screen, click Next.
  7. In the Software License Agreement screen, read the End-User License Agreement (EULA), and then click Yes to proceed with installation.
  8. In the Start Copying Files screen, click Next.
  9. In the Setup Complete screen, click Yes, I want to restart my computer now, and then click Finish.

Disabling Named Pipes

After installation, disable named pipes and use only TCP/IP as described in the following procedure. If your setup requires named pipes, ensure that TCP/IP has a higher precedence than named pipes.

To disable named pipes

  1. Click Start, and then click Run.
  2. In the Run dialog box, in the Open box, type cliconfg, and then click OK.
  3. In the SQL Server Client Network Utility dialog box, on the General tab, in the Enabled protocols by order section, click Named Pipes, click Disable, and then click OK.

    This step moves Named Pipes to the Disabled protocols list.

Installing BizTalk Server 2002 Enterprise Edition

Use the following procedure to install BizTalk Server 2002 Enterprise Edition.

To install BizTalk Server 2002 Enterprise Edition

  1. Insert the BizTalk Server 2002 Enterprise Edition CD into the CD-ROM drive.

    The Microsoft BizTalk Server 2002 screen is displayed.

  2. In the Microsoft BizTalk Server 2002 screen, select Install Microsoft BizTalk Server 2002.

    The Microsoft BizTalk Server 2002 Setup Wizard starts.

  3. In the Welcome to the Microsoft BizTalk Server 2002 Setup Wizard screen, click Next.
  4. In the License Agreement screen, read the End-User License Agreement, select I accept this agreement to proceed with installation, and then click Next.
  5. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The name of your organization.
  6. In the Destination Folder screen, use the default installation location, and click Next.
  7. In the Setup Type screen, select Complete, and then click Next.
  8. In the Configure BizTalk Server Administrative Access screen, accept the default values, and then click Next.
  9. In the Microsoft BizTalk Server Service Log On Properties screen, select This account, and do the following:
    Field Enter
    User name Contoso\AFS_Service_Account
    Password The corresponding password.
  10. Ensure that the check box for Start service after setup completes is selected, and then click Next.
  11. In the Ready To Install the Program screen, ensure that all components will be installed, and then click Install.
    Note It is OK to ignore the warning that informs you that BizTalk Orchestration Designer will not run because it requires Microsoft Visio 2002. Visio can be installed on development and testing platforms, but is not required for this deployment.
  12. In the Welcome to the Microsoft BizTalk Server 2002 Messaging Database Setup Wizard screen, click Next.
  13. In the Configure a BizTalk Messaging Management Database screen, select Create a new BizTalk Messaging Management database, and do the following:
    Field Enter
    Server name The computer name of the SQL Server.
    Database InterchangeBTM
  14. Click Next.
  15. In the Configure a BizTalk Server Group screen, select Create a new BizTalk Server group, in the Group name box, type BizTalk Server Group, and then click Next.
  16. In the Configure a Tracking Database screen, select Create a new Tracking database, and do the following:
    Field Enter
    Server name The computer name of the SQL Server.
    Database InterchangeDTA
  17. Click Next.
  18. In the Configure a Shared Queue Database screen, select Create a new Shared Queue database, and do the following:
    Field Enter
    Server name The computer name of the SQL Server.
    Database InterchangeSQ
  19. Click Next.
  20. In the Verify BizTalk Server Group screen, verify the information, and then click Next.
  21. In the Completing the Microsoft BizTalk Server 2002 Messaging Database Setup Wizard screen, click Finish.
  22. In the Welcome to the Microsoft BizTalk Server 2002 Orchestration Persistence Database Server Wizard screen, click Next.
  23. In the Configure a default Orchestration Persistence Database screen, select Create a new default Orchestration Persistence database, and do the following:
    Field Enter
    Server name The computer name of the SQL Server.
    Database XLANG
  24. Click Finish.
  25. In the Completing the Microsoft BizTalk Server 2002 Setup Wizard screen, click Finish.
  26. Restart the server.

Configuring the Internet Connection

Use the following procedure to configure the Internet connection.

To configure the Internet connection

  1. On the desktop of the BizTalk Server, double-click Connect to the Internet.
  2. In the Welcome to the Internet Connection Wizard screen, select the LAN option, and then click Next.
  3. In the Setting up your Internet Connection screen, select the LAN option, and then click Next.
  4. In the Local Area Network Internet Configuration screen, clear all check boxes, and then click Next.
  5. In the Set Up your Internet Mail Account screen, select No, and then click Next.
  6. In the Completing the Internet Connection Wizard screen, click Finish.

Configuring Proxy Settings

For the BizTalk Server to access the Internet, you must configure the proxy settings in Internet Explorer as described in the following procedure.

To configure proxy settings

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. In the Internet Options dialog box, on the Connections tab, in the Local Area Network (LAN) settings section, click LAN Settings.
  3. In the Local Area Network (LAN) Settings dialog box, in the Proxy server section, select Use a proxy server, in the Address box, type 10.30.0.100, and in the Port box, type 8080. Select Bypass proxy server for local addresses, and then click OK.
  4. In the Internet Options dialog box, click OK.

Setting the Proper Security Identity for the XLANG Scheduler

Configure the XLANG Scheduler to run under the AFS_Service_Account.

To set proper security identity for running the XLANG Scheduler on the BizTalk Server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
  2. In the Component Services window, expand Component Services, expand Computers, expand My Computer, expand COM+ Applications, right-click XLANG Scheduler, and then click Properties.
  3. In the XLANG Scheduler Properties dialog box, on the Advanced tab, clear the check box for Disable Changes, and then click OK.
  4. In the Warning dialog box that asks for confirmation, click Yes.
  5. Right-click XLANG Scheduler again, and then click Properties.
  6. In the XLANG Scheduler Properties dialog box, on the Identity tab, select This user, and do the following:
    Field Enter
    User Contoso\AFS_Service_Account
    Password The corresponding password.
    Confirm Password The corresponding password.
  7. On the Advanced tab, select Disable Changes, and then click OK.
  8. In the Warning dialog box asking for confirmation, click Yes.

Setting the Proper Security Identity for the BizTalk Server Interchange Application

Configure the BizTalk Server Interchange Application to run under the AFS_Service_Account.

To set proper security identity for running the BizTalk Server Interchange Application on the BizTalk Server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
  2. In the Component Services window, expand Component Services, expand Computers, expand My Computer, expand COM+ Applications, right-click BizTalk Server Interchange Application, and then click Properties.
  3. In the BizTalk Server Interchange Application Properties dialog box, on the Advanced tab, clear the check box for Disable Changes, and then click OK.
  4. In the Warning dialog box that asks for confirmation, click Yes.
  5. Right-click BizTalk Server Interchange Application again, and then click Properties.
  6. In the BizTalk Server Interchange Application Properties dialog box, on the Identity tab, select This user, and do the following:
    Field Enter
    User Contoso\AFS_Service_Account
    Password The corresponding password.
    Confirm Password The corresponding password.
  7. On the Advanced tab, select Disable Changes, and then click OK.
  8. In the Warning dialog box asking for confirmation, click Yes.

Installing and Configuring the Business Desk Server

This section provides detailed instructions for configuring the intranet Business Desk server. Specifically, this section describes how to:

Note It is important to log on as the AFS_Admin_Account user in the Contoso domain.

Installing MSXML 3.0 Service Pack 2

Use the following procedure to install MSXML 3.0 Service Pack 2 (SP2).

To install MSXML 3.0 SP2

  1. In Windows Explorer, navigate to the folder containing the MSXML 3.0 SP2 installation file, and double-click msxml3sp2Setup.exe.
  2. In the Welcome to the Microsoft XML Parser Setup Wizard screen, click Next.
  3. In the End-user License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the License Agreement, and then click Next to proceed with installation.
  4. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The name of your organization.
  5. Click Next.
  6. In the Ready to Install screen, click Install.

    This step starts the installation process.

  7. In the Completing the Microsoft XML Parser Setup Wizard screen, click Finish.

Installing Internet Explorer 5.5 Service Pack 2

Use the following procedure to install Internet Explorer 5.5 Service Pack 2 (SP2).

To install Internet Explorer 5.5 SP2

  1. In Windows Explorer, navigate to the folder containing the Internet Explorer 5.5 SP2 setup file, and then double-click ie5setup.exe.
  2. In the Welcome to Setup for Internet Explorer and Internet Tools screen, read the End-User License Agreement (EULA), select I accept the agreement, and then click Next to proceed with installation.
  3. In the Windows Update: Internet Explorer and Internet Tools screen, click Next.

    This step starts the installation process.

  4. In the Restart Computer screen, click Finish.

Installing Analysis Services

Use the following procedure to install Analysis Services on the Business Desk server.

To install Analysis Services

  1. Insert the SQL Server 2000 Enterprise Edition CD into the CD-ROM drive of the Business Desk server.
  2. In Windows Explorer, navigate to the folder containing the SQL Server 2000 Analysis Services setup file, and then double-click autorun.exe.
  3. In the SQL Server 2000 Autorun Menu, select SQL Server 2000 Components.
  4. In the Install Components screen, select Install Analysis Services.

    The Microsoft SQL Server Installation Wizard starts.

  5. In the Welcome screen, click Next.
  6. In the Software License Agreement screen, read the End-User License Agreement (EULA), and then click Yes to proceed with installation.
  7. In the Select Components screen, accept the default values, and click Next.
  8. In the Data Folder Location screen, click Next.
  9. In the Select Program Folder screen, click Next.

    This step starts the installation process.

  10. In the Setup Complete screen, click Finish.

Installing Analysis Services Service Pack 2

Use the following procedure to install Analysis Services Service Pack 2 (SP2).

To install Analysis Services SP2

  1. In Windows Explorer, navigate to the folder containing the SQL Server 2000 Analysis Services SP2 setup file, and then double-click SQL2KASP2.exe.
  2. In the Installation Folder screen, type <drive>:\sql2ksp2olap, and then click Finish.
  3. In the PackageForTheWeb dialog box, click OK.

    The SQL2KSP2 OLAP files will be extracted to the sql2ksp2olap folder.

  4. In the PackageForTheWeb dialog box, click OK.
  5. In Windows Explorer, navigate to the <drive>:\sql2ksp2olap\msolap\install folder, and then double-click setup.exe.

    This step starts the installation process.

  6. In the Welcome screen, click Next.
  7. In the Software License Agreement screen, read the End-User License Agreement (EULA), and then click Yes to proceed with installation.
  8. In the Setup Complete screen, click Finish.

Installing the .NET Framework

Use the following procedure on the Business Desk server to install the .NET Framework.

To install the .NET Framework

  1. In Windows Explorer, navigate to the folder containing the .NET Framework setup file, and then double-click dotnetfx.exe.
  2. In the Microsoft .NET Framework Setup dialog box asking if you want to install the .NET Framework, click Yes.
  3. In the Microsoft .NET Framework Setup dialog box asking if you want to update Microsoft Windows Installer components, click Yes.
  4. In the Microsoft .NET Framework (English) Setup screen, click Next.

    This step starts the .NET Framework installation process.

  5. In the Microsoft .NET Framework (English) Setup dialog box, click OK.
  6. In the System Settings Change screen, click Yes to restart the server.

Installing MDAC 2.7

Use the following procedure on the Business Desk server to install MDAC 2.7.

To install MDAC 2.7 on the Business Desk server

  1. In Windows Explorer, navigate to the folder containing the MDAC 2.7 setup file, and then double-click MDAC_TYP.exe.
  2. In the End User License Agreement screen, read the End-User License Agreement (EULA), select I accept all of the terms of the preceding license agreement to proceed with installation, and then click Next.
  3. In the Microsoft Data Access Components 2.7 Setup screen, click Finish.

    This step starts the MDAC 2.7 installation process.

  4. In the Microsoft Data Access Components 2.7 Setup screen, click Close.
Note Installing MDAC 2.7 may fail on the first attempt. Reinstall if necessary.

Installing MDAC 2.7 Rollup

Use the following procedure on the Business Desk server to install the MDAC 2.7 Rollup.

To install the MDAC 2.7 Rollup on the Business Desk server

  1. In Windows Explorer, navigate to the folder containing the MDAC 2.7 Rollup setup file, and then double-click CS_MDAC27_x86_en.exe.
  2. In the Microsoft Data Access Components Hotfix Installer screen, click OK.

    This step starts the MDAC 2.7 Rollup installation process.

  3. In the Setup is complete dialog box, click OK.
  4. In the System Settings Change screen, click Yes to restart the server.

Installing Visual Basic 6.0 Runtime Service Pack 5

Use the following procedure on the Business Desk server to install Visual Basic 6.0 Runtime Service Pack 5 (SP5).

To install Visual Basic 6.0 Runtime SP5 on the Business Desk server

  1. In Windows Explorer, navigate to the folder containing the Visual Basic 6.0 Runtime SP5 setup file, and then double-click VBRun60sp5.exe.
  2. In the Visual Basic 6.0 with Visual Studio 6.0 Service Pack 5 Run Time Files dialog box, click Yes to install the Visual Basic 6.0 run time files.

    This step starts the Visual Basic 6.0 Runtime Service Pack 5 installation process.

    Note No dialog box will appear to indicate that installation has completed.

Installing MSXML 4.0

Use the following procedure on the Business Desk server to install Microsoft XML Core Services (MSXML) 4.0.

To install MSXML 4.0

  1. In Windows Explorer, navigate to the folder containing the MSXML 4.0 installation file, and then double-click msxml4.msi.
  2. In the Welcome to the Microsoft XML Parser and SDK Setup Wizard, click Next.
  3. In the End-User License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the License Agreement, and then click Next to proceed with installation.
  4. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The name of your organization.
  5. Click Next.
  6. In the Choose Setup Type screen, click Install Now.

    This step starts the installation process.

  7. In the Completing the Microsoft XML Parser and SDK Setup Wizard, click Finish.

Installing Message Queuing

Use the following procedure on the Business Desk server to install Message Queuing. This procedure may require you to insert the Windows 2000 Advanced Server CD into the CD-ROM drive.

To install Message Queuing on the Business Desk server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Configure Your Server.
  2. In the Windows 2000 Configure Your Server screen, expand Advanced in the left column, and then click Message Queuing.
  3. In the right pane, click Start to start the Message Queuing Installation Wizard.

    The Message Queuing Installation Wizard starts.

  4. In the Welcome to the Message Queuing Installation Wizard screen, click Next.
  5. In the Message Queuing Type screen, select Message Queuing server, ensure that the Enable routing and Manually select access mode to Active Directory boxes are not selected, and then click Next.
  6. In the Message Queuing Server screen, select Message Queuing will not access a directory service, and then click Next.
  7. In the Completing the Message Queuing Installation Wizard screen, click Finish.

Verifying Message Queuing Installation

After completing the Message Queuing Installation Wizard, you must verify that Message Queuing was installed properly and that all required subdirectories exist.

To verify the Message Queuing installation

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Services and Applications, expand Message Queuing, and then click Private Queues.
  3. In the right pane, verify that the following four private queues exist:

Disabling Named Pipes

After installation, disable named pipes and use only TCP/IP as described in the following procedure.

To disable named pipes

  1. Click Start, and then click Run.
  2. In the Run dialog box, in the Open box, type cliconfg, and then click OK.
  3. In the SQL Server Client Network Utility dialog box, on the General tab, if you have the Default network library section, select TCP/IP from the drop-down list, and then click OK.

    –Or–

    If you have a Disabled Protocols section, select TCP/IP, and then click Enabled. If Named Pipes appears in the Enabled protocols section, click Named Pipes, click Disable, and then click OK.

Creating a New Web Site for the Business Desk Server

To avoid potential security risks associated with Internet Services Application Programming Interface (ISAPI) and the default Web site, you need to create a new Web site on the Business Desk server. First, you need to create a folder to hold the AFS Web site files, and then you need to create the new AFS Web site.

To create a folder to contain the files for the new Web site for the Business Desk server

  1. Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
  2. In Windows Explorer, navigate to the root drive.
  3. On the File menu, click New, and then click Folder.
  4. In the right pane, in the new folder Name box, type MySite, and then press ENTER.

Now that you have created a folder to contain the files for the new Web site, you are ready to create the new Web site.

To create the new Web site for the Business Desk server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Services and Applications, expand Internet Information Services, right-click Default Web Site, and then click Stop.
  3. Right-click Internet Information Services, point to New, and then click Web Site.

    The Web Site Creation Wizard starts.

  4. In the Welcome to the Web Site Creation Wizard screen, click Next.
  5. In the Web Site Description screen, type MySite as the description for the new Web site, and then click Next.
  6. In the IP Address and Port Settings screen, accept the default values and click Next.
  7. In the Web Site Home Directory screen, type the path to the MySite folder, or click Browse to navigate to this folder.
  8. Ensure that the check box for the option Allow anonymous access to this Web site is selected, and then click Next.
  9. In the Web Site Access Permissions screen, accept the default values and click Next.
  10. In the You have successfully completed the Web Site Creation Wizard screen, click Finish.

Maximizing Web Server Performance

You can maximize the performance of the Business Desk server by increasing the Performance Tuning setting.

To increase the Performance Tuning setting

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. In the Internet Information Services screen, expand <servername>, right-click MySite, and then click Properties.
  3. In the MySite Properties dialog box, on the Performance tab, in the Performance tuning section, increase the setting to More than 100,000, and then click OK.

Configuring the Internet Connection

Use the following procedure to configure the Internet connection.

To configure the Internet connection

  1. On the desktop of the Business Desk server, double-click Connect to the Internet.
  2. In the Welcome to the Internet Connection Wizard screen, select the LAN option, and then click Next.
  3. In the Setting up your Internet Connection screen, select the LAN option, and then click Next.
  4. In the Local Area Network Internet Configuration screen, clear all check boxes, and then click Next.
  5. In the Set Up your Internet Mail Account screen, select No, and then click Next.
  6. In the Completing the Internet Connection Wizard screen, click Finish.

Configuring Proxy Settings

For the Business Desk server to access the Internet, you must configure the proxy settings in Internet Explorer as described in the following procedure.

To configure proxy settings

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. In the Internet Options dialog box, on the Connections tab, in the Local Area Network (LAN) settings section, click LAN Settings.
  3. In the Local Area Network (LAN) Settings dialog box, in the Proxy server section, select Use a proxy server, in the Address box, type 10.30.0.100, and in the Port box, type 8080. Do not select Bypass proxy server for local addresses, and then click OK.
  4. In the Internet Options dialog box, click Apply, and then click OK.

Installing and Configuring the Intranet ISA Server

This section provides detailed instructions for configuring Microsoft Internet Security and Acceleration (ISA) Server 2000 in the intranet. In addition to the instructions for installing and configuring ISA Server, this section describes how to modify ISA Server properties so that it will function properly with AFS in the medium deployment. Specifically, this section describes how to:

Removing Internet Information Services

If you installed Internet Information Services (IIS) by default on the intranet ISA Server when you installed Windows 2000, you can remove it because it is not needed.

To remove IIS from the intranet ISA Server

  1. Click Start, point to Settings, and then click Control Panel.
  2. In the Control Panel window, double-click Add/Remove Programs.
  3. In the Add/Remove Programs dialog box, click Add/Remove Windows Components from the left column.

    The Windows Components Wizard starts.

  4. In the Windows Components screen, clear the check box next to the option Internet Information Services (IIS), and then click Next. You might have to scroll down to view the Internet Information Services (IIS) component.
  5. If the Terminal Services Setup screen appears, select Remote administration mode, and then click Next. The wizard might take a few minutes to complete.
  6. In the Completing the Windows Components Wizard screen, click Finish. IIS is now uninstalled.
  7. Click Close to exit Add/Remove Programs.

Installing ISA Server Standard Edition

After you have removed IIS, you can install ISA Server Standard Edition.

To install ISA Server Standard Edition

  1. Insert the ISA Server 2000 Standard Edition CD into the CD-ROM drive of the intranet ISA Server.
  2. In Windows Explorer, navigate to the folder containing the ISA Server 2000 setup file, and then double-click ISAAutorun.exe.
  3. In the Microsoft ISA Server Setup screen, click Install ISA Server.
  4. In the Microsoft ISA Server (Standard Edition) Setup dialog box, click Continue.
  5. In the Microsoft ISA Server Setup dialog box, read the End-User License Agreement (EULA), and then click I Agree to accept the terms of the EULA to proceed with installation.
  6. In the Microsoft ISA Server (Standard Edition) Setup dialog box, click Full Installation.
  7. In the Microsoft ISA Server Setup dialog box, select Integrated mode, and then click Continue.
  8. In the Microsoft Internet Security and Acceleration Server Setup dialog box, click OK to accept the default location and size for the ISA Server cache drives.
  9. In the Microsoft Internet Security and Acceleration Server Setup dialog box for entering the IP address ranges, click Construct Table.
  10. In the Local Address Table dialog box, clear the check box for the option Add the following private ranges, select Add address ranges based on the Windows 2000 Routing Table, ensure that the only IP address selected is that of the Private network adapter (10.30.0.100), and then click OK.
  11. In the Setup Message dialog box, click OK.
  12. In the Microsoft Internet Security and Acceleration Server Setup dialog box for entering the IP address ranges, click OK.
  13. If a message box appears informing you that Message Screener requires the SMTP Service, click OK.

    The ISA Server installation starts.

  14. In the Launch ISA Management Tool dialog box, clear the check box for starting up the wizard, and then click OK.
  15. In the Microsoft ISA Server (Standard Edition) Setup dialog box that states that ISA Server Setup was completed successfully, click OK.

Installing ISA Server Service Pack 1

After you have installed ISA Server, you can install ISA Server Service Pack 1 (SP1).

To install ISA Server SP1

  1. In Windows Explorer, navigate to the folder containing the ISA Server SP1 setup file, and then double-click ISASP1.exe.
  2. In the Software License Agreement screen, read the End-User License Agreement (EULA), and select I agree to proceed with installation.

    This step starts the ISA Server Service Pack 1 installation process.

  3. In the Microsoft ISA Server 2000 Update Setup dialog box, click OK.
  4. The server will restart after the Service Pack has been installed.

Installing Windows 2000 Hotfix Q315764

Use the following procedure to install Windows 2000 Hotfix Q315764.

To install Windows 2000 Hotfix Q315764

Adding Incoming Web Request Listeners

Because ISA Server intercepts requests from the DMZ for servers on the intranet, you must specify which IP addresses will listen for Web requests from the DMZ.

To add incoming Web request listeners

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, right-click <servername>, and then click Properties.
  3. In the <servername> Properties dialog box, on the Incoming Web Requests tab, click Add.
  4. In the Add/Edit Listeners dialog box, in the Server drop-down list, select <servername>.
  5. In the IP Address drop-down list, select the IP address corresponding to the Public network adapter. The example IP address used in this document is 10.20.0.100.
  6. Confirm that all check boxes are cleared except for Integrated, click OK, and then click Apply.
  7. In the ISA Server Warning dialog box, select Save the changes and restart the service(s), and then click OK.
  8. In the <servername> Properties dialog box, click Add.
  9. In the Add/Edit Listeners dialog box, in the Server drop-down list, select <servername>.
  10. In the IP Address drop-down list, select the IP address corresponding to the Dedicated ISA network adapter. The example IP address used in this document is 10.50.0.100.
  11. Confirm that all check boxes are cleared except for Integrated, and then click OK.
  12. In the <servername> Properties dialog box, click Apply.
  13. In the ISA Server Warning dialog box, select Save the Changes and Restart the service(s), and then click OK.
  14. In the <servername> Properties dialog box, click OK.

Creating a New Protocol Definition for Message Queuing

Protocol definitions specify the low-level protocols and port numbers that connections use. You need to create two new protocol definitions named MSMQ Inbound and MSMQ Outbound to support the server publishing rule and protocol rule. Use the following procedures to create these two new protocol definitions that will define the Message Queuing port.

To create the new protocol definition named MSMQ Inbound

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Protocol Definitions, click New, and then click Definition.

    The New Protocol Definition Wizard starts.

  3. In the Welcome to the New Protocol Definition Wizard screen, in the Protocol definition name box, type MSMQ Inbound, and then click Next.
  4. In the Primary Connection Information screen, in the Port number box, type 1801, in the Protocol type section, select TCP, in the Direction section, select Inbound, and then click Next.
  5. In the Secondary Connections screen, select No, and then click Next.
  6. In the Completing the New Protocol Definition Wizard screen, click Finish.

After you have created the inbound rule, you are ready to create the outbound rule.

To create the new protocol definition named MSMQ Outbound

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Protocol Definitions, click New, and then click Definition.

    The New Protocol Definition Wizard starts.

  3. In the Welcome to the New Protocol Definition Wizard screen, in the Protocol definition name box, type MSMQ Outbound, and then click Next.
  4. In the Primary Connection Information screen, in the Port number box, type 1801, in the Protocol type section, select TCP, in the Direction section, select Outbound, and then click Next.
  5. In the Secondary Connections screen, select No, and then click Next.
  6. In the Completing the New Protocol Definition Wizard screen, click Finish.

Creating a New Site and Content Rule

Site and content rules determine if and when specified users can access content on specific destination sets. Use the following procedure to create a new site and content rule.

To create a new site and content rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click Site and Content Rules, click New, and then click Rule.

    The New Site and Content Rule Wizard starts.

  3. In the Welcome to the New Site and Content Rule Wizard screen, in the Site and content rule name box, type Allow, and then click Next.
  4. In the Rule Action screen, select Allow, and then click Next.
  5. In the Rule Configuration screen, select Allow access based on destination, and then click Next.
  6. In the Destination Sets screen, from the drop-down list, select All destinations, and then click Next.
  7. In the Completing the New Site and Content Rule Wizard screen, click Finish.

Creating Client Address Sets

Client address sets consist of one or more computers. For access policy rules, client address sets include computers that are part of your internal network. For Web publishing rules, client address sets include computers external to your network.

You will need to create three client address sets: Business Desk server, BizTalk Server, and Web servers. The client address sets will be used by either a protocol or a publishing rule.

Use the following procedure to create the client address set named BizTalk Server.

To create the client address set named BizTalk Server

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Client Address Sets, click New, and then click Set.
  3. In the Client Set screen, in the Name box, type BizTalk Server, and then click Add.
  4. In the Add/Edit IP Addresses screen, in the From field, type 10.30.0.1, in the To field, type 10.30.0.1, and then click OK.
  5. In the Client Set screen, click OK.

Use the following procedure to create the client address set named Business Desk server.

To create the client address set named Business Desk server

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Client Address Sets, click New, and then click Set.
  3. In the Client Set screen, in the Name box, type Business Desk server, and then click Add.
  4. In the Add/Edit IP Addresses screen, in the From field, type 10.30.10.1, in the To field, type 10.30.10.1, and then click OK.
  5. In the Client Set screen, click ADD.
  6. In the Add/Edit IP Addresses screen, in the From box, type 10.30.30.1, in the To box, type 10.30.30.1, and then click OK.
    Note The IP address 10.30.30.1 is the IP address of the Business Desk client that you will build later in this guide. If you need to add additional Business Desk clients, be sure to add their IP addresses to this Business Desk server client address set.
  7. In the Client Set screen, click OK.

Use the following procedure to create the client address set named Web servers.

To create the client address set named Web servers

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Client Address Sets, click New, and then click Set.
  3. In the Client Set screen, in the Name box, type Web Servers, and then click Add.
  4. In the Add/Edit IP Addresses screen, in the From field, type 10.20.0.1, in the To field, type 10.20.0.3, and then click OK.
  5. In the Client Set screen, click OK.

Creating New Protocol Rules

Protocol rules determine which protocols clients can use and when.

Use the following procedure to create the MSMQ Outbound protocol rule.

To create the MSMQ Outbound protocol rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click Protocol Rules, click New, and then click Rule.

    The New Protocol Rule Wizard starts.

  3. In the Welcome to the New Protocol Rule Wizard screen, in the Protocol rule name box, type MSMQ Outbound, and then click Next.
  4. In the Rule Action screen, select Allow, and then click Next.
  5. In the Protocols screen, ensure that Selected protocols is selected from the drop-down list. In the Protocols section, ensure that MSMQ Outbound and Show only selected protocols are selected, and then click Next.
  6. In the Schedule screen, from the drop-down list, select Always, and then click Next.
  7. In the Client Type screen, select Specific computers (client address sets), and then click Next.
  8. In the Client Sets screen, click Add.
  9. In the Add Client Sets dialog box, in the Defined Sets section, double-click BizTalk Server, and then click OK.
  10. In the Client Sets screen, click Next.
  11. In the Completing the New Protocol Rule Wizard screen, click Finish.

Use the following procedure to create the Web Outbound protocol rule.

To create the Web Outbound protocol rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click Protocol Rules, click New, and then click Rule.

    The New Protocol Rule Wizard starts.

  3. In the Welcome to the New Protocol Rule Wizard screen, in the Protocol rule name box, type Web Outbound, and then click Next.
  4. In the Rule Action screen, select Allow, and then click Next.
  5. In the Protocols screen, ensure that Selected protocols is selected from the drop-down list. In the Protocols section, ensure that HTTP, HTTPS, and Show only selected protocols are selected, and then click Next.
  6. In the Schedule screen, from the drop-down list, select Always, and then click Next.
  7. In the Client Type screen, select Specific computers (client address sets), and then click Next.
  8. In the Client Sets screen, click Add.
  9. In Add Client Sets dialog box, in the Defined Sets section, double-click BizTalk Server, double-click Business Desk server, and then click OK.
  10. In Client Sets screen, click Next.
  11. In the Completing the New Protocol Rule Wizard screen, click Finish.

Creating Web Publishing Rules

Web publishing rules define how incoming Web requests are handled. You need to create a new Web publishing rule to redirect HTTP requests from the DMZ to the Business Desk server and BizTalk Server in the intranet.

Note It is important that the rules be listed in the following order: BizTalk Server Requests, Business Desk Requests, and Default. The order of the rules can be set by using the UP or DOWN arrow in the ISA Management window.

To create the Web publishing rule: Business Desk Requests

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Web Publishing Rules, click New, and then click Rule.

    The New Web Publishing Rule Wizard starts.

  3. In the Welcome to the New Web Publishing Rule Wizard screen, in the Web publishing rule name box, type Business Desk Requests, and then click Next.
  4. In the Destination Sets screen, from the drop-down list, select All destinations, and then click Next.
  5. In the Client Type screen, select Any Request, and then click Next.
  6. In the Rule Action screen, select Redirect the request to this internal Web server (name or IP address), and then type the IP address of the Business Desk server in the text box next to the Browse button. The example IP address used in this document is 10.30.10.1.
  7. Select Send the original host header to the publishing server, use the default ports, and then click Next.
  8. In the Completing the New Web Publishing Rule Wizard screen, click Finish.

To create the Web publishing rule: BizTalk Server Requests

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Web Publishing Rules, click New, and then click Rule.

    The New Web Publishing Rule Wizard starts.

  3. In the Welcome to the New Web Publishing Rule Wizard screen, in the Web publishing rule name box, type BizTalk Server Requests, and then click Next.
  4. In the Destination Sets screen, from the drop-down list, select All destinations, and then click Next.
  5. In the Client Type screen, select Specific Computers (client address sets), and then click Next.
  6. In the Client Sets screen, click Add.
  7. In the Add Client Sets screen, in the Client Sets field, double-click Web Servers, and then click OK.
  8. In the Client Sets screen, click Next.
  9. In the Rule Action screen, select Redirect the request to this internal Web server (name or IP address), and then type the IP address of the BizTalk Server in the text box next to the Browse button. The example IP address used in this document is 10.30.0.1.
  10. Select Send the original host header to the publishing server, use the default ports, and then click Next.
  11. In the Completing the New Web Publishing Rule Wizard screen, click Finish.
  12. Verify that the BizTalk Server Requests rule appears as the first rule in the ISA Management console. If it is not, select the rule, and then click the Up Arrow.

Creating Server Publishing Rules

A server publishing rule maps incoming requests to the appropriate internal server. Use the following procedure to create the SQL Server publishing rule.

To create the SQL Server publishing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Server Publishing Rules, click New, and then click Rule.

    The New Server Publishing Rule Wizard starts.

  3. In the Welcome to the New Server Publishing Rule Wizard screen, in the Server publishing rule name box, type SQL, and then click Next.
  4. In the Address Mapping screen, in the IP address of internal server box, type the IP address of the SQL Server. The example IP address used in this document is 10.30.20.1.
  5. In the Address Mapping screen, in the External IP address on ISA Server box, type the IP address of the ISA Server that is used by the Web cluster in the DMZ. The example IP address used in this document is 10.20.0.100.
  6. Click Next.
  7. In the Protocol Settings screen, from the drop-down list, select Microsoft SQL Server, and then click Next.
  8. In the Client Type screen, select Any request, and then click Next.
  9. In the Complete the New Server Publishing Rule Wizard screen, click Finish.

Now that you have created the SQL Server publishing rule, you are ready to create the Message Queuing server publishing rule.

To create the Message Queuing server publishing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Server Publishing Rules, click New, and then click Rule.

    The New Server Publishing Rule Wizard starts.

  3. In the Welcome to the New Server Publishing Rule Wizard screen, in the Server publishing rule name box, type MSMQ, and then click Next.
  4. In the Address Mapping screen, in the IP address of internal server box, type the IP address of the BizTalk Server. The example IP address used in this document is 10.30.0.1.
  5. In the External IP address on ISA Server box, type the IP address of the ISA Server that is used by the DMZ Web cluster. The example IP address used in this document is 10.20.0.100.
  6. Click Next.
  7. In the Protocol Settings screen, from the drop-down list, select MSMQ Inbound, and then click Next.
  8. In the Client Type screen, select Any request, and then click Next.
  9. In the Complete the New Server Publishing Rule Wizard screen, click Finish.

Creating Destination Sets

A destination set is defined as a set of path locations or a specific IP range. Destination sets are used by routing or publishing rules to define a specific set of destinations. Use the following procedure to create a destination set for the Web servers.

To create a destination set for the Web servers

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Destination Sets, click New, and then click Set.
  3. In the New Destination Set dialog box, in the Name box, type Web Farm Catalogs, and then click Add.
  4. In the Add/Edit Destination dialog box, select Destination, type *.contoso.com, and then click OK.
  5. In the New Destination Set dialog box, click OK.

Creating New Routing Rules

Routing rules determine whether a client's Web request is retrieved directly, routed to an upstream ISA Server, or routed to an alternative destination. Use the following procedure to create the Web Farm Catalogs Refresh routing rule. This rule applies to the Web servers and uses the Web Farm Catalogs destination set.

To create the Web Farm Catalogs Refresh routing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Network Configuration, right-click Routing, click New, and then click Rule.

    The New Routing Rule Wizard starts.

  3. In the Welcome to the New Routing Rule Wizard screen, in the Routing rule name box, type Web Farm Catalogs Refresh, and then click Next.
  4. In the Destination Sets screen, from the drop-down list, select Specified Destination Set, from the drop-down list next to Name, select Web Farm Catalogs, and then click Next.
  5. In the Request Action screen, select Retrieve them directly from specified destination, and then click Next.
  6. In the Cache Retrieval Configuration screen, select A valid version of the object, and then click Next.
  7. In the Cache Content Configuration screen, select If source and request headers indicate to cache, then the content will be cached, and then click Next.
  8. In the Completing the New Routing Rule Wizard screen, click Finish.

After you have created the Web Farm Catalogs Refresh routing rule, you are ready to create the Inbound routing rule for internal domain requests. Use the following procedure to create this routing rule.

To create the Inbound routing rule for internal domain requests

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Network Configuration, right-click Routing, click New, and then click Rule.

    The New Routing Rule Wizard starts.

  3. In the Welcome to the New Routing Rule Wizard screen, in the Routing rule name box, type Inbound, and then click Next.
  4. In the Destination Sets screen, from the drop-down list, select All internal destinations, and then click Next.
  5. In the Request Action screen, select Retrieve them directly from specified destination, and then click Next.
  6. In the Cache Retrieval Configuration screen, select A valid version of the object, and then click Next.
  7. In the Cache Content Configuration screen, select If source and request headers indicate to cache, then the content will be cached, and then click Next.
  8. In the Completing the New Routing Rule Wizard screen, click Finish.

After creating the two new routing rules, you need to modify the default rule. This rule redirects outbound traffic to the external ISA Server and bypasses the Web cluster. Use the following procedure to modify the default routing rule.

To modify the default routing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, and then click Network Configuration.
  3. In the right pane, double-click Default rule.
  4. In the Default rule Properties dialog box, on the Action tab, select Routing them to a specified upstream server, and then click Settings.
  5. In the Upstream Server Setting dialog box, in the Server or array box, type 10.50.0.101, in the Port box, ensure that 8080 is listed, in the SSL Port box, ensure that 8443 is listed, ensure that all other check boxes are cleared, and then click OK.
  6. In the Default rule Properties dialog box, click OK.

Enabling IP Packet Filtering

Use the following procedure to verify that IP packet filtering is enabled.

To verify that IP packet filtering is enabled

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click IP Packet Filters, and then click Properties.
  3. In the IP Packet Filters window, on the General tab, ensure that all three check boxes are selected, and then click OK.

Maximizing ISA Server Performance

You can maximize the performance of the ISA Server by increasing the Performance Tuning setting. Use the following procedure to increase this setting.

To increase the Performance Tuning setting

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, right-click <servername>, and then click Properties.
  3. In the <servername> Properties dialog box, on the Performance tab, in the Performance tuning section, increase the setting to More than 1,000, and then click OK.

Modifying the Hosts File

Because ISA Server is not part of a domain, you must modify the hosts file so that ISA Server will use the www.contoso.com URL as the IP address of the Business Desk server. By default, the hosts file is located in the <drive>:\WINNT\system32\drivers\etc folder. You must modify the hosts file by adding the following entry:

10.30.10.1www.contoso.com

Installing and Configuring the DMZ Web Cluster

This section provides detailed instructions for configuring the Web servers in the perimeter network (also known as demilitarized zone or DMZ) to support Microsoft BizTalk Accelerator for Suppliers (AFS). Specifically, this section describes how to:

Installing MSXML 3.0 Service Pack 2

Use the following procedure on each Web server to install MSXML 3.0 Service Pack 2 (SP2).

To install MSXML 3.0 SP2

  1. In Windows Explorer, navigate to the folder containing the MSXML 3.0 SP2 installation file, and then double-click msxml3sp2Setup.exe.
  2. In the Welcome to the Microsoft XML Parser Setup Wizard, click Next.
  3. In the End-User License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the License Agreement, and then click Next to proceed with installation.
  4. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The name of your organization.
  5. Click Next.
  6. In the Ready to Install screen, click Install.

    This step starts the installation process.

  7. In the Completing the Microsoft XML Parser Setup Wizard, click Finish.

Installing Internet Explorer 5.5 Service Pack 2

Use the following procedure on each Web server to install Internet Explorer 5.5 Service Pack 2 (SP2).

To install Internet Explorer 5.5 SP2.

  1. In Windows Explorer, navigate to the folder containing the Internet Explorer 5.5 SP2 setup file, and then double-click ie5setup.exe.
  2. In the Welcome to Setup for Internet Explorer and Internet Tools, read the End-User License Agreement (EULA), select I accept the agreement, and then click Next to proceed with installation.
  3. In the Windows Update: Internet Explorer and Internet Tools screen, click Next.

    This step starts the installation process.

  4. In the Restart Computer screen, click Finish.

Installing the .NET Framework

Use the following procedure on each Web Server to install the .NET Framework.

To install the .NET Framework

  1. In Windows Explorer, navigate to the folder containing the .NET Framework setup file, and then double-click dotnetfx.exe.
  2. In the Microsoft .NET Framework Setup dialog box asking if you want to install the .NET Framework, click Yes.
  3. In the Microsoft .NET Framework Setup dialog box asking if you want to update Microsoft Windows Installer components, click Yes.
  4. In the Microsoft .NET Framework (English) Setup screen, click Next.

    This step starts the .NET Framework installation process.

  5. In the Microsoft .NET Framework (English) Setup dialog box, click OK.
  6. In the System Settings Change screen, click Yes to restart the server.

Installing MDAC 2.7

Use the following procedure on each Web server to install MDAC 2.7.

To install MDAC 2.7 on each Web server

  1. In Windows Explorer, navigate to the folder containing MDAC 2.7 setup file, and then double-click MDAC_TYP.exe.
  2. In the End User License Agreement screen, read the End-User License Agreement (EULA), select I accept all of the terms of the preceding license agreement to proceed with installation, and then click Next.
  3. In the Microsoft Data Access Components 2.7 Setup screen, click Finish.

    This step starts the MDAC 2.7 installation process.

  4. In the Microsoft Data Access Components 2.7 Setup screen, click Close.
    Note Installing MDAC 2.7 may fail on the first attempt. Reinstall if necessary.

Installing MDAC 2.7 Rollup

Use the following procedure on each Web server to install the MDAC 2.7 Rollup.

To install the MDAC 2.7 Rollup on each Web server

  1. In Windows Explorer, navigate to the folder containing the MDAC 2.7 Rollup setup file, and then double-click CS_MDAC27_x86_en.exe.
  2. In the Microsoft Data Access Components Hotfix Installer screen, click OK.

    This step starts the MDAC 2.7 Rollup installation process.

  3. In the Setup is complete dialog box, click OK.
  4. In the System Settings Change screen, click Yes to restart the server.

Installing Visual Basic 6.0 Runtime Service Pack 5

Use the following procedure on each Web server to install Visual Basic 6.0 Runtime Service Pack 5 (SP5).

To install Visual Basic 6.0 Runtime SP5 on each Web server

  1. In Windows Explorer, navigate to the folder containing the Visual Basic 6.0 Runtime SP5 setup file, and then double-click VBRun60sp5.exe.
  2. In the Visual Basic 6.0 with Visual Studio 6.0 Service Pack 5 Run Time Files dialog box, click Yes to install the Visual Basic 6.0 run time files.

    This step starts the Visual Basic 6.0 Runtime Service Pack 5 installation process.

    Note No dialog box will appear to indicate that installation has completed.

Installing Message Queuing

Message Queuing (also known as MSMQ) must be installed on each Web server as its own Message Queuing service, not as a dependent client.

To install Message Queuing

  1. Click Start, point to Programs, point to Administrative Tools, and then click Configure Your Server.
  2. In the Windows 2000 Configure Your Server dialog box, expand Advanced from the left column, and then select Message Queuing.
  3. In the right pane, click Start the Message Queuing Installation Wizard.
  4. In the Welcome to the Message Queuing Installation Wizard screen, click Next.

    The wizard may prompt you to insert the Windows 2000 CD into the CD-ROM drive. Installation of Message Queuing starts.

  5. In the Completing the Message Queuing Installation Wizard screen, click Finish.

Verifying the Message Queuing Installation

After completing the Message Queuing Installation Wizard, you must verify that Message Queuing was installed properly and that all required subdirectories exist.

To verify the Message Queuing installation

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Services and Applications, expand Message Queuing, and then click Private Queues.
  3. In the right pane, verify that the following four private queues exist:

Disabling Named Pipes

After installation, disable named pipes and use only TCP/IP as described in the following procedure. If your setup requires named pipes, ensure that TCP/IP has a higher precedence than named pipes.

To disable named pipes

  1. Click Start, and then click Run.
  2. In the Run dialog box, in the Open box, type cliconfg, and then click OK.
  3. In the SQL Server Client Network Utility dialog box, on the General tab, if you have the Default network library section, select TCP/IP from the drop-down list, and then click OK.

    –Or–

    If you have a Disabled Protocols section, select TCP/IP, and then click Enabled. If Named Pipes appears in the Enabled protocols section, click Named Pipes, click Disable, and then click OK.

Creating a New Web Site for the Web Servers

To avoid potential security risks associated with ISAPI and the default Web site, you need to create a new Web site on each Web server. First, you need to create a folder to hold the AFS Web site files, and then you need to create the new AFS Web site.

To create a folder to contain the files for the new Web site for the Web servers

  1. Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
  2. In Windows Explorer, navigate to the root drive.
  3. On the File menu, click New, and then click Folder.
  4. In the right pane, in the new folder Name box, type MySite, and then press ENTER.

Now that you have created a folder to contain the files for the new Web site, you are ready to create the new Web site.

To create the new Web site for the Web servers

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Services and Applications, expand Internet Information Services, right-click Default Web Site, and then click Stop.
  3. Right-click Internet Information Services, click New, and then click Web Site.

    The Web Site Creation Wizard starts.

  4. In the Welcome to the Web Site Creation Wizard screen, click Next.
  5. In the Web Site Description screen, type MySite as the description for the new Web site, and then click Next.
  6. In the IP Address and Port Settings screen, accept the default values and click Next.
  7. In the Web Site Home Directory screen, type the path to the MySite folder, or click Browse to navigate to this folder.
  8. Select Allow anonymous access to this Web site, and then click Next.
  9. In the Web Site Access Permissions screen, accept the default values and click Next.
  10. In the You have successfully completed the Web Site Creation Wizard screen, click Finish.

Maximizing Web Server Performance

You can maximize the performance of the Web servers by increasing the Performance Tuning setting on each Web server.

To increase the Performance Tuning setting

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
  2. In the Internet Information Services window, expand <servername>, right-click MySite, and then click Properties.
  3. In the MySite Properties dialog box, on the Performance tab, in the Performance tuning section, increase the setting to More than 100,000, and then click OK.

Configuring the Internet Connection

Use the following procedure to configure the Internet connection on each Web server.

To configure the Internet connection

  1. On the desktop of the Web server, double-click Connect to the Internet.
  2. In the Welcome to the Internet Connection Wizard screen, select the LAN option, and then click Next.
  3. In the Setting up your Internet Connection screen, select the LAN option, and then click Next.
  4. In the Local Area Network Internet Configuration screen, clear all check boxes, and then click Next.
  5. In the Set Up your Internet Mail Account screen, select No, and then click Next.
  6. In the Completing the Internet Connection Wizard screen, click Finish.

Configuring Proxy Settings

For the DMZ Web servers to access the Internet, you must configure the proxy settings in Internet Explorer as described in the following procedure on each Web server.

To configure proxy settings

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. In the Internet Options dialog box, on the Connections tab, in the Local Area Network (LAN) settings section, click LAN Settings.
  3. In the Local Area Network (LAN) Settings dialog box, in the Proxy server section, select Use a proxy server, in the Address box, type 10.10.0.100, and in the Port box, type 8080. Select Bypass proxy server for local addresses, and then click OK.
  4. In the Internet Options dialog box, click Apply, and then click OK.

Creating the Service Account for the Web Servers

For security purposes, you will need to create a local machine account with only User privileges on each Web server. This account will be used to run the AFS COM+ applications.

To create the service account for the Web servers

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Local Users and Groups, right-click Users, and then click New User.
  3. In the New User dialog box, do the following:
    Field Enter
    User name AFS_Service_Account
    Password The appropriate password.
    Confirm password The appropriate password.
  4. Clear the User must change password at next logon box.
  5. Select the check boxes for User cannot change password and Password never expires.
  6. Click Create, and then click Close.

Installing Commerce Server 2002

This section provides instructions for installing Commerce Server 2002 on the Business Desk server and the DMZ Web cluster. Specifically, this section describes how to:

Installing Commerce Server 2002 Enterprise Edition on the Business Desk Server

While Commerce Server 2002 Enterprise Edition will be installed on both the Web cluster in the DMZ and the Business Desk server in the intranet, you must first install Commerce Server 2002 on the Business Desk server before installing it on the Web cluster. Use the following procedure on the Business Desk server to install Commerce Server 2002.

To install Commerce Server 2002 on the Business Desk server

  1. Insert the Commerce Server 2002 CD into the CD-ROM drive of the Business Desk server.
  2. In Windows Explorer, navigate to the folder containing the Commerce Server 2002 setup file, and then double-click setup.exe.

    The Commerce Server 2002 Setup wizard starts.

  3. Click Commerce Server 2002 Enterprise Edition Components, and then follow the online prompts.
  4. In the Setup Type screen, select Custom, and then click Next.
  5. In the Custom Setup screen, click to the left of Analysis & Data Warehouse, and then select Entire feature will be installed on local drive.
  6. Repeat step 5 for Direct Mailer Server and for Predictor Service.
  7. Click Next.
  8. In the Administration Database Configuration screen, select Use a specific User Name and Password, and then do the following:
    Field Enter
    SQL Server Computer The computer name of the SQL Server.
    SQL Server Login Name AFSSQL
    SQL Server Login Password The corresponding password.
  9. Click Next.
  10. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box indicating that a new Administration database will be created, click OK.
  11. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box recommending Windows Authentication, click OK.
  12. In the Direct Mailer Database Configuration screen, select Use a specific User Name and Password, and then do the following:
    Field Enter
    SQL Server Computer The computer name of the SQL Server.
    SQL Server Login Name AFSSQL
    SQL Server Login Password The corresponding password.
  13. Click Next.
  14. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box recommending Windows Authentication, click OK.
  15. In the Services Accounts screen, ensure that the Use the same account for each service and set all to auto start option is selected.
  16. In the Service Settings section, do the following:
    Field Enter
    Username AFS_Admin_Account
    Password The corresponding password.
    Domain Contoso
  17. Click Next.
  18. In the Ready to Install screen, click Install.
  19. In the Completing the Commerce Server 2002 Setup Wizard screen, ensure that the Register online with Microsoft option is not selected, and then click Finish.
  20. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box indicating to restart server, click Yes.

Installing Commerce Server 2002 Enterprise Edition on the DMZ Web Cluster

For each of the three Web servers in the DMZ Web cluster, use the following procedure to install Commerce Server 2002 Enterprise Edition.

To install Commerce Server 2002 on the DMZ Web cluster

  1. Insert the Commerce Server 2002 CD into the CD-ROM drive of the Web server.
  2. In Windows Explorer, navigate to the folder containing the Commerce Server 2002 setup file, and then double-click setup.exe

    The Commerce Server 2002 Setup wizard starts.

  3. Click Commerce Server 2002 Enterprise Edition Components, and then follow the online prompts.
  4. In the Setup Type screen, select Web Server, and then click Next.
  5. In the Administration Database Configuration screen, select Use a Specific User Name and Password, and then do the following:
    Field Enter
    SQL Server Computer The computer name of the SQL Server.
    SQL Server Login Name AFSSQL
    SQL Server Login Password The corresponding password.
  6. Click Next.
  7. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box indicating that the Administration database exists, click OK.
  8. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box recommending Windows Authentication, click OK.
  9. In the Services Accounts screen, ensure that the Use the same account for each service and set all to auto start option is selected.
  10. In the Service Settings section, do the following:
    Field Enter
    Username Administrator
    Password The corresponding password.
    Domain The server name.
  11. Click Next.
  12. In the Ready to Install screen, click Install.
  13. In the Completing the Commerce Server 2002 Setup Wizard screen, ensure that the Register online with Microsoft option is not selected, and then click Finish.
  14. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box indicating to restart server, click Yes.

Installing BizTalk Accelerator for Suppliers Service Release 1

This section provides instructions for installing BizTalk Accelerator for Suppliers (AFS) Service Release 1 (SR1) on the Business Desk server, the BizTalk Server, and the DMZ Web cluster. Specifically, this section describes how to:

Installing BizTalk Accelerator for Suppliers Service Release 1 on the Business Desk Server

Use the following procedure on the Business Desk server to install AFS Service Release 1 (SR1).

To install AFS SR1 on the Business Desk server

  1. Insert the Microsoft BizTalk Accelerator for Suppliers CD into the CD-ROM drive of the Business Desk server.
  2. In Windows Explorer, navigate to the folder containing the BizTalk Accelerator for Suppliers setup file, and then double-click setup.exe.

    The Microsoft BizTalk Accelerator for Suppliers Setup Wizard starts.

  3. In the Welcome to the Microsoft BizTalk Accelerator for Suppliers SR1 Setup Wizard screen, click Next.
  4. In the License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the license agreement to proceed with installation, and then click Next.
  5. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The organization name.
    Product key The product key.
  6. Click Next.
  7. In the Platform Validation screen, verify that all requirements for Commerce Server components are met, and then click Next.
  8. In the Custom Setup screen, ensure that the Commerce Server Components option has a server icon next to it, indicating that it will be installed, and ensure that the BizTalk Server Components option has an X next to it, indicating that it will not be installed.
  9. Click to the left of SDK and Samples, select Entire feature will be installed on local drive, and then click Next.
  10. In the Destination Folder screen, click Change to select a folder for installation, or click Next to use the default installation folder.
  11. In the BizTalk Messaging Configuration screen, do the following:
    Field Enter
    Username AFS_Service_Account
    Password The corresponding password.
    Domain Contoso
  12. Click Next.
  13. In the Ready to Install the Program screen, click Install.

    This step starts the installation process.

  14. In the Setup Wizard Completed screen, click Finish.
  15. In the Unpack screen, select Custom unpack, and then click Next.
  16. In the Unpack Method screen, select Create a new site, and then click Next.
  17. In the Site Name screen, in the Site name box, type SupplierAccelerator, and then click Next.
  18. In the Select Resources screen, click Next.
  19. In the Global Resource Pointers screen, click Next.
  20. In the Database Connection Strings screen, click New Database.
  21. In the New Database dialog box, select Use a specific user name and password.
  22. In the New Database dialog box, do the following:
    Field Enter
    SQL Server computer The computer name of SQL Server.
    Database name supplieraccelerator_commerce
    SQL user name AFSSQL
    SQL password The corresponding password.
  23. Click Create database.
  24. Repeat steps 20 to 23 but use supplieraccelerator_dw for the database name.
  25. In the Database Connection Strings screen, click the first resource and while pressing the SHIFT key, click the last resource to select all of the resources.
  26. In the Database Connection Strings screen, press CTRL, and then click the Data Warehouse resource to unselect it.
  27. In the Database Connection Strings screen, click Modify. This enables you to modify all the selected resource connection strings at once.
  28. In the Data Link Properties dialog box, on the Connection tab, in the Select or enter a server name box, type the name of the SQL Server.
  29. In the Enter information to log on to the server section, select Use a specific user name and password, and do the following:
    Field Enter
    User name AFSSQL
    Password The corresponding password.
  30. Select Select the database on the server, select supplieraccelerator_commerce from the drop-down list, and then click Test Connection.
  31. If the connection test is successful, click OK in the Microsoft Data Link dialog box informing you that the test connection succeeded.
  32. In the Data Link Properties dialog box, click OK.
  33. In the Database Connection Strings screen, select the Data Warehouse resource, and then click Modify.
  34. Repeat steps 28 through 32 but select supplieraccelerator_dw from the drop-down list for the database in step 30.
  35. In the Database Connection Strings screen, click Next.
  36. In the Microsoft Commerce Server 2002 Enterprise Edition dialog box recommending Windows Authentication, click OK.
  37. In the Select Applications screen, ensure that both check boxes are selected, and then click Next.
  38. In the Select IIS Computers, WebSites and Paths screen, select supplieraccelerator from the list of applications, and in the IIS Web site section, select MySite from the drop-down list.
  39. Select supplieracceleratorbizdesk from the list of applications, and in the IIS Web site section, select MySite from the drop-down list.
Note Ensure that both the supplieraccelerator and supplieracceleratorbizdesk applications are using MySite. Use the default IIS path.
  1. Click Next.
  2. In the Data Warehouse screen, click OK.
  3. In the Microsoft BizTalk Accelerator for Suppliers screen, in the BizTalk Server Name box, type the name of the BizTalk Server, and then click OK.
  4. In the Profiling System screen, click Next.
  5. In the next Profiling System screen, click OK. It may take several minutes for the unpacking process to complete.
  6. In the Unpacking is complete screen, click Finish.
  7. Restart the server.

Installing BizTalk Accelerator for Suppliers Service Release 1 on the BizTalk Server

This section provides detailed instructions for installing AFS Service Release 1 (SR1) on the BizTalk Server.

Use the following procedure to install AFS Service Release 1 (SR1) on the BizTalk Server.

To install AFS SR1 on the BizTalk Server

  1. Insert the Microsoft BizTalk Accelerator for Suppliers CD into the CD-ROM drive of the BizTalk Server.
  2. In Windows Explorer, navigate to the folder containing the BizTalk Accelerator for Suppliers setup file, and then double-click setup.exe.

    The Microsoft BizTalk Accelerator for Suppliers Setup Wizard starts.

  3. In the Welcome to the Microsoft BizTalk Accelerator for Suppliers SR1 Setup Wizard screen, click Next.
  4. In the License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the license agreement to proceed with installation, and then click Next.
  5. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The organization name.
    Product key The product key.
  6. Click Next.
  7. In the Platform Validation screen, verify that all the requirements for BizTalk Server components are met, and then click Next.
  8. In the Custom Setup screen, ensure that the BizTalk Server Components option has a server icon next to it, indicating that it will be installed, and ensure that the Commerce Server Components option has an X next to it, indicating that it will not be installed, and then click Next.
  9. In the Destination Folder screen, click Change to select a folder for installation, or click Next to use the default installation folder.
  10. In the BizTalk Messaging Configuration screen, do the following:
    Field Enter
    Username AFS_Service_Account
    Password The corresponding password.
    Domain Contoso
  11. Click Next.
  12. In the BizTalk Database Security Configuration screen, do the following:
    Field Enter
    Username sa
    Password The corresponding password.
  13. Click Next.
  14. In the Select IIS Web Site screen, ensure that Default Web Site is selected, and then click Next.
  15. In the BizTalk PO Port Configuration screen, type http://www.contoso.com/supplieraccelerator, and then click Next.
  16. In the Ready to Install the Program screen, click Install.

    This step starts the installation process.

  17. In the Setup Wizard Completed screen, click Finish.

Enabling HTTP Catalog Publishing

To enable HTTP catalog publishing, you must add proxy server settings to the BizTalk Server Administration.

To add proxy server settings to the BizTalk Server

  1. Click Start, point to Programs, point to Microsoft BizTalk Server 2002, and then click BizTalk Server Administration.
  2. In the BizTalk Server Administration window, expand Microsoft BizTalk Server 2002, right-click BizTalk Server Group, and then click Properties.
  3. In the BizTalk Server Group Properties dialog box, on the General tab, in the Proxy server section, select Use a proxy server.
  4. In the Address box, type the Private IP address of the intranet ISA Server. The example IP address used in this document is 10.30.0.100.
  5. In the Port box, type 8080, and then click OK.

Changing the Sharing Permissions on the AFSCatalogPub Folder

Use the following procedure to grant full control for only the AFS_Service_Account domain account and the local BizTalk Server Administrators group on the AFSCatalogPub folder.

To change the sharing permissions on the AFSCatalogPub folder

  1. In Windows Explorer, navigate to the <drive>:\Documents and Settings\All Users\Application Data folder, right-click the AFSCatalogPub folder, and then click Properties.
  2. In the AFSCatalogPub Properties dialog box, on the Security tab, in the Name section, select Everyone, and ensure that the option Allow inheritable permissions from parent to propagate to this object is not selected.
  3. In the Security dialog box, click Remove.
  4. In the Name section, select AFS_Service_Account, in the Permissions section, select Allow Full Control, and then click Add.
  5. In the Select Users, Computers, or Groups box, type <servername>\BizTalk Server Administrators, and then click OK.
  6. In the Name section, select BizTalk Server Administrators, and in the Permissions section, select Allow Full Control.
  7. Click OK.

Installing AFS Service Release 1 on the DMZ Web Cluster

Use the following procedure on each server in the Web cluster to install AFS Service Release 1 (SR1).

To install AFS SR1 on the Web cluster servers

  1. Insert the Microsoft BizTalk Accelerator for Suppliers CD into the CD-ROM drive of the Web server.
  2. In Windows Explorer, navigate to the folder containing the BizTalk Accelerator for Suppliers setup file, and then double-click setup.exe.

    The Microsoft BizTalk Accelerator for Suppliers Setup Wizard starts.

  3. In the Welcome to the Microsoft BizTalk Accelerator for Suppliers SR1 Setup Wizard screen, click Next.
  4. In the License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the license agreement to proceed with installation, and then click Next.
  5. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The organization name.
    Product key The product key.
  6. Click Next.
  7. In the Platform Validation screen, verify that all requirements for Commerce Server components are met, and then click Next.
  8. In the Custom Setup screen, ensure that the Commerce Server Components option has a server icon next to it, indicating that it will be installed, and ensure that the BizTalk Server Components option has an X next to it, indicating that it will not be installed, and then click Next.
  9. In the Destination Folder screen, click Change to select a folder for installation, or click Next to use the default installation folder.
  10. In the BizTalk Messaging Configuration screen, do the following:
    Field Enter
    Username AFS_Service_Account
    Password The corresponding password.
    Domain The name of the server.
  11. Click Next.
  12. In the Ready to Install the Program screen, click Install.

    This step starts the installation process.

  13. In the Setup Wizard Completed screen, click Finish.
  14. In the Unpack screen, select Custom unpack, and then click Next.
  15. In the Unpack Method screen, select Add a Web server to an existing application in an existing site, and then click Next.
  16. In the Select Site screen, in the Existing sites section, select SupplierAccelerator, and then click Next.
  17. In the Select Applications screen, clear the check box for supplieracceleratorbizdesk, and then click Next.
  18. In the Select IIS Computers, Web Sites and Paths screen, ensure that the supplieraccelerator application is displayed.
  19. In the IIS Web site section, ensure that MySite is selected from the drop-down list, and then click Next.
  20. In the Unpacking is complete screen, click Finish.
  21. Restart the server.

Adding Additional SQL Permissions for the AFS_Service_Account

Use the following procedure to grant permissions on the BizTalk databases for the user AFS_Service_Account.

To grant permissions on the BizTalk databases for the AFS_Service_Account

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
  2. In SQL Server Enterprise Manager, expand Microsoft SQL Servers, expand SQL Server Group, expand <servername>, expand Security, and then click Logins.
  3. In the right pane of Enterprise Manager in the list of users, right-click contoso\AFS_Service_Account user, and then click Properties.
  4. In the SQL Server login Properties – contoso\AFS_Service_Account dialog box, on the Database Access tab, in the Specify which databases can be accessed by the login box, select the check box for InterchangeSQ.
  5. In the Database roles for InterchangeSQ box, select db_owner.
  6. In the Specify which databases can be accessed by the login box, select the check box for InterchangeDTA.
  7. In the Database roles for InterchangeDTA box, select db_owner.
  8. In the SQL Server login Properties – contoso\AFS_Service_Account dialog box, click OK.

Modifying the Commerce Server 2002 MMC

To access the site properly, you need to modify the Commerce Server 2002 Microsoft Management Console (MMC) settings so that the proper Web site name is used. This only needs to be modified on one of the Web servers (or on the Business Desk server).

To modify the Commerce Server 2002 MMC

  1. Click Start, point to Programs, point to Microsoft Commerce Server 2002, and then click Commerce Server Manager.
  2. In the Commerce Server 2002 window, expand Commerce Server Manager, expand Commerce Sites, expand SupplierAccelerator, and then expand Applications.
  3. Right-click <servername>/supplieraccelerator, and then click Properties.
  4. In the <servername>/supplieraccelerator Properties dialog box, in the Nonsecure host name box, type www.contoso.com, and then click OK.
  5. Right-click <servername>/supplieracceleratorbizdesk, and then click Properties.
  6. In the <servername>/supplieracceleratorbizdesk Properties dialog box, in the Nonsecure host name box, type www.contoso.com, and then click OK.
  7. Click Start, and then click Run.
  8. In the Run dialog box, in the Open box, type iisreset, and then click OK.
  9. Repeat steps 7 and 8 on all the Web servers and the Business Desk server

Installing and Configuring the External ISA Server

This section provides detailed instructions for installing and configuring the external ISA Server. Specifically, this section describes how to:

Removing Internet Information Services

If you installed Internet Information Services (IIS) by default on the external ISA Server when you installed Windows 2000, you can remove it because it is not needed.

To remove IIS from the external ISA Server

  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add/Remove Programs.
  3. In Add/Remove Programs, click Add/Remove Windows Components from the left column.

    The Windows Components Wizard starts.

  4. In the Windows Components screen, clear the check box for Internet Information Services (IIS), and then click Next. You might have to scroll down to view the Internet Information Services (IIS) component.
  5. If the Terminal Services Setup screen appears, select Remote administration mode, and then click Next. The wizard might take a few minutes to complete.
  6. In the Completing the Windows Components Wizard screen, click Finish.

    IIS is now uninstalled.

  7. Click Close to exit Add/Remove Programs.

Installing ISA Server Standard Edition

After you have removed IIS, you can install ISA Server.

To install ISA Server Standard Edition

  1. Insert the ISA Server 2000 Standard Edition CD into the CD-ROM drive of the external ISA Server.
  2. In Windows Explorer, navigate to the folder containing the ISA Server 2000 setup file, and then double-click ISAAutorun.exe.
  3. In the Microsoft ISA Server Setup screen, select Install ISA Server.
  4. In the Microsoft ISA Server (Standard Edition) Setup dialog box, click Continue.
  5. In the Microsoft ISA Server Setup dialog box, read the End-User License Agreement (EULA), and then click I Agree to accept the terms of the EULA to proceed with installation.
  6. In the Microsoft ISA Server (Standard Edition) Setup dialog box, click Full Installation.
  7. In the Microsoft ISA Server Setup dialog box, select Integrated mode, and then click Continue.
  8. In the Microsoft Internet Security and Acceleration Server Setup dialog box, click OK to accept the default location and size for the ISA Server cache drives.
  9. In the Microsoft Internet Security and Acceleration Server Setup dialog box for entering the IP address ranges, click Construct Table.
  10. In the Local Address Table dialog box, clear the check box for Add the following private ranges, select Add address ranges based on the Windows 2000 Routing Table, select the Private and Dedicated network adapters, and then click OK. The example IP addresses in this document are 10.10.0.100 and 10.50.0.101, respectively.
  11. In the Setup Message dialog box, click OK.
  12. In the Microsoft Internet Security and Acceleration Server Setup dialog box for entering the IP address ranges, click OK.
  13. If a message box appears, informing you that Message Screener requires the SMTP Service, click OK.

    The ISA Server installation starts.

  14. In the Launch ISA Management Tool dialog box, clear the check box for starting up the wizard, and then click OK.
  15. In the Microsoft ISA Server (Standard Edition) Setup dialog box that states that ISA Server Setup was completed successfully, click OK.

Installing ISA Server Service Pack 1

After you install ISA Server, you can install ISA Server Service Pack 1 (SP1).

To install ISA Server SP1

  1. In Windows Explorer, navigate to the folder containing the ISA Server SP1 setup file, and then double-click ISASP1.exe.
  2. In the Software License Agreement screen, read the End-User License Agreement (EULA), and select I agree to proceed with installation.

    Installation starts.

  3. In the Microsoft ISA Server 2000 Update Setup dialog box, click OK.
  4. The server will restart after the Service Pack is installed.

Installing Windows 2000 Hotfix Q315764

Use the following procedure to install Windows 2000 Hotfix Q315764.

To install Windows 2000 Hotfix Q315764

Modifying ISA Server Properties

After installing ISA Server, modify its properties so that requests containing sensitive data (requests for confirm.asp and crdtcard.asp) can be forwarded to the intranet ISA Server. Because the processing of these pages consumes more resources, the forwarding performed by the external ISA Server provides load balancing (between the DMZ Web cluster and intranet Business Desk server) and relieves the DMZ Web cluster of processing these requests. With this forwarding, the DMZ Web cluster can achieve better performance in serving Web sites.

Adding Incoming Web Request Listeners

Because ISA Server intercepts requests from external clients for internal servers, you must specify which IP addresses will listen for Web requests from external clients. Use the following procedure to add incoming Web request listeners.

To add incoming Web request listeners

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, right-click <servername>, and then click Properties.
  3. In the <servername> Properties dialog box, on the Incoming Web Requests tab, select Configure listeners individually per IP address, and then click Add.
  4. In the Add/Edit Listeners dialog box, click the drop-down list for Server and select <servername>.
  5. Click the drop-down list for IP Address, and select the IP address corresponding to the Public network adapter.
  6. Clear all check boxes except for Integrated, and then click OK.
  7. In the <servername> Properties dialog box, click Apply.
  8. In the ISA Server Warning dialog box, select Save the changes and restart the service(s), and then click OK.
  9. In the <servername> Properties dialog box, click OK.

Creating a New Site and Content Rule

Site and content rules determine if and when content on specific destination sets can be accessed by specified users. Use the following procedure to create a new site and content rule.

To create a new site and content rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In ISA Management, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click Site and Content Rules, click New, and then click Rule.

    This step starts the New Site and Content Rule Wizard.

  3. In the Welcome to the New Site and Content Rule Wizard screen, in the Site and content rule name box, type Allow, and then click Next.
  4. In the Rule Action screen, ensure that Allow is selected, and then click Next.
  5. In the Rule Configuration screen, ensure that Allow access based on destination is selected, and then click Next.
  6. In the Destination Sets screen, ensure that All destinations is selected from the drop-down list, and then click Next.
  7. In the Completing the New Site and Content Rule Wizard screen, click Finish.

Creating New Protocol Rules

Protocol rules determine which protocols clients can use and when. Use the following procedure to create the Outgoing Web Traffic protocol rule.

To create the Outgoing Web Traffic protocol rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In ISA Management, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click Protocol Rules, click New, and then click Rule.

    The New Protocol Rule Wizard starts.

  3. In the Welcome to the New Protocol Rule Wizard screen, in the Protocol rule name box, type Outgoing Web Traffic, and then click Next.
  4. In the Rule Action screen, ensure that Allow is selected, and then click Next.
  5. In the Protocols screen, ensure that Selected protocols is selected from the drop-down list. In the Protocols section, ensure that the HTTP, HTTPS, and Show only selected protocols options are selected, and then click Next.
  6. In the Schedule screen, ensure that Always is selected from the drop-down list, and then click Next.
  7. In the Client Type screen, ensure that Any request is selected, and then click Next.
  8. In the Completing the New Protocol Rule Wizard screen, click Finish.

Creating Destination Sets

A destination set is defined as a set of path locations or a specific IP range. Destination sets are used by routing or publishing rules to define a specific set of destinations. Use the following procedure to create the SupplierAccelerator, Confirm, and Forbidden destination sets.

The SupplierAccelerator destination set defines all the ASP pages in the supplieraccelerator site.

To create the SupplierAccelerator destination set

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Destination Sets, click New, and then click Set.
  3. In the New Destination Set dialog box, in the Name box, type SupplierAccelerator, and then click Add.
  4. In the Add/Edit Destination dialog box, select Destination, and then type an asterisk (*).
  5. In the Path box, type /supplieraccelerator/*, and then click OK.
  6. In the New Destination Set dialog box, click OK.

The Confirm destination set defines the two ASP pages that are used by purchase order processing.

To create the Confirm destination set

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Destination Sets, click New, and then click Set.
  3. In the New Destination Set dialog box, in the Name box, type Confirm, and then click Add.
  4. In the Add/Edit Destination dialog box, select Destination, and then type www.contoso.com.
  5. In the Path box, type /supplieraccelerator/confirm.asp, and then click OK.
  6. In the New Destination Set dialog box, click Add.
  7. In the Add/Edit Destination dialog box, select Destination, and then type www.contoso.com.
  8. In the Path box, type /supplieraccelerator/crdtcard.asp, and then click OK.
  9. In the New Destination Set dialog box, click OK.

The Forbidden destination set defines ASP pages that Internet clients are forbidden to access.

To create the Forbidden destination set

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Policy Elements, right-click Destination Sets, click New, and then click Set.
  3. In the New Destination Set dialog box, in the Name box, type Forbidden, and then click Add.
  4. In the Add/Edit Destination dialog box, select Destination, and then type www.contoso.com.
  5. In the Path box, type /supplieraccelerator/BDRefresh.asp, and then click OK.
  6. In the New Destination Set dialog box, click OK.

Creating Web Publishing Rules

You need to create three Web publishing rules named NLB IIS Web Servers, Confirm, and Forbidden to define how incoming Web requests will be handled.

Note It is important that the rules be listed in the following order: Forbidden, Confirm, NLB IIS Web Servers, and Default. The order of the rules can be set by using the UP or DOWN arrow in the ISA Management window.

The NLB IIS Web Server rule directs all Web traffic to the DMZ Web servers. Use the following procedure to create the NLB IIS Web Servers Web publishing rule.

To create the NLB IIS Web Servers Web publishing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In ISA Management, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Web Publishing Rules, click New, and then click Rule.

    The New Web Publishing Rule Wizard starts.

  3. In the Welcome to the New Web Publishing Rule Wizard screen, in the Web publishing rule name box, type NLB IIS Web Servers, and then click Next.
  4. In the Destination Sets screen, ensure that Specified destination set is selected from the drop-down list.
  5. In the Name drop-down list, ensure that SupplierAccelerator is selected, and then click Next.
  6. In the Client Type screen, select Any Request, and then click Next.
  7. In the Rule Action screen, select Redirect the request to this internal Web server (name or IP address), and then type the name of the Web cluster in the text box next to the Browse button. The example name used in this document is www.contoso.com.
  8. Select Send the original host header to the publishing server, use the default ports, and then click Next.

    All requests will be redirected to the Web cluster.

  9. In the Completing the New Web Publishing Rule Wizard screen, click Finish.
  10. In the ISA Management window, double-click the NLB IIS Web Servers rule.
  11. In the NLB IIS Web Servers Properties dialog box, on the Bridging tab, in the Redirect SSL requests as section, ensure that HTTP requests is selected, and then click OK.

The confirm rule redirects any purchase order request (for the confirm.asp or crdtcard.asp pages) to the Business Desk server instead of to the Web servers. Use the following procedure to create the Confirm Web publishing rule.

To create the Confirm Web publishing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Web Publishing Rules, click New, and then click Rule.

    The New Web Publishing Rule Wizard starts.

  3. In the Welcome to the New Web Publishing Rule Wizard screen, in the Web publishing rule name box, type Confirm, and then click Next.
  4. In the Destination Sets screen, ensure that Specified destination set is selected from the drop-down list.
  5. In the Name drop-down list, ensure that Confirm is selected, and then click Next.
  6. In the Client Type screen, ensure that Any Request is selected, and then click Next.
  7. In the Rule Action screen, select Redirect the request to this internal Web server (name or IP address), and then type the IP address corresponding to the Dedicated network adapter of the intranet ISA Server in the text box next to the Browse button. The example IP address used in this document is 10.50.0.100.
  8. Select Send the original host header to the publishing server, use the default ports, and then click Next.

    All requests will be redirected to the intranet ISA Server.

  9. In the Completing the New Web Publishing Rule Wizard screen, click Finish.
  10. In the ISA Management window, double-click the Confirm rule.
  11. In the Confirm Properties dialog box, on the Bridging tab, in the Redirect SSL requests as section, ensure that HTTP requests is selected, and then click OK.

The Forbidden rule denies all access from external clients. Use the following procedure to create the Forbidden Web publishing rule.

To create the Forbidden Web publishing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Publishing, right-click Web Publishing Rules, click New, and then click Rule.

    The New Web Publishing Rule Wizard starts.

  3. In the Welcome to the New Web Publishing Rule Wizard screen, in the Web publishing rule name box, type Forbidden, and then click Next.
  4. In the Destination Sets screen, ensure that Specified destination set is selected from the drop-down list.
  5. In the Name drop-down list, ensure that Forbidden is selected, and then click Next.
  6. In the Client Type screen, ensure that Any Request is selected, and then click Next.
  7. In the Rule Action screen, ensure that Discard the Request is selected, and then click Next.
  8. In the Completing the New Web Publishing Rule Wizard screen, click Finish.
  9. In the ISA Management window, double-click the Forbidden rule.
  10. In the Confirm Properties dialog box, on the Bridging tab, in the Redirect SSL requests as section, ensure that HTTP requests is selected, and then click OK.

Creating New Routing Rules

Routing rules determine whether a client's Web request is retrieved directly, routed to an upstream ISA Server, or routed to an alternative destination. Use the following procedure to create the contoso.com routing rule.

To create the contoso.com routing rule

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In ISA Management, expand Servers and Arrays, expand <servername>, expand Network Configuration, right-click Routing, click New, and then click Rule.

    The New Routing Rule Wizard starts.

  3. In the Welcome to the New Routing Rule Wizard screen, in the Routing rule name box, type contoso.com, and then click Next.
  4. In the Destination Sets screen, ensure that All internal destinations is selected from the drop-down list, and then click Next.
  5. In the Request Action screen, ensure that Retrieve them directly from specified destination is selected, and then click Next.
  6. In the Cache Retrieval Configuration screen, ensure that A valid version of the object is selected, and then click Next.
  7. In the Cache Content Configuration screen, ensure that If source and request headers indicate to cache, then the content will be cached is selected, and then click Next.
  8. In the Completing the New Routing Rule Wizard screen, click Finish.

Enabling IP Packet Filtering

Use the following procedure to verify that IP packet filtering is enabled.

To verify that IP packet filtering is enabled

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand <servername>, expand Access Policy, right-click IP Packet Filters, and then click Properties.
  3. In the IP Packet Filters window, on the General tab, ensure that all three check boxes are selected, and then click OK.

Modifying the Hosts File

You must modify the hosts file so that ISA Server will use the URL www.contoso.com as the virtual IP (VIP) address of the DMZ Web servers. By default, the hosts file is located in the <drive>:\WINNT\system32\drivers\etc folder. Add the following entry to the hosts file:

10.10.0.10www.contoso.com

Maximizing ISA Server Performance

You can maximize the performance of the ISA Server by increasing the Performance Tuning setting. Use the following procedure to increase this setting.

To increase the Performance Tuning setting

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, right-click <servername>, and then click Properties.
  3. In the <servername> Properties dialog box, on the Performance tab, in the Performance tuning section, increase the setting to More than 1,000, and then click OK.

Configuring Secure Sockets Layer on the Web Site

You will need to obtain a Secure Sockets Layer (SSL) certificate and install it on the external ISA Server. After installing your SSL certificate, you will need to configure your external ISA Server and configure Commerce Server Manager.

Use the following procedures to configure the external ISA Server and Commerce Server Manager for SSL.

To configure the external ISA Server for SSL

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, right-click <servername>, and then click Properties.
  3. In the <servername> Properties dialog box, on the Incoming Web Requests tab, select the Enable SSL listeners check box.
  4. In the SSL Listeners dialog box, click OK.
  5. In the <servername> Properties dialog box, select the public IP from the list box, and then click Edit.
  6. In the Add/Edit Listeners dialog box, select Use a server certificate to authenticate to web clients, and then click Select.
  7. In the Select Certificate dialog box, select the SSL certificate, and then click OK.
  8. In the Add/Edit Listeners dialog box, click OK.
  9. In the <servername> Properties dialog box, click Apply.
  10. In the ISA Server Warning dialog box, select Save the Changes and Restart the service(s), and then click OK.
  11. In the <servername> Properties dialog box, click OK.

To configure Commerce Server Manager for SSL

  1. On the Business Desk server, click Start, point to Programs, point to Microsoft Commerce Server 2002, and then click Commerce Server Manager.
  2. In the Commerce Server 2002 window, expand Commerce Server Manager, expand Commerce Sites, expand SupplierAccelerator, and then expand Applications.
  3. Right-click www.contoso.com/supplieraccelerator, and then click Properties.
  4. In the www.contoso.com/supplieraccelerator Properties dialog box, select Enable HTTPS.
  5. In the Secure host name box, type www.contoso.com, and then click OK.
  6. Click Start, and then click Run.
  7. In the Run dialog box, in the Open box, type iisreset, and then click OK.
  8. Repeat steps 6 and 7 on all the Web servers.

Locking Down the System

The following section describes additional configuration details that can help you to secure the system.

IIS Lockdown Tool

IIS Lockdown is a tool released by Microsoft that can help system administrators to close unused ports, services, and file extensions. This tool can be obtained from the Microsoft Security Toolkit or from the following URL:

http://www.microsoft.com/technet/security/tools/locktool.asp

You will need to run the IIS Lockdown tool on the BizTalk Server, the Business Desk server, and the Web servers. You will need to copy the correct urlscan.ini file from the SDK folder in the Business Desk server to each server that will be locked down. Copy the .ini files onto a floppy disk.

To copy the urlscan.ini files to a floppy disk from the Business Desk server

Use the following procedures to run the IIS Lockdown tool on the appropriate servers.

To run the IIS Lockdown tool on the BizTalk Server

  1. In Windows Explorer, navigate to the folder containing the IIS Lockdown tool setup file, and then double-click iislockd.exe.
  2. In the Welcome to the Internet Information Services Lockdown Wizard screen, click Next.
  3. In the End-User License Agreement screen, read the license agreement, click I agree, and then click Next.
  4. In the Select Server Template screen, select BizTalk Server 2000, select View template settings, and then click Next.
  5. In the Internet Services screen, ensure that Web service (HTTP) and Remove unselected services are the only check boxes selected, and then click Next.
  6. In the Internet Information Services Lockdown Wizard dialog box confirming the removal of services, click Yes.
  7. In the Script Maps screen, disable all selected script maps except for Active Server Pages (have only the ASP check box cleared), and then click Next.
  8. In the Additional Security screen, select all check boxes except Disable Web Distributed Authoring and Versioning (WebDAV), and then click Next.
  9. In the URLScan screen, select Install URLSCAN, and then click Next.
  10. In the Ready to Apply Settings screen, click Next.
  11. In the Applying Security Settings screen, click Next.
  12. In the Completing the Internet Information Services Lockdown Wizard screen, click Finish.
  13. In Windows Explorer, delete the urlscan.ini file from the <drive>:\WINNT\system32\inetsrv\urlscan folder.
  14. Rename the urlscan_afs_biztalk.ini file to urlscan.ini and copy it to the <drive>:\WINNT\system32\inetsrv\urlscan folder.
  15. Restart the server.

To run the IIS Lockdown tool on the Business Desk server and the Web servers

  1. In Windows Explorer, navigate to the folder containing the IIS Lockdown tool setup file, and then double-click iislockd.exe.
  2. In the Welcome to the Internet Information Services Lockdown Wizard screen, click Next.
  3. In the End-User License Agreement screen, read the license agreement, click I agree, and then click Next.
  4. In the Select Server Template screen, select Commerce Server 2000, select View template settings, and then click Next.
  5. In the Internet Services screen, ensure that Web service (HTTP) and Remove unselected services are the only check boxes selected, and then click Next.
  6. In the Internet Information Services Lockdown Wizard dialog box confirming the removal of services, click Yes.
  7. In the Script Maps screen, disable all selected script maps except for Active Server Pages (have only the ASP check box cleared), and then click Next.
  8. In the Additional Security screen, select all check boxes, and then click Next.
  9. In the URLScan screen, select Install URLSCAN, and then click Next.
  10. In the Ready to Apply Settings screen, click Next.
  11. In the Applying Security Settings screen, click Next.
  12. In the Completing the Internet Information Services Lockdown Wizard screen, click Finish.
  13. In Windows Explorer, delete the urlscan.ini file from the <drive>:\WINNT\system32\inetsrv\urlscan folder.
  14. Rename the urlscan_afs_commerce.ini file to urlscan.ini and copy it to the <drive>:\WINNT\system32\inetsrv\urlscan folder.
  15. Restart the server.

Verifying Installation

This section provides instructions about verifying proper functionality of the Microsoft BizTalk Accelerator for Suppliers (AFS) deployment. Specifically, this section contains information about verifying catalog publishing and order reception functionality.

To verify proper functionality of the deployment, install the Business Desk client on a client workstation. You cannot verify proper functionality by using the Business Desk server directly. The client workstation containing the Business Desk client should have Internet Explorer (IE) 5.5 Service Pack 2 and OWC10 installed. Use the following procedure to install the Business Desk client on a client workstation.

Installing the Business Desk Client

To install the Business Desk client, complete the following tasks:

  1. Establish network connectivity.
  2. Join the intranet domain.
  3. Add the AFS_Admin_Account user to the Administrators group.
  4. Install the AFS Software Development Kit (SDK).
  5. Configure the Internet connection.
  6. Configure proxy settings.
  7. Configure the Business Desk client.

Establishing Network Connectivity

Use the following procedure to establish network connectivity on the Business Desk client workstation.

To establish network connectivity on the Business Desk client workstation

  1. On the desktop, right-click My Network Places, and then click Properties.
  2. In the Network and Dial-up Connections window, right-click Local Area Connection, and then click Properties.
  3. In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP), and then click Properties.
  4. In the Internet Protocol (TCP/IP) Properties dialog box, select Use the following IP address, and do the following:
    Field Enter
    IP address 10.30.30.1
    Subnet mask 255.255.0.0
    Default gateway 10.30.0.100
  5. Select Use the following DNS server addresses, and do the following:
    Field Enter
    Preferred DNS server 10.30.0.200
  6. Click Advanced.
  7. In the Advanced TCP/IP Settings dialog box, on the DNS tab, select Append these DNS suffixes (in order), and then click Add.
  8. In the TCP/IP Domain Suffix dialog box, type contoso.com, and then click Add.
  9. In the Advanced TCP/IP Settings dialog box, click OK.
  10. In the Internet Protocol (TCP/IP) Properties dialog box, click OK.
  11. In the Local Area Connection Properties dialog box, click OK.

Joining the Intranet Domain

Use the following procedure to join the Business Desk client computer to the intranet domain.

To join the Business Desk client computer to the intranet domain

  1. On the desktop, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, on the Network Identification tab, click Properties.
  3. In the Identification Changes dialog box, in the Member of section, select Domain, type contoso.com, and then click OK.
  4. In the Domain Username and Password dialog box, type administrator, type the password, and then click OK.
  5. In the Network Identification dialog box that welcomes you to the domain, click OK.
  6. In the Network Identification dialog box that advises you to restart the computer, click OK.
  7. In the System Properties dialog box, click OK.
  8. In the System Settings Change dialog box, click Yes to restart the computer.

Adding the AFS_Admin_Account User to the Administrators Group

Use the following procedure to add the AFS_Admin_Account user to the Administrators group.

To add the AFS_Admin_Account user to the Administrators group

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. In the Computer Management window, expand Local Users and Groups, and then click Groups.
  3. In the right pane, double-click Administrators.
  4. In the Administrators Properties dialog box, click Add.
  5. In the Select Users or Groups dialog box, in the Look in box, select Contoso.com from the drop-down list.
  6. Click the AFS_Admin_Account account, click Add, and then click OK to close the dialog box.
  7. In the Administrators Properties dialog box, click Apply, and then click Add to apply the settings and close the dialog box.
  8. Close the Computer Management window.
  9. Log off, and then log back on to the Contoso.com domain as AFS_Admin_Account.

Installing the AFS SDK

Use the following procedure to install the BizTalk Accelerator for Suppliers Software Development Kit (SDK). You will need the SDK to verify proper functionality of the deployment.

To install the AFS SDK

  1. Insert the Microsoft BizTalk Accelerator for Suppliers CD into the CD-ROM drive.
  2. In Windows Explorer, navigate to the folder containing the BizTalk Accelerator for Suppliers setup file, and then double-click setup.exe.

    The Microsoft BizTalk Accelerator for Suppliers Setup Wizard starts.

  3. In the Welcome to the Microsoft BizTalk Accelerator for Suppliers SR1 Setup Wizard screen, click Next.
  4. In the License Agreement screen, read the End-User License Agreement (EULA), select I accept the terms in the license agreement to proceed with installation, and then click Next.
  5. In the Customer Information screen, do the following:
    Field Enter
    User name The user name.
    Organization The organization name.
    Product key The product key.
  6. Click Next.
  7. In the Platform Validation screen, click Next.
  8. In the Custom Setup screen, ensure that the BizTalk Server Components and Commerce Server Components options have an X next to them, indicating that they will not be installed. Make sure that SDK and Samples and Online Documentation options have a server icon next to them, indicating that they will be installed, and then click Next.
  9. In the Destination Folder screen, click Change to select a folder for installation, or click Next to use the default installation folder.
  10. In the Ready to Install the Program screen, click Install.

    This step starts the installation process.

  11. In the Setup Wizard Completed screen, click Finish.

Configuring the Internet Connection

Use the following procedure to configure the Internet connection.

To configure the Internet connection

  1. On the desktop, double-click Connect to the Internet.
  2. In the Welcome to the Internet Connection Wizard screen, select LAN, and then click Next.
  3. In the Setting up your Internet Connection screen, select LAN, and then click Next.
  4. In the Local Area Network Internet Configuration screen, clear all check boxes, and then click Next.
  5. In the Set Up your Internet Mail Account screen, select No, and then click Next.
  6. In the Completing the Internet Connection Wizard screen, click Finish.

Configuring Proxy Settings

For the Business Desk client to access the Internet, you must configure the proxy settings in Internet Explorer as described in the following procedure.

To configure proxy settings

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. In the Internet Options dialog box, on the Connections tab, in the Local Area Network (LAN) settings section, click LAN Settings.
  3. In the Local Area Network (LAN) Settings dialog box, in the Proxy server section, select Use a proxy server, in the Address box, type 10.30.0.100, and in the Port box, type 8080. Do not select Bypass proxy server for local addresses, and then click OK.
  4. In the Internet Options dialog box, click Apply, and then click OK.

Configuring the Business Desk Client

Use the following procedure to configure the Business Desk client.

To configure the Business Desk client

  1. In Internet Explorer, in the Address box, type http://<Business Desk server name>/supplieracceleratorbizdesk, and then press ENTER.
    Note You must use the explicit Business Desk server name. You cannot use the domain name or the IP address of the Business Desk server.
  2. If the security settings of the browser prevent the site from opening, ensure that you have enabled the following security settings in Internet Options:
  3. Follow the instructions on the remaining screens to start Business Desk.

Verifying Functionality

To confirm the successful installation of AFS, it is recommended that you verify the order reception and catalog publishing functionality by using sample data provided in the AFS SDK. For detailed information about verifying a successful installation, see "Confirming Successful Installation" in the AFS Help.

Completing the Deployment

Before you connect your solution to the public Internet, complete the following steps to ensure the safety of the network:

  1. Apply the prescribed service packs for all software on all servers.
  2. Apply the IIS Lockdown tool and any known hotfixes from http://www.microsoft.com/security.
  3. On the ISA Servers, do not publish the entire site or IP address. Always use a specific destination to publish a site. For example, use www.contoso.com/supplieraccelerator instead of www.contoso.com. Create the destination sets before publishing any site.
  4. Disable all unnecessary services that might potentially expose security holes that can be exploited by malicious users. Consider disabling the following services:

Known Issues

You might encounter the following issues while performing the deployment:

  1. For high availability, the external ISA Server can be configured in an array. For more information, see http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/isa/proddocs/isadocs/CMT_ServerComp.asp.
  2. If the date settings on the Business Desk server and the DMZ Web servers become unsynchronized, site users might inadvertently be redirected to the default.asp page. This occurs because the Web servers mistakenly expire the user's session.
  3. Network Load Balancing can only detect network failures and not HTTP failures. If your Web service is down, Network Load Balancing will not detect it. To detect HTTP failures, use the HTTPMon tool, which is available in the Microsoft Windows 2000 Resource Kit.
  4. You should always reboot your servers after installing or uninstalling AFS.
  5. For medium deployments, you must edit the global_cache_lib.asp file in the supplieraccelerator/include folder by adding the line:
    oCacheManager.RefreshCache("advertising")

    after the following line:

    Set oCacheManager.WriterConfig("advertising") = dictCampaignConfig
  6. For medium deployments, you must edit the global_cache_lib.asp file in the supplieraccelerator/include folder by adding the line:
    oCacheManager.RefreshCache("discounts")

    after the following line:

    Set oCacheManager.WriterConfig("discounts") = dictCampaignConfig
  7. If messages are stuck in the Retry queue, you must move them to the Suspended queue and then resubmit them.
  8. To prevent the loss of purchase orders in a failure scenario, you must either cluster the SQL Servers or wrap the XLANG functions in a transaction.
  9. If the network connection to a Business Desk server was disconnected, you must run IISReset at the command prompt. Until you run IISReset, any orders that are directed to this server are sent back to the BizTalk Server Retry queue. The following error messages are displayed:
    Event type Error
    Event Source SupplierAccelerator
    Event Category Purchase Order
    Event ID 200
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description _recvpo.asp Microsoft Commerce OLE DB Provider: HRESULT: -2147217915, Minor Code: 0, Source: Microsoft OLE DB Provider for SQL Server, Description Object was open.

    Event type Error
    Event Source Commerce Server 2002
    Event Category None
    Event ID 32769
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description In BindArgs::OpenDataSrc(), failed initializing data source (-904429548)

    Event type Error
    Event Source Commerce Server 2002
    Event Category None
    Event ID 32773
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description DataSource::Init(DS-1217-Profile Definitions) failed on catalog load (-904429548)

    Event type Error
    Event Source Commerce Server 2002
    Event Category None
    Event ID 32788
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description Catalog Load failed catalog: Profile Definitions (-2147217915)

    Event type Error
    Event Source Commerce Server 2002
    Event Category None
    Event ID 32
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description 'Select' statement failed for Catalog.Catalog name: Profile Definitions, Table name: CommerceServerCatalogs, SCODE: -2147217915

    Event type Error
    Event Source Commerce Server 2002
    Event Category None
    Event ID 32792
    Date <as appropriate>
    Time <as appropriate>
    User N/A
    Computer <as appropriate>
    Description HRESULT: -2147217915, Minor Code: 0, Source: Microsoft OLE DB Provider for SQL Server, Description Object was open.

  10. When publishing a catalog that has over 60,000 SKUs, you will need to change the Server.ScriptTimeout value from 2000 to a higher number (preferably to 8000) in the publish.asp file located in the supplieraccelerator folder.
  11. To prevent potential time-outs on your site, extend the ASP time-out period to 10 minutes.

    To extend the ASP time-out period to 10 minutes

    1. Click Start, point to Programs, point to Microsoft Commerce Server 2002, and then click Commerce Server Manager.
    2. In the Commerce Server Manager window, expand Internet Information Services, expand <servername>, right-click the site you unpacked, and then click Properties.
    3. In the Properties dialog box, on the Home Directory tab, under Application Settings, click Configuration.
    4. In the Application Configuration dialog box, on the App Options tab, type 600 for the ASP Script timeout period.
    5. Click OK twice to save the setting.
  12. You should increase the time-outs in two of the ASP pages for large purchase order items (100 or more line items) to be submitted properly. The two pages are afs_PO_Const.asp, located in the supplieraccelerator\include folder, and ReceivePO.asp, located in the supplieraccelerator folder.
  13. For the afs_PO_Const.asp page, change the value of the following line from 20 to 300 seconds:
    Const AFS_PO_MAXTIMETOREACHQUEUE = 20
  14. For ReceivePO.asp, add the following line before the call Main() line:
    Server.ScriptTimeout = 360
  15. To reduce the transformation time that BizTalk Server takes to convert a Commerce Server 2002 catalog to the cXML1_1, cXML1_2, or xCBL3_0 format, you should disable the options for logging interchanges and original messages.

    To disable the logging options

    1. Open BizTalk Server Administration, expand Microsoft BizTalk Server 2002, right-click BizTalk Server Group, and then select Properties.
    2. In the Properties dialog box, on the Tracking tab, clear the Log incoming interchange, Log outgoing interchange, and Log the original MIME encoded message options. Leave Enable document tracking selected.
  16. If you publish a catalog using HTTP while the ISA Servers are disabled, the Business Desk server will report that catalog publishing was successful because the catalog exists in the AFSCatalogPub shared folder, when in fact, the catalog does not get published to the site.
  17. For medium deployments, the Web servers and the Business Desk server must have unique computer names. Even across separate domains, you might encounter problems when refreshing catalogs if the computer names are not unique.

Message Queuing Known Issues

The issues in this section apply to Message Queuing (also known as MSMQ).

The following steps describe the purchase order acknowledgment process, and discuss the issues related to this implementation.

  1. Commerce Server receives the purchase order (through receivepo.asp) from an external trading partner.
  2. After initial validation, this XML document is sent to a protocol-specific remote queue on the BizTalk Server. For example, if a purchase order using the cXML 1.1 standard is received, it is written to the cXML1_1PO queue on the BizTalk Server.
  3. This write operation is transacted with the Message Queuing-specific transaction command MQ_SINGLE_MESSAGE.
  4. While writing a message to a remote queue, Message Queuing offers the following optional parameters for maintaining transactions:

    Transaction

    Optional. An MSMQTransaction object or one of the following constants:

    MQ_NO_TRANSACTION

    Specifies that the call is not part of a transaction.

    MQ_MTS_TRANSACTION

    Default. Specifies that the call is part of the current MTS (Microsoft Transaction Server) transaction.

    MQ_SINGLE_MESSAGE

    Sends a single message as a transaction.

    MQ_XA_TRANSACTION

    Specifies that the call is part of an externally coordinated, XA-compliant transaction.

    Single-Message Transactions

    Message Queuing provides a single-message transaction that can be used to guarantee a single delivery of a single message. This transaction implicitly uses the Message Queuing internal transaction to send a single message to a transactional queue.

    Single-message transactions can be used only to send messages.

    Note If a single-message transaction is used to retrieve a message, Message Queuing disregards the transaction request and retrieves the message by using a non-transactional operation.

    A single-message transaction is a special case of a Message Queuing internal transaction and cannot participate in a transaction with other resource managers. Each single-message transaction is a separate transaction over which the programmer has no explicit commit or abort control.

    The single-message transaction provides the best performance of all transaction types. In addition to single delivery, a single-message transaction is faster than an external transaction, and the code used to send the message is very simple. The sending application only needs to make sure that the destination queue is transactional and that the transaction parameter is set to MQ_SINGLE_MESSAGE.

    MQ_SINGLE_MESSAGE also means that the transaction is maintained between the ASP page and the local outgoing queue. After the message is written to a local outgoing queue, subsequent processing is handled by the MSMQ Queue Manager.

  5. The Queue Manager is responsible for sending the message from the local outgoing queue to the remote, protocol-specific queue. Transferring the message from the local outgoing queue to the remote queue is an automatic process controlled by the Queue Manager. The ASP page does not have any control over this process.
  6. After the message is written to the remote queue, an acknowledgment is sent back to an admin queue on the local computer. If the previous step was successful, the Queue Manager writes an acknowledgment in the admin queue. The ASP page on the local computer waits for this acknowledgment on the admin queue.
  7. After the acknowledgment is received, the ASP page sends an HTTP OK message back to the trading partner to confirm that the message has been received successfully by the AFS system.

    This process ensures that the purchase order has been successfully stored on the BizTalk Server before sending acknowledgment back to the Trading Partner.

  8. If the admin queue does not receive the confirmation from the remote queue, the ASP page sends a negative acknowledgment back to the Trading Partner. It is possible, however, that the purchase order could be received by the remote queue, and even processed by the system, after this negative acknowledgment is sent to the trading partner. If this happens, the trading partner could resend the purchase order, resulting in duplicate purchase orders.
  9. If the admin queue on the local computer is not used and an acknowledgement is sent back to the trading partner as soon as the message is written to the local outgoing queue, then if the local Queue Manager is unable to find the remote queue in the given time frame, it sends the message to the local dead queue. This method requires a mechanism to monitor the dead queue and notify the system administrator that an order has failed. If the local computer fails in the meantime, there is a chance that the system might lose the order. In this case, acknowledgment has been already sent back to the customer confirming that the system has received the order.
  10. The AFS system is designed to prevent purchase orders from being lost. By using the admin queue, the system ensures that the BizTalk Server receives the order before sending a confirmation to the Trading Partner.

URL Resources

The following links provide additional information about the corresponding subject areas: