Introduction

Purpose

The purpose of this document is to enable the developers and the development project teams to modify the web based electronic Child Support Enforcement system (eCSE) for the State of New Mexico. The intent is to document the technical architecture and related development procedures with minimal modifications.

Scope of Technical Architecture

This section will define, in detail, what is contained in this technical architecture document. It will also mention but not detail what important procedures / concepts are not included. Each section may contain a Future Considerations sub-section where ideas, thoughts are noted and are not considered as part of the current development strategy and procedures. The approach is to document the current (As Is) technical architecture, environments, model strategy, and processing procedures with minimal modifications.

Technical Platform

The following illustration depicts an overview of the three tiered architecture used to develop and use the eCSE application.

Architecture Components

Client (Web) Browser – Usually Microsoft’s Internet Explorer or Netscape Communicator.

Firewall – A standard security measure is to route communications through devices (typically made by vendors such as Cisco) which can manage, filter, and monitor access from the Internet.

Web Server – This is software that provides static (HTML) web pages. The platform is Microsoft NT or Windows 2000 running Microsoft’s IIS (Internet Information Server) Server.

Application Server – A highly threaded, robust messaging server providing security and both asynchronous and synchronous messaging services. Software applications (Asp and components) are written in Visual Basic. These applications provide the business logic to create the interactive, integrated eCommerce systems for complex, secure solutions such as eChild Support Enforcement. Platforms are again, Microsoft NT or Windows 2000. The package is the Microsoft Application Server framework (or Windows DNA) with MTS.

Mainframe – Andersen Consulting’s eChild Support Enforcement solution is designed to leverage existing mainframe applications and data sources from the Child Support Enforcement System (CSES).

Infrastructure

IIS

IIS brings together the integration of its own Web services with the Windows NT core system and networking capabilities and the distributed application infrastructure of Microsoft's Transaction Server 2.0. IIS is only available for the Server edition of Windows NT 4.0, but it is a free download as part of the Windows NT 4.0 Option Pack.

IIS 4.0 offers an excellent platform for building sophisticated internet and intranet applications. Beyond the core HTTP 1.1 services are a variety of tools including a Transaction Server (for building distributed applications), Index Server (indexing of HTML pages and MS Office documents), Certificate Server (managing digital certificates), Site Analyst (site management and usage), Internet Connection Services for Microsoft Remote Access Service (creation of Virtual Private Networks), Mail Server, and NNTP News Server. Of these tools, eCSE currently uses the core HTTP services, MTS, and SMTP. The SMTP support enables you to develop applications that send and receive messages; used for sending mail to Case workers.

IIS features include crash protection for reliability, transactional Active Server pages, support for Java (accomplished with Microsoft's Java Virtual Machine), script debugging, support for multiple Web sites, integrated search engine capabilities (create custom search forms with Active Server pages, ActiveX Data Objects, and SQL queries), content management and site analysis tools, automated management support, integrated message queuing, full standards compliance (including HTTP 1.1 for increased Internet performance), and an integrated certificate server (with special security enhancements for international banks using 128-bit encryption Server Gated Crypto technology). For Windows 95 and Windows NT Workstation users, the NT 4.0 Option Pack also includes Microsoft's Personal Web Server 4.0 (PWS). PWS is a desktop Web server that makes it easy to publish personal home pages, serve small Web sites, and share documents via a local intranet. (PWS is used for eCSE development.)

Site administration for IIS is performed using the Microsoft Management Console (MMC). Via this interface you can manage access and security restrictions at the site, directory and file level. If you are using virtual sites you can specify the estimated daily traffic for each site (which controls how much memory IIS allocates for each Web site) and limit the amount of server bandwidth a particular site can use. Most settings can also be configured remotely using Microsoft Internet Explorer. Active Server Page (ASP) improvements in the latest release of IIS include additional support for transaction processing and memory isolation.

MTS

Like IBM CICS on the mainframe and BEA Tuxedo on Unix, MTS extends the services of the operating system and of the DBMS to support execution of mission-critical business applications. MTS is one of the key components of Microsoft's enterprise architecture. Its design goal is to deliver on NT the mainframe levels of quality-of-service (performance, availability, integrity and manageability), combined with the productivity and flexibility of a component application model.

Features in MTS 2.0

· Transaction control via IIS 4.0 ASP

· Packaging and management of IIS 4.0 ASP

· Integrated transactional support for message queuing via MMQS ("Falcon")

· Integrated access to some legacy CICS transactions via SNA Server ("Cedar")

· Improved support for Oracle DBMS (via new ODBC 3.0 dispenser and Oracle driver)

· Improved performance of the Object Factory class

· Some support for MSCS 1.0 ("Wolfpack") for improved availability

· Integration with the Microsoft Management Console

· Some productivity utilities, enhancements

· Developer's version for Win95 (local user only)

· Developer's version for WinNT Workstation (2 network users only)

· Process isolation for NT Server components via "Packages"

· DBMS access optimization via pooling and re-use of DBMS connections

· Systems resource optimization via pre-loading of packages and just-in-time activation

· Distributed transaction management with a two-phase commit

· Monitoring console

· Role-based security add-on to the base NT security

· Implicit transaction management via configuration (mostly)

· Support for Java, C/C++, VB, Microfocus COBOL

· Implicit multithreading of object implementation

SQL Server

SQL Server 7.0 is a complete database system. It has evolved from a PC database (initial 4.x versions on OS/2) to an enterprise-level database system. Its query language is TSQL (Transact SQL), which is ANSI 92 compliant. SQL Server comes with a complete suite of tools and utilities for building and optimizing applications and administering databases. It runs on Windows NT as well as Windows 98. The main features of SQL Server are:

· Dynamic self-management capabilities

· Row-level locking

· Support for very large databases

· Parallel query support

· Multiserver management

· Unicode support

· Multisite update replication

Visual InterDev

Visual InterDev is project management software for high-end Web development. It integrates many of the existing tools for Web development, and throws in a few hefty tricks of its own for good measure. Its main features are:

· Support for Microsoft’s Active Server Pages, the method for server-side scripts to generate HTML pages on the fly

· Support for database integration from desktop (Access) to high-end (ODBC compatibility – SQL Server)

· Support for VBScript and JScript (Microsoft’s JavaScript implementation) in HTML files

· Visual design tools, templates and wizards to help you do everything from generating SQL commands with a point-and-click interface to manipulating exposed ActiveX objects

· A special version of Microsoft FrontPage for WYSIWYG editing

· A color-coded HTML text editor

· Web project file management and link management tools

· Support for VBScript to automate repetitive tasks in Visual InterDev

Security

Due to the sensitive nature of agency mainframe operations and the private nature of the information within these systems, security is an important consideration.

Parties involved in an electronic transaction need to know definitively:

Who it is they are dealing with

That the information they send arrives unaltered

That the information they receive originated from the place declared and remains unaltered

That only intended recipients have access to confidential information

In response to these requirements, four services deliver functionality to achieve completely secure communications. They are:

Confidentiality, which protects confidential material

Authentication, which identifies the entities involved in a transaction

Data integrity, which protects data from illegal tampering

Non repudiation, which avoids false claims about a transaction

Without such methods of achieving trust, the following attacks can be initiated during an e-commerce transaction:

Data interception. An attacker, using network monitoring software, can find unprotected confidential information such as a password or a credit card number.

Manipulation. An attacker, using network monitoring software, can capture information, modify it, and forward it to the true addressee. For example, an attacker can change the shipping address of an order to his/her advantage.

Repudiation. In a business-to-business electronic transaction, a party can deny having processed an order. If no proof equivalent to an invoice exists, the other party cannot protect itself.

Identity falsification. An attacker can impersonate a valid user and then benefit from all of the rights the user has on the system. For example, in an e-commerce application, an attacker can log on as a registered user and benefit from the user’s credit to pass orders.

SSL

Digital certificates encrypt data using Secure Sockets Layer (SSL) technology, the industry-standard method for protecting web communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on their SSL capabilities.

SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the “session key” generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support 40-bit SSL sessions, and the latest browsers, including Netscape Communicator 4.0 and Internet Explorer 5.0 enable users to encrypt transactions in 128-bit sessions - trillions of times stronger than 40-bit sessions. eCSE requires 128-bit encryption for logon access. This will require all registered users to have a web browser that supports 128-bit SSL.

The procedure for verifying 128-bit and pointing users to an upgrade path is to set the IIS virtual directory to only accept 128-bit access. Then, a custom error screen is in place for error 403;5 that provides upgrade information.

Application Architecture

CBA/M

CBA/M is a collection of Andersen Consulting best practices and tangible architecture frameworks for a netcentric architecture. It is packaged as a Solution Construction Aid (SCA) that any project can start with and extend as necessary. The assets grew out of several projects conducted at the FinancialWorks Solution Center and ICE in Chicago and continue to grow as new projects contribute back. Architects in FinancialWorks have had some responsibility for harvesting and packaging the assets into the SCA.

The CBA/M execution architecture is based on Microsoft DNA technologies and the following products: MS Internet Information Server (IIS), MS Site Server Commerce Edition, MS Transaction Server (MTS), and any ODBC or OLEDB accessible database. CBA/M Formatting and Field Validation Services are available to client browsers which support Javascript; the same functions are available on the server if the architecture autodetects that the client browser does not support Javascript. Internet Explorer and Netscape Navigator browsers have been used. Business logic is built in server components using the CBA/M Application Framework. The Framework defines application partitioning, component interaction, and makes available architecture services such as security, logging, data access, platform information, etc. Presentation is done in HTML and ASP programming while components are developed in Visual Basic. The architecture is built of independent, reusable components for greatest flexibility and the Framework encourages similarly developed applications. The CBA/M architecture is relatively thin and is not intended to insulate the application from MS technologies, thus portability is low. Rather, architecture services are provided where the MS suite came up short or to simplify developer interfaces.

Legacy integration can be accomplished through the use of MS products such as SNA Server or Microsoft Message Queue (MSMQ) with its MQSeries bridge. These products integrate tightly with the rest of the MS server suite. (The current eCSE architecture used FTP for batch data updates.)

CBA/M development architecture assets include numerous templates, a Component Wizard, architecture and business component test drivers, documented design patterns and best practices. Training curriculum as well as reference applications are available for developers and architects.

COM

There are several more reasons to use COM objects over pure ASP and HTML. First, Visual Basic has a richer set of tools and language syntax than VBScript, which gives you more options when building your application. Second, COM objects can be used over and over again. Third, you can protect your intellectual property by hiding your product's logic from users. If you will be distributing your development, you can keep users from getting all your source code by distributing it in a compiled DLL.
In addition, COM objects allow you to separate your business logic from the page design. If your business logic lives in components, your Web page design team can build the framework of the page and call the objects from within the Web page framework. A perfect example of this would be a menu object that queries a database and draws the menu. The logic is abstracted to the Web page designer. Therefore, as the designer builds the framework of the Web pages, a simple reference to the object is all that's needed.

MTS

The next step in creating a reusable COM object is creating an MTS package in which to place the component. This gives the component its own memory space to run and enables MTS to manage the object. MTS does much more than provide transactional support; it also acts as a wrapper for COM objects. This gives you the benefits of resource pooling, thread management, and process isolation. MTS pools connections and manages those connections for maximum efficiency. MTS manages all threads within a component. Also, under MTS, each component in a package will run in its own memory space. This will isolate them so other packages don't affect this package and the Web server's memory space will be protected if any of these components fail.

ASP

Active Server Pages is a programming environment that provides the ability to combine HTML, scripting, and components to create powerful Internet applications that run on a web server. ASP can be used to create an HTML interface for applications by adding script commands to HTML pages and encapsulating business logic into reusable (COM) components. These components can be called from script or other components.

How ASP Works

When you incorporate ASP into a Web site, here's what happens:

1. The user brings up a Web site (like eCSE) where the default page has the extension .asp.

2. The browser requests the ASP file from the Web server.

3. The server-side script begins to run with ASP.

4. ASP processes the requested file sequentially (top-down), executes any script commands contained in the file, and produces an HTML Web page.

5. The Web page is sent to the browser.

Because your script runs on the server, the Web server does all of the processing and standard HTML pages can be generated and sent to the browser. This means that your Web pages are limited only by what your Web server supports. Another benefit of having the script reside on the server is that the user cannot "view source" on the original script and code. Instead, the user sees only the generated HTML as well as non-HTML content, such as XML, on the pages that are being viewed.

ADO

The eCSE applications access SQL Server through ADO (ActiveX Data Objects). ADO is a set of high-level Automation interfaces over OLE DB data. It is the programming interface for accessing data from OLE DB-compliant data sources. (Such as SQL Server.) ADO shields the developer from having to manage memory resources, manually aggregating components, and other low level processes. The ADO COM architecture is best suited for data access in disconnected environments such as the Internet. Listed below are the advantages provided by ADO.

· Ease of use. Data access requires minimal coding.

· Accessibility. ADO can be used from languages such as VB, Java, C++, VBScript, and Javascript.

· Provider neutral. ADO can access data from any OLE provider.

· No loss of OLE DB functionality. ADO allows C++ programmers access to the underlying OLE DB interfaces.

· Extensible. ADO can dynamically expose properties specific to a data provider via a collection of provider interfaces. (ala CBA/M)

Security

Within the eCSE application, there is a secure set of private pages that require a userid and pin number for access. (That is in addition to the 128-bit SSL protection through IIS.) In designing the application, both ‘Sessions’ and ‘Cookies’ were considered as a basis for the approach. The “Session” approach is not used because this was not considered a scalable solution and would have probably been difficult to maintain. (The session approach would have been to create an instance of each session variable when a CP or NCP user visits a page. These session variables can persist for 20 minutes after the CP or NCP user leaves the page. )

The “Cookies” approach is not used since “Cookies” stores CP or NCP user information is stored on a particular client’s machine. This was unacceptable since cookies can easily be retrieved without a user’s knowledge. Also, if a CP or NCP User decides to set their web browser not to accept cookies, both session variables and cookies will not work for the user; thus making the application inaccessible.

The “Session Table” approach is the best practice approach because the actual “state” information is stored in a database table from the server side and the “state” ID string is passed using dictionary objects. If the CP or NCP user remains idle or logs out of the system, the “state” record is deleted from the table, the incident gets logged into an audit table, and the user is redirected to the Relogin page. An audit entry and/or forced relogin is also caused if the user attempts to hit the back page button from the browser, retype the URL string with the encrypted ID, alter the encrypted ID string, or modify the name of a private asp page.

The following is a list of steps describes the state management process during login and navigation throughout the private pages.

1. CP or NCP User enters a nine digit Login ID and four digit PIN.

2. A call to the SuccessLogin.asp will verify private web page access by determining if user is an authorized CP or NCP.

3. A record is entered into the State Management Table with Login ID, User PIN, User Type (CP or NCP), Date/Time Stamp of Current Access.

4. If the login was successful, then perform the following:

a) Add the 1st Entry into the Audit Table with the Login ID, Name of the web Page Accessed, Date /Time of last access, and "Login was Successful" as a Comment.

b) Proceed to Step 6.

5. If the login was unsuccessful, then perform the following:

a) Add the 1st Entry into the Audit Table with the Login ID, Name of the web Page Accessed, Date /Time of last access, and "Login ID and/or PIN was invalid." as a Comment.

b) Redisplay the login page with "*Invalid User Log-in ID/PIN Combination." Displayed in red right above the login ID field.

c) Repeat Step 1

6. Encrypt User ID, User PIN, User Type(CP/NCP) , Date/Time Stamp of Access as one string.

7. Attach the encrypted string and the requested page identification number to the URL string.

8. Direct CP or NCP User to the Multiple Case List Page.

9. CP or NCP User Selects Case Number Link.

10. For each private page accessed proceed with the following:

a) Check for user timeout status in the in the State Management Table.

b) Add Entry into Audit Table.

c) Expire the current active server page after four minutes.

d) Retrieve Encrypted ID String from Input Dictionary.

e) Decrypt the ID String and Store data into Login ID, Pin number, Person ID, Security Level, and TimeStamp variables.

f) Read Login ID, Pin number, Person ID, Security Level, TimeStamp from the State Management Table.

g) If variables from the State Management Table does not match variables from the encrypted string then perform the following:

i. Add entry to Audit Table

ii. Generate error message

iii. Redirect user to Relogin page

h) If variables from the state management table matches variables from the encrypted string then:

i. Update last accessed date in the State Management Table.

ii. Add 2^nd entry to Audit table with Login ID, Page Assessed, Date/Time Stamp and a comment “Granted Access to State Table”.

Environments

Creating Components for eCSE

This is a guide for making and testing eCSE components. This guide complements the CBA/M component development manual.

Standard Controller Example

Here is a good example of why we need a standard controller template: If you used the HelloWorld Controller, your GetInputData function is incomplete. HelloWorld’s version of GetInputData does NOT retrieve values from the query string. State management relies on retrieving values from the URL. You will need to make changes to your GetInputData function to incorporate this functionality. However, if you used the Template controller, then this querystring functionality is provided. No changes need to be made.

Suggested Use for the Standard Controller Template

A standard controller template was created to make development easier and less confusing. The template accomplishes the goal by requiring the developers to make only a minimal number of changes to the controller.

You can use the template as a starting point for your code. You can open the .vbp file and then copy & paste the class code. Or you can add the .cls file to your project directly. The template was used to make NCPMyMoneyCtrl.

You will need to make obvious changes such as:

· Changing the name of the file

· Changing the name of the Class

· Edit the Comments Header

· Edit ExecuteBusinessLogic()

New Controller Updates

The standard controller has the following updates (vs the HelloWorld Controller):

· CheckSecurity function (state management version).

· Main function

· Call to CheckSecurity, else redirect to relogin.asp

· Contains variables sPageName and sSecurityLevels

· GetInputData

· QueryString retrieval functionality

Setting the environment

· Copy the state management dll’s into a folder on your hard drive.

· Create a state_management MTS package

· Add the state_management dll’s into the MTS package

· Make sure that all GetState components “support transactions”

· Make sure that the other dll’s “does not support transactions”

· Create an asp-includes directory under InetPub/wwwroot

· copy asp-includes file into the InetPub/wwwroot/asp-includes

· Create a CBAMDSN DataSource name to your database

· (under Start>Settings>Control Panel> Data Source ODBC)

Compiling your DLL's

· Compile the Interface

· Set MTS transactions to “Uses transactions”

· Do this for CSiteInterfaces AND your component Interface

· Compile the Component

· Set a reference to ADO 2.5 Library NOT ADO 2.0

· Set a reference to your component Interface

· Set MTS transactions to “Uses transactions”

· Compile the Controller

· Set a reference to ADO 2.5 Library NOT ADO 2.0

· Set a reference to GetStateInterfaces

· Set a reference to your component Interface

· Edit cmPageTitle to the name of your page

· Set MTS transactions to “Requires New transaction”

· Edit Main() Function

· Edit sPageName

· Edit sSecurityLevels

· *Do the following only if you are not using the

· *standard template with the new CheckSecurity function

· Copy and Replace the CheckSecurity() Function

Make an MTS Package

Create a package for your Interface, Component(s), Controllers

Creating your Interdev project

· Include the callform.htm file in your Interdev project

· edit the link on callform to suit your .asp file

· view callform.htm in the browser to test your component.

Appendixes

Unit Test Approach

Product: eChild Support Enforcement (eCSE)

Release:

Platform: Windows NT/SQL Server

Configuration:)

Prepared by: Date: mm/dd/yy Version: 1.0

Approved by: Date: mm/dd/yy Status: NotStarted/In Progress/Pending Review/Approved

Overview

The purpose of this document is to outline the component test approach for the eChild Support Enhancement. The component test approach contains the following sections:

· Test Objectives and Scope

· Test Resources and Workplan

Test Objectives and Scope

The objective of the component test is to ensure that all eCSE modules have correctly implemented their specifications. A module could be a window, a set of related functions or a single function. For a window, test conditions will be defined at the event level; for a function/set of functions, test conditions will be defined at the function level.

Each module will be independently tested during component test.

For each module, a test driver will be defined to simulate the user interaction or the caller module. (Testing without a test driver would require the entire application to be coded before beginning the component test.)

Below is a list of the modules which need to be coded and tested. They are divided into three technical areas: Common architecture modules, eCSE dialogs, and Administration dialogs. Each module will have at least two cycles: one that tests mainline logic without exceptions, and a second cycle that tests the exceptions.

Common architecture modules:

eCSE dialogs:

Administration dialogs:

Test Resources and Workplan

The component test conditions will be created by the developers concurrently with the creation of the module specifications. Each test condition will include an associated expected result. Component test conditions and expected results will be signed off by the application team lead. The programmer will then be responsible for creating the input and output data necessary to satisfy all conditions for the module, executing the test and fixing all coding errors.

Code Review Checklist

REVIEW INFORMATION

These items must be filled out for each review item.

Unit Name
Date
Total Preparation Time
Total Meeting Time
Total Rework Time
Number of Major Points Identified
Number of Minor Points Identified
Number of Participants
Number of Pages of Review Material

ISSUES IDENTIFIED

All issues must be recorded and resolved prior to final signoff.

REVIEW POINTS

Review checklists are meant to guide the discussion and do not need to be filled out.

1. Meets Design: Code should meet the requirements set forth in the detailed design.

Follows design

2. Error Checking: Exception catching should be present when using the following operations.

Checking return value of functions that return an error
Input/output device calls
Mathematical operations
Memory allocation/deallocation
Type casting/conversion
Terminal exceptions exit gracefully

3. Naming Standards: All variable names should be in accordance with the standards set forth in the Programming Standards document.

Variable names are at least 3 characters long

4. Global Variables: Global variables should be avoided whenever possible, but any global variables that do exist in the application should have been pre-approved through a team review.

All global variables have been approved by team

5. Commenting: Comment blocks should accompany each unit, method, function, and procedure. Each comment block should follow the format specified in the Programming Standards document. In addition, comments should be included for code blocks that are not self-explanatory or have complex flow-control logic.

Units begin with standard comment blocks
Procedures, functions, and methods have associated comment blocks
Function comment blocks include return type
Any special conditions associated with procedures, methods, and functions are included in the comment block
Complex code has explanatory comments
VSS comment block

6. Indentation: Standard indentation for functions, as well as loops, is illustrated through example in the Programming Standards document.

Begin and end statements appear on their own lines
Begin and end statements are left aligned with their associated functions
Code should be indented one level from the function/loop declaration
Indentation is consistent throughout unit

7. Unit Testing: Test conditions thoroughly test module.

Unit test conditions document meets project standards
Test conditions thoroughly cover functionality of module
Test conditions have been successfully attained.

Web Application Stress Tool

Web Application Stress Tool is Microsoft's free, unsupported product for stress testing a web server

Microsoft Web Application Stress Tool (performance testing)

- Simulates multiple browsers

- Can be used to simulate up to 1000 users

- Multiple approaches for creating test scripts (manually, recording, pointing to IIS log file, selecting files, importing)

- Controllable testing from remote locations

- Supports HTML, ASP sessions, cookies

- Supports simulation of modem throughput

- Supports testing of Remote Data Service (RDS) web sites

- Supports DNS names to expand path coverage

- Supports existing WebCat scripts

- Browser Support -- Internet Explorer 4 or newer

- Protocol Support -- HTTP, HTTPS, SSL

- Application Server Support -- Microsoft, Allaire, Cold Fusion

- Client Support -- NT 4, NT 5

A tutorial is available to learn about the product at the web site listed below. HOWTO information and known bugs are published (see web site below). Questions can be sent to webtool@microsoft.com.

For more detailed product information about Microsoft's Web Application Stress Tool, see the following:

http://webtool.rte.microsoft.com/

Web Application Stress Tool is provided by Microsoft free of charge. To obtain a copy, click the 'Download' tab at the following URL: http://webtool.rte.microsoft.com/

Instantiating Remote Components in MTS and IIS

This appendix contains information on how to use Active Server Pages (ASP) to instantiate a remote Microsoft Transaction Server (MTS) component that resides on a separate computer from the Microsoft Internet Information Server (IIS) computer. This article also addresses the issues that may arise from developing remote components for MTS 2.0 and IIS 4.0.

If you are using NTLM security, it is not possible to directly call remote components, regardless of the IIS application's activation setting (in- process or out-of-process) or identity (local or domain user). To call remote components when using NTLM security, you need to do the following:

1. Create an intermediate MTS package with a domain identity.

2. Set the package activation to run in a dedicated server process.

3. Install an intermediate component that calls the remote component into the package. This intermediate component is then called from the ASP script and in turn, calls the remote component.

NOTE: When you use this technique, the direct caller, as seen by the remote component, will not be the original IIS caller, but the identity of the intermediate package.

If you are using Basic security, it is possible to call remote components directly. However, this requires that you set the Basic Authentication Domain to the domain and not the local machine. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. For more information on Basic security, please see the IIS 4.0 online documentation.

If you are using Anonymous security, it is possible to call remote components directly. However, this requires that you set the Anonymous User to a domain account. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. Anonymous security allows access to everyone. Allowing everyone access to your domain, even through a restricted account, can be a serious security risk. Therefore, it is recommended that you do not set the Anonymous account to a domain account. Instead, you should set the Anonymous User to the default (or some other local account) and use the intermediate MTS package technique, following the steps described above, to instantiate remote MTS components (without having to use NTLM).

Windows NT Workstation Setup

1. Install Windows NT 4 Server + Service Pack 3 (SP3)

Service Pack 4 will probably be installed automatically instead of Service Pack 3

§ Partitioning of drives may be necessary

§ Name/Organization: Authorized User/Andersen Consulting

§ Registration (Product ID): 21899 OEM: 0043867-64196

§ Computer will eventually reboot

§ Logon: User Name: Administrator, no password is necessary

§ Setup Network connection

§ Right click on the Network Neighborhood and select Properties

§ Go to the Protocols tab and see if the TCP/IP protocol has been installed

§ If it hasn’t been installed click on Add and select TCP/IP protocol

§ Do you wish to use DHCP? YES (use default settings)

§ Click Close – this will initiate the protocol wizard

§ On the Microsoft TCP/IP Properties window do the following:

§ IP Address Tab: Obtain an IP Address from a DHCP server and when asked about enabling the DHCP select YES

§ DNS Tab: Domain: ac.com

DNS Service Search Order (click add): 10.4.198.10

10.17.108.37

Domain Suffix Search Order (click add): ac.com

awo.com

§ WINS Address Tab: Select Enable DNS for Windows Resolution

Select Enable LMHOSTS Lookup

§ Click OK – computer will reboot and restart

§ Click Start …. Run …. type Command ….. click OK

Type ipconfig /all and press enter. Write down the IP Address and Subnet Mask then exit the command prompt

§ Right click on the Network Neighborhood and select Properties

§ Protocols Tab:

§ Select TCP/IP Protocol and click Properties

§ IP Address Tab:

§ Change from Obtain an IP Address from a DHCP server to Specify an IP address

§ Fill in IP Address, Subnet Mask, and Default Gateway (10.5.124.1)

§ Click OK

§ Identification Tab:

§ Click Change

§ Change Member Of from Workgroup to Domain and make sure that DOMAIN is in the text field

§ Select Create a Computer Account in the Domain

§ User Name/Password: Administrator/

§ Click OK

§ Click Close and restart computer

§ Logon with your user ID

2. Install Internet Explorer (IE4.01) SP1

§ Click on Internet Explorer

§ Choose to connect through a LAN connection

§ Proxy Server: YES

§ HTTP: amrpx1001.ac.com

§ Port: 8080

§ Select Use the same proxy server for all protocols

§ Select Do not use proxy server for local internet addresses

§ No Internet Mail Account

§ No Internet News Account

§ No Internet Directory Service

§ Logon and test

3. Install Windows NT 4 Option Pack 4

§ Using Windows NT Explorer, go to the Talds1006 server: /eCSE/Software/NT WS Option Pack 4/setup.exe

§ Select Typical Installation – choose default directories (this will install MTS among other things)

§ Restart Computer

4. Install IE5

§ Insert Microsoft Visual Studio 6.0 Service Pack 3 but do not install

§ Using Windows NT Explorer, select /enu/ie5/ie5setup.exe

§ Select Install Now – Typical set of components

§ Restart computer and test

5. Install Visual Studio 6.0

§ Product ID: 491-3925621

§ Name/Company: Authorized User/Andersen Consulting

§ Select Update Microsoft Virtual Machine for Java

§ Reboot the computer

§ Select Custom

§ This should be a installed on a different drive if space is running low on the C drive.

§ De-select Microsoft Visual FoxPro 6.0, C++, and Visual Source Safe

§ Select Register Environment Variables

§ Select YES on the Use the new Visual SourceSafe Database Format

§ Restart computer

§ Install msdn library – Typical Installation

6. Install Microsoft FrontPage98 + Extensions

§ Insert CD but do not install

§ Install the extensions: \ServExt\fp98ext_x86_enu.exe

§ Install Front Page 98

§ Name/Company: Authorized User/Andersen Consulting

§ Choose Custom Installation – do not choose personal web server

7. Install Windows NT 4 SP4

§ This should have already been installed. If it is not installed, do so now.

8. Install Windows NT 4 SP6(Y2K fixes)

§ This can be found on the Talds1006 server: /eCSE/Software/y2k-wrkstation/msnt128.exe

§ Restart computer

9. Install SQL 7 + SP1

10. Install KX 4.02

11. Install Microsoft Office 97

§ Select Typical Installation

12. Install Winzip

§ This can be found on the Talds1006 server: /eCSE/Software/utils/winzip/winzip70.exe

13. Install Visual Studio Service Pack 3

§ Insert CD, however, cancel out of the installation

§ Install the Microsoft Data Access Components 2.1

§ On the CD, run the following file: \enu\MDAC_typ.exe

§ Install the Service Pack – default selections

14. Install CBAM

§ Create a folder on the hard drive named INetCBAM

§ Copy CBAM zip files from /eCSE/Software/cbam/ and copy to the INetCBAM folder

§ Extract files into INetCBAM directory

§ This should be done one file at a time

15. Fix the Debugger

§ Test to see if debugger is working

§ Create debug folder on c: drive

§ Copy the MS Files Test folder found on the Talds1006 server: /eCSE/Andre Temp/

§ Open Microsoft Visual Interdev 6.0 and open a new project … Name: test

§ This will start up the Web Project Wizard

§ Web Project Wizard – Step 1 of 4

§ What server do you want to use? Use localhost

§ What mode do you want to work in? Use Master mode

§ Web Project Wizard – Step 2 of 4 à click Finish

§ Right click on the localhost item in the Project Explorer window

§ Add -> Active Server Pages

§ Existing tab …. Select test.asp and test2.asp and click open

§ Double click on the test.asp file and select Get Working Copy

§ Set a break point on the line that includes: Response.Write “Test1”

§ Right click on the test.asp file and select Set As Start Page

§ Run

§ This project is not set up to enable ASP debugging. Would you like to enable ASP debugging on this project? Choose YES

§ If a message is returned indicating that the application can not find or set the server, it means that Interdev will need to be re-installed.

§ Start the command prompt

§ CD debug …. CD MS Test Files

§ Viddbg.exe > output.txt

§ Open the output.txt and check for errors

§ Install Visual Studio Disc#2

§ Run \Vid_ss\setup.exe

§ Reboot PC

§ Run dcomcnfg

§ Choose Catalog Class

§ Select Properties

§ Choose Security Tab

§ Choose Use custom access permissions

§ Click on Edit

§ On the Registry Value Permissions Window à click on Add

§ On Add Users and Groups Window

§ Click on Show Users

§ Add the user, Administrator, MTS Administrator

§ Click OK

§ Choose Identity Tab

§ Choose The Interactive User

§ Click OK

§ Choose Machine Debug Manager

§ Follow the same directions as Catalog Class

§ Click OK

§ Reboot computer

§ When logging on, log on as administrator and change the domain to the PC domain

§ Run the User Manager under Administrative Tools and double click on the Administrators (lower portion of screen)

§ Add the user and MTS Administrator

§ Reboot PC + logon to DOMAIN

§ Retest Interdev